Risk and Crisis Management
Goal and Performance Highlights
Performance
Goal
Challenges and Opportunities
In a constantly evolving environment, Central Pattana Public Company Limited faces increasingly complex risk management challenges. The company must continuously adjust its strategies and monitor risks to effectively respond to changing circumstances. Furthermore, the complexity of the value chain involving partners, affiliated businesses, and various stakeholders necessitates a cautious and systematic approach to risk management. The company also places strong emphasis on identifying and addressing emerging risks, including cyber threats, impacts of climate change, and supply chain disruptions—all of which require proactive management. In addition, maintaining data security and compliance with personal data protection regulations remains a critical priority.
Nevertheless, effective risk management enhances the company’s resilience and ability to handle unforeseen challenges. A strong risk management system improves operational efficiency, reduces potential losses, and supports business continuity. Moreover, demonstrating a systematic and rigorous approach to risk management builds stakeholder trust and enables more informed strategic decision-making.
A strong risk management system improves operational efficiency, reduces potential losses, and supports business continuity.
Management Approach and Value Creation
Central Pattana Public Company Limited is committed to operating under a systematic risk management framework that covers the entire organizational value chain. The objective is to strengthen the company’s resilience in the face of evolving challenges and ensure long-term sustainability. The company has adopted the COSO ERM 2017 framework as its primary standard for risk oversight, enabling structured identification, assessment, and mitigation of risks, while integrating risk management into the company’s overall business strategy.
The company also places importance on managing Environmental, Social, and Governance (ESG) risks—particularly climate-related risks—to support its Net Zero Carbon target by 2050. Integrating ESG risks into ongoing business operations enhances long-term competitiveness and demonstrates the company’s commitment to sustainable growth in line with international standards.
Risk Governance
Central Pattana Public Company Limited has established a strong risk governance structure to ensure effective risk management. The Risk Policy Committee, chaired by an independent director, is responsible for setting the company’s risk management direction and policies. Meanwhile, the Risk Management Committee, chaired by the Chief Executive Officer, oversees the implementation and governance of risk management across all dimensions. The Risk Management Division serves as the secretariat to the committee and is tasked with closely monitoring risk-related operations. Additionally, the Internal Audit Department regularly assesses the effectiveness of the risk management process to ensure operations align with good governance principles and transparency.
A strong risk governance structure to ensure effective risk management
Central Pattana ensures effective risk governance by establishing a comprehensive risk policy, setting clear guidelines for risk appetite and implementing a robust risk management framework. The roles of risk management and internal control are distinct and operate autonomously. Central Pattana assigns the responsibility for overseeing and managing risk to the following committees and executive management.
The Risk Policy Committee, chaired by an independent director and comprising the Board and CEO, is responsible for the following: being informed on matters that are within its scope of authority and responsibility and making recommendations on the risk policy, risk management structure and framework, and the key risks that the organization faces; reviewing and approving the organization's risk appetite and tolerance; monitoring and overseeing the establishment of performance metrics and targets, and key risk indicators; reviewing and assessing the effectiveness and efficiency of management’s enterprise risk responses; and periodically reporting risk management activities to the Board of Directors.
At the management level, the Risk Management Committee, chaired by the CEO and comprising executive and non-executive directors, is responsible for the following: overseeing the implementation of risk policy and risk management guidelines; ensuring that all business units within the organization have identified, assessed, mitigated or managed, and reported the risks that have the potential to affect the achievement of the organization's objectives and integrated risk management into its business plan with periodic progress reporting; providing support and guidance on enterprise-wide risk management activities; and periodically presenting risk management reports to the Risk Policy Committee and the Board.
In order to facilitate the Risk Management function, the Risk Management Department, acting as the Secretary of the Risk Management Committee, is responsible for tracking, analyzing and reporting risks to the Risk Management Committee and assisting risk owners in identifying key risks and collaborating with them to assess potential exposure and develop appropriate measures to address and manage the risks to acceptable levels. The Risk Management Department reports to the Chief Finance, Accounting and Risk Management Officer.
The Risk Management Department is responsible for assisting Internal Control in verification of critical activities across the organization in consideration of the risk exposure and operations of each business unit; and utilizing the findings and insights from internal control reports to identify and analyze key risks affecting the organization. The Risk Management Department is also tasked with providing a risk management report to the Audit Committee at least twice a year.
The diagram below outlines Central Pattana’s Risk Governance Structure.
Risk Management Process
Central Pattana Public Company Limited’s risk management process covers the identification, analysis, and assessment of risks. The company regularly reviews its risk appetite annually or when significant changes occur that could impact the business. A Risk Map is used to analyze and prioritize risks, while Key Risk Indicators (KRIs) are tracked to guide the development of appropriate risk mitigation measures.
A Risk Map is used to analyze and prioritize risks.
Predictive data is also used alongside KRIs to forecast potential risks and implement preventive measures, especially in strategically significant areas such as cyber threats, climate change, and global economic volatility, which could impact business continuity.
