2. Risk Management

The Company recognizes the importance of risk management, which is a key component of a good corporate governance system. The Company believes that risk management is a vital mechanism for achieving its objectives and goals, anticipating potential obstacles and emerging threats, minimizing potential losses, and enhancing operational systems and resource planning for greater efficiency.

The Company has therefore implemented a comprehensive and effective enterprise risk management system to promote long-term business stability and strengthen corporate governance to build trust among shareholders and all stakeholders while ensuring sustainable value creation and continuous operations. The Company aims to develop and strengthen the risk management system by formulating risk management policies and plans, as well as analyzing risk factors that may impact the Company’s business operations, as outlined below:

• 2.1 Risk Management Policy and Plan

  The Company manages risks by establishing comprehensive policies and risk management plans. The Company designates everyone, including the Board of Directors, executives, and employees, as risk owners, responsible for analyzing and assessing the likelihood and impact of risks, and for implementing measures to prevent, control, and mitigate risks that may affect the Company’s operations, keeping them within acceptable levels. These efforts are aligned with the Company’s objectives, goals, and strategic plans. The Company also monitors uncertainties, key trends, and evolving internal and external risk factors while promoting the use of modern technologies to enhance risk management. Additionally, it ensures that personnel have broad access to risk-related information and can effectively report risk management issues to executives and the Board of Directors.

  The Board of Directors holds overall responsibility for establishing and overseeing the Company’s risk management framework. To this end, a Risk Management Committee has been formed, chaired by an independent director and with the Chief Executive Officer (acting) and senior executives as members, responsible for setting and overseeing compliance with the risk policy and risk management guidelines, reporting significant risk management issues to the Risk Management Committee, integrating risk management into day-to-day operations, and promoting risk management activities across the organization.

  In addition, the Company has assigned the Internal Audit Office to review the organization's key activities, taking into consideration the risk levels of individual units and operations, and use the Internal Audit Office's assessment results as information for identifying and analyzing the Company's key risks. The Internal Audit Office reports its findings and reviews of critical activities directly to the Audit and Corporate Governance Committee.

  The Company integrates risk management with strategies and performance results, following the COSO ERM Framework 2017, which is based on five interrelated principles aimed at fostering and sustaining long-term value creation for the organization, as follows:

  1. Governance & Culture
     The Company has established a structure that defines the desired organizational culture, including demonstrating adherence to core values ??and developing human resources to achieve business strategies and objectives. The Board of Directors serves as a supervisory body and provides support to the executive team.
  2. Strategy & Objective-Setting
     The Company integrates risk management into the strategic planning process by analyzing the business context, evaluating alternative strategies and potential impacts, and setting business objectives in line with acceptable risk levels.
  3. Performance
     The Company identifies and assesses the severity of risks that may affect the success of its strategies and the achievement of its business objectives. It establishes risk significance levels to serve as criteria for selecting appropriate risk responses and implementing effective mitigation measures. Additionally, the Company develops and evaluates its overall risk profile to ensure that all levels and relevant departments within the organization are fully informed.
  4. Review & Revision
     The Company identifies and evaluates significant changes and conducts regular reviews of risks and performance to continuously enhance its risk management practices.
  5. Information, Communication & Reporting
     The company utilizes information systems, technologies, and various communication channels to support its risk management efforts, including the continuous and appropriate reporting of risk information, performance data, and risk management results to relevant stakeholders.
• 2.2 Risk factors for the Company's business operations

  The Company analyzes risk factors affecting the Company's business operations by taking into account both internal and external factors that are consistent with the business direction, corporate goals, and strategies. It evaluates the opportunities and potential impacts of events that may affect the business, both directly and indirectly, to identify the Company's key risks. The Company also develops an appropriate risk management plan to ensure that risks are at an acceptable level. The key risk factors are as follows:

  2.2.1 Risks to the Company's business operations
  With the vision of "Being one of Thailand's leading real estate developers," the Company focuses on developing commercial projects, such as quality office buildings and retail spaces for rent, as well as residential projects, including single houses and condominiums, aimed at target customer groups across various price levels and demands. This approach is designed to meet the diverse needs of customers while ensuring social and environmental responsibility. The Company has reviewed the significant risks from the past year, along with the challenges and opportunities that may arise amidst the volatile Thai economic situation, political uncertainties following the election, and the global economic slowdown. These include rising inflation and interest rates in Western countries, the real estate crisis in China, and the ongoing conflicts in various regions. These events have had a direct impact on exports, leading to a reduction in the flow of money into the country, as well as a slowdown in investments across various projects from both the public and private sectors and foreign investors due to the economic conditions of the past year.

