5-Year Sustainability Roadmap (2019-2023)

Goal 1: Building a Smart, Safe and Sustainable KLCC Precinct

We are committed to sustainable social and economic development across our business, operations and communities. We seek to share prosperity through our local hiring, investments in our operations and infrastructure, and contributions to non-profit organisations that help communities thrive and promote inclusive social development.

Our Approach

We constantly look to strengthen our portfolio to ensure it meets the changing needs of our customers and communities. We always bring social, economic, and environmental benefits to the areas where we operate. Great design increases efficiency, encourages people to spend time in our spaces and enables buildings to adapt to changing customer needs. We design with long-term value in mind. We design our buildings to support wellbeing and productivity. From office occupiers to brands and shoppers, we aim to provide our customers with exceptional experiences – creating value for our shareholders.

Focus For The Year

Strengthening business resilience and continuity through close monitoring of our cash flow and cost optimisation
Enhancing customer and tenant communication in building trust and elevating experience
Progressing social agenda through community programmes for the needy and underprivileged

Our Material Matters

Delivering and Adding Value

In 2022, our total revenue amounted to RM1.46 billion. From this, about 22% went to purchasing costs and other operating expenses. The remaining RM1.14 billion were distributed to our employees, shareholders, and other providers of capital, paid in taxes to government, or retained in the company.


The world around us is changing at a great pace and we are in continuous dialogue with our customers as we strive to understand and prepare to meet the longer-term trends within our industry. By doing this we are able to ensure that our portfolio continues to meet the needs of, and play an integral part in, our customers' operations, and that our business remains relevant.

We have embedded a culture of continuous improvement within the Group and are constantly questioning how and why we do things while pushing ourselves to do better. This means we are constantly refining not just our existing portfolio but also how we design, plan and build our assets, with sustainability and technology at the heart of our thinking.

The creation of our Digital Roadmap (2020-2023) was an important part of this process, reflecting our belief that we should consider investments in data and technology in the same way that we consider investments in physical assets.

The industry within which we operate offers significant opportunities to make changes that not only help improve efficiencies, but also help us make better and more informed decisions. Key to this is a focus on enhancing operational excellence in the areas of project management, facilities management and safety and security.

KLCCP Stapled Group believes in building a strong and trusting relationship with our customers and tenants as we continue to engage with them even during the difficult times. We value their patronage and take into consideration their feedback in our effort to expand our outreach and in building a shared sense of responsibility and progressing societal development. We conducted extensive engagements via numerous communication channels to promote social betterment, and to build strong tenant relationship, to meet the evolving customer behaviour and expectations.

We are also committed to provide the best customer experience and endeavour to exceed guests’ expectations, through personalised services that cater to individual needs. We curated loyalty programmes to suit our guests and provide them with the best experience whether they are in offices, at our retail mall or during their stay at our hotel.

Sustainable Procurement and Supply Chain plays a significant role in our sustainability practices. Recognising that we are in a position to influence our suppliers to adhere to our principles and values, we included in all our contracts with our contractors, consultants and suppliers (suppliers), the provisions requiring them to comply with our CoBE. We also promote transparent and fair practices by our supplier by including a provision on supplier code of conduct in the contract’s terms and conditions on fighting corruption, maintaining business ethics and prioritising HSE practices.

By doing this, we promote our sustainability standards beyond our own business, causing a ripple effect of change that we hope will affect the way that suppliers deal not only with us, but with their other customers and their own suppliers as well. We believe procurement is one of the biggest levers to drive sustainability in our economy.

We are committed to doing business with other companies that share our values and beliefs. For effective sustainable supply chain management, we must secure buy-in from our suppliers to uphold our high standards.

In promoting sustainable procurement practices, we have a robust procurement process that covers every element of our value chain.

KLCCP Stapled Group embraces social responsibility and maintains active engagement with our diverse group of stakeholders who have a direct or indirect impact to our business, reputation and our purpose in creating a sustainable future for all. We continue to establish mutually beneficial relationships through impactful communications and initiatives that suit the different needs of our stakeholders.

Charity and Donations



5-Year Sustainability Roadmap (2019-2023)

Goal 3: Combating Climate Change and Reducing Environmental Impact

Protecting the planet is a social, economic and ethical imperative. As a recognised corporate leader, we are committed to minimising our environmental footprint and delivering sustainable value to our society.

