The Board of Directors has overall responsibility for risk oversight, including, as part of regular Board of Director and committee meetings, general oversight of executive leadership’s management of risks relevant to the Company. In this regard, the Board of Directors seeks to identify, understand, analyze, and oversee critical business risks. Pursuant to their respective charters, each of the Board of Directors’ committees maintain responsibility and oversight over key areas relevant to their purview. Management also performs additional risk evaluations and reports to the Audit Committee and the Board on a regular basis regarding risks associated with areas such as our long-term strategy, overall compliance with applicable gaming regulatory requirements and licensure, financial covenants and reporting, listing exchange rules, and other obligations, cybersecurity and information technology, developing corporate governance topics, and our executive compensation practices.

In addition, employees across the company are responsible for risk management at the operational level as part of their roles and responsibilities, such as in performing transactional due diligence across a broad spectrum of topic areas, including real estate, financial, market, governance and compliance (including anti-corruption/anti-bribery, anti-money laundering, and sanctions), environmental and climate-risk related considerations or managing their direct responsibilities, such as employees in our Legal or Asset Management departments. Employees also receive training and are exposed to risk management principles relevant to their roles and departments, such as with respect to observing internal controls, vendor/supplier management, and compliance with Company policies. Our internal audit function provides independent assurance regarding the effectiveness of risk management methods, tools and compliance processes, including our ERM framework (as described below). As a component of our overall control framework, we perform internal audit projects focusing on one or more top-identified risks.

Enterprise Risk Management

Our Enterprise Risk Management (“ERM”) framework is premised on actively monitoring the Company’s risk profile; ensuring the involvement of management, the Board of Directors and key employees in evaluating and addressing risk; and maintaining effective policies, controls and procedures to manage risk and pursue our strategic priorities. Our company’s risk appetite for identified risks is established and maintained based on regular engagement between management and the Board of Directors, including in terms of alignment with our strategic business objectives and adaptability to changing circumstances in the broader macroeconomic, transactional or consumer environment, with the overarching focus of balancing an appropriate degree of risk with our core objectives of continuing to create long-term stockholder value, including preserving our ability to continue to grow our dividend. Additional information on our risk management practices, including our ERM framework, is available in our most recent Proxy Statement.

Last updated: September 8, 2025