CFSL Integrated Report 2025

93

Introduction

Group Overview

Leadership

Strategy & Performance

Risk Management Report (Continued)

Our Risk Management Process The Group has processes in place to identify, assess, monitor, manage and report risks, ensuring our operations remain within our defined risk appetite. Our risk assessment process combines both top-down and bottom-up approaches, allowing us to address risks at strategic and operational levels. This dual approach ensures that all potential risks are considered, from high-level strategic threats to day-to-day operational challenges. The implementation of our risk framework is overseen by the Risk Management Committee, which provides strategic guidance, alongside various Management Committees that focus on specific areas of the business to manage risks in a more targeted manner.

Risk Management Committee

• The Group’s risk management governance structure begins with oversight by the Board of Directors, either directly or through its committees to ensure that decision-making is aligned with the Board’s approved risk appetite. • The established Board Committees - Risk Management Committee, Audit & Compliance Committee, Corporate

Board of Directors

No. of Meetings 5

Independent Directors 2/4

Board Committees

Governance and Conduct Review Committee drive the overall risk management governance.

STRATEGIC LAYER

• The aggregate enterprise-wide risk profile and portfolio appetite are discussed at the respective risk management forums and further reported quarterly to the Risk Management Committee. • The Executive Management is responsible for translating the high-level overall guidance from the Board into operational aspects and then monitoring and reporting to the Committees.

Portfolio & Credit Risk Forum (PCF) Debtors Monitoring Committee (DMC) Assets & Liabilities Committee (ALCO) Policies & Process Review Forum (PPF) Operational Risk Forum (ORF) Risk Analytics Forum (RAF) Management Committees / Risk Forums

Management

The Risk Management Team and Compliance Team are independent of the Business Units. • The Risk Management Team is responsible for identifying, measuring, monitoring and reporting significant risks across the organisation. • The Compliance Team ensures that there are appropriate controls to comply with applicable laws and regulations, and escalate significant non-compliance matters toManagement and to the Audit & Compliance Committee.

Risk Management Team

MANAGEMENT LAYER

Compliance Team

UNDERPINNED BY OUR RISK MANAGEMENT PROCESS

IDENTIFY

ASSESS

MITIGATE

MONITOR

REPORT & ESCALATE

The potential for internal and external changes to risks and the continued efficacy of controls

Regularly and proactively to the Risk Management Forums and the sub-committees of the Board

Key risks to achievement of business objectives (value growth & value preservation)

Using appropriate controls and management actions

The potential impact and likelihood