Our Approach

Protecting the environment is an ongoing challenge for businesses of all sizes, in all industries, all over the world. KLCCP Stapled Group recognises that environmental impact is a material sustainability matter for our business

Focus For The Year

Strategies our pathway towards achieving low carbon/net zero carbon emission
Assessment of disclosures against the recommendations of the Task Force on Climate-related Financial Disclosures (TCFD)

Our Material Matters

Our approach to climate change supports the transition to a cleaner, more energy-efficient and sustainable global economy that is conscious of its use of limited natural resources. We recognise the complexity and urgency of climate change and consider the risks and opportunities that climate change presents to the global economy. As a large corporate entity, we believe we can make a meaningful impact in combating climate change.

We are mindful of the potential climate risks when the economy restarts after Covid-19 and therefore stand firm in our commitment to clean energy investments as they will make the new economy more sustainable.

Task Force on Climate related Financial Disclosures (TCFD)

This year we have done an initial mapping of our current sustainability management approach actions against the four pillars of TCFD Recommendation, namely Governance, Strategy, Risk Management and Metrics and Targets. Our current Sustainability Governance Structure and Risk Management Process support the essential TCFD pillars, i.e. Governance and Risk Management, as illustrated in the table below. We plan to implement TCFD Recommendations in phases starting year 2023.


We strengthened our GHG emission accounting, according to “The Greenhouse Gas Protocol - A Corporate Accounting and Reporting Standard”. We report our GHG emission using the operational control approach, which is based on arrangement stated in our tenancy/lease and hotel management agreement.

The Group continue to monitor our GHG emission and track our progress via our 5-Year Sustainability Roadmap. This year we adjusted the emission reporting boundary to categorise emission from our leased assets and investment as Scope 3 emission.

During the year, we recorded a 17% increase in total GHG emission from 83,095 mtCO₂e in 2021 to 96,939 mtCO₂e in 2022 as a result of increased occupancy and more business activity in our offices, carpark and retail during the year.

* Retail includes Suria KLCC and retail podium Menara 3 PETRONAS
* In 2022, emission from assets not under operational control is disclosed as Scope 3 Emission (Category 13)

Greenhouse Gas Emission by Segment (mtCO2e)

The GHG emission intensity for our assets is 83, 163 and 120 kgCO₂2/m2 for office, retail and hotel segments respectively.

Energy Consumption

Our overall energy consumption during the year increased 15% from 86,193 MWh in 2021 to 99,076 MWh in 2022. This was due to the increase in economic activities when business resumed in our hotel and retail businesses post pandemic. Tenants of our office spaces have also resumed working in office.

Building Energy Intensity

The Building Energy Intensity in our assets ranges from 64 to 213 kWh/m2/yr in 2022, declined from the pre-pandemic levels of 99 to 264 kWh/m2/yr in 2019. This is achieved through various initiatives including the renovation of the PETRONAS Twin Towers into GBI Gold Rating Building and Menara 3 PETRONAS into GBI Silver Rating Building in 2019 under Non-Residential Existing Building (NREB) category. The commencement of operation of the Integrated Building Command Centre in April 2021 has helped to reduce the energy consumption in our office buildings, through increased efficiency in operation and maintenance activities.

Energy conservation initiatives for Year 2022

Renewable Energy

Reducing our environmental impact is vital to both the Group and our customers. We take a practical approach in managing natural resources which include promoting the use of renewable energy at our mall. At Suria KLCC, the photovoltaic system, located at its rooftop has contributed to the mall’s electricity saving of approximately 17.2 million kWh since 2014, equivalent to a total saving of RM2.0 million.

Our mission focuses on providing the highest quality commercial office space while bringing responsible environmental solutions and innovative energy saving strategies to our tenants and the communities where we operate. We know a cleaner future cannot be delayed, thus our commitment to reduce waste, save energy, and manage our resources responsibly across our portfolios.

We closely manage our environmental performance through green building best practice, industry sustainability benchmarks, and internal reviews. As the performance of our assets improves through enhanced operations and capital investments, so too our baseline, there by continuously raising the bar on the sustainability performance of our buildings.

Water Management

Our water consumption is relatively low compared to other industries. Our primary use is in our office buildings, retail malls and hotel facility, where we use it for drinking, sanitation, and food preparation. We have in place various initiatives that support our goal of monitoring and minimising the amount of water we consume across our operations. We assess water consumption and installations and make site-specific recommendations for water efficiency improvements.

During the year, we recorded an increase of 53% in water usage contributed by the increase in business activities post pandemic. We recorded a two-fold increase in our hotel occupancy and footfall to the malls in 2022.

Water Conservation Initiatives

Waste Management

The waste generated by the Group comprised municipal waste produced during operations from our buildings by users and occupants, food waste from our eatery outlets, and hazardous waste from operation and maintenance of the buildings.