  The Company considers both current and emerging key risks in terms of business operations, financial status, and sustainability of the Company. The management of key risk includes:

  	Key risks in business operations	Sustainability Risks
  1. Risks from Economic Conditions and Competition	/
  2. Revenue and Profit Growth Risks	/
  3. Cyber Attack Risks		/
  4. Safety Risks	/
  5. Human Rights Risks		/
  6. Emerging Risks
  6.1 Risks of Transition to a Low-Carbon Society		/

  
  

  1. Risks from economic conditions and competition

  Risk Category : Strategic Risk

  Source and nature of risk : Due to the highly competitive market conditions from both existing and new operators, along with the continuous development and improvement of projects in the office building rental business, coupled with domestic and international economic challenges, including the rise of hybrid workplace models, the demand for office space for rent has slowed down. In the real estate for sale sector, demand for housing continues to shrink, particularly for horizontal projects. Additionally, the rate of loan rejections by financial institutions has increased, especially for customers with low to medium incomes, due to high levels of household debt. These factors present significant challenges in maintaining competitiveness and ensuring strong performance for operators.

  Impact on the Company : Due to intense competition and a slow economic recovery, the Company faces the risk of maintaining its competitiveness and adapting to changing customer needs and expectations. This may result in the Company's performance falling short of its targets.

  Impact on stakeholders: Intense competition has shifted the market towards a tenant-owned model, providing tenants with more flexibility in negotiating lease terms.

  Risk management measures : The Company has established strategies and guidelines for managing risks associated with the business, including:

  Office Building Business

  1. Develop office buildings with lifestyle-focused, mixed-use spaces to offer a better work-life balance. Incorporate digital technologies to enhance tenant and building user experience, such as using websites to access rental space information, the Serve Application for service and communication facilitation, and upgrading office buildings to touchless and self-check-in smart offices.
  2. Improve sales performance through proactive efforts, targeting potential tenants in growing industries or businesses. Recruit new tenants by leveraging experienced and specialized sales representatives (e.g., embassies, BOI, law firms, and chambers of commerce). Additionally, collaborate more with sales representatives through Agent Days and Scheduled Agent Updates.
  3. Manage tenant relationships proactively by focusing on Know-Your-Tenant strategies, partnering with tenants, and developing CRM programs and applications. Enhance the capabilities of both sales and support teams.
  4. Enhance products and services through mixed-use privileges by improving and developing unique selling points for each building. Create exclusive benefits in collaboration with Central Pattana and CG, offering services in shopping malls and flexible office spaces (Flex offices and At-work at malls).

  Real Estate for Sale Business

  1. Develop projects based on the "360-Degree Ecosystem for Life" approach, providing a superior quality of life.
  2. Deliver residences under the concept of 1. Better home: focusing on design and functionality that meet customer needs, along with home automation and the highest safety standards, 2. Better privilege & convenience: offering the superior Central Citizens special privileges, and 3. Better experience & services: providing a quality living experience within the community and offering exceptional after-sales service.
  3. Manage marketing through both online and offline channels that are consistent with the lifestyles of different target customer groups, to provide product information and attract specific target customers, including using appropriate sales promotion activities to be able to compete with competitors in the area while maintaining the set profit margin.
  4. Reduce the number of loan rejections by financial institutions by analyzing and presenting financial institutions that are consistent with customer profiles, resulting in a significantly lower product rejection rate compared to market conditions.

  As a result of implementing the risk management plan, the performance of both the office building business and the real estate for sale business has consistently improved. Income performance has exceeded the previous year, and the targets have been achieved as planned.

  2. Revenue and Profit Growth Risks

  Risk Category : Strategic Risk

  With the Company's revenue growth target of 10% per annum from 2024 to 2028, driven by investments in various businesses, including mixed-use precincts development and real estate projects for sale on over 130 rai of the Company's land, the Company faces risks related to revenue growth and profits from new project developments. These risks are heightened by the slow economic recovery, intense market competition, and changing customer needs.

  Impact on the Company : Growth targets in a competitive and unfavorable economic environment may lead to new projects underperforming or failing to meet customer and partner expectations if there is insufficient or ineffective planning and preparation.

