We promote integrity in our business activities
We reflect our leadership in the way we do things. Our board of directors and executive team represent the solid principles and values on which Mallplaza has built its more than 30 years of history.
Acting ethically, with integrity and with no room for malpractice is the basis for leading a regional, multicultural organization that is a leader in its sector. Our goal is to position Mallplaza as a benchmark in Corporate Governance, and as a company committed to integrity and compliance.
Materiality
During 2022 in Mallplaza we carried out the materiality process, for which a detailed and strategic evaluation was conducted, reflecting the relevant issues for us and for all our stakeholders. The process considered the impact that our activities have on the economy, society and the environment throughout the value chain. In addition, sustainability issues that affect or may affect the business value of the organization were incorporated. Thus, with these two dimensions, the material issues for Mallplaza were identified.
It should be noted that the result of the materiality process is approved by our Board of Directors, and as a next step, during the year 2025 we will proceed to perform the next materiality process in order to update our analysis.
Materiality metrics
Regional ESG Survey:
To evaluate our relations with the communities, we implemented the regional ESG survey, whose objective is to evaluate the risks associated with the behavior of neighbors, entrepreneurs and authorities, connected to Mallplaza's business strategy. For this, we conducted anonymous online surveys and interviews with neighbors, entrepreneurs and authorities. The result of the survey ranges from 0 to 100%, indicating the percentage of people in the stakeholder group who are in favor of Mallplaza's ESG policies. This survey evaluates 4 pillars: Environment, Internal Social, External Social and Corporate Governance. This is done by asking about topics such as: Culture and Social Impact, Relationship and Diversity, Integrity and Anti-Corruption, Environmental Culture, among others.
Mallplaza defined incentives related to local relations for Management and Deputy Managers. The KPI associated with meeting the goal of the regional ESG survey has a weight of 20% for the Corporate Affairs Management and Sustainability Sub-Management and 10% for the Prosecutor. It is important to note that this KPI is linked to the annual monetary bonus, in addition to generating a relevant impact and forming a key part of our ESG strategy. Mallplaza's KPI methodology includes the matching of the goals from the management level, which implies that the non-executive collaborators of the respective managements include the fulfillment of this KPI in their performance evaluations.
The targets for the results of the Regional ESG survey are defined annually. The following table shows the 2023 targets by country, the results obtained and the variation with respect to 2022.
Experience and loyalty:
Mallplaza defined incentives related to customer experience and loyalty for Managers and Assistant Managers. The associated KPIs are Regional Operational NPS, Regional Strategic NPS, Commercial Partner NPS and Store Manager NPS. These indicators have a weighting that fluctuates between 10% and 20% and are allocated to the Corporate Affairs, Marketing, Administration and Finance Managements and the Divisional Managements of each country.
The targets and results associated with Regional Operational NPS, Regional Strategic NPS and Business Partner NPS are shown below. Store Manager NPS are defined for each mall separately.
1. Corporate governance, compliance and integrity
• Governance structure
Corporate Governance
At Mallplaza we are concerned about ensuring the proper functioning of our Corporate Governance, so we use as a guide and reference the G20 and OECD Corporate Governance Principles, which help us to evaluate and improve our regulatory framework.
Shareholders: Owners of our company who, among other responsibilities, appoint the members of our Board of Directors and the company's auditors. They are responsible for approving, among other matters, the Annual Report and the Dividend Policy. If necessary, shareholders may vote by remote means.
Board of Directors: The Board of Directors of Plaza S.A. is comprised of nine members who meet at least once a month. As stipulated by law, the Board of Directors manages the company and is responsible for defining the objectives, strategies and policies of our company, as well as appointing the Chief Executive Officer and delegating to him the execution of our strategy. It also knows and controls our management through the Board of Directors' meetings. In Mallplaza, no Director received more than 10% of negative votes in the last voting process.
Directors' Committee: It is comprised of three members of the Board of Directors and is chaired by the Independent Director. This body meets at least once a month and its functions include examining the reports issued by the external auditors, the balance sheet and financial statements, implementation of our compliance programs and the management of the Comptroller's Office. It is also in charge of analyzing related party transactions, reviewing the policies to be submitted to our Board of Directors for approval and the compensation systems and compensation plans of our managers and main executives of Plaza S.A. The Committee meets monthly with the internal audit area, twice a year with the external auditors, twice a year with the compliance area and once a year to review ESG issues.
General Manager: He oversees overseeing the functioning and organicity of our Corporate Governance. His role includes, among other matters, proposing objectives, strategies, and policies to our Board of Directors, as well as delegating the implementation of our strategy to the Executive Team.