We continued our effort to reduce waste and strive to reuse resources in 2022.

Where our services require us to handle hazardous waste, we dispose them responsibly, in accordance to the Environmental Quality (Scheduled Waste) Regulations 2005, not causing risk to our people, the environment or local communities.

Generation of Non-hazardous Waste

During the year, we have generated a total of 4,768 metric tonnes of non-hazardous waste, compared to 2,885 metric tonnes in 2021. 69% of the waste generated comes from the retail segment, this is due to the increased footfall to the mall post pandemic.

Diversion of Non-hazardous Waste from Disposal

Our operations in office, retail and hotel embarked on plastic and paper waste recycling, food waste recycling and composting practices etc. This practice supports the UNSDG12 on Responsible Consumption and Production. The waste diversion rates recorded in 2022 were 1%, for office, 10% for retail and 52% for hotel.

Our hotel segment recorded a relatively high diversion rate of 52%. The hotel has composted a total of 270 metric tonnes of food waste and turned them into garden waste and recycled a total of 66 metric tonnes of other wastes in 2022. The waste intensity per room is 1 metric tonnes per room per year.

Waste Management Initiatives in 2022

Hazardous Waste Management

Our operators manage the hazardous waste according to the Environmental Quality (Scheduled Waste) Regulations 2005. A Competent Scheduled Waste Manager is employed at every asset to ensure compliance to this regulation.

Hazardous wastes generated in our assets include used light bulbs and electronic wastes. The quantity generated in 2022 is 3.3 metric tonnes, lower than 3.5 metric tonnes in 2021.



5-Year Sustainability Roadmap (2019-2023)

Goal 2: Building an Agile, Inclusive and Sustainable Workforce in a VUCA (Volatility, Uncertainty, Complexity and Ambiguity) World

We believe in investing in upskilling and reskilling our workforce to compete and win in the future marketplace, given the constantly changing market landscape. We invest in digital tools to better churn insights and intelligence from data, simplify work processes, empower decision making and enable seamless collaboration.

Our Approach

Our people are integral to our business and our success. Our ability to attract and retain a diverse workforce, characterised by equal opportunities and prospects for career advancement, is fundamental to our business operation.

We recognised that workforce expectations have evolved considerably over the past years and will continue to do so. Today’s talents are looking for growth, opportunities to shine, variety, flexibility, mobility and security. Increasingly, people want to work for an organisation that is purposedriven and where they can add value to society.

Our Group outlined its human capital strategies to cater for the evolving expectations of future generations of employees. We emphasised on innovation and digitalization efforts towards institutionalised efficient and effective processes, systems and organisational capability.

Our talent management is fundamentally based on performance management, leadership development, succession planning and employee capability building. It is implemented at all levels of the organisation in partnership with our leaders, business managers and operation teams, to support our business priorities and growth strategy.

As an equal opportunities’ employer, we strive to treat everyone fairly, as entrenched in our Code of Conduct and Business Ethics (CoBE), which sets out the requirements that protect people against discrimination in our workplace.

Focus For The Year

Greater inclusivity and women empowerment
Safety and mental wellbeing of our people throughout the pandemic
Upskilling of our people to improve and enhance skillsets and capabilities
Promoting high performance culture by engaging and enriching our employees through work-life balance programmes in building an agile and empowered workforce

Our Material Matters

Skills and Capability Development

We tailor our talent development programs and interventions to suit business and employees’ needs and expectations, ensuring that our highly skilled and engaged talents are equipped to meet the needs of our stakeholders.

We continuously invest our energy and resources in upskilling and reskilling our employees to compete and win in the future marketplace, given the constantly changing market landscape.

Our employees’ development opportunities addressed their needs in technical and leadership skills. This enables us to retain talents over the long term and prepare them for their future roles.

During the year, we continue to promote self-directed learning to equip our employees with the essential and important skillsets for them to be able to function in today’s world and to adapt to new ways of working through various e-learning platforms such as LinkedIn learning, HMM and SWITCH.

In supporting the Group’s Strategic Framework, we have initiated a capability inventory review to identify required skill sets and capability to build a performing organisation. Enhanced Leadership Competencies were introduced in response to the new behaviour and leadership requirement needed to thrive under the new ways of working. We aspire to build talent who can energise team and stakeholders, decide at pace, grow self, other and business, and execute for superior performance.

Workforce Engagement

The well-being of our employees is reflective of how happy and healthy they are at the workplace. We continue to maintain consistent and regular employee engagement during these challenging times focusing on their health and emotional wellbeing. These engagements are intended to inspire them to greater commitment, and to motivate them to perform productively and efficiently.