  Impact on stakeholders : The growth and expansion of the company's business support partners in developing products and services based on their expertise, enabling them to reach new customer groups and markets, and grow together with the company.

  Risk management measures : The Company has taken steps to ensure that new projects or businesses will achieve their goals, including:

  1. Conducting thorough studies and research before starting project development, with screening and consideration by executives, board members, and knowledgeable consultants.
  2. Ensuring readiness before starting operations, including partnering with experts in the relevant business areas. For example, collaborating with Central Pattana to develop a mixed-use real estate project on Phahonyothin Road, where Central Pattana brings extensive expertise in the shopping mall business.
  3. Regularly and comprehensively monitoring and evaluating the performance of new projects, both from central units and project development teams.

  3. Cyber Attack Risks

  Risk Category : Operational Risk

  Source and nature of risk : Technology is rapidly evolving, driving changes in consumer behavior and increasing competition within the industry. As a result, the Company emphasizes the continuous improvement of products and services to align with the behavior in the digital age. This includes internal management that relies on diverse and complex information systems and modern technologies. However, this also increases the Company’s exposure to information and data security risks. These risks may arise from the use of outdated security systems, insufficient understanding among personnel, and ineffective operating procedures, which could allow malicious individuals to attack critical systems and access important data and personal information across various systems within the Company.

  Impact on the Company : Cyber attacks may affect the Company's business continuity, including the potential for the leakage of sensitive data, which could severely impact the Company's reputation if the incident is not handled effectively.

  Impact on stakeholders : Cyberattacks can result in the leakage of sensitive data and personal information of stakeholders.

  Risk management measures : The Company is aware of and prioritizes cyber risks by continuously developing and improving information security systems, including:

  1. Identify : Conducting assessments of cyber threat risks in each area to identify weaknesses and plan improvements. The assessments are based on the Cybersecurity Resilience Survey framework of the Stock Exchange of Thailand, including vulnerability checks such as Vulnerability Assessment Scan and regularly addressing system weaknesses on both On-premises and On-cloud servers.
  2. Protect : Reviewing and improving policies and information security practices, including enhancing encryption with Multi-Factor Authentication (MFA) and Privileged Access Management (PAM), implementing up-to-date system shields like anti-virus and firewalls, and ensuring system/software patches are secure and current.
  3. Detect : Improving Endpoint Detection and Response (EDR) and Security Information & Event Management (SIEM) systems to better detect threats. Additionally, using Deception Technology to further strengthen information security.
  4. Respond : Preparing five cyber threat response plans (IT Security Playbook) for various scenarios, including ransomware, unauthorized configuration changes, insider threats, phishing, and data leakage.
  5. Recover : Reviewing and improving the Disaster Recovery Plan (DRP) and conducting Cyber drills, particularly focusing on the use of disaster recovery site (DR Site).

  The company continues to focus on educating and raising awareness among personnel across the organization. This includes providing training through five Awareness Training courses: General Phishing, Data Protection, Cybersecurity Awareness, Social Networking, and Physical Security. The Company also issues public relations materials about cyber threats and their potential impacts and conducts Phishing mail testing to enhance awareness and improve response capabilities when incidents occur.

  4. Safety Risks

  Risk Category : Operational Risk

  Source and nature of risk : The Company's business operations, including project development, building management, and ensuring customer and service user convenience, involve various groups of people, such as customers, employees, tenants, contractors, and business partners. If safety in the workplace is compromised—whether due to construction-related accidents, insufficient safety standards on the premises, or inadequate security management—it could lead to losses and have significant impacts in various areas.

  Impact on the Company : Ineffective or inadequate occupational health and safety management may result in accidents that cause damage to life and property, potentially leading to a halt in the Company's business operations and a loss of its reputation and credibility.

  Impact on stakeholders : Unsafe incidents that occur may harm employees, tenants, business partners, or customers working or using services at the Company's premises. These incidents could also impact the surrounding community, such as fire incidents, which may result in the loss of life and property.

