Risk Management

The Company realizes the importance of risk management which is an important component of a good corporate governance system. The Company believes that risk management is an important management mechanism to achieve its objectives and goals, recognize obstacles or threats that are yet to come, and improve work systems and planning to be able to allocate resources efficiently.

The Company therefore has implemented a good and efficient Enterprise Risk Management system in the organization to create long-term stability and good corporate governance and to build confidence for shareholders and all stakeholders in creating added value so that the Company can operate continuously. The Company aims to develop and strengthen the risk management system by formulating risk management policies and plans, as well as analyzing risk factors affecting the Company's business operations as follows:

• Risk Management Policy and Plan

  The Company oversees risks by setting policies and comprehensive risk management plans. The Company requires everyone, including the Board of Directors, executives, and employees, to be risk owners, responsible for analyzing and assessing opportunities and impacts, determining preventive measures, controlling and mitigating risks that may affect the Company's business operations to be at an acceptable risk level in accordance with the Company's objectives, goals, strategic plans and the uncertainty of the situations, important trends and changing internal and external risk factors. The Company also encourages the adoption of modern technology systems in risk management to support personnel to have access to information on risk management and report risk management to executives and the Board of Directors effectively.

  The Board of Directors has an overall responsibility to establish and control the Company's risk management framework by establishing a Risk Management Committee chaired by an independent director with senior executives as members with a responsibility to formulate and ensure compliance with risk policies and management guidelines and report significant risk management to the Risk Management Committee, as well as integrate risk management into normal operations and promote and support risk management activities throughout the organization.

  In addition, the Company requires the Internal Audit Office to review the organization's key activities. The audit results of the Internal Audit Office are used as information to identify and analyze the Company's key risks and the report on the performance and verification of important activities must be submitted directly to the Audit and Corporate Governance Committee.

  The Company integrates risk management with strategies and performance in accordance with the organization's risk management framework (COSO ERM Framework 2017) which is based on 5 interrelated principles to promote the creation and preservation of added value for the organization as follows:

  • Governance & Culture
    The Company has structured and defined a desirable culture, as well as demonstrated adherence to core values and the creation of human resources to achieve business strategies and objectives. The Company’s Board of Directors is responsible for overseeing and supporting executives.
  • Strategy & Objective-Setting
    The Company integrates risk management into the strategic planning process by analyzing the business context, evaluating alternative strategies and potential impacts, and setting business objectives in line with acceptable risk levels.
  • Performance
    The Company identifies and assesses the severity of risks that may affect the success of its strategy and the achievement of business objectives. The Company determines the level of importance of risks to be used as criteria for selecting appropriate risk responses, to effectively implement the measures, as well as develop and assess the overall risk of the organization for all levels of relevant departments to know.
  • Review & Revision
    The Company identifies and evaluates significant changes and regularly reviews risks and performance to continuously improve the organization's risk management.
  • Information, Communication & Reporting

  The Company utilizes information systems, technologies, and various communication channels to support the organization's risk management, including reporting risk information, performance data, and reporting on risk management results to relevant stakeholders continuously and appropriately.

• Risk factors for the Company's business operations

  The Company analyzes risk factors affecting the Company's business operations by taking into account internal and external factors that are consistent with the business direction, corporate goals, and strategies, and considers the opportunities and impacts of events that may affect the business both directly and indirectly to identify the Company's key risks. The Company also establishes an appropriate risk management plan to ensure that risks are at an acceptable level. The key risk factors are as follows:

  2.2.1 Risks to the Company's business operations
  With the vision "To be one of Thailand's leading real estate developers", the Company focuses on developing commercial projects in the form of quality office buildings and retail spaces for rent, single house and condominium residential projects for the target customers depending on the price level and demand. To meet the diverse needs of customer groups while taking into account social and environmental responsibility, the Company has reviewed the key risks of the past year, together with the challenges and opportunities that may arise under the volatile Thai economic situation, Thai political problems after the election, the global economic slowdown, the rising inflation and interest rates in Western countries, the real estate crisis in China, and the state of war in many regions. These events have a direct impact on exports. As a result, the amount of money flowing into the country has decreased, and investment in various projects by both the public and private sectors and foreign investment has slowed down from the economic situation of the past year.