Executive Team: It is made up of the main executives of our company and its function is to manage the areas that make up Mallplaza's value chain, participating in the definition and execution of the company's strategy.
Committees: These are working groups in which the members of our Executive Team participate to review the different strategies and agree on the steps to be taken for their execution. Without prejudice to the other working groups, the following Committees currently operate: Executive Committee, Projects Committee, Growth Committee, Investment Committee, Risk and Compliance Committee, Strategy Execution Committee, Data Governance and Information Security Committee, Sustainability Committee, Internal Controllership, Diversity and Inclusion Committee, Culture Committee, Talent Committee and Integrity Committee.
During 2023, these committees were in session:
- Executive Committee: 52 sessions
- Projects Committee (implementation and definition):52 sessions
- Growth and Development Committee: 12 sessions
- Investment Committee: 12 sessions
- Risk and Compliance Committee: 4 sessions.
- Strategy execution committee (PVR): 4 sessions
- Data governance and information security committee: 4 sessions
- Sustainability committee: 6 sessions
ESG Governance
As a fundamental pillar in Mallplaza's development, we develop all ESG-related actions in a planned manner with objectives, goals and a clear and defined structure that supports our management. Through these, we maintain the active role of the executive team in the detection, evaluation, management, and monitoring of risks associated with sustainability issues, such as environmental, social and human rights, with particular emphasis on climate change. Likewise, the Board of Directors has an active role in ESG issues, receiving reports on these initiatives twice a year under the responsibility of the Corporate Affairs Management, which reports directly to the General Management and Sergio Cardone Solari, Chairman of the Board of Directors Plaza S.A., who since 2014 is the director responsible for ESG issues. It should be noted that the ESG strategy obeys a five-year planning, which is reviewed annually and defines long-term goals.
Management: The Board of Directors is informed twice a year regarding ESG issues from the Committee and the Sustainability Roundtable.
- Leader: Chairman of the Board Mr. Sergio Cardone
- Responsible: Corporate Affairs Manager
- Participants: General Manager and Corporate Affairs Manager
Strategy: The Sustainability Committee meets every two months.
- Leader: Corporate Affairs Manager
- Responsible: ESG Assistant Manager
- Participants: General Manager, Executive Committee and related managements.
Planning and Execution: The Sustainability table meets monthly.
- Leader: Deputy Manager ESG
- Responsible: Managements and Deputy Managements of related areas
- Participants: Operations, Fiscal, People, Marketing, Community, Investor Relations, Procurement and Risk.
Long-term compensation
In 2021 the Board of Directors approved a new variable and contingent long-term commitment incentive plan for the CEO, and certain executives of the Company and its subsidiaries, including but not limited to the Company's senior executives for the period 2021 to 2023. Mallplaza does not apply any bonus deferrals to the CEO's short-term compensation. This plan is designed to promote the permanence of the targeted executives and ensure the alignment of their objectives with the generation of shareholder value, in the medium and long term. This benefit plan consists of two elements: i) an investment in shares of the company by each targeted executive, acquired on the stock exchange and financed with a loan for the exclusive use of the company for this purpose; and ii) the payment of a short-term bonus and a long-term retention. The latter will be paid if, and only if, the executive beneficiary has maintained an uninterrupted employment relationship with the company, any of its subsidiaries, or a continuous succession of employment relationships with any combination of the above.
Climate Alignment
Beyond Falabella's efforts, as an organization we also work actively with our NGO peers and local authorities to achieve goals of general interest, such as the fight against climate change. To this end, we are part of various initiatives and partnerships, with which we contribute to coordinated efforts to reduce and reverse impacts on the environment. The most important concerted effort in this regard is the coordinated response from the different jurisdictions in which we participate, in view of the Paris Agreement.
In Chile, the Ministry of the Environment, through the HuellaChile program, organizes voluntary efforts at the level of individual entities, but also with trade associations and other related organizations, to respond to the goals set in the Nationally Determined Contribution agreed to under the Paris Agreement. In addition to our individual participation as Mallplaza, Falabella participates in business alliances in the country committed to HuellaChile.
Mallplaza is part of the Sustainability Committee of the Santiago Chamber of Commerce. The Chamber is a registered member of the Ministry of the Environment's HuellaChile Program, and has received recognition for its annual contributions.
Likewise, we are part of Acción Empresas, the local chapter of the WBCSD, which in addition to being a registered and recognized organization in HuellaChile, is part of a public-private alliance with the Ministries of Environment and the Production Development Corporation (or "Corfo", under the Ministry of Economy), to collaborate in accelerating the implementation of practices to mitigate and adapt to climate change, through the Transform Climate Change Program.