The engagements held throughout the year, provided our employees with the opportunity for their voice to be heard and foster a positive and inclusive workplace. We engage our people in the business culture transformation initiatives, encourage them to share their ideas, and suggestions via various channels such as townhalls, briefings and leadership sharing sessions. Likewise, our leaders engaged closely with their respective team to cascade messages and business performances.

In promoting work-life integration, our Sports and Recreation Club, KSRC, organised several programmes for its members which included Bowling Tournament, White Water Rafting and Cave Exploration. We provided Digital Health online platform, wellness talks as well as health check campaign, to encourage employees to embrace a healthier lifestyle and improve their wellbeing.

As a responsible business we are committed to generate mutual stakeholder benefits and ensure that we do not infringe on the human rights of others. We recognise that our employees are crucial to the on-going success of our business and to how the Group is regarded by the wider market. Furthermore, we believe that all employees should be treated fairly and with respect.

Whilst we recognise that the Government has the primary responsibility to protect and support human rights, we also embrace the important role we play as a business. Within all our business activities and partnerships, we are dedicated to consider our impact to social, environment, and address any human rights issues.

Equality, Diversity and Inclusion

Advancing our culture of inclusion belonging continues to be a priority. We took significant steps to strengthen our approach by incorporating it in our human capital strategies. We are committed to a culture in which everyone has access to opportunities for career development in which everyone can reach their potential without barriers. Furthermore, we recognise that with the diversity of our workforce, we are able to leverage the different skills, mindsets, knowledge and experience of our employees. Ensuring our environment is one where everyone feels they belong and can bring their potential to the fullest will drive our collective ability to innovate and deliver to all our stakeholders

Women Empowerment

Equal opportunities for women remain a key focus for the Group. We recognise the positive impact of gender diversity on the performance of teams and the business. Therefore, increasing female representation in leadership supports our business strategy. In 2022, women accounted for 38 percent of our total workforce and 41 percent of our management.

Women representation in the Boards is 50 percent in line with the Board Diversity Policy which seeks to ensure that the mix and profiles of our Board members, in terms of age, ethnicity and gender, provide the necessary range of perspectives, experiences and expertise required to achieve effective stewardship.

Non- Discrimination

The Group values and respects individual differences. We believe in creating an environment where our teams feel they are valued; where they can bring their differences to work each day and where they feel able to make their own unique contribution. We believe everyone deserves the right to be treated equally and should not be discriminated against because of their differences. The Group is committed to treating all its employees equally based on their merits and abilities to do their jobs.

The Group has in place its Code of Conduct and Business Ethics which details the steps taken should employees believe that their equality rights may have been breached. If an employee feels that an attempt at informal resolution is inappropriate given the seriousness of his/her complaint or if informal attempts have failed or been unsatisfactory, then a formal complaint may be made to the Human Capital (HC) Department. Upon submission of report, the Group ensures that the investigation is carried out as quickly as possible. If the findings disclose evidence of a possible disciplinary offence, then disciplinary proceedings will be commenced in accordance with our disciplinary policy. All members of the HC Department have received appropriate training in resolving equal opportunities and dignity at work issues. They will deal with any grievances raised with them under this policy in the strictest confidence.

Employee Benefits and Compensation

The Group continues to benchmark against similar industry players in order to remain competitive in attracting and retaining talents. During the year, the Group implemented the new grade structure and the new salary scale in its efforts to remain competitive with the market. Along with the new grade structure and salary scale, eligible employees of the group also experienced salary adjustments.

Responsible Employment

The Group expects everyone working with us or on our behalf to abide by the Malaysian Labour Laws, which include the Employment Act 1955, Trade Union Act 1959 and Industrial Relations Act 1967. The Group has a zero-tolerance approach to modern slavery and child labour.

The prevention, detection and reporting of modern slavery or child labour in any part of our organisation and supply chain, is the responsibility of all those working for us or on our behalf. As part of our contracting processes, we reserve the right to terminate our relationships with suppliers and other organisations working on our behalf if they do not comply with our Labour Standards.

All suppliers, contractors or business partners of the Group are required to comply with our Supplier Code of Conduct, which sets out our expectations for the treatment of workers and how suppliers are required to behave.

Job Security

The Group is keenly aware of the health concerns and economic uncertainty weighing on the entire community. Whilst many organisations continue to lay off their employees during this uncertain economic period, we did not. The Group practiced no Covid-19 related layoffs for all employees. We assured our employees of their job security and there was also no salary cut despite the challenging business environment.

The Group continued providing pay and health and welfare benefits during this period that allow employees to care for themselves and their families as we look to support the Nation more effectively towards recovery.

