Ambac is committed to maintaining an environmentally conscious workplace. Because our largest subsidiary, AAC, is not currently writing new business, up until this point our primary focus with regards to environmental concerns at the Company has been on the assessment and management of environmental risks in the portfolio of insured credits. The Company's policies and procedures relating to risk assessment and risk management are overseen by its Board of Directors. The Board takes an enterprise-wide approach to risk management oversight that is designed to support the Company's business plans at a level of risk considered by the Board to be reasonable. As we expand our new business activities we will consider implementing policies and procedures that will take into consideration the environmental impact of our business.

Environmentally Conscious Workplace
- In 2019, Ambac reduced its corporate footprint by consolidating its New York headquarters from approximately 103,000 square feet to 47,000 square feet and moved into a LEEDs Certified, energy-efficient building at One World Trade Center.
- One World Trade Center has been awarded a Leadership in Energy and Environmental Design (LEED) gold certification. LEED is a green building certification program developed by the non-profit U.S. Green Building Council and is a designation recognized worldwide. LEED certified buildings are designed and constructed to: save energy, use less water, reduce emissions and provide healthier indoor environmental quality.
- In conjunction with our move to One World Trade Center, we have adopted the following sustainability practices which contribute to the circular economy:
- Green Cleaning Policy: promotes the use of green cleaning products, equipment, and strategies
- Electronic Waste Recycling
- Office furniture reuse program for unwanted and discarded furniture and fixtures
- Organic Collection Program: designed to reduce the amount of greenhouse gas emissions associated with conventional organic waste disposal
Portfolio Risk Management Surveillance
Many events, including extreme weather patterns caused by climate change, can have an impact on Ambac’s existing insured exposures. Our Risk Management Group focuses on the early identification of potential stress or deterioration of exposures in the insured portfolio and the related credit analysis associated with these and other insured portfolio exposures. Additionally, the Risk Management Group evaluates and assesses the potential impact on the insured portfolio related to changes in the economic, regulatory, and political conditions as well as potential extreme weather events or other related environmental factors. Upon the identification of heightened environmental risk or the actual occurrence of a particular event, the Risk Management Group undertakes a further detailed review of how the event potentially impacts the ability of individual issuers in affected sectors or regions to meet debt service obligations and may adjust the internal ratings of the issuers downward and/or designate the issuers as a Watch List or Adversely Classified Credit for targeted de-risking or remediation.
Data Security and Privacy
Ambac relies on digital technology to conduct its businesses and interact with internal and external parties. With this reliance on technology comes the associated security risks from using today’s communication technology and networks. To defend Ambac’s computer systems from cyberattacks, we use tools such as firewalls, anti-malware software, multi-factor authentication, e-mail security services, virtual private networks, third-party security experts, and timely applied software patches, among others.
Awareness and alertness are important components of Ambac’s cybersecurity program; each year we provide employees, with cybersecurity training and phishing exercises throughout the year designed to educate employees about best practices and help them identify and avoid potential threats. We ensure all employees take the required mandated cybersecurity training. We also regularly test employee awareness through simulated phishing exercises. Ambac also engages third-party consultants to conduct penetration tests and risk assessments to identify any potential security vulnerabilities. Given the ongoing proliferation of viruses and malware, we continually monitor our computer networks for new types of threats.
Ambac’s business operations also rely on the continuous availability of its computer systems. We maintain and test our business continuity plan and report on the results to senior management and our Board of Directors. The Board of Directors oversees the risk management process, including cybersecurity risks, and engages with management on risk management issues, including cybersecurity issues. Ambac also protects itself against risks associated with third party vendors who have access to confidential information. Through our Vendor Management Program, we screen these third-party vendors to assess their data security protocols.
Ambac and its subsidiaries are subject to numerous laws and regulations in a number of jurisdictions regarding its information systems, particularly with regard to non-public personally identifiable information. We are committed to protecting personal data and respecting personal privacy. Ambac's privacy policy explains the type of information that we collect from its websites and how we will use it.