Finally, the Chilean Chamber of Construction, in which Mallplaza participates, has formally expressed its interest in responding to the commitments adopted in the Paris Agreement (Fundamenta_45.pdf (cchc.cl)), which is materialized through its environmental sustainability pillar, and its contribution to the National Carbon Footprint Strategy (ficha-pilares (compromisopro.cl)).
Independence of the Board of Directors
According to DJSI definitions, a director is independent if he/she meets at least 4 of the 9 criteria listed below (including at least 2 of the first 3 criteria).
N/A: information not yet available
Board effectiveness
At Mallplaza, all Board members are elected through an individual election procedure.
At Mallplaza, we believe in transparent and proactive communication with our stakeholders. As such, our company does not utilize defensive strategies such as Poison Pill or NOI Pill. We remain committed to pursuing strategies that prioritize long-term value creation and sustainable growth.
Compliance and Integrity
Crime Prevention Model
In 2023 we worked with the Directors' Committee and the Board of Directors to update our Crime Prevention Model. We continue to standardize the procedures and controls of the compliance programs in the three countries. In Mallplaza we proactively seek to prevent the commission of any crime, especially those related to money laundering, financing of terrorism, bribery or bribery of any national or foreign public official, and all those that may involve criminal or administrative liability for our company according to local regulations. In addition, we continue to standardize the procedures and controls of the compliance programs in the three countries where we are present.
The MPD is complemented by a series of policies and procedures, such as the Anti-Bribery Policy, which prohibits the commission of any illicit act within the company, such as bribery between private parties and bribery of national or foreign public officials. The effectiveness of this MPD strongly depends, among other factors, on the existence of a control environment within our company. Below, we detail the elements that contribute to the existence of this control environment:
- Code of Integrity
- Risk Management Procedure
- General Investigation Procedure
- General Investigation Procedure
- Investment Procedure
- Sustainability Policy
- Conflict of Interest Policy
- Recruitment and Selection Procedures
- Donations Policy
- Proxy and Legal Representative Structure
- Politically Exposed Persons Policy
This Crime Prevention Model of Law No. 20,393 is permanently audited by the company BH Compliance. When our crime prevention model is audited, everything that composes it is being audited, such as: the code of conduct, the integrity channel, among others. It should be noted that, in the particular case of Colombia and by regulation, we are audited annually by PTEE (simile of the prevention model) and Sagrilaf (focused on money laundering). On the other hand, the audit of the anti-corruption policy is contained within the audit of the crime prevention model, where scheduled reviews are carried out by topics such as: tests on gifts, training, etc. The results of these reviews are presented every six months to the Directors' Committee.
Annually, all our employees receive training on crime prevention at the regional level, while special training is provided for those positions that have a direct relationship with public officials.
On the other hand, Mallplaza's Business Transparency and Ethics Program (PTEE) in Colombia was audited as of December 31, 2023 by Deloitte. The audit included the following activities:
• Interviews with management to assess the applicability of the Transparency and Business Ethics Program in the company.
• Verification of the existence of the Transparency and Business Ethics Manual or Program.
• Review of the updates made to the Compliance Policy and the Transparency and Business Ethics Program.
• Inspection of the documents that support the training of employees on issues of transnational bribery and corruption.
• Evaluation of the mechanisms implemented to measure the quality of the learning received.
• Confirmation that the Transparency and Business Ethics Program Manual includes the corresponding functions of the Board of Directors in these matters.
This audit reflects our ongoing commitment to transparency and business ethics.
Integrity Program
At Mallplaza we have a structure that seeks to promote and defend integrity within the company and in the relationship with its stakeholders. We have an Integrity Code, a tool that guides all employees in knowing how to act in the event of an ethical conflict, and an Integrity Committee, made up of the General Manager, People Manager, Controller, Regional Manager of Administration and Finance and Fiscal, with the participation of the Division Managers of Chile, Peru and Colombia as guests. Our structure also includes an Integrity Channel (which receives complaints and queries), which is available to all our stakeholders on the corporate website.
Ethical behavior:
Since 2023, Mallplaza's employee Performance Evaluation assesses eight competencies related to four key values: "we are one team", "we move nimbly", "we are passionate about the customer" and "we care for the future". The ethical behavior of employees is evaluated as part of the value "we care for the future", which considers competencies such as "leading by example" and "being aware of their impact".
Integrity Channel
During 2023 we received 72 contacts in the Integrity Channel. 34 ethical, 38 non-ethical, 9 queries and 29 complaints. During 2023 the investigation of 17 complaints was closed.
