Risk Management
GRI 2-12, 201, 403
HKEX Part D Para 19, 20, 21, 22, 24, 25, 27
HKEX Part D Para 19, 20, 21, 22, 24, 25, 27
Risk Management
GRI 2-12, 201, 403
HKEX Part D Para 19, 20, 21, 22, 24, 25, 27
HKEX Part D Para 19, 20, 21, 22, 24, 25, 27
The Board is responsible for determining the Company’s risk appetite and maintaining the risk governance structure. This allows the risk management process to identify and analyse the underlying risk profile that in turn allows the Company to achieve its business objectives. The Board also determines how such risks should be managed and mitigated, to strike a balance between threats and opportunities. The Board oversees management of the design, implementation and monitoring of risk management and internal control systems, with management providing confirmation to the Board regarding the effectiveness of these systems.
The Company’s risk management process and internal control systems are subject to internal audit, with support from external specialists where necessary.
Risk Appetite
The Board acknowledges that it is responsible for determining the nature and extent of the risks the Company is willing to take to achieve Company’s strategic objectives, while not exposing the Company to excessive risks regarding financial loss, business disruption, negative reputation, lack of regulatory compliance and human health and safety.
The Company has established and maintains an appropriate and effective risk management process and internal control systems that retain only risks that are manageable and at a reasonable level, while allowing it to explore and capture opportunities where appropriate. In alignment with our risk appetite, the Company has established a risk assessment matrix to evaluate and prioritise key risks by taking into account both financial and non-financial impacts, including impacts to our SD Strategy. These are documented in the Company’s corporate risk register. The Company’s vulnerability and exposure to key risks are assessed regularly to ensure that the appropriate internal controls and mitigating measures are in place to prevent and respond to any major incidents.
Risk Governance Structure
The Board has the ultimate responsibility for risk management, overseeing its design and implementation. The Board is supported by the Audit Committee.
The Company uses a “three lines of defence model” for risk governance. This model is designed to minimise conflicts of interest and ensure independent oversight of risk management.
In the first line of defence, the management of each business and operating unit identifies, analyses and reports the risks for which it is responsible. Risks are mitigated, minimised and eliminated, where practicable and economically viable. Where risk cannot be eliminated, the related economic returns are required to reflect the level of risk retained and balance threats against opportunities. The first line of defence is supervised by functional heads and portfolio directors.
The second line of defence is led by EXCOM. It supports the first line and provides assurance to the Board that risks are being managed effectively. EXCOM is chaired by the Chief Executive (also acting in the capacity of Executive Director) and comprises seven other executive directors and executive officers. It manages all the risks to which the Company is subject and is responsible for the design, implementation and monitoring of the relevant risk management processes and internal control systems.
In general, regular reviews of the corporate risk register are conducted at each EXCOM meeting in order to evaluate the Company’s risk profile and exposure, oversee the management of major risks, identify emerging and potential risks and analyse risk events which materialise with a view to resolving and learning from them. Sensitivity analyses and deep-dive sessions on contemporary risk areas including geopolitical, economic and operational issues are conducted by EXCOM as appropriate. Matters of significance that arise are reported, as appropriate, to the Audit Committee and ultimately to the Board of Directors.
EXCOM is supported by committees that specialise in corporate and operational functions across the Company, including investment appraisal, joint venture management, health and safety, crisis management, information security and data protection. EXCOM is also supported by a risk management team headed by the Chief Financial Officer.
In relation to the Company’s SD Strategy, the ESG Steering Committee reports to the Board. The ESGSC is supported by working groups that manage ESG-related risks and opportunities, including those related to climate and nature, relevant the five Pillars of our SD Strategy: Places, People, Partners, Performance (Environment) and Performance (Economic). The ESGSC is also supported by the SD Communication and Engagement Committee in overseeing the implementation of communication and engagement initiatives.
Sustainability-related risks, including climate and environmental risks, are overseen by the ESGSC, which reports material SD and ESG issues, including climate-related and nature-related risks and opportunities, and the progress made towards KPIs to the Board. The Chairman of the Audit Committee, who is also an independent non-executive director of the Company and reports to the Board, is a member of the ESGSC. Details of the responsibilities of each SD working group are documented in the SD Governance section of this Sustainability Report.
The third line of defence is provided by the Group Internal Audit Department. GIAD assists the Audit Committee in carrying out analyses and independent assessments of the adequacy and effectiveness of risk management and the internal control systems, via a systematic review of the processes and internal controls. Details of GIAD’s scope of work is set out the Company’s Annual Report 2025.
Risk Management Process
The following diagram illustrates the Company’s key risk management processes, illustrating our “top down” and “bottom up” approaches. Through EXCOM, the Board provides guidance from the top on its risk priorities; while the operating business units assess their risks from their respective perspectives. In 2025, cross‑functional workshops were conducted to identify or review sustainability‑related risks, including climate and nature-related risks, using the Group’s sustainability risk taxonomy. Identified risks are analysed, prioritised and monitored alongside all other enterprise and corporate risks for strategic planning, budgeting and performance management. Material risks are reported to EXCOM and consolidated into the corporate risk register, which is reviewed by the Audit Committee and the Board on a regular basis.
There were no significant changes made to the risk management and internal control systems during 2025.
Risk Identification
Risks that impact the achievement of business objectives are identified and categorised with reference to a risk taxonomy.
Risk Analysis
Risk assessment matrix is established in accordance with the Company’s Risk Appetite to evaluate and prioritise the risks, in terms of impact and vulnerability, which are documented in the corporate risk register.
Risk Mitigation
Internal control procedures and response protocols are designed, documented and implemented to manage the risks and mitigate their impact.
