Delivering and Adding Value

In 2022, our total revenue amounted to RM1.46 billion. From this, about 22% went to purchasing costs and other operating expenses. The remaining RM1.14 billion were distributed to our employees, shareholders, and other providers of capital, paid in taxes to government, or retained in the company.

Digitalisation

The world around us is changing at a great pace and we are in continuous dialogue with our customers as we strive to understand and prepare to meet the longer-term trends within our industry. By doing this we are able to ensure that our portfolio continues to meet the needs of, and play an integral part in, our customers' operations, and that our business remains relevant.

We have embedded a culture of continuous improvement within the Group and are constantly questioning how and why we do things while pushing ourselves to do better. This means we are constantly refining not just our existing portfolio but also how we design, plan and build our assets, with sustainability and technology at the heart of our thinking.

The creation of our Digital Roadmap (2020-2023) was an important part of this process, reflecting our belief that we should consider investments in data and technology in the same way that we consider investments in physical assets.

The industry within which we operate offers significant opportunities to make changes that not only help improve efficiencies, but also help us make better and more informed decisions. Key to this is a focus on enhancing operational excellence in the areas of project management, facilities management and safety and security.

KLCCP Stapled Group believes in building a strong and trusting relationship with our customers and tenants as we continue to engage with them even during the difficult times. We value their patronage and take into consideration their feedback in our effort to expand our outreach and in building a shared sense of responsibility and progressing societal development. We conducted extensive engagements via numerous communication channels to promote social betterment, and to build strong tenant relationship, to meet the evolving customer behaviour and expectations.

We are also committed to provide the best customer experience and endeavour to exceed guests’ expectations, through personalised services that cater to individual needs. We curated loyalty programmes to suit our guests and provide them with the best experience whether they are in offices, at our retail mall or during their stay at our hotel.

Sustainable Procurement and Supply Chain plays a significant role in our sustainability practices. Recognising that we are in a position to influence our suppliers to adhere to our principles and values, we included in all our contracts with our contractors, consultants and suppliers (suppliers), the provisions requiring them to comply with our CoBE. We also promote transparent and fair practices by our supplier by including a provision on supplier code of conduct in the contract’s terms and conditions on fighting corruption, maintaining business ethics and prioritising HSE practices.

By doing this, we promote our sustainability standards beyond our own business, causing a ripple effect of change that we hope will affect the way that suppliers deal not only with us, but with their other customers and their own suppliers as well. We believe procurement is one of the biggest levers to drive sustainability in our economy.

We are committed to doing business with other companies that share our values and beliefs. For effective sustainable supply chain management, we must secure buy-in from our suppliers to uphold our high standards.

In promoting sustainable procurement practices, we have a robust procurement process that covers every element of our value chain.

KLCCP Stapled Group embraces social responsibility and maintains active engagement with our diverse group of stakeholders who have a direct or indirect impact to our business, reputation and our purpose in creating a sustainable future for all. We continue to establish mutually beneficial relationships through impactful communications and initiatives that suit the different needs of our stakeholders.

Charity and Donations

Task Force on Climate related Financial Disclosures (TCFD)

This year we have done an initial mapping of our current sustainability management approach actions against the four pillars of TCFD Recommendation, namely Governance, Strategy, Risk Management and Metrics and Targets. Our current Sustainability Governance Structure and Risk Management Process support the essential TCFD pillars, i.e. Governance and Risk Management, as illustrated in the table below. We plan to implement TCFD Recommendations in phases starting year 2023.

GREENHOUSE GAS EMISSION

We strengthened our GHG emission accounting, according to “The Greenhouse Gas Protocol - A Corporate Accounting and Reporting Standard”. We report our GHG emission using the operational control approach, which is based on arrangement stated in our tenancy/lease and hotel management agreement.

The Group continue to monitor our GHG emission and track our progress via our 5-Year Sustainability Roadmap. This year we adjusted the emission reporting boundary to categorise emission from our leased assets and investment as Scope 3 emission.

During the year, we recorded a 17% increase in total GHG emission from 83,095 mtCO₂e in 2021 to 96,939 mtCO₂e in 2022 as a result of increased occupancy and more business activity in our offices, carpark and retail during the year.

