- setting clearly defined goals and objectives;
- emphasis on risk management and internal controls;
- a thorough understanding of ESG structures, processes, risks and opportunities;
- honest and transparent reporting of ESG performance; and
- the utilisation of best-practice standards to elevate sustainability efforts.
The Thungela Board has ultimate oversight of our approach to ESG and the delivery of our objectives in this crucial area.
This incorporates all aspects of ESG, including climate change, and the progress we make against the targets we have set for ourselves. The board’s responsibility extends not just to Thungela, but also to its subsidiary companies, associates, trusts and joint ventures. It is led by independent non-executive director Sango Ntsaluba. As chairman, he is responsible for setting the tone for an ethical culture at board level, and for ensuring that the board fulfils its duties with integrity and in accordance with established corporate governance principles.
The board's oversight of ESG-related matters is supported by its six committees, primarily the social, ethics and transformation committee (SETCO) and the health, safety, environment and risk (HSE and risk) committee, which are delegated specific oversight roles related to sustainability and governance performance. These committees report their findings and recommendations to the board after every scheduled meeting or should the need arise.
A more detailed account of corporate governance, including reports from the board and its various committees, can be found in the governance section of our Integrated Annual Report and on our website (https:/www.thungela.com/investors/corporate-governance).
Cybersecurity is a critical governance risk that affects business resilience, stakeholder trust and regulatory compliance. Our IM processes are aligned with the National Institute of Standards and Technology and the Centre for Internet Security’s best practices, while our managed security service provider is ISO 27001 certified.
We have in-house security and phishing awareness initiatives in place to strengthen our resilience against cyber threats and employ a user awareness training and testing tool to conduct scenario testing. We also run training on South Africa’s Protection of Personal Information Act to reinforce best practices for handling sensitive data securely.
Automated vulnerability scanning takes place continuously on externally exposed assets through the implementation of relevant technology. Incident response procedures and processes are in place, while a disaster response plan will be actioned and a preparedness exercise executed in 2025. These will feed into our overall business continuity plans. Incident response procedures, particularly for critical incidents, follow our established major incident management process, which is activated for every priority 1 incident logged.
No data breaches have occurred over the past three years, and we have information security risk insurance in place. A responsible team evaluates changes to third-party-provided IM services and systems, and service providers who do not meet minimum qualification criteria are disqualified. There is zero tolerance for third parties who do not meet our security requirements. An artificial intelligence (AI) strategy is in the process of being developed. Certain functionality in our IM environment, such as read.ai, have been blocked due to potential data security risks. We are currently building a large language model for the use of AI, with limited access to certain users.
Corporate governance is the cornerstone of how we run our business. We are dedicated to maintaining the highest standards of governance and aim to cultivate a culture that values and rewards ethical behaviour, integrity and respect. This encompasses comprehensive risk management, which is vital if we are to be a devoted steward of the natural environment, a responsible employer and a dependable corporate citizen.
We are guided by the principles set forth in the King IV Report on Corporate Governance for South Africa 2016 (King IV), the performance standards established by the International Finance Corporation, applicable legislation and widely accepted industry practices. Strong processes, policies and principles shape the board's activities and establish a robust ethical culture. They ensure compliance with statutory and industry requirements, while providing direction and defining the limits of decision-making. Importantly, ethical principles are also woven into our values, code of conduct, strategies, policies, procedures and standards.
We commit to the timely identification of business and ESG risks and opportunities, and have a zero-tolerance stance on corruption, fraud and misconduct. We also encourage the reporting of inappropriate behaviour while protecting whistleblowers. We are committed to tax transparency and to preventing anti-competitive practices and money laundering.
Our inclusion and diversity policy addresses all aspects of diversity and fosters inclusivity across the organisation. This includes the board. We are dedicated to transparent and equitable executive compensation structures that are tied to various factors, including ESG. Further details on ESG-related compensation can be found in the remuneration report on page 98 of the Integrated Annual Report. The board comprises individuals whose diverse knowledge, race, cultural backgrounds, age and gender all positively impact the fulfilment of its duties.
Two black women serve as independent non-executive directors alongside three black and three white males. Ranging in age from 47 to 64, their collective expertise in accounting, finance, technical fields, engineering, sustainability and management ensures that the board is well-structured, with complementary skills and a balanced distribution of authority. In 2024, we were saddened by the passing of Thero Setiloane, who served as chairman of our SETCO. Tommy McKeith, who was appointed to the board in October 2024, now serves in this role and is a member of both the board’s audit committee and HSE and risk committee.
