Sustainability

Our Board of Directors operates with transparency and integrity as it oversees and guides our corporate governance practices that align with stockholder interests. 

• A substantial majority of our directors are independent. 

• Each of our Audit Committee, Compensation and Management Development Committee, and Nominating and Corporate Governance Committee is composed entirely of independent directors. 

• Our Board of Directors is led by our Chairperson, and the Chairperson position is separate from our CEO. 

• We conduct annual Board and committee evaluations which include a qualitative assessment by each director of the performance of the Board and the committee or committees on which the director serves. 

• Generally, our directors are not expected to serve after reaching age 80. 

• We intend that no director serve more than 15 years on our Board and no committee chairperson serve more than five years as a chairperson of that committee.

• Our Board of Directors is committed to diversity and refreshment, and us focused on bringing new perspectives, ideas, and leadership to the Board.

• Our independent directors meet regularly in executive sessions without the presence of our corporate officers or non-independent directors. 

• We have instituted limits on the number of outside directorships held by our directors to prevent “overboarding." 

• We provide robust director orientation and continuing education programs. 

• Our Board of Directors regularly rotates committee members. 

• Our Code of Business Conduct and Ethics applies to members of the Board. 

We believe that effective corporate governance is critical to our ability to create long-term value for our stockholders. We have structured our corporate governance in ways that strive to align its interests with those of our stockholders: 

• Our Board of Directors is not classified, and each of our directors is subject to annual re-election (we will not classify our Board in the future without the approval of our stockholders). 

• Stockholders holding a majority of outstanding shares have the right to amend, alter or repeal our bylaws, or adopt new bylaws. 

• Stockholders possess the right to nominate candidates to the Board through proxy access provisions of our bylaws. 

• Stockholders may act by written consent. 

• We do not have a stockholder rights plan, and we will not adopt a stockholder rights plan in the future without stockholder approval. 

• We have opted out of the Maryland business combination and control share acquisition statutes and cannot opt in without stockholder approval. 

• We actively engage with our stockholders, seek input, address questions and concerns, and provide perspective on the company policies and practices through our direct outreach to investors, our annual meeting of stockholders and regular detailed investor presentations. 

Our fully independent Compensation and Management Development Committee oversees the executive compensation program and evaluates the program against competitive practices, legal and regulatory development and corporate governance trends and best practices. 

• The majority of our executive compensation is performance-based and at-risk, tied to rigorous absolute and relative performance goals. 

• We reward performance that meets or exceeds goals that the Compensation and Management Development Committee establishes, with the objective of increasing stockholder value over time, aligning with other stakeholders’ interests and driving long-term strategic outcomes.

• Our annual and long-term incentive plans provide a balance of incentives and include complementary metrics to measure the company’s performance and align with sustainability metrics.

• We conduct a stockholder advisory vote on executive compensation annually.

• We have adopted a clawback policy requiring mandatory recovery of certain incentive compensation paid to executive officers in the event of a material financial restatement. 

• We do not authorize excise tax gross-ups. 

• We prohibit hedging and restrict pledging or borrowing against company stock. 

• We have no executive-only perquisites such as company cars, security systems or financial planning. 

• We do not encourage excessive risk taking (we conduct annual formal enterprise risk assessments). 

• None of our executives has an employment agreement or individual change in control agreement. 

• We engage an independent compensation consultant that does not provide any other consulting or other services to the company to assist our Compensation and Management Development Committee with creating the executive compensation program. 

Our directors and executive officers are subject to stock ownership and retention requirements, under which they are expected to own shares of our common stock equal in market value to a specified multiple of his or her annual base salary or cash retainer, as applicable: 

• President and CEO: 6X base salary. 

• Executive officers: 3X base salary. 

• Non-employee directors: 5X annual cash retainer for Board service. 

Our Code of Business Conduct and Ethics  is supported by associate conduct policies and programs and reinforced through regular associate training. We have zero tolerance in relation to illegal or unethical conduct and this is articulated in our relevant policies, including policies on conflicts of interest, gifts and entertainment, fraud, sanctions, outside activities, political contributions, and bribery and corruption. Any associate who violates the requirements of the Code, or any of our other policies, is subject to disciplinary action up to and including termination.  

On February 4, 2025, our Board of Directors adopted amendments to the Code to provide additional guidance and greater detail on various matters, including ethical decision-making, conflicts of interest, procedures for trading Invitation Homes securities, and confidential information. Additional revisions were also made to improve readability. This summary of the amendments is qualified in its entirety by reference to the full text of the amended Code.