Complaints
The following table shows the complaints for the year 2023, which come from the integrity channel and other means.
Cybersecurity
Strategy
Mallplaza's cybersecurity strategy is based on the corporate implemented model, which is based on the NIST cybersecurity framework, which contemplates: 1. Timely Identification; 2. This allows us to proactively identify potential risks to the main information assets, making it possible to establish preventive controls and monitor their effectiveness. The implementation of this framework includes a set of platforms and services for monitoring and security controls, which allow us to address in a preventive and corrective manner the different harmful actions detected in the ecosystem.
Governance
The Corporate Administration and Finance Management is responsible for cybersecurity. The Regional Technology Management reports to the Corporate Management. Both departments report indirectly to Falabella's Corporate CISO. This CISO reports to Falabella's IT Manager, who in turn reports to Falabella's CEO. Additionally, there is an internal structure of Information Security and Cybersecurity Committees that report KRI's to the Risk and Compliance Committee that operates on a quarterly basis and is chaired by the CEO of Mallplaza. These indicators are also monitored indirectly by the Corporate Risk Committee of Falabella Holding which reports directly to the CEO of the group.
The Product, Data & Technology Management at Mallplaza identifies, promotes and deploys new services, based on digital technology, to deliver to business partners, customers and the business a superior experience in terms of ease, satisfaction and cybersecurity.
There are other initiatives that strengthen this strategy:
- We include a set of platforms and services for monitoring and security controls to preventively and correctively address the different harmful actions detected in our ecosystem.
- Our risk dashboard considers cybersecurity indicators, quarterly reviewed by our executives, in addition to being presented at a meeting with our Board of Directors for review. In addition, our Comptrollership area is the unit in charge of verifying compliance with cybersecurity standards.
- Additionally, we have an awareness program on cybersecurity threats that is carried out permanently and comprehensively for all our employees.
For cyber and information security risk management, we have an Integral Governance Model that has two instances: in the first, those responsible for the Information Security functions of Technology, Comptrollership and Business Areas participate, dealing with contingent and relevant issues; in the second, our Management Committee. In addition, at the Corporate Governance level, best practices on the subject are shared, which serves to keep the Information Protection and Cybersecurity Programs up to date. These are reviewed annually by our Directors' Committee.
2. Risk Management and Human Rights
Risk Management
In Mallplaza, the Risk Management Deputy Manager is the one who implements the Risk Management process, ensuring the correct identification and registration of such Risks, and the associated controls, in the respective matrices. It also monitors the Risks and controls on a continuous and timely basis, proposing improvements if necessary. On the other hand, it communicates the Risks materialized and/or that exceed the limits in the defined thresholds, as well as those cases in which it does not have the resources to execute its responsibilities. Based on the above, it develops an annual work plan for Risk Management; requests its approval by the Risk and Compliance Committee; and presents the progress of its execution to the latter committee.
In this way, it also identifies the training and dissemination needs for an adequate Risk Management, together with the execution of training programs that allow process owners to understand and apply their responsibilities in Risk Management. It should be noted that this Deputy Manager reports directly to the Corporate Administration and Finance Management, and the performance of risk management is monitored and audited by the Comptroller's Office, which reports directly to the Directors' Committee.
It is important to mention that Mallplaza's directors' committee is responsible for overseeing risk management and KRIs, which are reported by the Risk and Compliance Committee.
For more details see the Integrated Risk Management Policy in Documents
Risk review
Mallplaza has a comprehensive risk management model embodied in a procedure, which responds to the guidelines established in the Comprehensive Risk Management Policy approved by its Board of Directors and allows the organization to deal with risks in a structured manner. In this context, a risk assessment and evaluation scheme has been established that considers both the probability of a risk materializing over time with its respective evaluation scale, ranging from a "remote" possibility to an "almost certain" possibility. On the other hand, the possible impact that could be caused by the materialization of these risks is addressed, considering different fronts, such as: effects on people, sanctions/convictions for transgressions associated with regulatory non-compliance, damage to business operations, financial losses and/or damage to the environment. For the categorization of the impact, a scale ranging from a "low" to a "serious" level is considered, depending on the associated severity.
Two of the evaluated risks are detailed below:
• Operational Risks:
We are exposed to incur risks that may have a direct impact on people and physical assets. We operate with a significant number of physical facilities necessary for the conduct of our business, which are exposed to the occurrence of internal or external events that could cause possible harm to people (business partners, visitors, customers, internal collaborators, external suppliers, contractors, among others) and/or damage our operations, such as: fires; natural disasters (floods, earthquakes, excessive rains); assaults; looting and violent demonstrations; among others.