Appointments are made based on merit, considering skills, experience, independence and knowledge. Each year, the nomination and governance committee assesses the board’s effectiveness in terms of its size, diversity and demographics.
By conducting business responsibly, we prioritise the best interests of all our stakeholders. This involves being accountable in our operations, acknowledging our actions and providing transparent and honest information about our performance. We uphold values of honesty, fairness, respect, community and integrity, which must be demonstrated at all levels. To foster ethical leadership, we have a business-wide code of ethics and a whistleblowing policy and process, both of which are communicated throughout the organisation, including to the board. Our approach is to address unethical behaviour promptly and fairly while recognising and rewarding ethical conduct. The board's rights and responsibilities are outlined in the board charter, ensuring a clear balance of power and authority so that no single director has unchecked decision-making power.
Our independent whistleblowing service, HAIBO!, plays a crucial role in eliminating unethical behaviour and is accessible to internal and external stakeholders, including members of the board, employees, contractors, business partners and members of the public. This service enables anonymous reporting of illegal, inappropriate and unscrupulous behaviour, while ensuring the confidentiality and protection of whistleblowers. Our whistleblowing policy is available on our website.
We actively encourage reporting through various internal and external communication channels, as well as during return-from-leave inductions and mandatory training covering topics such as human rights, our code of conduct and issues related to bullying, victimisation and harassment. Whistleblowers can report anonymously in their preferred language using a toll-free hotline and dedicated email address.
In 2024, the hotline received 248 contacts, leading to 59 official reports, of which 48 were resolved by the end of the year. The SETCO regularly reviews a summary of reports to identify trends and necessary corrective actions. It also assesses feedback on incidents and the outcomes of investigations. Any incidents with significant financial implications are reported to the audit committee.
Our code of conduct serves as an internal guideline and an external statement of our commitment to acting with accountability and care and respect. This is for the people who work for and with us, for the communities that host our mining sites, and for the natural environment. It sets out our mission, our corporate values and our culture and links these to best-practice global standards, which provide the benchmarks against which we and others will measure our performance. It brings together in one place our core values, behaviours, ethical principles, policies and standards and is a user-friendly guide to doing what is right.
Our code of conduct and business integrity policy and performance standard is accessible on the company intranet and website. Regular awareness of the code, together with our whistleblowing service, is promoted through multiple internal channels, including the Thungela Weekly, which employees receive via email or SMS once a week. Board members also receive periodic reminders via email.
All management levels, employees, contractor and key suppliers are required to undergo training on the code of conduct and business integrity policy. Awareness of the requirements of both policies is raised on a continuous basis via different media.
Any violations of these policies are reported, investigated and resolved, with disciplinary action taken when necessary.
Directors are prohibited from engaging in direct business transactions and must disclose their business interests to the remuneration and nomination committee every year. Board and committee meetings commence with declarations of personal interests, where members must formally declare any actual, potential or perceived direct or indirect conflict.
New employees are required to disclose any conflict of interest, and vetting is conducted during the hiring process. We maintain an electronic register where individuals must declare both real and perceived conflicts of interest, as well as any external directorships. These declarations are approved by their managers, and the register is audited by the internal audit department once a year
Assessments for corruption-related risks at all our operations are undertaken by our internal audit department, which monitors and reports findings to the executive committee. A quarterly report is also provided to the SETCO, which is responsible for relaying findings to the board.
We understand the significance of adhering to legislation and following non-binding codes and standards. We strive to foster a culture of compliance that assures the board and management that all legal and regulatory requirements have been fulfilled.
Our legal and risk and assurance departments are responsible for the compliance function and are developing a regulatory compliance framework to help monitor and track our fulfilment of regulatory requirements.
Reports to the nomination and governance committee keep board members informed of the level of regulatory compliance achieved. Members of the compliance function attend meetings at the board’s request.
We have updated our approvals framework to incorporate Ensham concerning delegation of authority and regulatory compliance. The framework covers execution, operational expenditure, and supply chain; communication and ESG; human resources, finance, legal, assurance; sales and marketing; and governance and strategy. It is reviewed annually to ensure its continued relevance.