Risk Management and Strategy

We have developed and continue to enhance our cybersecurity governance program to help protect the security of our computer systems, software, networks, and other technology assets against material risks from cybersecurity threats, including unauthorized attempts to access confidential information or to disrupt or degrade our business operations. Our cybersecurity governance program is strategically integrated into our broader risk management framework and aims to (1) proactively manage cyber and information security risks at the Company, (2) implement the internal controls required by cybersecurity regulatory requirements as well as the Company’s information security control objective documents and information security standards, and (3) improve the efficiency, maturity, and effectiveness of technology functions and processes.

Our Board of Directors is acutely aware of the critical nature of managing risks associated with cybersecurity threats and oversees risks associated with cybersecurity threats. The Board’s Audit Committee is central to the Board’s oversight of cybersecurity risks and has primary responsibility for this area. The Audit Committee is composed of independent directors with diverse expertise including, risk management, technology, and finance, equipping them to oversee cybersecurity risks effectively.

Our Chief Risk Officer (“CRO”) with the assistance of IT support, plays a pivotal role in informing the Audit Committee on cybersecurity risks. She provides comprehensive briefings directly to the Board of Directors, as needed. These briefings encompass a broad range of topics, including any emerging threats, the status of ongoing cybersecurity initiatives, and incident reports and learnings from any cybersecurity events that may occur. The Audit Committee actively participates and offers guidance in strategic decisions related to cybersecurity. This involvement helps ensure that cybersecurity considerations are integrated into our broader strategic objectives.

Our CRO works closely with our IT support to assess, monitor, and manage our cybersecurity risks. Our IT support regularly provides updates and reports to our CRO of all aspects related to cybersecurity risks and incidents, which are then presented to the Chief Executive Officer (“CEO”) and Chief Financial Officer (“CFO”), as necessary. This helps ensure that the highest levels of management are kept abreast of the cybersecurity potential risks facing the Company. Furthermore, significant cybersecurity matters and strategic risk management decisions, if any, are escalated to our Board of Directors, ensuring that they have comprehensive oversight and can provide guidance on critical cybersecurity issues.

Our CRO works closely with our IT support to assess, monitor, and manage our cybersecurity risks. Our IT support regularly provides updates and reports to our CRO of all aspects related to cybersecurity risks and incidents, which are then presented to the Chief Executive Officer (“CEO”) and Chief Financial Officer (“CFO”), as necessary. This helps ensure that the highest levels of management are kept abreast of the cybersecurity potential risks facing the Company. Furthermore, significant cybersecurity matters and strategic risk management decisions, if any, are escalated to our Board of Directors, ensuring that they have comprehensive oversight and can provide guidance on critical cybersecurity issues.