The probability and inherent impact of this risk (before considering controls/mitigators), has been evaluated by Mallplaza's top executives, being the risk led by the Regional Operations Manager, using the risk assessment and evaluation scheme described above.
Scope of impact: Regional scope with the potential to severely affect the operation of our urban centers and could also generate a financial and reputational impact.
Management and/or Mitigation: Compliance with our defined standards for construction and physical safety, such as anti-seismic systems, fire protection, crisis management manual, infrastructure, and safety technology. We mitigate the risks associated with the direct impact on people through timely identification and elimination of hazards in our operations, based on an occupational health and safety program.
We have an equipment maintenance plan whose compliance and results are permanently monitored to ensure optimal performance. With regard to the impact on our assets, this management is outsourced through first class insurance companies, with the contracting of insurance policies that cover our operating risks of investment properties (urban centers in operation and under construction) and the associated income flows.
• Credit/collection risks:
We may be affected by a deterioration in the credit quality of our business partners. We are exposed to credit risk in the event that our business partners, customers or other counterparties do not comply with their contractual payment obligations stipulated in lease agreements. Scope of impact: Regional scope with the potential to severely affect us with a financial loss and could even cause Mallplaza to be unable to respond to its commitments with third parties.
The probability and inherent impact of this risk (before considering controls/mitigators), has been evaluated by Mallplaza's front line executives, being this risk led by the Regional Manager of Administration and Finance, using the risk assessment and evaluation scheme described above.
Management and/or Mitigation: We have a diversified portfolio of customers together with guarantees to cover our bad debt risks. Debtors are presented at net value, i.e., reduced by the allowance for doubtful accounts. We have a centralized process for the risk assessment of our potential customers, governed by our commercial risk policies and risk analysis procedure, which allows us to determine a classification for each of them, to generate a subsequent follow-up once they enter into operation within our urban centers.
Based on the results of the respective evaluations, our commercial policies establish the definition of a "guarantee constitution" to be covered by our commercial partners, which will be activated in the event of non-compliance with their credit commitments.
To determine the risk appetite, Mallplaza has used the methodology that adjusts to the guidelines of its majority shareholder Desarrollos Inmobiliarios SpA, a subsidiary of Falabella S.A. This methodology considers qualitative aspects associated with the possible impact that the materialization of a risk could cause, either on people, operational continuity, the environment, reputational damage, among other aspects. On the other hand, it considers quantitative aspects associated with financial losses with a maximum of materiality determined by considering a percentage of Mallplaza's real estate assets, since it is its most representative asset given the line of business.
Exposure to risks
In Mallplaza the exposure to high level risk is reviewed annually based on a planning previously agreed with the leaders belonging to the first line of defense. The result of this review is monitored through a panel of risk indicators and reported to the Risk and Compliance Committee and, subsequently, to the Directors' Committee.
Audit of risk management processes
In March 2022, Falabella's Corporate Risk and Internal Control Management conducted a risk management diagnostic applied to Mallplaza. The evaluation method used to determine the level of risk management maturity consisted mainly of interviews with the people in charge of risk management in each vertical and a review of documents. Two practices were evaluated (Governance and Processes) with different scopes in each one.
Risk culture
The directors of Plaza S.A. together with the directors of Falabella Group companies are called at least annually to a training day where different matters associated with the group's strategy are addressed, such as risks, regulatory changes and current issues associated with the retail and real estate industry.
On the other hand, during the 2023 period, Mallplaza's Risk Management team took different specialization and/or certification courses in matters associated with their functions, which were co-financed by the organization through its employee benefits program that grants scholarships. Within our induction program, we have a series of courses that each employee who joins Mallplaza must take. To do so, they must enter the Falabella Academy platform: https://academia.falabella.tech/mallplaza . In addition, in October 2023, an on-line course was held for all employees who joined during the same year, which explains the risk management methodology.
Starting in 2023 Mallplaza made available a Risk Management course to be taken by each new employee, which includes an assessment that must be completed in order to pass. This course addresses the application of the "three lines model" of the Institute of Internal Auditors (IIA), which helps to identify the structures and processes that allow achieving the objectives and facilitate a solid governance in terms of risk management. Another aspect it considers is those responsible for the different high-level risks that are managed in the organization both at the corporate level (Falabella S.A.), as well as their respective counterparts in Mallplaza.
During 2024 the unit in charge of Risk Management at Mallplaza has been developing its Risk Culture program committed for the period using different instances (risk tables that have quarterly periodicity, communications through the Viva Engage platform or others), to reinforce or refresh related concepts and promote the management of materialized risk events.
