Ethics and Compliance Program
We maintain a robust set of ethics and compliance documents, which we review and update annually. The principles and expectations set forth in those documents are reinforced through annual training and certification, and processes are in place to detect and remediate any violations. The ethics and compliance program administration and key documents are described in detail below.
Compliance Administration
We have established the following roles and processes to promote ethical business conduct and compliance with our policies:
Role of Chief Compliance Officer
Our General Counsel serves as our Chief Compliance Officer and is responsible for overseeing our ethics and compliance program, which includes reviewing and updating policies annually. As further described below, the Chief Compliance Officer also provides for annual training, tracks and responds to any reports of suspected noncompliance, and collects annual certifications.
Role of Supervisors
All officers and employees with supervisory responsibilities are responsible for ensuring that the personnel they supervise, including temporary contractors, are familiar with and comply with our compliance materials.
Training
Every officer, employee, and contractor receives mandatory ethics and compliance training within 30 days of commencing work at Granite Point and on an annual basis thereafter. Every officer and employee completed the required training in 2023.
The ethics and compliance training covers the following topics, among others:
- Fair dealing and fair competition
- Conflicts of interest
- Business gifts and entertainment
- Bribery and kickbacks
- AML and fraud
- Related-person transactions
- Information security and confidentiality, including PII
- Workplace conduct
- Human and labor rights
- Environmental responsibility
- Regulation FD
- Insider trading
In addition, all officers and employees receive regular third-party training on cybersecurity, anti-harassment, and diversity, equity, and inclusion.
Whistleblowing Procedures
Any ethics or compliance concerns can be raised through Granite Point’s whistleblower alert line at 844-572-2197 or at www.gpmortgagetrust.ethicspoint.com. This alert line is operated by a third party; is available 24 hours a day, 365 days a year; and will accept anonymous reports. Our compliance documents and training also encourage employees to report concerns to their supervisor or the Chief Compliance Officer. For more information about our program for addressing accounting or auditing concerns, see our Whistleblowing Procedures for Accounting and Auditing Matters.
Certification
All officers and employees must certify annually to the Chief Compliance Officer that they have read and understood the compliance materials listed below, have acted and will continue to act in compliance with them, and have reported any known or suspected violations:
- Code of Business Conduct and Ethics (described below)
- Information Security, Cybersecurity, and Acceptable Use Policy
- External Communications Policy
- Insider Trading Policy
- Related Person Transactions Policy
- Anti-Money Laundering Policy (described below)
- Human and Labor Rights Policy (described below)
Anti-Retaliation
We strictly prohibit retaliation related to any report of a suspected ethics or compliance violation made in good faith.
Code of Business Conduct and Ethics
Our Board of Directors has adopted a Code of Business Conduct and Ethics that applies to our officers, directors, and employees. The code is designed to detect and deter wrongdoing and to promote, among other matters:
- Compliance with applicable laws, rules, and regulations, including those related to securities, labor, employment, and workplace safety
- Honest and ethical promotion of Granite Point’s interests through fair dealing with counterparties, suppliers, competitors, and colleagues; appropriately handling actual or apparent conflicts of interest between personal and professional relationships; and advancing the company’s legitimate interests rather than pursuing personal benefit when business opportunities arise
- Ethical business decision-making, including limits on gifts and entertainment and a prohibition on bribery, kickbacks, or other improper payments
- Full, fair, accurate, timely, and understandable disclosure in our reports filed with the SEC and other public communications
- Appropriate treatment of confidential information and company assets
- A safe and healthy work environment that is free from discrimination and harassment
- Reporting, investigating, and disciplining violations of the Code of Business Conduct and Ethics
Anti-Money Laundering Program
We voluntarily maintain an anti-money laundering program to help prevent money laundering and terrorist financing and to support law enforcement efforts that combat such activities. Our Anti-Money Laundering Policy applies to all officers, employees, and contractors and is administered by our Chief Compliance Officer acting as AML Compliance Officer. The policy educates personnel about indicators of suspicious and possibly fraudulent activity and provides that, when originating a loan, personnel must first undertake to confirm and document the identity of any party with a significant interest in the transaction.
After identifying and documenting any such party, we engage specialized vendors to run a battery of know-your-customer (KYC) searches, including searches for liens, litigation, and inclusion on watch lists published by the Office of Foreign Assets Control. Our Anti-Money Laundering Policy requires personnel to report any suspicious transaction or activity to the AML Compliance Officer, who will refer the matter to legal or regulatory authorities if appropriate.
