We may pursue additional investment, ownership, development and redevelopment/expansion opportunities outside the United States. Such international activities carry risks that are different from those we face with our domestic properties and operations. These risks include, but are not limited to: • adverse effects of changes in exchange rates for foreign currencies; • changes in foreign political and economic environments, regionally, nationally, and locally; • impact from international trade disputes and the associated impact on our tenants’ supply chain and consumer spending levels; • challenges of complying with a wide variety of foreign laws, including corporate governance, operations, taxes and litigation; • the risk that we, our employees and/or agents could violate anti-bribery, anti-corruption and international trade laws in the U.S., such as the U.S. Foreign Corrupt Practices Act, and certain foreign countries, such as the U.K. Bribery Act, which could result in criminal or civil sanctions and/or fines, negatively impact our reputation, or require us to incur significant expenses to investigate; • differing lending practices; • differences in cultures and consumer retail behavior; • changes in applicable laws and regulations in the United States that affect international operations; • changes in applicable laws and regulations in these foreign jurisdictions; • difficulties in managing international operations; • obstacles to the repatriation of earnings and cash; and • labor discord, political or civil unrest, acts of terrorism, epidemics and pandemics, including COVID-19, the fear of spread of contagious diseases, supply chain disruptions or the threat of international boycotts. Our international activities represented approximately 6.4% of consolidated net income and 9.4% of our net operating income, or NOI, for the year ended December 31, 2023. To the extent that we expand our international activities, the above risks could increase in significance, which in turn could have a material adverse effect on us. Item 1B. Unresolved Staff Comments None. Item 1C. Cybersecurity Cybersecurity Risk Management and Strategy We have developed and implemented a cybersecurity risk management program intended to protect the confidentiality, integrity, and availability of our critical systems and information. We execute a risk-based approach to identify and assess the cybersecurity threats that could affect our business and information systems. Our cybersecurity risk management program includes a cybersecurity incident response plan and dedicated cybersecurity incident response team (“CSIRT”). We do not have actual or contractual access to the systems or information maintained by our tenants, who maintain their own cybersecurity risk management programs to protect their operations from various risks from cybersecurity threats. We use the National Institute of Standards and Technology Cybersecurity Framework and CIS Critical Security Controls as a guide to help us identify, assess, and manage cybersecurity risks relevant to our business. This does not imply that we meet any particular technical standards, specifications, or requirements. Our cybersecurity risk management program is integrated with our overall enterprise risk management program, and shares common methodologies, reporting channels and governance processes that apply across the enterprise risk management program to other legal, compliance, strategic, operational, public relations and financial risk areas. Our cybersecurity risk management program includes the following key elements: • risk assessments designed to help identify material cybersecurity risks to our critical systems, information, services, and our broader enterprise information technology (IT) environment;
26
Powered by FlippingBook