The Group has comprehensive Health, Safety and Security management systems and processes in place to ensure to the best of our ability and in line with industry best practice, the health, safety and security of anyone visiting our assets. We are fully committed to consistently achieve the highest standards of health & safety management and performance. Our record in this area is exemplary.

Our Approach

We provide healthy, safe and secure places for our stakeholders to live, work, shop and play, recognising that we can only achieve this through close collaboration with our partners, including our supply chain, investors and enforcing authorities. Our business activities are conducted in accordance with our KLCC HSE Policy and comply with the highest standards of occupational safety and health regulations. This is supported by our HSE Management System (HSEMS) and HSE Mandatory Control Framework (MCF) to strengthen HSE Governance within the KLCCP Stapled Group while providing clear requirements on operational safety, environment and health for, consistent and effective implementation.

We have also taken the opportunity to embrace innovative construction methods, to realise the full potential of health and safety benefits. This relates to both key design principles and on-site construction risks. We work with design teams to ensure our developments maximise desired operational outcomes while achieving our vision of providing healthy, safe and secure places.

Shaping Generative HSE Culture

At KLCCP Stapled Group, the safety and well-being of people are deeply rooted within our HSE strategy and management activities and are strengthened by the Group’s Generative HSE Culture which aims to create greater transparency and awareness. Through this Generative HSE Culture we will continue to drive efforts towards values, attitudes, goals and proficiency of the organisation’s health and safety. It aims to promote transparency and mindfulness in all HSE areas.

The Group was rated at Proactive Level in 2021 Culture Maturity Survey, which saw us maintaining good HSE practices in every aspect of our work and operations.

We strive to ensure strict adherence to safety standards and enforced safety culture, compliance and leadership among employees as well as our contractors.

We recorded zero fatalities but was very unfortunate to have two Lost Time Injury incidents during the year. Post incidents, investigation was carried out and root causes were identified. We ensure that lessons learnt from all incidents are shared with all employees, to prevent recurrence in the future.

Digital HSE at KLCC

Evolution of HSE Digital Initiative brought us to the digital transformation in reporting. The Group’s Leadership Team is now able to monitor updated HSE Performance through Power BI Dashbords. The presence and availability of up-to-date data helps the leadership to be aware of the current HSE risk and status, thus enabling them to facilitate and make quick decision in HSE matters. We harness the power of HSE data to derive insights on HSE performance, trends, emerging risks and other important elements so that proactive interventions can be planned.

Security Management

Ensuring a comprehensive security and surveillance system is essential to protect the iconic PETRONAS Twin Towers, maintaining an open and free access for visitors and controlling security incidents impacting other buildings within the precinct. The Integrated Security Operation Center (ISOC) that is empowered with digital technology acts as a security central nerve that monitors the security situation within the KLCC Precinct to support the new security modus operandi.

New Security Operating Model

Another security initiative introduced which started operations during the year was the New Security Operating Model, (NSOM) that transformed the security modus operandi from a “static zone-based security guards” to “Risk-based Intelligent Patrolling and Rapid Response Auxiliary Police”. There is also close coordination between KLCC Precinct security and operators’ security team who are responsible for their respective area in managing security incidents. Dayabumi Complex has fully deployed PETRONAS Auxiliary Police to provide better service level in ensuring secured working environment for tenants and visitors.

Mental Wellness

We provide a wealth of resources designed to raise awareness of wellbeing, reduce the stigma of mental health and encourage open, honest conversations.

A key message for employees throughout the pandemic has been that their health and wellbeing remain the Group’s utmost priority and this has been complemented by offering advice to employees on how to reach out for assistance.

Employees’ wellbeing is always the top priority and we realised that building employee’s resilience skills is a critical step to proactively manage positive mental health.

Hence, management took the initiative to provide a holistic solution to mental health. We embarked on the Employee Assistance Program supported by Naluri Life Sdn Bhd. 225 managers and above attended the online CARE program, that provide understanding of the spectrum of mental fitness, build resilience, learn to work with people in distress and increase empathy in workplace.

The Group also enhanced its medical benefits which include pre hospitalisation admission, Covid-19 test coverage, Covid-19 hospitalisation treatment and mental illness treatment of staff and dependents.



At the core of everything we do, and the way that we do it, lies our commitment to the highest standards of governance excellence. It is not enough for us to deliver world class assets; we must do so while upholding standards of integrity and ensuring risks are managed at acceptable levels.

Our Approach

Sound corporate governance underpins our values, culture, processes, functions and organisational structure.