  Risk management measures : The Company recognizes the importance and necessity of managing this risk to ensure the confidence of customers and all stakeholders. Therefore, the following measures are in place:

  ensure the confidence of customers and all stakeholders. Therefore, the following measures are in place:

  1. Establish a safety and occupational health policy covering the entire project construction process and service delivery to customers and users at the Company’s premises. This includes overseeing employees, contractors, and business partners to ensure strict compliance with laws, regulations, and safety protocols.
  2. Apply the ISO 45001 occupational health and safety management system as a framework for safety management. This includes implementing measures and modern technologies, such as monitoring incidents through crime watch systems, observing risky behaviors via CCTV, and using the Color-Code Condition system to monitor, control, and assess critical situations.
  3. Review and improve emergency and crisis management guidelines, such as the Active Shooter Operation Manual and the EV Charger Station Fire Operation Manual.
  4. Record all incidents and accidents in the Smart Property system and conduct cause analyses for incidents involving employees, tenants, contractors, and customers. This helps to determine corrective and preventive measures and expand to other relevant branches, including following up on compensation for those affected until the process is complete.
  5. Provide training and drills for company employees, tenants, and contractors to effectively prevent and manage crises, including intensive safety training courses for high-risk jobs.
  6. Establish a Safety Committee at both organizational and branch levels through employee participation by electing representatives from both employers and employees as required by law. Monthly meetings are held to monitor incidents, analyze causes, implement preventive measures, and report accident-related incidents.
  7. Collect and report significant incidents to the Risk Management Committee and the Board of Directors regularly.

  5. Human Rights Risks

  Risk Category : Operational Risk

  Source and nature of risk : The operations of the Company and its business partners may impact various stakeholders, including customers, employees, and surrounding communities, particularly in cases involving rights violations such as forced labor, unfair practices, or discrimination. Therefore, effective human rights risk management is essential, with a focus on complying with legal requirements, adhering to relevant international standards, and upholding the Company's ethical governance principles.

  Impact on the Company : Human rights violations and unfair treatment of stakeholders, including employees, tenants, contractors, or subcontractors, may lead to complaints and opposition from business partners and customers. This can result in business disruptions, as well as damage to the Company's reputation, image, and stakeholder confidence.

  Impact on stakeholders : Conducting business with respect for human rights and promoting equality in the workplace, community, and society helps foster an environment and culture that embraces diversity, respects individual rights, listens to differing opinions, and avoids discrimination. Failing to integrate human rights considerations into business operations may lead to stakeholder dissatisfaction, loss of confidence, and a lack of trust in the Company.

  Risk management measures : The Company is committed to conducting business in accordance with legal and human rights principles by supporting and protecting the rights of employees, business partners, customers, business allies, and communities. The Company ensures that its operations do not involve human rights violations, including rejecting forced labor, unfair labor practices, and child labor. The Company is dedicated to treating all stakeholders fairly and with respect for human dignity, without discrimination based on place of origin, race, gender, age, skin color, religion, physical condition, status, or family background. Additionally, the Company actively promotes internal compliance with human rights standards and encourages its business partners and allies to adhere to internationally recognized human rights principles.

  The Company has established a comprehensive process for monitoring and managing human rights, which includes:

  • Defining the scope of human rights monitoring and identifying related issues.
  • Assessing risks by analyzing the nature and severity of impacts, as well as the respond to those risks.
  • Implementing measures to correct, mitigate, remedy, and prevent impacts to an acceptable level.
  • Regularly monitoring, reviewing, and evaluating human rights performance.
  • Communicating and disclosing human rights performance while promoting a culture of respect for human rights among employees.
  • Providing accessible complaint and whistleblowing channels for stakeholders at all times through an online emergency reporting system, information counters, and communication devices, including setting clear timelines for response and assistance after receiving a report.

  6. Emerging Risks

  Through continuous monitoring of situations and risk trends, the Company recognizes and prioritizes emerging risks, including those associated with the transition to a low-carbon society.

  6.1 Risks of transition to a low-carbon society

  Risk Category : Sustainability Risk

  Source and nature of risk : The risks associated with the transition to a low-carbon society stem from the growing emphasis by both the public and private sectors on promoting a "green" economy—economic activities that aim for net-zero greenhouse gas emissions. This shift aligns with the goals of the 2015 Paris Agreement and involves changes across various economic sectors, including:

  Policy - Thailand has declared its commitment to achieving carbon neutrality by 2050 and net-zero emissions by 2065 to drive sustainable development and mitigate the impacts of climate change.