  The Company considers both current and emerging significant risks in terms of business operations, financial status, and sustainability of the Company. The key risk management includes:

  	Main Risks in Business Operations	Sustainability Risks
  1. Risks from economic conditions and increased competition	/
  2. Revenue and profit growth risks	/
  3. Cyber Attack Risk		/
  4. Human Rights Risks		/
  5. Financial Risk
  5.1 Risks from rising interest rates	/
  6. Emerging risks
  6.1 Climate Change Risk (El-Nino)		/

  • Risks from economic conditions and increased competition in office buildings and retail spaces for rent
    In 2023, the Thai economy continued to grow from the previous year, with the main drivers being the recovery of foreign tourist numbers and domestic consumption. However, economic growth (GDP) was lower than expected due to a slowdown in exports, which was affected by the global economy and wars in many regions, as well as the formation of new governments after a delayed election which affected the country's budgeting, and caused the investment by public, private and foreign sectors to slow down. As a result, the demand for office space for rent was disrupted or had limited growth. In addition, the hybrid workplace model has become the policy of many companies even after the COVID-19 pandemic has subsided, resulting in the reduction of working space in many companies. Moreover, an imbalance between supply and demand in the market – from the excess supply in the market, an increasing new supply, and the slow growth of demand which was constrained by economic conditions – has resulted in intense competition in the office building business. The retail space in office buildings that relied mostly on office workers tended to recover slowly from the number of building users who have not fully returned, as previously mentioned.

    As a result of this situation, there is a risk to the Company to maintain competitiveness and adapt to changing customer needs which may cause the performance of the office building and retail rental space business to fall short of the target as both businesses account for more than 80% of the company's revenue and profit.

    The Company has formulated strategies and guidelines for managing these risks as follows:

  The office building business: Focus on retaining existing tenants and recruiting new tenants.

  • Develop flexible and suitable rental space and conditions for each tenant, and plan the development of office buildings into a smart office using Touchless & Self-check-in concepts, which are based on Central World Offices building.
  • Develop service and communication standards through digital channels such as the development of GLAND Serve application for the convenience of tenants and to increase the efficiency of communication, and the development of websites to help tenants access rental space through 360 Virtual Tour.
  • Develop a new leased space "At work," based on "Central World Offices" in G Tower and the Nine Towers, which is a workspace consisting of small and large meeting rooms and flexible spaces that are appropriate for real use (Flex space).
  • Build relationships and maintain bonds with tenants through activities, events, and appropriate communication channels. This includes creating and developing strategies with strategic partners and leading companies such as Huawei to study and collaborate on the Smart City Concept.
  • Improve space sales by selling new rental space through experienced sales representatives, as well as studying and recruiting potential new target tenants in industries or businesses with growth prospects.

  By following the aforementioned risk management plan, the performance of the Company’s office building business has recovered amid fierce competition and has maintained occupancy rates in the office building business at more than 80%.

  The retail space business: Focus on promoting marketing strategies, sales, and tenant support

  • Develop marketing strategies to increase and attract customers who are office workers and general customers such as new retail concepts by recruiting new stores that meet lifestyle needs like the Beauty concept zone at G Tower, Health & Wellness concept zone at The Nine Towers, sport zone and nightlife concept zone at Unilever House, and organizing Jodd Fairs and an outdoor food truck area.
  • Promote sales strategies to stimulate customer spending by organizing campaigns at festivals and boosting store sales through targeted marketing activities, including promotional booths and providing various discounts.
  • Develop strategic partnerships and partner assistance for long-term growth, such as business operation assistance, assisting affected merchants through discounts, debt restructuring, and contract type review.
  • Create synergy between the Company's business and Central Pattana's retail space, such as organizing signature events with Central Rama 9.
  • Recruit potential new tenants with additional growth opportunities.

  By following the aforementioned risk management plan, the operating results of the Company’s retail space rental business began to recover continuously during the COVID-19 pandemic with a 65% average occupancy rate.

  • Revenue and profit growth risks
    To achieve the company's growth according to the 5-year business plan (year 2023-2027) with a targeted annual revenue growth of approximately 10%, the Company has plans to expand investments in various businesses. This includes investing in real estate development for sales on the company's land, totaling more than 130 rai, which is an additional phase of the Nirati Don Mueang project, new projects on Kamphaeng Phet Road, and mixed-use real estate projects in the current project area on Rama 9 Road and new projects on Phaholyothin Road.

  From the expansion through the development of several new projects amid an uncertain economy with high competition in the market and changing customer demands, these factors pose risks to the Company's development of new projects, which may not achieve the set objectives. However, the company is working to ensure that these projects will succeed, including:

  • Conduct thorough studies and research before initiating project development and utilize screening and evaluation processes by executives, directors, and consultants with knowledge and competence.
  • Prepare for readiness before starting operations, including finding partners who specialize in the businesses that the Company is developing. For instance, collaborating with Central Pattana in mixed-use real estate projects on Phaholyothin Road where Central Pattana has great expertise in the shopping mall business in this area.
  • Monitor and evaluate the performance of new projects regularly and comprehensively, both from the central department and project development teams.

  In addition, to support growth according to the above business direction, the Company has transformed itself into an organization driven by clear objectives with the aims to develop skills and abilities, adjust organizational concepts and culture by cultivating 4 beliefs: 1) Creativity and doing good, 2) Continuous innovation, 3) Customers are an inspiration, and 4) Moving together, sustainable engagement, and driving the achievement of the "Goals and Achievements OKRs" framework and improving policies, processes, and systems to be more effective.

