Guided by our core values and enhanced code of conduct, we are fully committed to ensuring that compliance is a central pillar of our management and an integral part of our corporate culture and business processes. We will do business the right way and comply with all applicable laws and regulations wherever we operate. We strive to achieve outstanding performance, whilst maintaining the highest level of ethical integrity. Our tone on regulatory compliance is clear and consistently reiterated from the top of the organisation. We have zero tolerance for fraud, bribery, corruption and violation of laws and regulations.

Strategic Objectives

Following the improvements and enhancements to the compliance framework and processes implemented since 2015, we are focused on ensuring consistency in application and effectiveness of the compliance programme across the Group. We want a compliance framework that commensurates with the size, role and activity of our businesses, including the appropriate compliance control systems, to be able to effectively detect and remedy gaps. Most importantly, we are focused on rebuilding our credibility and reputation with our stakeholders and to build a sustainable compliance framework to support the Group's growth.

Governance Structure

Our Regulatory Compliance Governance Structure is designed to strengthen our corporate governance. The Board Risk Committee (BRC) supports the Board in its oversight of regulatory compliance and is responsible for driving the Group's focus on implementing effective compliance and governance systems. The Group Risk & Compliance Department serves as a secretariat to the BRC, assessing and reporting on the Group's compliance risks, controls and mitigations.

The Group Regulatory Compliance Management Committee ("Group RCMC") is chaired by Keppel Corporation's Chief Executive Officer (CEO) and its members includes all business unit heads. The role of the Group RCMC is to articulate the Group's commitment to regulatory compliance, direct and support the development of over-arching compliance policies and guidelines, and facilitate the effective implementation of policies and procedures across the Group.

The Group RCMC is supported by the Group Regulatory Compliance Working Team ("Group RCWT"), which is chaired by the Head of Group Risk and Compliance. The Group RCWT oversees the development and review of pertinent regulatory compliance matters, over‑arching compliance policies and guidelines for the Group, as well as reviewing training and communication programmes.

Each business unit in the Group has a dedicated Compliance Lead, supported by the respective risk and compliance teams, and is responsible for driving and administering the compliance function and agenda for the business unit. This includes providing support to business unit management with subject matter expertise, process excellence and regular reporting to ensure that compliance risks are effectively managed and mitigated. Across the Group, recruitment efforts are in progress to strengthen the Compliance team with additional professional and experienced compliance officers.

Under the overall direction of the Group RCMC and Group RCWT, business units working in partnership with their respective risk and compliance teams are responsible for implementing the Group's Code of Conduct and regulatory compliance policies and procedures. They are also responsible for ensuring that risk assessments in relation to material regulatory compliance risks are conducted, and control measures are adequate and effective, to mitigate the identified risks which the business units may face.

Regulatory Compliance Framework

As part of ongoing efforts to strengthen our regulatory compliance framework, we have further defined our focus on compliance covering broadly the following areas: culture, policies and procedures, training and communication, key compliance processes, compliance risk assessment, reviews and monitoring, and compliance resources.

One of the more important aspects of the framework is the structure of the compliance organisation. During the year, we made changes to the reporting structure of the compliance organisation to reinforce independence of the function. The Head of Group Risk & Compliance now reports directly to the Chairman of the BRC. Similarly, the compliance leads of the business units have established direct reporting lines to the respective Audit or Board Risk Committees. In addition, business unit compliance leads report directly to the Head of Group Risk & Compliance. This reporting structure reinforces independence of the function and enables senior management, including members of the Board, to provide continuous, clear and explicit support to the Group's compliance programme.

Regulatory Compliance Framework

Culture

Culture and mindset are critical in ensuring effectiveness of the compliance programme. Management has a key role in setting the right tone and walking the talk. The tone on full regulatory compliance has to cascade through the organisation. During the year, we implemented initiatives to continue to foster the desired full compliance culture. These include campaign posters on anti‑bribery, anti‑corruption and reporting mechanisms that are now exhibited in all our offices globally to reinforce the message; individual performance measures to influence personal behaviour, and periodic compliance‑focused messages delivered by business unit heads to their employees. A Group‑wide survey was conducted to assess awareness of compliance and to identify potential areas requiring further emphasis.

