RISK OVERSIGHT
Management continually monitors the material risks facing our company, including financial risk, strategic risk, operational risk, cybersecurity risk, and legal and compliance risk. The Board is responsible for exercising oversight of management’s identification of, planning for, and managing those risks. The Board may delegate to its committees the oversight responsibility for those risks that are directly related to their area of focus. Pursuant to its charter, the Audit Committee has the responsibility and duty to review the financial, investment and risk management policies followed by our company in operating its business activities. The Audit Committee’s responsibilities and duties also include cybersecurity oversight as described below. The full Board reviews risks that may be material to our company, including those detailed in the Audit Committee’s reports and as disclosed in our quarterly and annual reports filed with the SEC.
We believe that our leadership structure also enhances the Board’s risk oversight function. Due to her role as Chief Executive Officer and knowledge of our company and industry, Ms. Simpson is well-positioned to lead board discussions on matters related to risk. Ms. Simpson regularly discusses with management the material risks facing our company and is also expected to report candidly to her fellow directors on her assessment of those material risks. This structure fosters greater communication between management and the Board on matters with respect to risk.
CYBERSECURITY OVERSIGHT
Cybersecurity is an integral part of risk management at our company. Cybersecurity is overseen by the Board and the Audit Committee, along with subject matter experts serving our company including our information technology director. Pursuant to its charter, the Audit Committee has the responsibility and duty to review and discuss with management on a regular basis our company’s programs, policies, and procedures related to information security and data protection, including data privacy and network security, as they relate to financial reporting. The Board and the Audit Committee receive reports on cybersecurity from management at least quarterly and more often as needed. The report typically encompasses the nature of threats, defense and detection capabilities, and training activities at our company.
We routinely provide education, such as simulated phishing campaigns, to our employees to mitigate cybersecurity risk. This education includes cybersecurity training for new employees and training modules sent monthly to all employees. We also use various authentication technologies and third party monitoring to mitigate cybersecurity risks. We annually retain a third party vendor to test our information security and we annually review information security protocols of our vendors that interact with our financial data. We maintain insurance coverage that may, subject to policy terms and conditions, including deductibles, cover particular aspects of cybersecurity risk, such as social engineering and computer system fraud. However, it is possible such coverage may not fully insure all future costs or losses associated with all types of cybersecurity incidents such as ransomware.
We are not aware of any material losses to our business or results of operations in at least the past three years due to information technology failures, data breaches, or other cybersecurity attacks. Accordingly, our company has not incurred any material expenses, and our company has not been subject to penalties or settlements, as a result of information technology failures, data breaches, or other cybersecurity attacks.
ESG PRACTICES AND OVERSIGHT
We recognize the importance of being good corporate stewards through socially responsible and sustainable practices within the confines of a REIT structure holding predominantly triple-net leases and loans. We believe that integrating ESG practices into our strategic objectives will contribute to our long-term success. The Board and our senior management understand that corporate responsibility and sustainability create value for our stakeholders and positive change for our community.
In 2021, the Board established an ESG committee to oversee our company’s practices and performance on environmental, sustainability, climate change, health and safety, corporate social responsibility, diversity and inclusion, human capital and other public policy ESG matters pertinent to our company. Additionally, throughout 2021, an internal working group continued to implement ESG practices in key aspects of our operations, with the goal of refining these practices over time.
In 2022, we anticipate aligning with the Sustainability Accounting Standards Board (“SASB”) reporting framework, particularly with respect to Real Estate Owners, Developments and Investment Trusts, to provide material sustainability information for the benefit of our stockholders. We also anticipate adopting key United Nations