We have a strong culture of entrenched values, which form the cornerstone of our behaviour towards stakeholders and against which, we measure practices and activities to assess the characteristics of good governance. Directors and employees are required to conduct themselves with integrity, consistently and uncompromisingly displaying moral strength and behaviour that promote trust.

This commitment to good corporate governance is reflected in the CoBE, our foundation in fulfilling our business obligations with utmost integrity and transparency. Our culture of openness, transparency and accountability are strengthened with the adoption of the No Gift Policy and Whistle Blowing Policy and our adherence to the Anti- Bribery and Corruption Policy and Guidelines (ABC manual).

In managing the risk, the Group has a robust KLCC Resiliency Model which provides an integrated view on our overall strategy in managing risks.

Focus For The Year

Surveillance Audit by SIRIM to evaluate compliance of the Group’s Anti-Bribery Management System to the requirements of ISO 37001:2016
Review of the Risk Appetite to provide comprehensiveness to the current risk appetite statement in ensuring the risk exposure and type of risk to be pursued or retained by KLCCP Stapled Group in achieving its strategic objectives are properly defined

Our Material Matters

Corporate Governance and Compliance

At the highest governance level, the Boards have the ultimate responsibility to monitor that the Group is operating as a responsible organisation. This includes considerations around climate-related risks and opportunities when reviewing the group’s strategy. Principal and emerging risks are identified through robust assessments by the Boards and the various subcommittees. The Boards recognise that a balanced board is vital for sustainable value creation and that competency skills are adequately represented within the Board Committees. The Boards composition is both qualitatively and quantitatively balanced in terms of skills, gender, experience, tenure and independence. The Boards regularly review its own effectiveness and therefore undertakes a formal evaluation of its performance and that of its committees and individual directors once in three years.

Stakeholder Engagement

Our Board is committed to continuous improvement in our corporate governance principles, policies and practices, and does so by remaining abreast of evolving regulations and best practices. This is further enhanced through engagement with regulators and industry bodies, and through seeking regular feedback from other stakeholders.

We establish and maintain proactive dialogue with all our stakeholders and recognise that stakeholder needs are dynamic and that we need to be responsive to the evolving stakeholder landscape. We manage our stakeholders’ needs and expectations by taking into consideration their viewpoints towards more tangible business value creation.

Our Stakeholder Management framework, as set out on page 16 to 17 of this report demonstrate how we engage and create values for our diverse group of stakeholders. Communication with stakeholders is imperative in understanding and managing their expectations and provide new perspectives in generating positive impact to the organisation.

Board Diversity

Risk and Crisis Management

Risk management is an integral part of KLCCP Stapled Group’s business at both strategic and operational levels. An effective and sound risk management system is important for the Group to achieve its business strategies and objectives. The Group leverages on the KLCC Group Enterprise Risk Management Framework (the ERM Framework) which sets out the risk policy, risk governance and structure, risk measurement, risk operations and system. The ERM Framework is central to ensure the Group’s strategic and operational activities are within strategic mandates, risk appetites and corporate objectives.

KLCCP Stapled Group is committed to provide overall reasonable level of confidence that risks and their associated controls are adequately, effectively, and safely managed through assurance programs.

To support the above, there is an established Risk Management Oversight Structure encompassing the Boards, Board Risk Committee (BRC), and the Risk Management Committee (RMC). This structure assigns responsibility for risk management whilst facilitating the assessment and communications of risk matters from the operational levels to the Boards. The KLCCP and KLCCRM Boards developed the KLCC Resiliency Model that essentially covers the following three key areas to provide an integrated view on the overall strategy.

Enterprise Risk Management

The application of the ERM Framework is a structured and holistic approach to identify, assess, treat, and monitor risk aimed to reduce the likelihood and impact of all identified risks to enhance ability to achieve strategic objectives.

The ERM Framework is aligned to the ISO 31000 and is designed to manage risks in an integrated, systematic, and consistent manner. The ERM Framework sets out the six key elements comprising Governance, Context Setting, Risk Assessment, Risk Treatment, Risk Monitoring and Review and Continual Improvement.

Elements of the ERM Framework

The risk profiling exercise is carried out to provide a balanced view for informed decision making through richer risk conversations and considerations of risk reward trade-offs.

KLCCP Stapled Group utilises the INTERISK system as a risk tool to effectively manage and monitor risk profiles. It embeds the industry standard risk management process of ISO 31000. The INTERISK system drives active risk conversation/analysis monitoring through a dashboard, reinforces effective risk governance and assurance practices and provides a seamless flow of information and processes along the risk management value chain.