We have retained a third-party solution provider for automating ethics and compliance reporting.  The reports are reviewed with our Audit Committee at meetings held several times a year. We have also implemented a “whistleblower” policy that allows our associates to file reports regarding any impropriety on a confidential and anonymous basis.  Neither our company, the Audit Committee, nor any director, officer, employee, contractor, subcontractor, or agent of the company will, directly or indirectly, discharge, demote, suspend, threaten, harass or in any manner discriminate or retaliate against any person who, in good faith, makes a report or assists in investigating a report. 

We have adopted a Vendor Code of Conduct  that extends our values to company vendors and serves to highlight our commitment to ethical business practices, safe labor conditions, respect for human rights, environmental stewardship and regulatory compliance. 

The Board of Directors provides overall risk oversight, both directly and through its committees, to identify and assess the major risks our company faces and oversees the policies and procedures for monitoring and controlling such risks. The Board is responsible for promoting an appropriate culture of risk management within our company and for setting the right tone, overseeing our aggregate risk profile, and monitoring how we address specific risks, such as strategic and competitive risks, financial risks, reputation risks, cybersecurity and technology risks, sustainability risks, legal and compliance risks, regulatory risks, and operational risks. The Board is supported in its risk oversight function by its Audit Committee (the committee responsible for overseeing our enterprise risk management activities), Compensation and Management Development Committee, Nominating and Corporate Governance Committee, and Investment and Finance Committee. Each of these committees regularly meets with and reports to the Board. 

Management is responsible for identifying and assessing material risks, implementing appropriate risk management strategies, integrating risk management into our decision-making process, and ensuring that information with respect to material risks is transmitted to senior executives and the Board of Directors.  

Performing an annual enterprise risk evaluation by management and internal auditors ensures that we are cognizant of risks and proactively mitigate such risks. Members of the Board of Directors regularly meet with members of management, internal audit and other key personnel who advise the Board on areas of enterprise risk, the company’s risk mitigation and response strategies, and any incidents that have arisen. Our Board helps determine if any additional policies need to be enacted or if any further actions need to be taken to minimize potential risks. 

Our Company’s operations are highly dependent upon information systems that support our business processes. Cyber intrusions could seriously compromise our networks and the information stored therein could be accessed, publicly disclosed, misused, lost, or stolen. As such, we have established information security processes and policies using principles from industry recognized cybersecurity frameworks focused on: (i) developing organizational understanding to manage cybersecurity risks; (ii) applying safeguards to protect our systems; (iii) detecting the occurrence of a cybersecurity incident; (iv) responding to a cybersecurity incident; and (v) recovering from a cybersecurity incident.

We employ a multi-layered security model that leverages risk-based controls with a focus on protecting our residents’ and associates’ data. We follow a cloud-first approach to enable efficient scaling, robust business continuity, and access to the latest technology innovations.

Our cybersecurity risk management program aims to protect and preserve the confidentiality, integrity, and continued availability of our residents’ and associates’ data and includes controls and procedures for the identification, containment, and remediation of cyber threats. Our cybersecurity risk management program includes, among other key features:

• regular cybersecurity risk assessments;

• detection and reporting of any cybersecurity events;

• independent strategy consultation on enhancement items and processes for cybersecurity tabletop exercises;

• robust information security training program that includes annual information security training for all associates, as well as additional role-specific information security training; and

• cyber incident response plan that provides controls and procedures for timely and accurate reporting of any material cybersecurity incident to executive leadership and our Board of Directors.

As part of our robust cybersecurity risk governance model, we established the Cybersecurity Governance Committee chaired by our Vice President, Chief Information Security Officer and composed of key leaders from stakeholder groups throughout our company including our President, Chief Legal Officer, Chief Compliance Officer, and the head of internal audit, along with other senior members of management.

The Cybersecurity Governance Committee meets quarterly to review the processes and performance indicators related to prevention, detection, mitigation, and remediation of cybersecurity incidents that could adversely impact business operations.

Additionally, we maintain a cross-functional cyber incident response plan with defined roles, responsibilities, and reporting protocols, which focuses on responding to and recovering from any significant breach as well as mitigating any impact to our business.

Information technology and data security, particularly cybersecurity, are areas of focus for our Board of Directors and its Audit Committee. As part of its overall risk oversight activities, with respect to cybersecurity risk management, the Audit Committee:

• oversees the quality and effectiveness of our policies and procedures with respect to our information technology and network systems;

• provides oversight on our policies and procedures in preparation for responding to any material data security incidents; and

• oversees management of internal and external risks related to our information technology systems and processes.

We expect that our cybersecurity risk management processes and strategy will continue to evolve as the cybersecurity landscape evolves. As a backstop to our strong information security programs, policies, and procedures, we maintain cyber liability insurance coverage that would defray the costs of an information security breach, if we were to experience one.

To date, we have not experienced a materiel security breach, nor are we aware of any third-party outside service providers that have experienced a cybersecurity breach. As a result, we have not incurred any expenses from such information security breaches or any penalties or settlements related to the same.