  Legal - The government is preparing to enact the Climate Change Act, which will serve as a key standard for classifying and categorizing environmentally friendly economic activities in Thailand (Thailand Taxonomy). It will also incorporate the use of international financial reporting standards (IFRS) to enhance operational clarity and transparency.

  Technology - The development of low-carbon technologies will include the adoption of renewable energy, the development of energy-efficient and non-polluting machinery and equipment, the production of environmentally friendly products, and innovations in carbon capture and storage technologies.

  Consumer behavior - Consumers are increasingly prioritizing environmentally responsible organizations and services, driving higher demand for sustainable products and services. Many consumers are also willing to pay premium prices to support eco-friendly products.

  Impact on the Company : Changes in policies and regulations aimed at reducing greenhouse gas emissions—such as carbon emission limits, carbon taxes, and the adoption of carbon credit systems—may result in increased costs for the Company, even though the Company business is not currently subject to direct regulation. As these measures become more widely enforced, the Company may incur additional expenses related to carbon emissions, including investments in environmentally friendly technologies or infrastructure upgrades to meet new standards. Furthermore, shifting consumer behavior, with growing demand for eco-friendly products and services, may require the Company to adapt its marketing strategies and develop new services to meet market expectations and maintain its competitiveness. However, these changes also present opportunities for the Company to better manage costs, enhance its market positioning, and explore new business ventures.

  Impact on stakeholders : If a company fails to demonstrate its commitment and seriousness in transitioning to a low-carbon society, key stakeholders—such as customers, employees, and shareholders—may lose confidence in its ability to lead in this shift. This can negatively impact the company’s reputation and image, leading to a decline in trust regarding its products and services, including partnerships with the Company.

  Risk management measures : The Company recognizes this potential risk and has taken steps to prepare for the transition to a low-carbon society by:

  1. Setting a target to achieve net-zero greenhouse gas emissions by 2050, with both short-term and long-term reduction goals aligned with the Science Based Targets initiative.
  2. Establishing a Climate Change and Environment Committee (CEC) under the supervision of the Corporate Governance and Sustainable Development Committee (CG-SD Committee) to drive the transition efforts according to the 2050 Net Zero Pathway plan.
  3. Continuously monitoring developments in climate change regulations, analyzing their content, assessing potential business impacts, and adjusting operations to comply with emerging standards.
  4. Exploring and implementing new technologies to enhance energy efficiency and reduce greenhouse gas emissions, such as deploying AI systems to optimize cooling systems and improving indoor air quality using Air Scrubber technology.
  5. Engaging stakeholders—including tenants, suppliers, and customers—to collaboratively improve business practices and operations in support of a low-carbon transition.

  2.2.2 Investment Risks to Securities Holders

  1. Credit risk from default
  The Company recognizes the credit risk associated with potential default, as the Company, in its role as the issuer of financial instruments, may be unable to pay interest or repay the principal. These financial instruments are not protected by the Deposit Protection Agency, and holders will have the right to claim repayments on par with other unsecured and unsubordinated creditors. To assess the credit risk of the debt instrument issuer, investors may refer to credit ratings provided by credit rating agencies to support their investment decisions. Additionally, investors should carefully review relevant information, such as the issuer’s financial performance and position, and stay updated on news and credit rating changes via the Securities and Exchange Commission (SEC) website or the credit rating agency. In 2024, TRIS Rating Co., Ltd. downgraded the Company’s corporate credit rating from “BBB” to “BBB-” due to the anticipated rise in debt burden from significant investments and weaker profit margins.

  2. Risks of stock price volatility
  Due to the current stock market volatility, the Company's stock price may undergo significant change. As a result, investors may not be able to sell the Company's shares at a price equal to or higher than the purchase price. The Company's stock price may move up and down within a fairly wide range due to several factors, for example:

  • The Company's operating results are not in line with expectations or show signs of slower growth.
  • Economic factors that affect investment and business expansion, such as export trends, relocation of production bases, and business confidence indices.
  • Changes in financial and operating expenses across the Group, including rising electricity and labor costs.
  • Crises arising within the projects or business sectors in which the Group is involved.
  • Delays in the launch of new projects.
  • Commencement of a new business, acquisitions, or strategic synergies with partners in the businesses in which the Company’s group operates.
  • Current and potential litigation, including investigations by regulatory authorities.
  • Opinions or recommendations from securities analysts regarding the Company’s operations.

  2.2.3 Risks to foreign securities investment
  -None-