Enterprise Risk Management

The ARMSC supports the Board by supervising the Group’s risk management framework and risk profile. The ARMSC reviews, and the Board approves, the Group’s risk strategy, risk appetite, levels of risk parameters and risk policies as well as monitors the adequacy and effectiveness of the risk management framework and internal controls.

At the Management level, the Group Risk Management Committee (GRMC), chaired by the GCE, comprises senior leaders from both the property and hospitality businesses. The GRMC meets at least semi-annually to report to the ARMSC, highlight significant and emerging risks and opportunities, and oversees the implementation of enterprise-wide risk management across the Group.

UOL has established an Enterprise Risk Management (ERM) Framework to systematically identify, assess and manage key risks, thereby strengthening confidence in the Group’s strategies, businesses and operations. The framework adopts an integrated top-down and bottom-up approach, enabling comprehensive identification and assessment of risks across the organisation. Business functions conduct regular self-assessments of key risks and mitigation measures, which are consolidated and reviewed by the GRMC. Together with the Group’s top-tier risks, these assessments enable the identification of significant threats and opportunities that may impact the Group at both strategic and operational levels. Where necessary, cross-functional teams and external consultants are engaged to support further evaluation and implementation of mitigation measures. This continual engagement with relevant stakeholders reinforces a robust and responsive ERM framework across the Group.

Climate-related risks and opportunities are embedded within UOL’s ERM Framework and integrated into the Group’s operational and strategic decision-making processes. The Group identifies and assesses material physical and transition risks, such as rising temperatures, extreme weather events and evolving regulatory requirements, across different asset types and time horizons. At the same time, the Group evaluates opportunities arising from the low-carbon transition, including decarbonisation initiatives to reduce operating costs, strengthening asset resilience, retrofitting and future-proofing buildings, pursuing green certifications, adopting renewable energy, accessing sustainable financing, enhancing tenant engagement and piloting new technologies to improve resource efficiency. These risks and opportunities are prioritised based on their likelihood, timing and potential impact on operations, the environment and business performance. Mitigation measures, action plans, key risk indicators and escalation processes are then implemented to ensure exposures remain within the Group’s defined risk appetite while advancing climate-related opportunities aligned with our transition strategy.

Business owners and line managers are accountable for managing risks within their respective areas, embedding risk management principles into day-to-day operations and decision-making. To strengthen risk awareness and capabilities across the Group, management staff from both the property and hospitality businesses participate in regular ERM discussions, training sessions and workshops to maintain a sound understanding of ERM concepts, methodologies and tools. In 2025, additional sharing sessions were conducted with key risk owners to deepen understanding of climate-related risks and opportunities and to further enhance the Group’s management of sustainability-related risks.

Please refer to pages 59 to 63 of the Annual Report 2025 for more details on Risk Management practices.