中文
MAINTAINING EFFECTIVE GOVERNANCE
1. Code of Conduct
Our Code of Conduct (the “Code”) sets out the standards and principles expected of our employees. Published on our corporate website, the Code provides the foundation for establishing a corporate culture of high integrity, both real and perceived and sets out our expectations for legal and ethical behaviour for all employees. The Code outlines the legal responsibilities and ethical tone for the expected behaviour of all employees and guides daily interactions with fellow employees, customers, vendors, government officials and business partners. We encourage the reporting of any malpractice and misconduct.
We have also devised and benchmarked our policies and procedures to ensure compliance with all relevant laws and regulations concerning anti-corruption, AML, extortion, fraud and combatting terrorist financing. All employees are required to comply with all corporate policies and the Code. The Code sets out our principles in 11 areas.
| 1. Personal conduct | 5. Bribery, kickbacks and rebates | 9. Responsibility for reporting violations of the Code |
| 2. Company books and records |
6. Gifts, entertainment and political contributions |
10. Relationships with suppliers, contractors and third parties |
| 3. Compliance programme | 7. Employee betting | 11. Employment practices |
| 4. Conflict of interest | 8. Safeguard of assets and use of confidential and proprietary information |
2. Anti-corruption
NagaCorp has zero tolerance for corruption or bribery activities. Our Anti-corruption Policy reinforces the Code and provides additional guidance regarding compliance with laws and regulations related to bribery and corruption. We also published the Anti-corruption Handbook to enable our employees and subsidiaries to have a holistic understanding of corruption, how to avoid it, and what to do when confronted with it. Both the Anti-corruption Policy and Handbook are publicly available on our corporate website.
The Code sets out the legal and ethical responsibilities and the expected behaviour of our employees. It prohibits employees from soliciting, accepting, or offering bribes or any other current or future advantage. The Code and the Anti-corruption Policy play a critical role in defining our values and act as a framework for guiding our operations and business practices.
We are sensitive to the risks of unsuitable associations and the need to comply with legal and regulatory requirements. Due diligence is conducted to avoid impropriety and even the appearance of impropriety.
Our employees are integral in safeguarding a culture of integrity. Annually, we engage all staff and directors through mandatory anti-corruption refresher training that ensures they are informed of the Anti-corruption Policy and their responsibilities.
In 2023, 92% of our employees completed the annual anti-corruption training. Conducted online in English and Khmer on our LMS, the training covered our zero-tolerance policy on corruption, various acts of corruption (e.g. bribery, extortion, fraud, collusion, money laundering and other related offences), legal penalties and reporting mechanisms.
During 2023, no legal case regarding corruption was brought against the Company or our employees.
3. Whistleblowing
NagaCorp provides channels for our employees and third parties (e.g. suppliers and customers) to raise serious concerns about suspected fraud, malpractice, misconduct or irregularity and disclose related information confidentially. We do not permit retaliation against any individual who, in good faith, reports actual or suspected wrongdoing.
Employees, suppliers, and other business partners can report potential allegations anonymously to the Head of Internal Audit through email or in person. Alleged issues may range from but are not confined to
- Non-compliance with legal or regulatory obligations
- Malpractice, impropriety or fraud relating to internal controls, accounting, auditing and financial matters
- Non-compliance with the Group’s rules of conduct
- Improper conduct or unethical behaviour likely to prejudice the standing of the Company
- Deliberate concealment of any of the above
Whistleblowing reports are reviewed and investigated promptly. Reported matters of significance are referred to the Audit Committee for further assessment and appropriate action.
4. Anti-money Laundering
Internal controls on AML are firmly in place to ensure we maintain a high standard for compliance and integrity. The Board reviews and assesses the adequacy and effectiveness of the Group’s internal control system on AML through the AML Oversight Committee and the independent review by an independent AML specialist firm.
The AML Oversight Committee formulates the development and implementation of AML programmes’ policies and strategies, ensures quality control, and oversees AML matters.
To ensure a high standard for compliance and integrity on AML, we established a programme designed to protect our reputation and mitigate AML risks. A four-tier AML control structure underpins the programme.
To the best of the knowledge, information and belief of the Directors, neither NagaCorp nor our employees are subject to any actual, pending or threatened cases regarding any corrupt practice or any allegation of unethical practice during the Year.
5. Data Privacy and Cybersecurity
We collect physical and digital personal information from our hotel guests and NagaWorld Rewards loyalty programme members. Physical data records are securely stored in a central location by our Document Control team, while digital data records are securely maintained on our IT servers. Our IT systems adopt best practices from ISO 27000: Information security management systems and the Information Technology Infrastructure Library (“ITIL”).
A multi-level control system is in place to ensure safe and secure access and storage of our customer’s digital data. SOPs are established regarding handling personal data and monitored at a departmental level. Customer’s data is used only for marketing and promotion purposes with their consent.
In 2023, there were no complaints about the breach of customer privacy and loss of customer data.
With cybersecurity threats on the rise, raising staff awareness is an essential component of our IT infrastructure. During the Year, we rolled out a mandatory training on cybersecurity awareness for staff. The training covered various types of cyber attacks, defences against cyber attacks, and how staff can report suspicious emails to the IT department for investigations.