Human and Labor Rights Policy
We acknowledge the potential impact that Granite Point’s actions can have on the human and labor rights of our employees, prospective employees, and other individuals with whom we interact in the conduct of our business. Accordingly, we have established a Human and Labor Rights Policy to promote the basic rights of life, liberty, and security for all individuals (specifically including women and members of minority groups). The policy applies to all officers, employees, and contractors and is administered by our Chief Compliance Officer.
As stated in our Human and Labor Rights Policy, we aim to do business in accordance with the UN Universal Declaration of Human Rights and the UN Guiding Principles on Business and Human Rights. The policy includes the following key principles:
- No Child Labor - We employ only those individuals who meet the applicable minimum legal age requirements, and in no event utilize child labor.
- No Forced Labor - We do not use or engage in any forced labor, including prison labor, indentured labor, bonded labor, military labor, slavery, human trafficking, or compulsory labor.
- Lawful Hours and Leave - We ensure that employees are entitled to working hours, breaks, holidays, and leave periods in compliance with all applicable laws, rules, and regulations.
- Lawful Compensation - We are committed to paying all employees a living wage, and we comply with all minimum wage and compensation requirements as mandated by applicable law.
- Humane Treatment - We seek to provide a workplace that is free of all forms of abuse, exploitation, or other inhumane treatment, and we do not engage in or permit corporal punishment or threatened or actual violence.
- Basic Human Needs - We seek to ensure that our activities do not negatively affect access to basic human needs, including access to food, water, sanitation, or healthcare.
- Freedom of Association - We respect employees’ right to freedom of association and honor the lawful rights of our workforce to exercise (or not exercise) their right to collective bargaining.
Vendor Code of Conduct
We have established a Vendor Code of Conduct to help protect our company against operational, legal and reputational risks that could be introduced by our business partners, as well as to promote ethical and responsible business practices beyond Granite Point.
This code applies to all our “vendors,” which include suppliers, consultants, agents, service providers and other business partners, along with their employees, agents and subcontractors. In addition to posting it on our website, we deliver a copy of the code to all vendors with whom we have a significant relationship. Violations of the code may result in termination of the vendor’s relationship with us.
Our Vendor Code of Conduct sets forth our expectations and standards on the following topics:
- Ethical Business Conduct - When conducting activities on behalf of our company, vendors are expected to comply with applicable laws, rules and regulations, specifically including antitrust, trade-regulation and competition laws; disclose conflicts of interest; maintain accurate financial and operating records; and protect Granite Point’s assets.
- Anti-Bribery and Anti-Corruption - Vendors may not attempt to improperly influence a decision involving our business by giving or receiving bribes or kickbacks. Similarly, vendors may not offer inappropriate gifts or entertainment to Granite Point personnel.
- Cybersecurity - We expect our vendors to maintain a secure information technology environment, cooperate in our cybersecurity risk assessments, and promptly notify us of any cybersecurity incident that could adversely impact our company.
- Confidentiality and Privacy - We expect our vendors to protect our company’s confidential or proprietary information, as well as personal information about individuals they may acquire by working with our company.
- Insider Trading - Vendors may not violate federal securities laws by trading in Granite Point securities while in possession of material, nonpublic information about our company, or by “tipping” others to make such trades. We expect vendors to maintain policies that prohibit illegal insider trading.
- Human and Labor Rights - We expect vendors to maintain workplaces free from discrimination, harassment, and health or safety hazards. We also expect vendors to operate their businesses in compliance with key human rights principles, respect their employees’ right to freedom of association, and maintain a nonretaliation policy.
- Environmental Responsibility - We expect vendors to abide by the letter and spirit of all environmental laws and regulations applicable to their business, and we encourage them to adopt measures that will limit the negative environmental impacts of their operations through energy conservation, waste reduction and water conservation.
Political Contributions Policy
As set forth in our Code of Business Conduct and Ethics, Granite Point does not make contributions to political candidates, political parties, political campaigns, or intermediary organizations such as political action committees. Personnel are counseled not to make any personal political contributions in a way that appears to be an endorsement or contribution by the company.
Information Security and Privacy
We understand the significance of information security, including cybersecurity, to all our stakeholders. We actively manage cybersecurity, information security, and technology risks, and we are committed to implementing leading data protection standards and respecting data privacy.
