strategic and financial objectives through appropriate risk taking, risk management and prudent tactical and strategic decision making. We strive to provide fair and living employee wages that are competitive and consistent with employee positions, skill levels, experience, knowledge and geographic location. We do this by performing regular market checks of our competitive pay programs in each of our locations, as well as an annual pay cycle review where we assess each employee’s pay levels. INFORMATION TECHNOLOGY AND CYBERSECURITY Our business and support functions utilize information systems that provide critical services to both our employees and our customers. We have an integrated team of professionals who manage and support our communication platforms, transaction-management systems, and analytics and reporting capabilities, including the development of proprietary solutions like REMS©. We use both cloud services and off-site, secure data centers in North America and Europe for our core applications. Information security and privacy are important concerns, with an escalating cyber-threat environment and evolving regulatory requirements driving continued investment in this area. Our information security program is designed to meet or exceed industry best practices. We are subject to a number of cybersecurity and data privacy laws and regulations, such as the BMA’s Insurance Sector Operational Cyber Risk Management Code of Conduct, the NYDFS 23 NYCRR 500 Cybersecurity Requirements for Financial Services Companies, and the EU General Data Protection Regulation. New York’s cybersecurity regulation requires regulated entities, including Renaissance Reinsurance U.S., a New York licensed insurer, and RREAG, US Branch, to establish and maintain a cybersecurity program designed to protect each of their information technology systems as well as their customers’ data. Our program is designed to comply with all applicable cybersecurity regulatory requirements and we continue to evaluate and assess our compliance in the changing regulatory environment. We have in place, and seek to continuously improve, a comprehensive system of security controls, managed by a dedicated staff. Periodically, we engage the services of reputable third parties to perform security penetration testing, and update our security controls based on any findings. In addition, we are subject to independent assessment and review by regulators, as well as an annual audit of our security controls by our independent internal audit team. We also provide regular security risk education awareness and training sessions for all staff. Despite these efforts, computer viruses, hackers, employee misuse or misconduct, and other internal or external hazards could expose our data systems to security breaches, cyber-attacks or other disruptions. We have implemented incident response and business continuity plans for our operations, which are regularly tested with respect to our business-critical infrastructure and systems. We employ data backup procedures that seek to ensure that our key business systems and data are regularly backed up, and can be restored promptly if, and as, needed. In addition, we generally store backup information at off-site locations, in order to seek to minimize our risk of loss of key data in the event of a disaster. Our recovery plans involve arrangements with our off-site, secure data centers and cloud infrastructure. We believe we will be able to utilize these plans to efficiently recover key system functionality in the event that our primary systems are unavailable due to various scenarios, such as natural disasters. REGULATION Most countries and all U.S. states regulate (re)insurance business to varying degrees. We currently operate through offices in Australia, Bermuda, Ireland, Singapore, Switzerland, the U.S. and the U.K. Our operating subsidiaries are principally regulated by the regulatory authorities of their respective jurisdictions, and may also be subject to regulation in the jurisdictions of their ceding companies. Expansion into additional (re)insurance markets could expose us or our subsidiaries to increasing regulatory oversight. However, we intend to continue to conduct our operations so as to minimize the likelihood that our Bermudian subsidiaries will become subject to direct U.S. regulation. Bermuda Regulation All Bermuda companies must comply with the provisions of the Bermuda Companies Act 1981. Bermuda- licensed insurance companies and management companies are also regulated under the Bermuda Insurance Act 1978 and related regulations. The Insurance Act imposes solvency and liquidity standards as well as auditing and reporting requirements, and confers on the BMA powers to supervise, investigate and intervene in the affairs of insurance companies. As a holding company, RenaissanceRe is not regulated as 19