Our Governance

Our business strategy relies on a solid governance structure that allows us to execute our plans while managing risks and ensuring we add value to our stakeholders.
Ethics and Conduct
Good corporate governance has the capacity to differentiate us from our competitors and enhance our reputation in the eyes of our stakeholders.

Our Code of Conduct provides guidance on the standard of behaviours that we expect from everyone who works for us, including our directors, team members, contracts or anyone working on our behalf.

This Code is supported by a suite of policies and standards that are available here.

We empower our team members to play an active role in the elimination of improper conduct in the workplace and encourage them to speak out and report concerns of any conduct that isn’t aligned with our policies or the law, or information that indicates a danger to the public or Hastings’ business or reputation.

In FY23, we introduced a Whistleblower Hotline to strengthen our commitment to our Code of Conduct and to facilitate the process of reporting actual or potential cases of misconduct.

Risk Management
Risk management is critical for the effective management of operations, enabling the identification and mitigation of risks, realisation of opportunities for improvement, and safeguarding of the Company’s assets. It also delivers long term shareholder value, meets the needs of our stakeholders and keeps our people safe.

Risk-based decision making is embedded in our culture and integrated across our business and functional activities. We believe in a healthy balance between risk and reward.

Through the Audit and Risk Committee, our Board oversees the company-wide risk management, which include periodic monitoring and review of the effectiveness of the risk management framework and associated procedures that are in place.

Human Rights
We have a commitment to promote the respect of the Universal Declaration of Human Rights. Our Human Rights Policy aims to ensure that our people exercise respect for their colleagues and the people they interact with internally and externally, treating them with courtesy, dignity, and respect.

We are committed to prevent, identify, and mitigate any action that could lead to human rights grievances by proactively exploring resolution with the affected individual or communities.

In FY22, we conducted our first Human Rights Impact Assessment to better understand the potential risks associated with our Yangibana Project and developed a Human Rights Framework which in FY23 served as a roadmap for addressing human rights risks.

Supply Chain Management
Our Contracts and Procurement Procedure provides a clear framework for the tendering process and any engagement with third party specialists to undertake inspection, auditing, and quality assurance services. Our procedures and standards outline the requirements for vendor selection and contracting.

In FY23, we released our first Supplier Code of Conduct, which has been made available to all our suppliers detailing our expectations on their corporate conduct.

We support the Australian Industry Participation Policy, a government initiative to prioritise Australian owned and operated businesses. Our commitment to local procurement is formalised in our Contracts and Procurement Procedure for the Yangibana Project, and the newly launched Supplier Code of Conduct.

Cybersecurity
Technology plays a crucial role in facilitating our business operations, but it also exposes our company to a range of cyber-security risks.

Malicious individuals or collectives could exploit unprotected systems, resulting in operation interferences, data loss and mismanagement, and equipment malfunction which could harm our workers and incur financial losses.

The implementation of a robust cyber-security system, including encryption and multifactor authentication have been our priority. The Security Operations Centre diligently oversees Hastings’ infrastructure 24 hours a day, safeguarding against internal and external threats.

A key component of preventing and detecting cyber-security risks is raising employee awareness of them through training and information sessions. Mandatory cyber-security training modules are assigned to new employees and available to anyone requiring a refresher.