  • Cyber attack risks
    The evolving and rapidly changing technology landscape is a key driver in changing consumer behavior and industry competition. Therefore, the Company places importance on improving products and services to align with digital trends. This includes internal process management that relies on diverse and complex information systems and modern technology. As a result, the Company may be exposed to increased risks in information and data security caused by the use of outdated information security systems, lack of knowledge and understanding among staff, and inefficient operational procedures. These vulnerabilities could allow malicious actors to compromise the company's systems, and access critical information and personal data within various systems, leading to continuous disruptions in business operations or damaging the company's reputation if not effectively addressed.

  Recognizing this risk, the Company has developed and improved its information security system by adopting ISO 27000 and NIST SP800-53 standards as a framework for implementation, as well as the Cyber Security Act and the Personal Data Protection Act which cover data protection and various information systems as follows:

  • Identify: Risk assessment from cyber threats is conducted in each aspect to identify vulnerabilities and devise improvement plans. This evaluation follows the Cybersecurity Resilience Survey framework provided by the Stock Exchange of Thailand. Additionally, various vulnerabilities are checked, such as performing Vulnerability Assessment Scans and regularly addressing risks and weaknesses of the systems both On-premises and On-cloud servers.
  • Protect: Policy and related information security practices are reviewed and improved, such as upgrading encryption methods with Multi-Factor Authentication (MFA) and Privileged Access Management (PAM), modernizing System Shields such as Anti-virus and Firewall, replacing outdated Personal Computer (PC) and Notebook, and ensuring that System/Software patches are up-to-date and secure.
  • Detect: Improve Endpoint Detection and Response (EDR) and Security Information & Event Management (SIEM) to better detect threats, including the use of Deception Technology to enhance information security.
  • Respond: An IT Security Playbook consisting of five issues has been developed to address cyber threats which include Ransomware, Unauthorized configuration change, Insider threat, Phishing, and Data leakage. Additionally, cyber drills focusing on Ransomware have been conducted to test the effectiveness of the response plans.
  • Recover: The Disaster Recovery Plan (DRP) is reviewed and revised and preparation is made for the business continuity plan drills.

  The Company continues to focus on educating and raising awareness among personnel throughout the organization through various channels. These include conducting Awareness Training in five main courses namely General phishing, Data protection, Cybersecurity awareness, Social networking, and Physical security, issuing public relations media about cyber threats and their impact, and Phishing mail testing to raise awareness and improve response in the event of an incident. Furthermore, the Company regularly reviews cyber insurance to appropriately transfer risks and mitigate potential impacts.

  • Human Rights Risks
    The business operations of a general organization can impact human rights, such as rights violations or unfair treatment of various groups of stakeholders. The Company is aware of the importance of these issues. Failure to address human rights issues systematically according to the expectations of the international community and key stakeholders of the Company may lead to negative impacts on both the Company's reputation and business continuity. For example, the Company may face boycotts of its products or services, or resistance from society and communities when expanding the Company's projects or business operations, as well as a loss of confidence in the Company by employees and business partners.
    Therefore, the Company is committed to conducting business under policies and practices that uphold the laws and human rights principles. The Company supports and respects the protection of human rights of employees, business partners, customers, business allies, and communities by ensuring that the Company's business is not involved in human rights violations, such as refusing to support forced labor, treating labor fairly, opposing child labor, and respecting and treating all stakeholders based on human dignity. The Company does not discriminate based on origin, race, gender, age, skin color, religion, physical condition, status, or ethnicity, and promotes vigilance in adhering to human rights provisions within the Company and encourages its joint venture and business partners as well as all stakeholders to comply with international human rights principles.
    The Company has established a comprehensive human rights audit process as follows:
  • Determine the scope of human rights audits and related issues.
  • Assess risk by analyzing the nature of impacts, severity, and how to deal with those risks.
  • Formulate and implement corrective, mitigating, rehabilitation, and prevention measures to contain the impact to an acceptable level.
  • Regularly monitor, audit, and review human rights performance.
  • Communicate and disclose human rights performance and promote values of respect for human rights among employees.
  • Establish channels for complaints and reporting that are accessible to stakeholders at all times.

  More details on human rights risk management are disclosed in the annual report for the year 2023 under the item Compliance with Good Corporate Governance Principles, Section 3: Consideration of the roles of stakeholders.