The company places strong emphasis on planning for potential risks through Sensitivity Analysis and Stress Testing to evaluate possible impacts. In addition, risk levels and business impacts are reviewed quarterly to ensure that mitigation measures remain effective.
The following diagram summarizes Central Pattana’s risk management framework, which is in alignment with the COSO ERM 2017.
Central Pattana conducts a thorough review of the organization's key risks and risk appetite on an annual basis and whenever there is a significant change that could potentially affect the organization's ability to compete effectively.
To ensure alignment with the company's business direction and strategy, our risk identification process encompasses both internal and external factors. We assess potential opportunities and consider events that could impact the business, whether directly or indirectly. Following the identification of risks and opportunities, we employ a risk map to prioritize them based on their significance. This prioritization guides us in developing a risk management plan, enabling us to effectively monitor and manage the identified risks to levels deemed acceptable.
To review the risk exposure on a quarterly basis, we use Key Risk Indicators (KRIs) to track and monitor key risks and assess the progress against the established risk management plan. The results of these assessments are compiled into reports that are presented to both the Risk Management Committee and the Risk Policy Committee.
We regularly run sensitivity analyses and stress tests to analyze both financial and non-financial risks in which a range of scenarios such as rising wages, increasing electricity costs and regional droughts, is evaluated so that we can better understand the potential impacts and risks to our economic performance and business operations.
The risk management process undergoes periodic audits and verifications (at least once in two years) by Internal Audit, which evaluate the effectiveness of the company's risk management practices and, where appropriate, make improvements and corrective actions.
Emerging Risks Analysis
Central Pattana Public Company Limited actively monitors emerging risk trends that could affect the real estate industry, referencing insights from reputable organizations such as the World Economic Forum (WEF). Climate change and the transition to a low-carbon economy are key risks that could impact real estate development. Natural disasters such as floods and storms may increase development and operational costs, while more stringent environmental regulations could also pose compliance challenges. Technological advancements and cybersecurity risks are also critical factors. As the company continues to integrate digital and smart systems into its operations, the risks related to data and cybersecurity become increasingly important and must be closely managed.
Emerging risk analysis based on data from reputable organizations such as the World Economic Forum.
Risk Issues
Risk Types:
Environmental
Description:
Climate change is one of the most significant risks that the Company faces, with impacts spanning from operational to strategic levels. Increasingly severe natural disasters—such as floods, storms, and heatwaves—may affect the infrastructure of the Company’s shopping centers and real estate projects, leading to additional repair and maintenance costs. In addition, more stringent environmental regulations, both domestically and internationally, may increase operating and development costs for future projects.
Without appropriate mitigation measures, the Company could face risks such as asset devaluation, delays in project development, and a loss of confidence from investors and consumers who prioritize sustainability. To address these challenges, the Company has conducted environmental risk assessments for all projects and designed infrastructure to be resilient against natural disasters. These efforts include the adoption of clean energy systems and the implementation of greenhouse gas reduction measures to align with sustainable development goals.
Impacts:
Damage to assets and infrastructure, resulting in higher repair and maintenance costs. Disruption to operations of shopping centers and development projects. Compliance with increasingly stringent environmental regulations, which may raise costs and affect project timelines. Reputational impact, if adequate environmental mitigation measures are not implemented.
Mitigation Plans:
To mitigate the impacts of climate-related risks, the Company conducts environmental risk assessments for every project and designs infrastructure to withstand natural disasters. Measures include the use of efficient drainage systems, environmentally friendly construction materials, and the deployment of renewable energy—such as solar rooftop installations in shopping centers. Additionally, the Company has revised its greenhouse gas reduction targets to align with international standards in order to minimize future regulatory risks.
Risk Types:
Economic
Description:
Economic uncertainty and rising interest rates impact business investment decisions and consumer purchasing power. In the event of an economic slowdown, consumption and spending will decrease, directly affecting visitor traffic to shopping centers and the occupancy rate of Central Pattana. In addition, Thailand’s high household debt (89.6% of GDP in Q2 2024) may affect tenants’ sales performance, potentially prompting the Company to restructure rental agreements to mitigate the impact on business partners.
Central Pattana may face liquidity risk if the economy enters a recession. A decline in occupancy rates could impact both revenue and net profit. Therefore, the Company focuses on prudent financial management by maintaining a healthy debt-to-equity ratio, diversifying funding sources, and strategically developing projects that respond to market needs to strengthen long-term revenue resilience.
Impacts:
Lower demand for rental space, impacting rental income. Reduced consumer spending may affect tenant sales, potentially leading to rental adjustments. Higher operating costs driven by interest rates and inflation.
Mitigation Plans:
In response to these risks, the Company has implemented prudent financial strategies, including diversifying funding sources and maintaining an appropriate debt-to-equity ratio. The Company also emphasizes cost control and efficient cash flow management. Simultaneously, Central Pattana continues to develop projects that align with evolving market demands, targeting high-potential customer segments and diversifying its asset portfolio to mitigate risk.