Risk Management Program
Pursuant to its charter, our Audit Committee oversees our management of risks related to information security and technology, including cybersecurity. Senior management regularly reports to our Chief Executive Officer and members of our Board of Directors on the status of our cybersecurity risk management initiatives.
Our cybersecurity and information security risk management program also provides for evolving targets and objectives and incorporates expertise and suggested best practices from outside experts, including multifactor authentication, firewalls, and intrusion detection and prevention systems. We also regularly monitor relevant guidance provided by the SEC and other regulators. In addition, we maintain cybersecurity risk insurance coverage and other relevant insurance policies to mitigate cybersecurity and other information security risks.
We have an information security incident response team tasked with implementing our Incident Response Plan in the event of cybersecurity or other information security incidents. That team works with our internal and external resources (for example, insurers, outside counsel, and forensic advisors) as necessary with the goal of containing, mitigating, and remediating cybersecurity or other information security incidents.
Training and Testing
All Granite Point officers, employees, and directors are required to take quarterly cybersecurity training modules delivered through a third-party platform. As part of our ongoing cybersecurity and data security training efforts, we also arrange for all officers, employees, and contractors to periodically receive simulated socially engineered “phishing” emails to test and improve their awareness of this particular threat. Personnel who “click” or otherwise fail these tests receive immediate notifications and may be required to undergo additional testing or training. Such individuals may also receive reminder emails from members of the senior management team.
We regularly conduct cybersecurity risk assessments of our company and key outside vendors, including penetration testing and vulnerability scanning, with the goal of protecting the confidential, proprietary, and sensitive information of our company and stakeholders. These assessments are administered by independent third-party firms, and we review the recommendations contained in those assessments and implement them as appropriate.
Privacy
As a commercial real estate lender, we do not offer financial products or services used primarily for personal, family or household purposes. Consequently, we do not regularly obtain personally identifiable information (PII) in connection with our product and service offerings.
We may, however, receive PII for other purposes—for example, due diligence in connection with a commercial real estate loan or personnel record keeping—and have implemented a number of physical and technical standards, procedures, and other safeguards for protecting any PII we receive, including information security and privacy policies for the appropriate handling of personal data.
We also maintain a formal privacy policy on our website that describes the types of personal information we may collect about users when they access our website, the purpose for which we may use that information, and the circumstances in which we may share or disclose that information.
Corporate Governance Practices
We have adopted many best practices to protect the long-term interests of our stockholders, as summarized below. See our Corporate Governance Guidelines for more information.
- Separation of Chair and CEO—Our Chief Executive Officer focuses on managing the company while our independent Board Chair drives accountability at the Board level.
- Independence—All our directors are independent except for our CEO, and all our Board committees are composed entirely of independent directors.
- Majority Voting—We have a majority standard for uncontested elections of directors and a resignation policy for directors who do not receive a majority of the votes cast.
- Annually Elected Board—We do not have a classified board; each of our directors is elected annually for a one-year term.
- Board Assessments—A rigorous evaluation process that covers the Board, its committees and individual directors helps our Board identify and address any opportunities for improvement.
- Executive Sessions—Our independent directors hold regular executive sessions, with the independent Board Chair presiding.
- Director Education—We will reimburse directors for up to $5,000 per year of continuing education costs incurred in connection with their service on our Board, empowering them to be well versed in principles of corporate governance and other critical subject matters.
- Director Commitments—A director may not serve on more than three other boards of public companies in addition to our Board, and a director who serves as a public company CEO may not serve on more than one other board. Members of the Audit Committee may not serve on more than two additional audit committees for publicly listed companies.
- Stock Ownership Guidelines—Each independent director is expected to accumulate equity interests in an amount equal to three times the director’s annual cash retainer.
- Commitment to Board Diversity—We take reasonable steps to assemble a diverse pool of nominees when conducting searches for new directors, and any search firm we engage is instructed to seek to include diverse candidates. Three of our six directors identify as women, and one identifies as a member of an ethnic/racial minority group.
- ESG Oversight—With leadership from the Nominating and Corporate Governance Committee, our Board oversees our company’s approach to environmental, social and governance matters.
- Investor Outreach—We have initiated a dialogue with many of our investors focused on corporate governance and ESG topics.
- No Hedging or Pledging—We prohibit short sales, transactions in derivatives, hedging and pledging of our securities by directors, executive officers and employees.
- Single Class of Common Stock—Each share of our common stock has one vote.