Company Announcements

·  Effective and appropriate leveraging of data that we have a right to use is a key aspect of the interface between our marketing and our commercial and technology activity. We take account of regulatory and ethical factors as part of the decision-making processes in relation to marketing and technological initiatives, and we also rely on appropriate governance and control arrangements to mitigate risks that the validity of data that we use is undermined by cyber-attacks or operational failures.

·  Our 2019 focus has been on progressing a Board-endorsed roadmap of the highest priority and highest-value initiatives to build and maintain core elements of our cybersecurity posture.

·  During the year our Chief Information Security Officer has worked with teams across IHG to increase sophistication in how we identify, protect, detect, respond and recover in relation to cyber risks. This has involved developments in our security governance and risk tracking, including discussion and assessment of an approach to high-value assets with the Executive Committee.

·  We have continued to drive awareness of cybersecurity risk, including an anti-phishing campaign which tested corporate employees on phishing attacks. We also developed a cybersecurity incident response playbook which is aligned with wider IHG resilience and incident preparation protocols.

·  The nature of our operating model means that significant amounts of IHG's confidential information assets are also held by or shared with third-party suppliers and owners, and we review those risks as part of our broader supply chain risk management arrangements.

·  Our information security programme is supported and reviewed by internal and external assurance activities, including our Internal Audit and SOX teams and PCI assessments.

·  During 2019 we have reported regularly to the Board and the Executive Committee on the information security roadmap using key risk indicators to track trends in risk and mitigation initiatives. We also continue to work closely with our insurers to review the adequacy of protection for our risks and have assessed potential cyber incident scenarios, including quantification of value at risk, to better aid in risk-based discussions on remediation investment against risk acceptance and available risk transfer opportunities.

·  To enable our growth ambitions, we need to continuously strengthen our portfolio of brands to build an industry-leading offer which delivers leading-edge guest preference, and competitive owner returns. For a description of our brands and brand initiatives see pages 14 to 17, and page 23.

·  We are building the underlying capabilities to achieve our vision by: strengthening our new brand development; enhancing our marketing capability; refining our brand portfolio strategy; building improved data analytics capabilities; and scaling the production and efficiency of our global marketing assets.

·  During 2019, our Global Marketing team has continued to evolve an operating framework to provide additional clarity and alignment on prioritisation and focus areas. We have also implemented changes to several ways of working between our global functions and regional operations teams to drive commercial performance, supported by learning events and engagement sessions.

·  We are also executing a loyalty roadmap that includes tactical improvements to drive short-term performance and foundational levers to enable a longer-term step change to improve member benefits, owner economics and programme technology. See page 20 for more details on our 2019 initiatives.

·  Our approach to managing our people is outlined in detail on pages 28 to 31 and our annual business planning process includes a review of workforce risks. We consider workforce risks when designing business initiatives and we regularly review talent and succession across the organisation. Our Human Resources team partners across IHG, and performs regular reviews including in relation to the diversity of our talent and competitiveness of our compensation and benefits plan.

·  IHG has the ability to manage the risk directly in relation to IHG employees but relies on owners and third-party suppliers to manage the risk in related activities. Our Procurement, Legal and Risk teams also consider more indirect workforce risks relating to our third-party relationships.

·  During 2019, we have continued to refine and streamline our performance management systems and embed a common set of leadership behaviours across IHG through employee participation in various virtual learning summits.

·  Several policies supporting our Code of Conduct (for example our Human Rights Policy which is reviewed annually) relate to the management of our people, describing our intolerance for inappropriate behaviours, and appropriate adherence to those helps manage our risk.

·  As our business expands through mergers and acquisition, we also undertake due diligence prior to transactions, and as part of integration activities, to evaluate and adapt relevant people practices.

·  Our global Ethics and Compliance team (E&C team) are focused on ensuring IHG has a globally coordinated approach to material ethical and compliance risks, taking into account the regulatory environment, stakeholder expectations and IHG's commitment to a culture of responsible business.