  • Financial Risks
    The Company pursued a cautious monetary policy, focusing on establishing preventive or mitigation measures to prevent or reduce the impact of financial market uncertainties and the Company's operations that may not be as expected. This involves careful allocation of funds, appropriate and efficient cost control, and the drive toward planned operating results. The Company also monitors the changing financial and capital market situation to maintain profitability and financial liquidity. The key financial risks for the Company are as follows:

  5.1 Risks from rising interest rates
  The Company is aware of the upward change in interest rates, which has affected the Company's operating results and cash flows, mainly from the fact that the Company has borrowed some funds for investment and business operations. As of 31 December 2022, the Company had outstanding debt with an interest-bearing liability of 6,256 million baht, with an average weighted interest rate of 3.03% per annum.

  The Company has managed interest rate risk by maintaining an appropriate proportion of borrowings with fixed and floating interest rates as well as negotiating interest rates with financial institutions for new loans and maturing repayment loans. As a result, the Company has not been adversely affected by the increase in interest expenses and there was no significant impact to the Company's financial statements. The Company has been able to maintain its interest-bearing debt-to-equity ratio below 0.4 in 2023, which is lower than the company's policy of 1 and lower than the level required by the debt covenants of 3.

  • Emerging Risks
    In addition to the management of significant risks, the Company also focuses on emerging risks as a result of continuous monitoring and risk assessment. The Company is at risk from climate change during El Ni?o phenomenon and risks from environmental regulations and has response plan as follows
  • Climate Change Risks during El Ni?o Phenomenon
    At the beginning of 2023, the National Oceanic and Atmospheric Administration (NOAA) of the United States predicted that the La Ni?a weather phenomenon would end and transition to a potentially severe El Ni?o phenomenon would start from mid-2023 onwards. This would lead to adverse changes in global weather patterns, including heatwaves, severe storms, floods and droughts in many regions around the world. Especially in the Pacific Ocean, where average temperatures in the equatorial region would rise by more than 2 degrees Celsius. As a result, Asia and Australia would experience hotter and drier conditions than usual and the conditions would be more severe than the El Ni?o phenomenon in 2016 when global temperatures rose to record levels. Thailand would suffer from prolonged heat and drought with many provinces at risk of severe drought. In addition, the hot and dry conditions would worsen air quality, posing increased risks from fine particulate matter (PM 2.5), which would impact the Company in various aspects as follows:
  • Health: As a result of this condition, office workers would reduce their commute to work as many companies would allow more employees to work from home and customers would reduce their travel from home to prevent health problems and the increase in employee health care costs.
  • Laws and regulation: This condition would result in an increase in operating expenses. If the authority increases measures to tackle PM 2.5 problems, such as limiting travel or transportation time or ordering the cessation of dust-generating activities at certain times, such as construction work.
  • Assets: This condition would increase the cost of cleaning building surfaces to prevent the accumulation of PM 2.5 particles that may contain corrosive substances and cause the building surfaces to deteriorate faster.

  The Company has measures to manage this risk, including maintaining indoor air quality within the standard through the installation of air quality monitoring equipment to monitor and adjust air management appropriately and the installation of additional air filtration devices at the air inlet point, refraining from activities that may cause dust and toxic fumes, organizing campaign for tenants, customers and employees to reduce activities or behaviors that may cause pollution, as well as conducting study and experiment with new technologies that can reduce the amount of fine particulate matter (PM 2.5).

  • Investment risks of securities holders
  • Credit defaults risks
    The Company is aware of the credit risk from debt defaults as the Company, which is an issuer of financial instruments, may not be able to pay interest or repay the principal. The financial instruments offered for sale are not protected by the Deposit Protection Agency. Holders of these financial instruments have the right to claim repayment on par with other non-subordinated and unsecured creditors. However, in assessing the credit risk of the issuer, securities holders can refer to the Credit ratings provided by credit rating agencies to support investment decisions. In addition, securities holders should study information before investing, including the performance and financial status of financial instrument issuers, and should follow the news and credit rating changes from the website of the Securities and Exchange Commission (SEC) or credit rating agencies. In 2022, the Company received a credit rating from TRIS Rating Limited at "BBB" level with a "Stable" credit outlook.
  • Risk of stock price volatility
    Due to the current stock market volatility, the Company's stock price may undergo significant change. As a result, investors may not be able to sell the Company's shares at a price equal to or higher than the purchase price. The Company's stock price may move up and down within a fairly wide range due to several factors, for example:
  • The Company's operating results are not in line with expectations or have reduced growth.
  • Economic factors that affect investment and business expansion, such as exports, relocation of production bases, and business confidence indices.
  • Changes in financial and business costs of the Company’s group, such as an increase in electricity bills, and labor costs.
  • Crises occurring in the projects or business where the Company’s group is involved.
  • Delays in the launch of new projects.
  • Commencement of a new business, acquisitions, or strategic synergies with partners in the businesses in which the Company’s group operates.
  • Existing and future lawsuits, including investigations by government agencies.
  • Opinions or recommendations of securities analysts regarding the Company's business.

  2.2.3 Risks to foreign securities investment
  -None-