* Retail includes Suria KLCC and retail podium Menara 3 PETRONAS
* In 2022, emission from assets not under operational control is disclosed as Scope 3 Emission (Category 13)

Greenhouse Gas Emission by Segment (mtCO2e)

The GHG emission intensity for our assets is 83, 163 and 120 kgCO₂2/m2 for office, retail and hotel segments respectively.

Energy Consumption

Our overall energy consumption during the year increased 15% from 86,193 MWh in 2021 to 99,076 MWh in 2022. This was due to the increase in economic activities when business resumed in our hotel and retail businesses post pandemic. Tenants of our office spaces have also resumed working in office.

Building Energy Intensity

The Building Energy Intensity in our assets ranges from 64 to 213 kWh/m2/yr in 2022, declined from the pre-pandemic levels of 99 to 264 kWh/m2/yr in 2019. This is achieved through various initiatives including the renovation of the PETRONAS Twin Towers into GBI Gold Rating Building and Menara 3 PETRONAS into GBI Silver Rating Building in 2019 under Non-Residential Existing Building (NREB) category. The commencement of operation of the Integrated Building Command Centre in April 2021 has helped to reduce the energy consumption in our office buildings, through increased efficiency in operation and maintenance activities.

Energy conservation initiatives for Year 2022

Renewable Energy

Reducing our environmental impact is vital to both the Group and our customers. We take a practical approach in managing natural resources which include promoting the use of renewable energy at our mall. At Suria KLCC, the photovoltaic system, located at its rooftop has contributed to the mall’s electricity saving of approximately 17.2 million kWh since 2014, equivalent to a total saving of RM2.0 million.

Our mission focuses on providing the highest quality commercial office space while bringing responsible environmental solutions and innovative energy saving strategies to our tenants and the communities where we operate. We know a cleaner future cannot be delayed, thus our commitment to reduce waste, save energy, and manage our resources responsibly across our portfolios.

We closely manage our environmental performance through green building best practice, industry sustainability benchmarks, and internal reviews. As the performance of our assets improves through enhanced operations and capital investments, so too our baseline, there by continuously raising the bar on the sustainability performance of our buildings.

Corporate Governance and Compliance

At the highest governance level, the Boards have the ultimate responsibility to monitor that the Group is operating as a responsible organisation. This includes considerations around climate-related risks and opportunities when reviewing the group’s strategy. Principal and emerging risks are identified through robust assessments by the Boards and the various subcommittees. The Boards recognise that a balanced board is vital for sustainable value creation and that competency skills are adequately represented within the Board Committees. The Boards composition is both qualitatively and quantitatively balanced in terms of skills, gender, experience, tenure and independence. The Boards regularly review its own effectiveness and therefore undertakes a formal evaluation of its performance and that of its committees and individual directors once in three years.

Stakeholder Engagement

Our Board is committed to continuous improvement in our corporate governance principles, policies and practices, and does so by remaining abreast of evolving regulations and best practices. This is further enhanced through engagement with regulators and industry bodies, and through seeking regular feedback from other stakeholders.

We establish and maintain proactive dialogue with all our stakeholders and recognise that stakeholder needs are dynamic and that we need to be responsive to the evolving stakeholder landscape. We manage our stakeholders’ needs and expectations by taking into consideration their viewpoints towards more tangible business value creation.

Our Stakeholder Management framework, as set out on page 16 to 17 of this report demonstrate how we engage and create values for our diverse group of stakeholders. Communication with stakeholders is imperative in understanding and managing their expectations and provide new perspectives in generating positive impact to the organisation.

Board Diversity

Risk and Crisis Management

Risk management is an integral part of KLCCP Stapled Group’s business at both strategic and operational levels. An effective and sound risk management system is important for the Group to achieve its business strategies and objectives. The Group leverages on the KLCC Group Enterprise Risk Management Framework (the ERM Framework) which sets out the risk policy, risk governance and structure, risk measurement, risk operations and system. The ERM Framework is central to ensure the Group’s strategic and operational activities are within strategic mandates, risk appetites and corporate objectives.

KLCCP Stapled Group is committed to provide overall reasonable level of confidence that risks and their associated controls are adequately, effectively, and safely managed through assurance programs.