Mallplaza only provides parking services. To mitigate the associated risks, we have a regional regulatory compliance program "My Customer" which aims to ensure respect for the rights of consumers. The objective of this program is to ensure that both Mallplaza and its employees maintain an upright and exemplary behavior, acting in a respectful and consistent manner with the rights of its customers throughout the process of supply, sale of services and experience with the final consumer. In this context, the Company has established this Customer Rights Protection Program which, following the Technical Specification, considers:
i) the designation of a Compliance Officer;
ii) the identification and implementation of corrective and preventive actions or measures;
iii) the implementation of controls aimed at avoiding non-compliance risks;
iv) the commitment of Senior Management and the Board of Directors;
v) the application of disciplinary measures;
vi) the reaction to findings;
vii) the continuous improvement, periodic testing and review of the Program.
Likewise, this Program is a way of ensuring compliance with the duty of diligence of the Company's Directors and management, which seeks to ensure that the conduct expected from Employees is disseminated and materialized in a clear and simple manner, supported by actions, adequate work processes, incentives and controls that help to make this happen.
Emerging risks
Mallplaza only provides parking services. To mitigate the associated risks we have a regional regulatory compliance program "My customer" which aims to ensure respect for the rights of consumers. The objective of this program is to ensure that both Mallplaza and its employees maintain an upright and exemplary behavior, acting in a respectful and consistent manner with the rights of its customers throughout the process of supply, sale of services and experience with the final consumer. In this context, the Company has established this Customer Rights Protection Program which, following the Technical Specification, considers:
I. the designation of a Compliance Officer;
II. the identification and implementation of corrective and preventive actions or measures;
III. the implementation of controls aimed at avoiding non-compliance risks;
IV. the commitment of Senior Management and the Board of Directors;
V. the application of disciplinary measures;
VI. the reaction to findings;
VII. the continuous improvement, periodic testing and review of the Program.
Likewise, this Program is a way of ensuring compliance with the duty of diligence of the Company's directors and management, which seeks to ensure that the conduct expected from Employees is disseminated and materialized in a clear, simple manner and supported by actions, appropriate work processes, incentives and controls that help to make this happen.
Risk 1: Emerging trends in physical security that impact the integrity of our visitors, business partners, suppliers and/or collaborators.
For Mallplaza it is a priority to address the evolution of security threats that could affect the welfare of our visitors, business partners, employees and suppliers, which requires us to continuously adopt new security strategies to mitigate the aforementioned risk.
With a permanent commitment to security, Mallplaza participates in a "Corporate Security Committee" led by its controlling shareholder Desarrollos Inmobiliarios SpA, a subsidiary of Falabella S.A. The purpose of this committee is to coordinate the different business units of the Falabella Group, gather information for decision making, share best practices and develop projects with transversal impact that improve the physical security applicable to Mallplaza.
Sources of risk:
The criminal activities of transnational and national organized crime gangs in the region, whose actions have led to higher levels of violence and corruption, make it necessary to distinguish the risks that derive directly from the criminal activity of these organized crime gangs.
Crime has contributed to changing consumption habits, which could affect flows in established commerce, requiring a continuous and rapid reaction in terms of security and prevention, mitigating the effects that this could have on the operation of urban centers in the medium and long term.
This risk has a regional scope, with the possibility of affecting the operation of urban centers at different levels, which in turn could cause financial and reputational damage.
Specific impacts on Mallplaza:
• Total or partial interruption of operations of our urban centers
• Permanent closure of our urban centers
• Decrease in the flow of visitors
Mitigation measures
The following mitigation measures, among others, have been implemented to deter and/or discourage the planning and execution of high impact crimes that put the physical integrity of people inside and around shopping malls at risk:
• Provision of means of transportation for the approach and/or withdrawal of employees from the head office
• Closed-circuit television monitoring of the opening and closing of urban centers
• Monitoring of the environment and early warning for possible temporary and permanent closures of facilities, in the event of risks that may affect the integrity of visitors, employees, business partners, and suppliers.
• Formation at the corporate level of permanent safety working groups at the regional level for coordination, case studies (lessons learned), risk assessment, and transfer of best practices
• Liaison with the authorities to facilitate local coordination in prevention and safety matters.
Risk 2: Cybercrime driven by technological developments
Cybercrime driven by technological developments refers to the growing threat of sophisticated cyber attacks that leverage the latest technological innovations, such as artificial intelligence and machine learning, to compromise systems, steal sensitive data and cause operational disruptions.