Annual Review of Risk Appetite

  • Governance, Risk and Assurance Department reviewed the risk appetite to provide comprehensiveness to the current risk appetite statement in ensuring the financial and non-financial risk exposure and type of risk to be pursued or retained by KLCCP Stapled Group in achieving its strategic objectives are properly defined. The annual review is crucial to reflect the threshold during this transitional period to the endemic phase.
  • The updated risk appetite statement, risk tolerances and risk threshold were presented to the Risk Management Committee, Board Risk Committee and the KLCCP and KLCCRM Boards.
  • The risk appetite covers five main areas:

Crisis Management

KLCCP Stapled Group has in place a comprehensive set of processes towards preparing the organisation to respond and manage a crisis event in order to protect and save people, environment, assets, and reputation.

The Crisis Management Plan (CMP) encompasses:

The CMP addressed the credible scenario in HSE and areas beyond HSE which are Finance, Human Capital, Digital, Facility Management, Legal and Regulatory in managing crisis.

The testing and exercising for CMP is conducted annually to ensure the readiness and effectiveness of the communication process and the recovery action plan in responding to the crisis. From this exercise, risk owners are aware of their roles and response preparedness in the event of emergency/crisis.

Testing and Exercising for Crisis Management Plan

During the year under review, KLCCP Stapled Group conducted the following activities to ensure readiness in responding to crisis:

  • Tabletop incident command structure exercise at Menara 3 PETRONAS for tenants, floor safety managers and emergency management team.
  • Emergency evacuation and fire drill exercise with floor safety managers and tenants at Kompleks Dayabumi and Menara Exxonmobil.
  • Communication of Initial Action Plan on natural disaster namely flood to Hotel operator’s HSE team.
  • Basic First Aid, Cardiopulmonary Resuscitation (CPR) and Automated External Defibrillator awareness with floor safety managers and tenants at PETRONAS Twin Towers.
  • Testing and exercising for all identified credible scenarios other than HSE, via walk through sessions with all risk owners in KLCCP Stapled Group.

Based on the above exercises, employees and tenants were trained for their respective roles and responsibilities in the event of crisis.

Crisis Management

KLCC Stapled Group has established a Business Continuity Plan (BCP) as part of its Business Continuity Management to manage any interruptions arising from any incidents affecting ICT, business supply chain, assets and people. The BCP is designed to provide guidance in resuming key business functions in the event the CMP is unable to contain a crisis event that may have a major or catastrophic impact on the business in terms of financial, operation and reputation.

The BCP is reviewed annually to meet changing needs by conducting Business Impact Analysis (BIA) for all divisions, departments and OPUs in accordance with BCM framework. Results are presented to the Risk Management Committee and the Approving Authority. The BIA ensures that critical business functions are identified, the impact of unavailability of the functions over time are ascertained, as well as prioritisation of timelines for resumptions of activities and specifying Minimum Resources Requirements. People, equipment, assets, facilities, technology, vital record, interdependencies are to be allocated to recover and resume these functions following prolonged business disruptions.

The testing and exercising for Call Tree Verification exercise to validate that phone numbers and contact lists of relevant personnel and stakeholders are accurate and up to date, was conducted twice this year to ensure the effectiveness of communication to Critical Business Function (CBF) staff upon activation of BCP. This is to ensure that the CBF staff are contactable to carry out their designated roles accordingly. Based on the call tree verification exercises, CBF staff were trained to respond promptly to the activation of BCP.

Integrity and Corruption Management
KLCCP Stapled Group is mindful of the threats of corruption and bribery to its operations. The risks vary across different landscapes including jurisdictions, business sectors, people and transactions.
The Group’s continuous effort in managing integrity risks within the organisation reflects our commitment to conduct business with high integrity and in support of the Group’s zero tolerance against all forms of bribery and corruption.

KLCCP’s Policy Statement on Anti-bribery and Corruption
has been reviewed and endorsed by the CEO. The policy states our commitment to comply with applicable laws and regulations, which include the CoBE, the Anti-Bribery and Corruption Manual. Consequence Management will be implemented on employees who failed to comply. The Group provides channels for employees and public to disclose improper conduct in the Group.

Anti-Bribery Management System
KLCC Property Holdings Bhd and its subsidiaries, are certified to ISO 37001:2016 Standard. The Group passed the surveillance audit conducted by SIRIM in November this year. The Surveillance Audit assures the adequacy and effectiveness of the Group’s management systems.