To support the above, there is an established Risk Management Oversight Structure encompassing the Boards, Board Risk Committee (BRC), and the Risk Management Committee (RMC). This structure assigns responsibility for risk management whilst facilitating the assessment and communications of risk matters from the operational levels to the Boards. The KLCCP and KLCCRM Boards developed the KLCC Resiliency Model that essentially covers the following three key areas to provide an integrated view on the overall strategy.

Enterprise Risk Management

The application of the ERM Framework is a structured and holistic approach to identify, assess, treat, and monitor risk aimed to reduce the likelihood and impact of all identified risks to enhance ability to achieve strategic objectives.

The ERM Framework is aligned to the ISO 31000 and is designed to manage risks in an integrated, systematic, and consistent manner. The ERM Framework sets out the six key elements comprising Governance, Context Setting, Risk Assessment, Risk Treatment, Risk Monitoring and Review and Continual Improvement.

Elements of the ERM Framework

The risk profiling exercise is carried out to provide a balanced view for informed decision making through richer risk conversations and considerations of risk reward trade-offs.

KLCCP Stapled Group utilises the INTERISK system as a risk tool to effectively manage and monitor risk profiles. It embeds the industry standard risk management process of ISO 31000. The INTERISK system drives active risk conversation/analysis monitoring through a dashboard, reinforces effective risk governance and assurance practices and provides a seamless flow of information and processes along the risk management value chain.

Annual Review of Risk Appetite

• Governance, Risk and Assurance Department reviewed the risk appetite to provide comprehensiveness to the current risk appetite statement in ensuring the financial and non-financial risk exposure and type of risk to be pursued or retained by KLCCP Stapled Group in achieving its strategic objectives are properly defined. The annual review is crucial to reflect the threshold during this transitional period to the endemic phase.
• The updated risk appetite statement, risk tolerances and risk threshold were presented to the Risk Management Committee, Board Risk Committee and the KLCCP and KLCCRM Boards.
• The risk appetite covers five main areas:

Crisis Management

KLCCP Stapled Group has in place a comprehensive set of processes towards preparing the organisation to respond and manage a crisis event in order to protect and save people, environment, assets, and reputation.

The Crisis Management Plan (CMP) encompasses:

The CMP addressed the credible scenario in HSE and areas beyond HSE which are Finance, Human Capital, Digital, Facility Management, Legal and Regulatory in managing crisis.

The testing and exercising for CMP is conducted annually to ensure the readiness and effectiveness of the communication process and the recovery action plan in responding to the crisis. From this exercise, risk owners are aware of their roles and response preparedness in the event of emergency/crisis.

Testing and Exercising for Crisis Management Plan

During the year under review, KLCCP Stapled Group conducted the following activities to ensure readiness in responding to crisis:

• Tabletop incident command structure exercise at Menara 3 PETRONAS for tenants, floor safety managers and emergency management team.
• Emergency evacuation and fire drill exercise with floor safety managers and tenants at Kompleks Dayabumi and Menara Exxonmobil.
• Communication of Initial Action Plan on natural disaster namely flood to Hotel operator’s HSE team.
• Basic First Aid, Cardiopulmonary Resuscitation (CPR) and Automated External Defibrillator awareness with floor safety managers and tenants at PETRONAS Twin Towers.
• Testing and exercising for all identified credible scenarios other than HSE, via walk through sessions with all risk owners in KLCCP Stapled Group.

Based on the above exercises, employees and tenants were trained for their respective roles and responsibilities in the event of crisis.

Crisis Management

KLCC Stapled Group has established a Business Continuity Plan (BCP) as part of its Business Continuity Management to manage any interruptions arising from any incidents affecting ICT, business supply chain, assets and people. The BCP is designed to provide guidance in resuming key business functions in the event the CMP is unable to contain a crisis event that may have a major or catastrophic impact on the business in terms of financial, operation and reputation.

The BCP is reviewed annually to meet changing needs by conducting Business Impact Analysis (BIA) for all divisions, departments and OPUs in accordance with BCM framework. Results are presented to the Risk Management Committee and the Approving Authority. The BIA ensures that critical business functions are identified, the impact of unavailability of the functions over time are ascertained, as well as prioritisation of timelines for resumptions of activities and specifying Minimum Resources Requirements. People, equipment, assets, facilities, technology, vital record, interdependencies are to be allocated to recover and resume these functions following prolonged business disruptions.