Risk Types:
Technology
Description:
Increased reliance on digital technology in business operations exposes the Company to cyberattack risks, which could lead to the leakage of customer and business partner data. Such incidents could result in reputational damage and regulatory fines. In addition, cyberattacks may disrupt the Company’s digital systems, impacting customer service and business continuity.
Without appropriate mitigation measures, the Company could face a loss of trust from customers and business partners. To address this, the Company has implemented cybersecurity measures aligned with ISO 27001:2013 and NIST SP800-53 standards to enhance data security. The Company also maintains Cyber Insurance coverage and conducts employee training to build awareness of cyber threats.
Impacts:
Data breaches may lead to regulatory fines. Cyberattacks may disrupt shopping center digital systems, impacting customer experience. Reputational damage and loss of customer trust.
Mitigation Plans:
To mitigate cyber risks, the Company applies international information security standards such as ISO 27001:2013 and NIST SP800-53. The Company has invested in cybersecurity technologies to detect and prevent threats and continuously trains employees on cyber risk prevention and response. Additionally, the Company has obtained Cyber Insurance to minimize potential impacts from cyber incidents.
Risk Types:
Political
Description:
Thailand’s uncertain political environment, along with changes in economic policies, may affect business sector investment and investor confidence. Amendments to tax policies or real estate-related regulations could increase operating costs or impact the Company’s ability to expand its projects.
The Company may also be affected by the enactment of new laws without prior adaptation, potentially resulting in increased costs and longer project timelines. To address this, the Company closely monitors regulatory and policy developments to ensure timely adjustments to its business strategies.
Impacts:
Delays in the development of new projects. Increased costs due to compliance with new regulations. Policy uncertainty may undermine investor confidence.
Mitigation Plans:
The Company proactively monitors changes in laws and regulations and continuously adjusts its business strategies in response to regulatory shifts. Additionally, the Company strengthens relationships with government agencies to facilitate efficient project implementation.
Risk Types:
Social
Description:
Rapidly changing consumer behavior, particularly the growing shift toward online platforms, may affect foot traffic and usage of services within the Company’s properties. If the Company is unable to adapt to evolving consumer behavior, it may experience a decline in rental income.
To address this, the Company has revised its strategy by focusing on creating “Experience-Based Destinations” that align with the lifestyle of modern consumers. This involves developing shopping centers that go beyond retail spaces to become lifestyle hubs, offering relaxation, wellness activities, and community engagement. In addition, the Company has enhanced its digital channels and developed online platforms that seamlessly connect customers with tenants’ products and services.
Impacts:
Decline in foot traffic may impact rental income. Need to restructure retail spaces to meet evolving consumer needs.
Mitigation Plans:
The Company has adopted a strategy focused on developing “Experience-Based Destinations”, emphasizing unique experiences within its shopping centers that integrate lifestyle, wellness, and entertainment to attract customers. Furthermore, the Company has strengthened its digital channels to keep pace with shifting consumer behavior and increased the use of technology to connect shopping centers with customers.
Supply Chain Risk Management
Central Pattana Public Company Limited recognizes the importance of managing risks associated with its business partners. The Company has established clear guidelines for partner selection and assessment based on ESG (Environmental, Social, and Governance) principles, along with setting out a Supplier Code of Conduct to ensure that partners conduct their business ethically and transparently. In addition, the Company has conducted 100% audits and assessments of partners involved in development projects, as well as provided training to partners to enhance operational standards and mitigate potential risks.
Setting out a Supplier Code of Conduct to ensure that partners conduct their business ethically and transparently.
Risk Culture
Central Pattana places great emphasis on fostering a risk-aware culture as a core part of its organization. The Company encourages employee engagement at all levels in risk management through training, communication, and performance evaluation. Employees are trained in risk management practices, cybersecurity, and corporate governance standards. Risk management principles are also integrated into employee performance evaluations to strengthen accountability and understanding of proper risk management.
Providing employee training on risk management practices
Central Pattana fosters a corporate risk culture through a range of methods, tools and channels including:
- Awareness Utilize various channels and formats to raise awareness about key risks by, for instance, distributing communication products via email and Workplace that provide information on cyber risks and the importance of data privacy and compliance with regulations like the Personal Data Protection Act (PDPA).
- Training Provide online training courses to all employees on topics including risk management and crisis management and organize workshops specifically tailored for key functions such as general managers.
- Drills and Tests Conduct periodic crisis management drills to simulate different scenarios such as fires, sabotage incidents and falls from height and carry out regular business continuity plan testing for instance information security at least once a year.
- Establish ‘risk’ as one of the metrics for measuring employee performance. For example, in the case of Loss Prevention staff, their performance evaluation also includes specific criteria related to incident and crisis management.
- Communicate with stakeholders regarding key risks and their impacts, risk management measures and controls in place, and emerging risks through One Report to ensure they have a thorough understanding of the organization’s risk landscape.
Stakeholders Directly Impacted
Tenants and Lessees (Retail and Offices) and Residential Customers
Employees
Customers
Suppliers and business partners
Communities / Community representatives including regulators and government bodies, academia and independent organizations
Shareholders