The Group governs its ABMS through a structure which encompasses:

  • Governing Body (the Boards) who has the ultimate responsibility and oversight of the ABMS
  • Top Management, comprising Chief Executive Officer and Head Divisions, who ensure that the ABMS is implemented adequately to address the Group’s bribery & corruption risks, and
  • Compliance Function, who is dedicated to oversee the implementation of ABMS, review and report the ABMS performance to the Governing Body and Top Management

We implement our ABMS based on the MACC Act 694 T.R.U.S.T. Principles i.e. Top Level Commitment, Risk Assessment, Undertake Control Measures, Systematic Review, Monitoring & Enforcement, and Training & Communication.

ABMS performance has improved over the years, evidenced by the zero Non-Conformance Report (NCR) and the declining number of Opportunities for Improvement (OFI) from SIRIM audits.

Implementation of the ABMS action plan is monitored by the Governance, Risk and Assurance Department via a digital dashboard, the “TRUST-T”. ‘TRUST-T’ is a digital tool that track, monitor and automate reminders to the OPUs to implement their planned programs. TRUST-T dashboards create insights on the overall ABMS implementation status in the Group.

Safeguarding the data within our stewardship throughout its lifecycle and ensuring ongoing compliance with data protection regulations globally remain a key priority for the Group. Our IT infrastructure is fully supported by Group Digital, PETRONAS. Through the cyber security alerts and other initiatives, we continue to educate and create awareness among employees on cyber threats.

As our employees are the first line of defence in keeping the organisation secure, it is important for them to understand the threats and be equipped with the necessary cyber security knowledge. We continue to create greater awareness and compliance on cyber security, via awareness training programmes. In dealing with external parties, we make transparent the Data Privacy Policy, requiring strict adherence such as incorporating Non-Disclosure Agreement (NDA) into Vendor Contract Agreements to prevent unauthorised usage and leakage of confidential data. We have in place a series of system controls to provide further protection assurance, including robust validation of system access and obligations on external parties who may have the data access.

Our cyber security efforts are guided by the Enterprise Cyber Security Governance Framework (ECSGF) which aim to protect our systems and data from malicious attacks such as Ransomware and Phishing. The Enterprise Cyber Security Governance Framework, defines the guidelines, standards, policies and procedures required to ensure our risks are effectively managed and mitigated. In 2020, we developed the Cyber Security Action Plan in our effort to mitigate cyber security crime and to strengthen the existing system and procedures to address the root causes of cyber security issues resulting from poor enforcement, weak internal control, and acceptance culture.

Cyber Security Risk Management Initiatives For The Year

  • Implemented PETRONAS Zscaler Internet Access (ZIA) to ensure secured browsing particularly by users on Work From Home (WFH) mode.
  • Developed the Digital Project Management Framework (DPMF) that governs all IT and Operational Technology (OT) System processes for the Group’s ICT Business As Usual (BAU) and Digital projects.
  • Reviewed the KLCC Group Cyber Security Risk Profile to make it current and reflect latest cyber threats together with Group Risk Assurance team.
  • Conducted Call Tree Testing to assess the effectiveness of communication amongst Division/Department Head, BCM Coordinator and CBF Staff in the event that a crisis occurred due to system disruption.
  • Implemented Monthly Phishing Test and reported the Phishing Test Failure Rate to the Management.
  • Conducted Cyber Security – Business Impact Analysis (CS-BIA) and Legal Regulatory Assessment (LRA) to assess the impact of system disruption in terms of Confidentiality, Integrity and Availability and Maximum Acceptable Outage (MAO). This is done during the Project Initiation stage of any ICT BAU and Digital Projects.
  • Assessed on all critical Third Party vendors’ applications to ensure Disaster Recovery (DR) and Backup Restore Procedure are incorporated into these applications.

Capability Building For Employees

  • Organised the Global Cyber Security Month for the Group to raise cyber security awareness and adoption level to greater heights.
  • Tracked and reported users’ overall completion of cyber security training on SWITCH and MyLearningx PETRONAS e-Learning platforms.
  • Conducted regular cyber security and Phishing Awareness Training for users (physically and virtually) targeted at users who failed the Phishing Test and not completed training materials on SWITCH and MyLearningx.

Data Security Management

  • Enforced the Personal Data Protection Act (PDPA), General Data Protection Regulation (GDPR) and Payment Card Industry, and Data Security Standards (PCI DSS) to ensure compliance by vendors.
  • 29 Enterprise Content Management System Representatives and Document Records Management Focals were upskilled on the best practices to support the principle of information Security and Risk Management;
    • Participants acquired the awareness on the importance of Enterprise Information Management in maintaining information Confidentiality, Integrity, and Availability.
    • Adherence to the Document Ownership Matrix and Information Classification Matrix will help the organisation prevent or reduce the likelihood of unauthorised access to data or record, and minimise the risk of critical data disclosure.