Policies & Procedures

Employee Code of Conduct

We have a strict Code of Conduct that applies to all employees, who are required to acknowledge and comply with the Code. The Code of Conduct sets out important principles to guide employees in carrying out their duties and responsibilities to the highest standards of personal and corporate integrity. It covers areas from conduct in the workplace to business conduct, including clear provisions on prohibitions against bribery and corruption, and conflicts of interests amongst others. Appropriate disciplinary action, including suspension or termination of employment, will be taken in the event that an employee is found to have violated the rules set out in the Code of Conduct. The Code of Conduct is also provided to all third parties who represent Keppel in business dealings, including joint venture partners, who are required to acknowledge understanding and compliance with the requirements of the Code of Conduct.

Supplier Code of Conduct

The acknowledgement to abide by our Supplier Code of Conduct, which was developed to integrate Keppel's sustainability principles across our supply chain, and positively influence the environmental, social and governance performance of our suppliers, is mandatory for all key suppliers of the Keppel Group. The areas covered within the Supplier Code of Conduct includes proper business conduct, fair labour practices, stringent safety and health standards, and responsible environmental management.

Whistle‑Blower Policy

Keppel's Whistle‑Blower Policy encourages the reporting of suspected bribery, violations or misconduct through a clearly‑defined process and reporting channel, by which reports can be made in confidence and without fear of reprisal. The process is reviewed regularly. During the year, we made enhancements to ensure that reporting channels are readily available and we are in the process of implementing solutions to cater to different languages and time zone requirements globally.

Compliance Policies

The Group maintains a comprehensive list of policies covering compliance‑related matters including gifts, hospitality, agent fees, donations, sponsorships and insider trading amongst others. These policies are reviewed periodically to ensure that they commensurate with the activities in the jurisdictions in which the Group operates. Group policies are applicable to all business units and unless the jurisdictional regulatory requirements are more stringent, the Group policy represents the minimum standard for the Group.

Training & Communications

Training is an essential component of Keppel's regulatory compliance framework. Our programmes are tailored to specific audiences and we leverage Group‑wide forums to reiterate key messages. We have a comprehensive annual e‑learning training programme which is mandatory for all directors, officers and employees. The content of the training covers key compliance policies, and directors, officers and employees are required to complete assessments at the end of the training to successfully mark completion. As part of the annual training, directors, officers and employees are also required to formally acknowledge their understanding of policies and declare any potential conflicts of interest.

We continue to focus on refining our compliance training programmes and curriculum for new and existing employees as well as, to develop and tailor training content depending on the target audience. In addition to policy‑related training programmes, we conduct trainings focused on the line manager's responsibilities in developing the desired culture and mindset regarding compliance. These responsibilities include the need to establish and maintain effective internal controls to ensure that processes are robust and potential gaps are identified and mitigated in a timely manner.

Group Risk & Compliance conducts periodic site visits, particularly to locations susceptible to higher corruption risks, to raise awareness of compliance risks. In addition, we leverage opportunities at various management conferences and employee meetings to stress the importance of compliance.

Key Processes

Due Diligence

We have improved our risk‑based due diligence process for all third party associates who represent the Keppel Group in business dealings, including our joint venture partners, to assess the compliance risk of the business partner. In addition to background checks, the due diligence process incorporates requirements for third party associates to acknowledge understanding and compliance with our Code of Conduct.

Other Processes

As part of our ongoing review of policies and procedures, we ensure compliance oversight is embedded in key processes including areas such as gifts and hospitality, agent fees, donations and sponsorships, as well as conflicts of interest.

Best Practices

We recognise the need to continually benchmark our compliance programmes against best practices and augment our processes to ensure they are consistent and robust. During the year, our compliance framework and programmes have also been reviewed by an external advisor and all recommendations from the review have been incorporated into our compliance initiatives.

Risk Assessment, Review & Monitoring

We continue to develop our compliance resources and framework. This will enable the Compliance team to conduct independent risk assessments to identify and mitigate key compliance risks. Regular discussions are held with all business units, focusing on risk assessments including specific compliance risks identified for their respective businesses. Separately, independent reviews of compliance risks are carried out within the scope of internal audits including thematic reviews of the effectiveness of key aspects of our compliance programmes.

Resources

We recognise the need for an experienced compliance team to effectively support the business in compliance advisory, as well as to ensure that compliance programmes and controls are effectively implemented. Senior management, including members of the Board, are fully committed to ensuring that we build a strong compliance function.