Risk Reporting
Risks are regularly reviewed and reported to the Audit Committee and other relevant governing parties.
Risk Monitoring
Adequacy and effectiveness of risk management and internal controls are closely monitored through regular review and discussion.
Risk Profile
The Company has established a risk assessment matrix to evaluate and prioritise risks in terms of their impact and the Company’s vulnerability. The following table provides a profile of our key risks listed in alphabetical order. The table includes what we consider to be Swire Properties’ principal existing and emerging risks, their possible impacts, risk trends and mitigating measures that are in place or under development.
Existing Risks and Possible Impacts | Risk Trend | Mitigation Measures |
|---|---|---|
Brand and image The failure to maintain brand position and perception may make us less competitive. Social media in particular is considered to be a high-velocity risk which, if not properly managed, may cause disproportionate negative impacts on the Company’s brand, image and reputation. |
| |
Business disruption Severe disruption to the Company’s business caused by acts of man or acts of nature such as extreme weather and pandemics may create adverse financial impacts on the Company. |
| |
Business Risks Economic slowdowns and other uncertainties occurring in the cities in which we operate may lead to substantial declines in business activities, revenue and profit. Disruptive business models and technologies as well as demographic factors are rapidly changing the behaviour and needs of our tenants, leading to new forms of demand and spatial design. |
| |
Climate change Extreme weather conditions caused by climate change may increase the risks of physical damage to properties and adversely affect their valuation. |
| |
Cybersecurity and data protection Threats to customers, tenants and staff from cyber-attacks on our websites, applications, internet services, data and emails can result in business interruptions, financial losses and reputational damage. |
| |
Development risks Delays in completing developments may create adverse financial impacts by delaying the timing of property sales and leasing. Cost inflation may also lead to significant financial impacts due to economic volatility, supply chain issues and labour shortages. |
| |
Political risks Changes in the global and local political landscape, policies and priorities may create significant impacts on the business environment. Geopolitical risks and international tensions may impact our maintenance of an optimal portfolio mix. Any trade restrictions and international sanctions may adversely affect operating costs and our tenant portfolios. |
| |
Third-party risks Misaligned interests, cultural fit and reneging on commitments by joint venture partners may lead to project delays and financial and reputational impacts. Changes in financial position resulting in liquidity problems, changes in leadership and the stance of joint venture partners resulting in a withdrawal or reduction of their shareholdings, contribution and commitments. |
|
Emerging Risks and Possible Impacts | Risk Trend | Mitigation Measures |
|---|---|---|
Nature and biodiversity risks A deteriorating natural environment and biodiversity loss may impact material availability and adversely affect construction costs. Delays in responding to a growing market demand for nature-inclusive property design may have an adverse financial impact on the Company. |
| |
Supply chain resilience Possible supply chain interruptions arising from incidents, including geopolitical events, resource outages and natural catastrophes due to extreme weather events caused by climate change. Such interruptions could significantly disrupt our operations and construction activities, potentially leading to increased costs, reduced productivity and loss of customer trust. |
|
Risk level increased during the year 2025
Risk level decreased during the year 2025
Risk level remained broadly the same
Corporate Risk Register Bottom-up Pilot Projects
Corporate Risk Register Bottom-up Pilot Projects
Swire Properties’ digitalised CRR platform is a standardised corporate-level template for updating risk details, risk scores and risk mitigation measures, making it easier to benchmark risks across the Swire Group. In 2024, we extended the digitalised CRR to the business unit level, with the first successful pilot at Citygate in Hong Kong. In 2025, we held a second pilot at Taikoo Hui Guangzhou which was completed after risk mitigation measures were documented in the system and the risk workshop for Pacific Place commenced. We plan to roll out a digitalised CRR for Southeast Asia in 2026.
Geopolitical Risk Workshop
We began organising geopolitical risk workshops for EXCOM members and strategic leaders in 2023. These workshops focus on key geopolitical risk scenarios that may affect the Company. Participants identify and prioritise specific risk scenarios for our retail, office, residential and hotels portfolios, and then propose, review and design mitigation controls and plans. As part of the workshops, global sanctions training sessions are conducted, providing an overview of the latest global sanction regimes and an analysis of their impacts on the Company.
A major objective of these workshops is to inform the implementation of our sanctions screening procedures for prospective vendors and tenants, and the half-yearly screenings of existing vendors and tenants. Screenings for 2025 were completed with no exceptions found. We also enhanced the digital platform used to submit screening requests from our business units this year. This process is being finalised for the official launch, tentatively scheduled for the second quarter of 2026.
Full-scale Business Recovery Plan Drill
Every three years, Swire Properties conducts a full-scale Business Recovery Plan (“BRP”) drill exercise. The latest exercise, held in November 2025, saw our Business Recovery Team (“BRT”) members and their alternates successfully conduct a BRP crisis simulation.
Throughout 2025, we conducted various activities to expand BRT member education and share knowledge with new BRT members, alternates and other strategic leaders to improve their crisis management skills.
In Hong Kong, we held a BRP exercise for the Second Alternate Business Recovery Team in November 2025, facilitated by an external consultant. All Alternate BRT members completed the exercise, which was designed to ensure that they are familiar with the BRP protocols and equipped with the knowledge to manage a crisis situation. The next full BRP drill for Strategic Command and the BRT is scheduled for Q4 of 2026. In the Chinese Mainland, we conducted BRP and crisis management training for Taikoo Li Sanlitun, Taikoo Place Beijing, Taikoo Li Qiantan and Taikoo Hui Guangzhou.
SEE MORE IN