·  The overarching framework for Ethics and Compliance is the IHG Code of Conduct (Code), (see pages 26 and 27). In addition to the Code, the E&C team manage the global compliance programmes for Anti-Bribery and Corruption, Antitrust/Competition Law, Sanctions and Human Rights.

·  A number of processes and initiatives are used by the E&C team to manage ethical and compliance risks. For example, IHG is a member of Transparency International UK's Business Integrity Forum and participates in its annual Corporate Anti-Corruption Benchmark. The findings from the Benchmark assessment are utilised predominantly by the E&C team to identify improvements to the design of the IHG Anti-Bribery and Corruption programme.

·  The E&C team are also responsible for, and have oversight of, the owner legal due diligence process. This is designed to ensure that risk-based due diligence is carried out on third-parties with whom IHG enters into hotel relationships. This includes sanctions monitoring, third-party screening and internal communications - for example, an annual update is communicated to the Legal, Development and Strategy teams and other relevant colleagues providing a reminder of 'No Go' countries and sanctions issues that may restrict IHG.

·  The E&C team currently monitor training completions, gifts & entertainment reporting and owner due diligence escalations. These areas help demonstrate whether the design of the Ethics & Compliance framework and core processes of the underlying programmes are operating effectively. The E&C team monitor activity of the Confidential Disclosure Channel and have regular discussions with regional Legal teams to help identify emerging issues. In addition, the E&C team receive informal queries/escalation of issues via an Ethics and Compliance email channel, which is publicised in training and awareness materials, and directly from employees, for example in face-to-face training sessions.

·  The Board receives regular reports on the Confidential Reporting Channel and matters directly related to our responsible business agenda.

·  Our comprehensive channels strategy is a key driver and enabler of accelerated growth. We continue to seek opportunities to align and innovate our channels and technology platforms (see page 21). Our IHG Concerto™ platform is operating at all IHG hotels, and we are continuing to add more capabilities to the platform to enhance revenue delivery.

·  Our Guest Reservation System (GRS) is hosted by a third-party vendor, Amadeus, in the cloud and supported by infrastructure which serves to decrease the likelihood of downtime. Availability of GRS and other key systems continues to be monitored on a 24/7 basis by the Network Operations Centre. Metrics are regularly reported to Commercial and Technology leaders so they can monitor performance.

·  As our industry evolves, and with our acquisition of new brands, we have continued to review the capabilities of our systems in relation to market trends and expectations.

·  In 2019, we also introduced regional revenue forums to focus on forecasting future business and determining integrated commercial plans to address challenges.

·  The progress of our Group-wide efficiency programme has been tracked by the Board and Executive Committee, and the majority of our centrally driven transformation activity has now transitioned to Senior Leaders.

·  Following the changes to our organisational structure in 2018, in 2019 we conducted corporate-wide virtual learning summits and we maintain a central digital hub for process and learning materials to enable our employees to find details about processes, learning content and key process owners.

·  Our focus on accelerating growth has included review of risks relating to offshoring and outsourcing by Senior Leaders and the Board. Our Strategic Supplier Management Office has been established to manage existing critical supplier relationships as well as new outsourcing and/or business-critical relationships driving our strategic objectives. Our legal teams review contracts and provide advice on litigation, where required, and our insurance programme also provides a degree of protection in the event of supplier failure.

·  Oversight teams, including our finance experts, have evolved governance and control frameworks and we also regularly review delegated approval authorities and processes to enable decisions on investments to be made quickly and efficiently with consideration of the risks involved. HR Business Partners continue to work with Senior Leaders to identify and retain key individuals across the business, and succession planning practices are in place to ensure continuity of key initiatives and business operations.

·  During 2019 we reviewed our financial governance and controls relating to the integration of our acquisitions. For example, the integration of Six Senses into IHG's financial control environment has been overseen by a dedicated governance committee.

·  We have an established approach to System Development Lifecycle, and specific risks to delivery of the Global Reservations System have been managed throughout the programme of implementation (including those relating to technical delivery, business process testing and operation readiness testing).

·  While these factors are mostly outside our direct control, we track uncertainties which may impact the hospitality industry and which need to be considered in our strategic and financial planning. These types of risks are addressed in strategic review, including our market participation choices, particularly in emerging and key growth markets.