The testing and exercising for Call Tree Verification exercise to validate that phone numbers and contact lists of relevant personnel and stakeholders are accurate and up to date, was conducted twice this year to ensure the effectiveness of communication to Critical Business Function (CBF) staff upon activation of BCP. This is to ensure that the CBF staff are contactable to carry out their designated roles accordingly. Based on the call tree verification exercises, CBF staff were trained to respond promptly to the activation of BCP.

Safeguarding the data within our stewardship throughout its lifecycle and ensuring ongoing compliance with data protection regulations globally remain a key priority for the Group. Our IT infrastructure is fully supported by Group Digital, PETRONAS. Through the cyber security alerts and other initiatives, we continue to educate and create awareness among employees on cyber threats.

As our employees are the first line of defence in keeping the organisation secure, it is important for them to understand the threats and be equipped with the necessary cyber security knowledge. We continue to create greater awareness and compliance on cyber security, via awareness training programmes. In dealing with external parties, we make transparent the Data Privacy Policy, requiring strict adherence such as incorporating Non-Disclosure Agreement (NDA) into Vendor Contract Agreements to prevent unauthorised usage and leakage of confidential data. We have in place a series of system controls to provide further protection assurance, including robust validation of system access and obligations on external parties who may have the data access.

Our cyber security efforts are guided by the Enterprise Cyber Security Governance Framework (ECSGF) which aim to protect our systems and data from malicious attacks such as Ransomware and Phishing. The Enterprise Cyber Security Governance Framework, defines the guidelines, standards, policies and procedures required to ensure our risks are effectively managed and mitigated. In 2020, we developed the Cyber Security Action Plan in our effort to mitigate cyber security crime and to strengthen the existing system and procedures to address the root causes of cyber security issues resulting from poor enforcement, weak internal control, and acceptance culture.

Cyber Security Risk Management Initiatives For The Year

• Implemented PETRONAS Zscaler Internet Access (ZIA) to ensure secured browsing particularly by users on Work From Home (WFH) mode.
• Developed the Digital Project Management Framework (DPMF) that governs all IT and Operational Technology (OT) System processes for the Group’s ICT Business As Usual (BAU) and Digital projects.
• Reviewed the KLCC Group Cyber Security Risk Profile to make it current and reflect latest cyber threats together with Group Risk Assurance team.
• Conducted Call Tree Testing to assess the effectiveness of communication amongst Division/Department Head, BCM Coordinator and CBF Staff in the event that a crisis occurred due to system disruption.
• Implemented Monthly Phishing Test and reported the Phishing Test Failure Rate to the Management.
• Conducted Cyber Security – Business Impact Analysis (CS-BIA) and Legal Regulatory Assessment (LRA) to assess the impact of system disruption in terms of Confidentiality, Integrity and Availability and Maximum Acceptable Outage (MAO). This is done during the Project Initiation stage of any ICT BAU and Digital Projects.
• Assessed on all critical Third Party vendors’ applications to ensure Disaster Recovery (DR) and Backup Restore Procedure are incorporated into these applications.

Capability Building For Employees

• Organised the Global Cyber Security Month for the Group to raise cyber security awareness and adoption level to greater heights.
• Tracked and reported users’ overall completion of cyber security training on SWITCH and MyLearningx PETRONAS e-Learning platforms.
• Conducted regular cyber security and Phishing Awareness Training for users (physically and virtually) targeted at users who failed the Phishing Test and not completed training materials on SWITCH and MyLearningx.

Data Security Management

• Enforced the Personal Data Protection Act (PDPA), General Data Protection Regulation (GDPR) and Payment Card Industry, and Data Security Standards (PCI DSS) to ensure compliance by vendors.
• 29 Enterprise Content Management System Representatives and Document Records Management Focals were upskilled on the best practices to support the principle of information Security and Risk Management;
  • Participants acquired the awareness on the importance of Enterprise Information Management in maintaining information Confidentiality, Integrity, and Availability.
  • Adherence to the Document Ownership Matrix and Information Classification Matrix will help the organisation prevent or reduce the likelihood of unauthorised access to data or record, and minimise the risk of critical data disclosure.