Governance
ESG Materiality Assessment*
*Any information relating to forward-looking statements, targets, goals, and progress against goals was not subject to Deloitte & Touche LLP’s review and, accordingly, Deloitte & Touche LLP does not express a conclusion or any form of assurance on such information.
OBSERVATIONS FROM 2021:
COVID Impact:
Our tenants, investors, Board, and employees all expressed concern about the impact of the COVID pandemic on our business, our human capital, and our ability to continue progress on our ESG goals.
Net Zero Transition and Scope 3 Emissions
Our tenants, investors, and Board expressed continued support for Vision 2030, and encouraged Vornado to consider additional categories of Scope 3 emissions as part of our carbon inventory.
Executive Compensation
Based on prior year feedback, our Board prioritized the inclusion of ESG performance metrics in our senior management long-term compensation plan. Our investors expressed support for these changes.
Diversity, Equity & Inclusion and Human Capital Management
Our employees, tenants, investors and Board all included these topics as a top priority in their engagement. DE&I enhancements, workplace flexibility, and expanded benefits were among the most frequently mentioned components.
Board Tenure and Refreshment
Our investors continued to express support for Board refreshment, which our Board is implementing for 2022.
STAKEHOLDER GROUP
NATURE OF ENGAGEMENT
FREQUENCY OF ENGAGEMENT
KEY TOPICS AND CONCERNS IN 2021
OUR TENANTS
Active relationship through our property management teams; meetings and discussions on tenant environmental performance; sustainability roundtable or webinar.
Daily (property management); as-needed (in- person meetings); semi-annually (roundtable/ webinar)
COVID Impact; Energy, Water, and Waste Management; Net Zero Transition; Community Impact; Health and Wellness
OUR INVESTORS
Conference calls to discuss corporate governance and ESG issues. Discussions include Vornado’s Lead Trustee; President and Chief Financial Officer; Corporation Counsel; and heads of Investor Relations, Human Resources, and Sustainability. Conducted calls with investors representing ownership
of at least 50% of all outstanding shares.
Annually, or more frequently as requested. Total investors reached represent over 40% of all Vornado’s outstanding shares.
COVID Impact; Executive Compensation; Management Succession; Diversity, Equity & Inclusion and Human Capital Management; Net Zero Transition; Scope 3 Emissions
OUR BOARD
ESG update to the Board by the President and CFO; presentation from the head of Sustainability
Quarterly (from CFO); Annually (from head of Sustainability)
COVID Impact; Financial Performance; Executive Compensation; Human Capital Management; Diversity, Equity & Inclusion; Net Zero Transition
OUR EMPLOYEES
Informal and frequent check-ins on environmental performance; in-person or virtual meetings; employee surveys.
Weekly (informal engagement); Annually (in- person meetings, Virtual Town Hall meeting)
COVID Impact; Human Capital Management; Health & Wellness; Energy, Water, and Waste Management; Net Zero Transition; Sustainable Development
OUR COMMUNITIES
Active membership and partnerships in community and government organizations focused on civic and environmental issues.
Monthly or more frequently (per meeting schedule).
COVID Impact; Net Zero Transition; Energy, Water, and Waste Management; Community Impact; Climate Change Risk and Mitigation; Sustainable Development
ESG Governance
ESG at Vornado is vertically integrated and core to our business, starting with the Board and impacting every division.
Sustainability – our Environmental arm – is led by a dedicated team of four employees, who report to Vornado’s Chief Operating Officer and are supported by two dedicated employees from our BMS, LLC division.
Human Resources – our Social arm – is led by Samantha Benvenuto, VP, who reports to Vornado’s Chief Administrative Officer. Samantha leads a team dedicated to Human Resources and Benefits.
Corporate Governance – our Governance arm – is led by Steven Borenstein, SVP and Corporation Counsel, who reports to Vornado’s President and Chief Financial Officer. Steven also works regularly with our Chairman and CEO, as well as our Board.
Our Corporate ESG Team is comprised of our senior decision makers on corporate strategy, as well as our pertinent divisional heads and subject matter experts. Specifically, the team includes the following roles:
- Lead Trustee
- President and Chief Financial Officer
- EVP, Finance and Chief Administrative Officer
- SVP, Corporation Counsel
- SVP, Sustainability & Utilities
- SVP, Human Resources
Oversight of social and environmental matters, including climate change risk; diversity, equity, and inclusion; and human capital management. Quarterly updates from senior management on ESG and an annual presentation from SVP, Sustainability and Utilities.
Stakeholder engagement, investor communication and outreach, and execution
of ESG strategy. Formal schedule of annual investor engagement on ESG and frequent meetings and communication among members.
ESG strategy implementation within respective areas of focus. Daily discussions and active collaboration on specific projects as well as ongoing operations and maintenance.
Integration of ESG strategy across entire spectrum of business units and stakeholder groups. Frequent communication with respective heads of management.
cybersecurity
Vornado is committed to rigorous cybersecurity protocols and employs a multifaceted approach for protecting our data and the computing environment utilized by our employees and external vendors. We engage with multiple third-party services that provide in-depth 24/7 network monitoring in addition to performing scans for vulnerabilities. These service providers ensure that our cybersecurity posture is correct, updated, and ready to respond to any new and emerging threats as well. In addition, we support and supplement our cybersecurity efforts with physical security to further protect and maintain the network and computing equipment that allow us to operate our assets efficiently. We believe strongly in educating our employees by utilizing both online cybersecurity education and performing phishing campaigns to understand areas of additional educational need. Our Internet of Things (IoT) and corporate networks are physically separate to further enhance our data and access segregation. Furthermore, our IoT network is highly segmented for additional security and to minimize vendor access. Our networks are audited by multiple external firms to further our commitment to ensuring the highest security. Formal reports to both the Audit Committee and Board of Trustees detailing our current cybersecurity program and future enhancements are instrumental in satisfying their responsibilities.
OUR OBJECTIVE:
Vornado’s primary information security objective is to protect information assets from threats and vulnerabilities through active network monitoring and testing, and strong management of application, infrastructure, and physical access.
The governance of the response to cyber incidents is designed to be efficient and ensure roles and responsibilities are clear throughout the organization. Because cyber incidents are only one area of risk for Vornado, the governance of their anticipation, identification, management, and response must logically fit within the firm’s overall risk management and its associated response to those risks.
We have engaged outside experts to continuously monitor network events and identify flaws or weaknesses through regular penetration testing. An Identity & Access Management (IAM) system analyzes application-level activities for suspicious behavior that might otherwise go undetected. Multi-Factor Authentication (MFA) is required for all remote network access and sensitive on- network applications.
Workstations and servers are secured via a strict patch management process and regular system scans to identify and remediate vulnerabilities. We have implemented restrictive data access through third- party software and perform thorough vendor cyber assessments to understand any potential risk posed by outside entities.
All staff are trained in cybersecurity awareness and test- ed through periodic email phishing campaigns. Frequent reminders in the form of newsletters make our employ- ees an active part of our cyber defense.
A detailed Cybersecurity Incident Response Plan (CSIRP) is in place for organizational preparedness in the event of a cyber event. The CSIRP is vetted and updated regularly via multidisciplinary tabletop exercises.
We validate replication of our critical financial systems at our disaster recovery site daily. All employees have secure remote capabilities to perform critical tasks for the enterprise without interruption.