The scope of the risk is broad and could materialize in the following ways:
• Advanced phishing attacks: Use of Artificial Intelligence (AI) to create highly personalized and convincing phishing emails targeting key collaborators
• Impersonation of executives or business partners to request fund transfers or access to sensitive information
• Intelligent malware: Malware that uses machine learning to evade detection systems and adapt to the company's environment
• Internal fraud: Use of AI to generate forgery or alteration of processes that can materialize in losses for the organization
• Data manipulation: Subtle but significant alteration of data using machine learning techniques to evade detection
• Impersonation: Use of audio or video deepfakes to deceive collaborators and gain access to systems or confidential information.
Potential impact on the company
• Direct financial losses due to theft or fraud.
• Recovery and systems strengthening costs.
• Reputational damage and loss of stakeholder confidence.
• Regulatory sanctions for non-compliance with data protection regulations.
• Business interruption and loss of revenue.
Protection Measures
1. Network and systems security:
• Next-generation firewalls and intrusion detection/prevention systems (IDS/IPS)
• Patch and update management process
• Multi-factor authentication (MFA) on critical systems.
2. Data protection:
• Encryption of data at rest and in transit
• Regular vulnerability assessments and penetration tests.
3. Access management:
• Application of principle of least privilege and segregation of duties
• Privileged account management (PAM) solution
• Regular access and privilege reviews.
4. Protection against DDoS attacks:
• Cloud-based DDoS mitigation services
• Load balancers and traffic filtering systems.
5. Advanced monitoring and analysis:
• Through a SIEM (Security Information and Event Management) solution
• Big data analysis to detect advanced threats.
Other measures taken include a cybersecurity awareness program for all employees and conducting Ethical Phishing exercises. Defining security standards for suppliers and third-party risk management process.
Internal Audit
Mallplaza has a Comptrollership area that reports directly to the Directors' Committee and exercises the Internal Audit function over all the company's operations in the 3 countries in which it currently operates. The annual audit plan is defined according to a methodology based on risk assessment, which is approved and followed by the directors monthly. There are no areas of the company that are not included in the scope of this function.
In relation to fiscal year 2023, the Comptroller's Office conducted 100 audits corresponding to the annual risk-based plan approved by the directors' committee and 12 unplanned reviews. No material weaknesses were detected in the company's internal control systems. At the same time, the Comptroller's Office is not aware of the existence of any fraud that has had or could have a material effect on the Financial Statements.
Tax Reporting
Effective Tax Rate
During 2023 a tax adjustment of Ps. 33,014,134,984 should be considered, corresponding to the recognition of deferred taxes associated with a tax loss of the company Desarrollos e Inversiones Internacionales SpA, and the recognition of the fair value in Colombia.
Political influence
In accordance with our internal regulations and policies, we do not make contributions to political campaigns or lobbying organizations. However, Mallplaza participates in different national and international associations and organizations to developstrategic alliances with common interests and objectives that reinforce sustainability.
The three main contributions made during 2023 involved a total of $217.709.073 Chilean pesos:
Mallplaza's contributions to the Chambers of Shopping Centers, both in Chile and Peru, are driven by the strategic motivation to share good practices that benefit shopping centers and to be part of the debates that affect the sector. We maintain an open communication with large and small companies, with the objective of advancing in a common and complementary development that allows us to reach higher and better standards to project a responsible growth in the region, always complying with the regulations and internal policy on Free Competition. The vision is to actively contribute to the integral development of the shopping mall sector, to offer Chilean consumers world-class standards. The amount contributed during 2023 was $162.230.993 in Chile, 28,436,400 in Peru and $7,824,867 in Colombia, all in Chilean pesos.
In Colombia to the Applications and Innovation Guild for a total amount of $11,730,000, value in Chilean pesos. This Guild accompanies us in the implementation of Mallplaza's omnichannel strategy, advising on the development of solutions such as darkstore, fullfilment and home delievery.
Finally, with the contributions made to the Port Community of Antofagasta (COPA), and respecting the regulations on Criminal Liability of Legal Entities and Free Competition, Mallplaza seeks to contribute to the economic development of the places where it operates, through collaboration and mutual trust. Comunidad Portuaria de Antofagasta (Port Community of Antofagasta or COPA) is a non-profit organization that was born in 2010, under the need to articulate all the actors of the logistics chains and the maritime port sector, to work together with the community and bring the world of the sea closer to the citizens. Its mission is to lead and represent the logistics sector of COPA associates through the generation of training, links, strategic information, indicators and best practices that allow the Port of Antofagasta to be the most competitive in northern Chile under a harmonious relationship with the city of Antofagasta. Mallplaza, as a concessionaire and as a complementary activity to the Port of Antofagasta, is a founding member of COPA. The amount contributed in 2023 was $7.486.813 Chilean pesos.