·  During 2019, many leadership teams have used formal and informal scenario planning to anticipate the potential impact of these risks. The Board and Executive Committee receive regular updates on these types of factors from both operational and subject matter experts so that possible implications for IHG can be considered.

·  Our in-house threat intelligence capability, supplemented by third-party expertise and methodology, supports development, hotel operations and customer-facing sales teams with planning and response to macro factors, for example concerns relating to terrorism, extreme weather events, or infectious diseases such as Covid-19. We are also increasingly able to complement more traditional sources with digital intelligence to anticipate potential impacts on IHG's interests.

·  During 2019, our Corporate Responsibility team worked collaboratively with teams across IHG (including Human Resources, Business Reputation and Responsibility and Procurement) to consider the broader environmental and social risks associated with our business. These risks and opportunities are considered as an integral part of Board strategy discussions in relation to our commitment to responsible business. In 2019, this culminated with the approval of a science-based target relating to carbon reduction.

·  As part of our responsible business strategy refresh work, we are also working with third-party experts to develop our responsible business targets for post 2020 and have made a formal commitment to implement the recommendations of the TCFD. In 2020 we will be developing a disclosure roadmap for the coming years. More broadly we recognise that continued collaboration across the wider industry is required to collectively combat climate change. We are taking an active role in this via our membership and active participation in several industry bodies, including the International Tourism Partnership (ITP) and the World Travel and Tourism Council (WTTC).

·  Our values and behaviours, underpinned by our Code of Conduct, inform our decision-making at all levels. For example, specific elements of our Code of Conduct define expectations for IHG employees in relation to human rights and the environment. Our Supplier Code of Conduct and Human Rights Policy have been updated during 2019 and our Procurement, Legal and Risk teams monitor supply chain and human rights risks, see pages 26 and 27.

·  The environment in which IHG develops and operates hotels continues to evolve and impacts the safety and security risks faced by IHG. These risks are assessed as stable overall, but our approach is reviewed continuously to ensure that it remains fit for purpose, and able to anticipate and respond to the risk of an incident damaging the Group's reputation.

·  Our design and engineering, hotel opening and operations teams work together with our risk management experts to evaluate standards and develop capability to respond to an incident via training, intelligence tracking and standard operating procedures, and also deploy crisis management procedures where required for less predictable events.

·  For example, the risks of epidemics such as Covid-19, earthquakes and extreme weather events continue to pose a threat to IHG's operations, and are managed through refresher training, advanced monitoring and warning and standard operating procedures.

·  In relation to geopolitical and terrorism risks, we deploy external industry benchmarking to allocate all pipeline and operational hotels a threat category. The category definitions are designed to guide hotels to make their own risk-based decisions on how to mitigate local security threats. Categories are reviewed regularly to adjust to the dynamic threat environment in which IHG develops and operates hotels.

·  We continue to monitor UK Government and Local Authority investigations into the Grenfell tragedy. We will review our own fire and safety requirements once any changes and/or recommendations to building regulations and best practice are published, and will work with owners and operators of IHG branded hotels to provide appropriate support and guidance.

·  IHG has also created a toolkit and resources for hotels to use to provide guests with menu allergen information, making it easier for them to identify ingredients they need to avoid.

·  We continue to operate an established set of processes across our financial control systems, which is verified through testing relating to our Sarbanes-Oxley compliance responsibilities. See pages 73 and 160 to 163 for details of our approach to taxation, page 73 for details of our approach to internal financial control, and pages 182 to 185 for specific details on financial risk management policies. These processes and our financial planning continue to evolve to reflect the changes in our management structure and business targets.

·  To mitigate risks from adoption of the new accounting standard, IFRS 16 'Leases', existing controls were modified and new controls added. Controls are revisited at least once a year for modification or addition.

·  As our hotel estate evolves and grows, we also adapt our approach to financial control. Given the differences in the culture and ways of working across our regions, we apply globally and/or regionally consistent policies and procedures to manage the risks, such as fraud and reporting risks, wherever possible.

·  Our Group insurance programmes are also maintained to support financial stability.