Aristocrat strives to continually strengthen our corporate governance regime, consistent with our values, obligations, and stakeholder expectations. In particular, we work to ensure full compliance with our Constitution, the Australian Corporations Act, ASX Listing Rules, and other relevant regulations.
BOARD INDEPENDENCE AND FOCUS
Aristocrat has an independent Board of Directors committed to good corporate governance. The Board assesses annually whether each of the Non-Executive Directors is independent and, in making such an assessment, consideration is given to whether the Non-Executive Director satisfies Aristocrat’s criteria for independence as set out in the Board Charter. During the 2020 financial year, the Board undertook this assessment and concluded that each Non-Executive Director is independent.
Aristocrat’s Board is focused on effective oversight of the business, including through its committees and sub-committees. The Board maintains a sound and transparent governance framework with corporate governance issues being a standing agenda item for all Board meetings.
The Board determines the management policies of Aristocrat, and delegates decision-making authority to senior management to conduct business operations in accordance with Aristocrat’s governance principles and framework.
KEY FOCUS AREAS DURING 2020
Key areas of governance focus for the Board during the 2020 financial year included:
- Continued strengthening of Aristocrat’s risk management framework and governance to support achievement of business objectives, including risk-based identification of environmental, social and governance (ESG) issues, responsible gameplay and other sustainability priorities;
- Refreshing the Board’s escalation policy to ensure alignment between Board and management on the types of material incidents that should be escalated; and
- Building on the global implementation of whistleblower frameworks and policies, and overseeing and monitoring the whistleblower program for continued compliance to provide a robust and trusted framework.
Aristocrat was an early adopter of the ASX Corporate Governance Principles and Recommendations 4th Edition (ASX Principles), and has endorsed and followed the 4th Edition of the ASX Principles throughout the 2020 financial year. The 2020 Corporate Governance Statement sets out key features of our governance framework and compliance with the ASX Principles.
Our Group CEO has a specific ESG deliverable in his performance commitments for 2020, which encompasses all of our material ESG priority issues, including Corporate Governance. Relevant executives have analogous ESG commitments. Performance against these is reviewed periodically and measured formally on an annual basis.
Further information about Aristocrat’s approach to corporate governance can be found in our Corporate Governance Statement.
Aristocrat takes an enterprise-wide view of our cyber risks and mitigation strategies in recognition of the escalating and increasingly sophisticated cyber threats faced by all businesses and individuals. Aristocrat’s Global Information Security (GIS) Policy has been benchmarked against industry standards and supplemented with a GIS Acceptable Use Policy to make employees’ responsibilities easier to understand.
In 2020, as part of our ongoing commitment to protect our customers, partners, and employees, we delivered improvements with regard to third-party security reviews, application scanning, policy exceptions and phishing simulations to increase employee awareness. Additionally, we increased our focus on managing the transfer of our most sensitive data within and outside our company, as well as further restricting our highest levels of system access.
We have also strengthened our clear-web and dark-web threat intelligence capabilities, to help proactively identify and manage potential issues. These include the impersonation of executives and the presence or misuse of sensitive documents or employee credentials.
We believe that raising awareness and creating a culture of cybersecurity among employees delivers a range of critical business benefits. These include a reduction in the likelihood of successful attacks and data breaches, increased regulatory compliance, fewer infections and less disruption, reducing insurance exposure, and cost and benefits that come from the adoption of best practice data governance structures.
During 2020, leveraging the pivot to remote working across our global staff, we rolled out an education campaign to encourage good security habits and ensure cyber risks remained front of mind. We also maintained a comprehensive employee training program1 with manager level dashboarding and topic assessments. To date, 147,000 security awareness training modules have been assigned to our employees, with a completion rate of 82% (compared with 75% in 2019) which exceeds the applicable industry standard.
Also, to coincide with National Cybersecurity Awareness Month (NCSAM) in the United States, we conducted an internal global ‘refresher’ campaign throughout October. Practical tips were shared across a range of topics including:
- Mobile phone security;
- Password security;
- Social media security; and
- Privacy protection.
Continuing to increase our capability and build a cyber-aware culture will continue to be an enterprise priority for Aristocrat going forward.
1Employee cyber security training program commenced in December 2018
GENERAL DATA PROTECTION REGULATION (GDPR)
Aristocrat and its operating businesses have taken steps to ensure we are and remain compliant with the EU’s GDPR legislation which became enforceable in May 2018. We continue to monitor GDPR legislation compliance with our Gaming and Digital businesses through regular meetings and reviews with our internal and external lawyers, continuing education sessions, privacy forums, and tracking internal and external enquiries regarding GDPR.
Our Crisis Management Program is reviewed periodically to ensure it addresses new threats and identifies potential exposures. Central and regional Crisis Management Teams (CMT) are equipped with in-depth training on managing human impacts (employees and community), company reputation and corporate assets, authority, and resources. They are empowered to make decisions in any crisis and provide direction and guidance to response teams and the wider organisation.
Our response to COVID-19 demonstrated the efficacy of our Crisis Management infrastructure. Within days of the first venue shutdowns in North America and Australia in March, a network of cross-functional CMTs had been coalesced in each key Aristocrat location around the world, under the guidance of a Group CMT. The CMTs worked quickly to ensure employees’ health was protected, and that they were supported to pivot to remote working arrangements with negligible business disruption.
Communication was critical during this period. To supplement increased communications from local leaders and CMTs, regional Crisis Communication Portals were created in a number of locations. The portals were designed as a ‘one stop shop’ for the latest advice from local authorities, company news, emergency contacts and other tools to assist employees to navigate the period. CMTs were also instrumental in developing COVID-safe return to work plans, aligned to Aristocrat’s global policies, as well as to local government guidelines and regulations. The tireless commitment of the CMTs throughout this period has been an inspiring demonstration of our value of ‘Collective Brilliance’ for all Aristocrat people.
LICENSING AND COMPLIANCE
Aristocrat takes a scrupulous approach to compliance and probity. Demonstrating the highest levels of integrity is not only core to our values but also critical in ensuring we maintain our licenses around the world.
In 2020, Aristocrat Leisure Limited and 19 of our subsidiaries were licensed in 336 gaming jurisdictions globally. In total, the business holds 602 gaming licenses, which authorise us to design, develop, manufacture, sell, install and maintain gaming equipment.
Aristocrat requires around 500 key employees to confirm compliance with the conditions relevant to them every quarter. A rigorous follow-up process ensures 100% completion each quarter. Any disclosures made by employees are followed up by Aristocrat’s internal Compliance team as appropriate, and any ongoing non-compliance is reported to the Board’s Regulatory and Compliance Committee.
ANTI-BRIBERY AND CORRUPTION
Aristocrat is committed to maintaining the highest levels of integrity and ethical behaviour and we have a zero-tolerance approach to acts of bribery or corruption. We require compliance with all anti-bribery and corruption laws in all markets and jurisdictions in which we operate. Our Anti-Bribery and Corruption (ABAC) Compliance Program comprises a global ABAC Policy that covers the giving, agreeing to receive, or offering of a bribe, requesting, agreeing to receive, or accepting a bribe, bribing public officials, and failing to prevent bribery.
In addition, we mandate comprehensive compliance training for all members of the Aristocrat Board, executive leadership team, Group Risk and Audit team (globally) all sales employees (globally), and some manufacturing and procurement teams. Major distributor partners must also undertake the same face to face online training sessions (run by external legal counsel) and we are considering other opportunities to broaden the reach of this training.
Aristocrat also maintains an independent communication channel (whistle-blower program) for employees to report suspected acts of bribery and corruption.