Annual and transition report of foreign private issuers [Sections 13 or 15(d)]

Cybersecurity Risk Management and Strategy Disclosure

v3.25.1
Cybersecurity Risk Management and Strategy Disclosure
12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Abstract]  
Cybersecurity Risk Board of Directors Oversight [Text Block] Item 16G. Corporate Governance.Our common shares are listed on the NYSE American and Upstream. For purposes of NYSE American rules, so long as we are a foreign private issuer, we are eligible to take advantage of certain exemptions from NYSE American corporate governance requirements provided in the NYSE American rules. We are required to disclose the significant ways in which our corporate governance practices differ from those that apply to U.S. companies under NYSE American listing standards. Set forth below is a summary of these differences:

 

Board Committees—The NYSE American rules require domestic companies to have a compensation committee and a nominating and corporate governance committee composed entirely of independent directors, but as a foreign private issuer we are exempt from these requirements. We have a compensation committee comprised of three members, and we believe that all of the committee members satisfy the “independence” requirements of the NYSE rules.

 

Shareholder Approval of Equity Plans—The NYSE rules require shareholder approval of stock option plans and other equity compensation arrangements available to officers, directors or employees and any material amendments thereto, but as a foreign private issuer we are permitted to follow home country practice in lieu of those rules. Under home country practice, shareholder approval of stock option plans and other equity compensation arrangements is not required; however, we are required to seek shareholder approval of the compensation paid to our directors and issuances of new shares (including those that may need to be issued under any stock option plans or other equity compensation arrangements). The Company’s Board of Directors approves the stock option plans and other equity compensation arrangements that do not require shareholder approval under our home country practice.

 

Cyber security policy and procedures - The company has reviewed the internal platforms and services to ensure they are cyber security compliant. A critical component of the choice of system, vendor and service is that the vendor/service has a robust and demonstrable cybersecurity SOP and compliance.

 

For new vendors, products and services, a full cybersecurity review is performed based on the company’s IT onboarding policy which details the process, implementation, compliance and ongoing monitoring.

 

The strong onboarding and ongoing monitoring controls are supplemented with a documented protocol and escalation should the company be subject to a cyber attack. This includes quickly identifying and isolating affected systems to halt the spread, while the technical team assesses the breach’s scope and impact. We follow notification procedures compliant with regulatory requirements, which includes, informing entities like the SEC, stakeholders, and potentially the public, ensuring communications are clear and maintain transparency. Post-incident, the technical team will be in collaboration with external cybersecurity experts and law enforcement for a thorough investigation, followed by a review and update of security policies and training to integrate lessons learned and prevent future attacks. The review and any remedial actions will be shared with the Board and Audit Committee.