Philanthropic contributions and activities
Mallplaza contributes in various ways to the surrounding communities by promoting the generation of opportunities, growth and economic sustainability:
Mallplaza's main contributions are:
1. Supplier Management
At Mallplaza, we understand that suppliers are fundamental to the value we offer to our visitors and local communities. We establish relationships based on transparency, efficiency and compliance with legal regulations and seek opportunities for innovation and sustainable growth.
We promote the procurement and contracting of goods and services with the desired quality and at competitive prices. All this, to guarantee a safe operation, incorporating sustainability guidelines and adequate risk management.
At Mallplaza we evaluate all our suppliers that participate in the Request for Proposals Process to identify possible risks, evaluating the referential risk line and sustainability. The sustainability evaluation addresses variables such as: environmental management certifications, policies (waste, use of materials, ethics, gender diversity, disability, and supplier relations) and programs (benefits and training). In addition, financial variables such as balance sheets and income statements, compliance, health and safety of its workers and risk centers are also considered. The score obtained from the sustainability evaluation has a 3% impact on the offer submitted by the supplier at the time of defining the award.
It should be noted that, in the case of accident and accident rate items, if the risk detected is high according to the respective industries to which the supplier belongs, due to standards and regulatory issues, the supplier will be blocked in the system, as this has the potential to affect any project or work being developed, which is defined according to the procedure with the supplier evaluation committee
The evaluations are performed by the supplier evaluation analyst requesting the necessary backup information to evaluate the different points regarding the various categories of suppliers. These evaluations are valid for a period of one year; therefore, after this period, suppliers must be reevaluated in order to be eligible to participate again in a Request for Proposal Process. Suppliers that have any non-compliance in their evaluation or re-evaluation must solve it as soon as possible in order to be able to finalize the process, and subsequently participate in any process.
On the other hand, since our processes are regional, some variables considered in supplier evaluations are adjusted to the reality of each of the countries where we are present (Chile, Peru and Colombia), such as the applicable regulations. Regarding buyers and/or internal stakeholders of Mallplaza, we have a purchasing procedure, which is required to be reviewed by the positions that apply to them, where the considerations and stages associated with the purchasing process are stipulated. This procedure is linked to the supplier evaluation procedure, which allows us to ensure compliance with the correct development of this process. In addition, it is stipulated that, over certain amounts already defined in the purchasing procedure, the request must be submitted to the Board of Directors for approval and subsequent awarding of the respective supplier.
The following table shows the results of the supplier selection process and the sustainability evaluation of suppliers that participated in a request for proposal process:
Service providers that operate directly in our urban centers undergo a semi-annual documentary review on occupational health and safety and environmental issues. This is carried out both by Mallplaza's internal team and by a third party corresponding to the mutual company and ARL, for Chile and Colombia respectively. Thus, both the internal work plan and that of the mutual insurance company or ARL define on-site inspections in areas where food is consumed by external personnel and in hygienic service areas. All this is carried out in accordance with Mallplaza's legal standards and internal procedures. If non-compliances are detected in these evaluations, the Mallplaza team requires and supports the supplier to carry out the corresponding corrective actions and develop an action plan.
Additionally, this type of service providers relevant to the operation and functioning of Mallplaza are subject to a monthly documentary review on compliance with labor and social security obligations of their workers. In addition, for security and paramedical services, they are required to have the mandatory courses necessary for the respective functions they perform. On the other hand, weekly or daily inspections are carried out by means of checklists to review the facilities with respect to visitors and sanitary issues. In addition, audits are carried out by accredited third-party companies using validated methodologies, together with consideration of internal operational standards. In the event that non-conformities are identified, this results in the request for action plans or the application of fines according to the contractual agreements defined by both parties.
Mallplaza is constantly coordinating with service providers operating within the urban centers to provide updated information on safety and occupational health defined internally or externally, along with providing support regarding the monitoring of action plans. On the other hand, they are provided with a practical compliance guide for suppliers, which presents all the requirements they must comply with in a simple manner.
At the same time, we have a PEC (Personnel in Contact) Relationship Model, which seeks to organize, build and standardize a form of relationship between Mallplaza and its external personnel. This model has several pillars, among which is training, focused on equity and inclusion, addressing issues such as: People with autism spectrum disorder (ASD), seniors, LGBTI community, women, interculturalism and people with disabilities. In addition to this, within the Model there is a scholarship program to which external personnel can apply for the benefit of their sons and daughters.