Aristocrat strives to continually strengthen our corporate governance regime, consistent with our values and obligations. In particular, we work to ensure full compliance with our Constitution, the Australian Corporations Act, ASX Listing Rules and other relevant regulations.
Our Board is focused on effective oversight of the business, including through its committees and sub-committees. The Board maintains a sound and transparent governance framework with corporate governance issues being a standing agenda item for all Board meetings.
The Board determines the management policies of Aristocrat, and delegates decision-making authority to the Executive Steering Committee to conduct business operations in accordance with Aristocrat’s governance principles and framework.
Aristocrat takes an enterprise-wide view of our cyber risks and mitigation strategies in recognition of the escalating and increasingly sophisticated cyber threats faced by all businesses. In 2019, as part of our ongoing commitment to protect our customers, partners, and employees, we updated our policies to ensure security was a focal point for our business. Aristocrat’s Global Information Security (GIS) Policy has been benchmarked against industry standards and supplemented with a GIS Acceptable Use Policy to make employees’ responsibilities easier to understand.
We are also strengthening our clear-web and dark-web threat intelligence capabilities, to help proactively identify and manage potential issues. For example, we are now better able to monitor for the impersonation of key executives and the presence or misuse of sensitive documents and employee credentials, and will continue to build these capabilities going forward.
Aristocrat places particular emphasis on educating employees to be conscious of cyber security risks and ensuring compliance with our security procedures and protocols. A comprehensive employee training program commenced in December 2018, with manager level dashboarding and internal phishing assessments. By testing susceptibility to various types of phishing scams, we were able to identify gaps in employee awareness and tailor security training activities and tools to address them. Over 61,000 security awareness training videos have been assigned to our employees since the launch of the program. The current completion rate is 75%, and growing.
GENERAL DATA PROTECTION REGULATION (GDPR)
Aristocrat and its operating businesses have taken steps to ensure we are compliant with the EU’s GDPR legislation, which was enacted in May 2018. We continue to monitor GDPR legislation compliance with our land-based and digital businesses through regular meetings and reviews with our internal and external lawyers, as well as tracking internal and external enquiries regarding GDPR.
Following a review of Aristocrat’s crisis management capability in 2019, our Crisis Management Plan has been updated and expanded to include technology and cyber-related threats and identify additional potential exposures and stakeholder interests. Central and regional Crisis Management Teams (CMT) have been formed, and equipped with in-depth training, authority and resources. CMTs have been trained in managing human impacts (employees and community), company reputation and corporate assets. CMTs are empowered to make strategic decisions in any crisis, while also providing direction and guidance to response teams and to the wider organisation. No crisis or other event has occurred during 2019 requiring formation of CMTs.
LICENSING AND COMPLIANCE
In 2019, Aristocrat Leisure Limited and 19 of our subsidiaries were licensed in 329 jurisdictions throughout the world. In total, the business holds 602 gaming, which authorise us to design, develop, manufacture, sell, install and maintain gaming equipment.
39 regulatory authorities have imposed 138 conditions on Aristocrat’s licenses which we ensure ongoing compliance with. These conditions typically relate to obligations to disclose certain changes within the company such as ownership, control, officers and directors, changes to key employees, corporate structure and so on.
Aristocrat’s Compliance team requires employees to confirm compliance with the conditions assigned to them on a quarterly basis. Typically, this involves around 340 employees. A rigorous follow up process ensures 100% completion each quarter, with an escalation process if needed. Any disclosures made by employees through this process are followed up by the Compliance team as appropriate.
ANTI-BRIBERY AND CORRUPTION
Aristocrat is committed to maintaining the highest levels of integrity and ethical behaviour and we have a zero tolerance approach to acts of bribery and corruption in relation to both the public and private sector. We require compliance with all anti-bribery and corruption laws in all markets and jurisdictions in which we operate and our Anti-Bribery and Corruption Compliance Program comprises a global Anti-Bribery and Anti-Corruption Policy that covers the giving, agreeing to receive, or offering of a bribe, requesting, agreeing to receive, or accepting a bribe, bribing public officials, and failing to prevent bribery. In addition, we have an extensive compliance training program that certain employees must complete as part of their on-boarding at Aristocrat.
Aristocrat also maintains an independent communication channel for employees to report suspected acts of bribery and corruption (whistle-blower program).