59 Annual Report 2025 Risk Governance CLAS’ risk governance is anchored in independent oversight by the Boards of Directors of the Managers (Boards), supported by clear accountability and transparency in risk-taking by Management. Three Lines of Defence All employees have individual accountability and clearly defined ownership and responsibilities, with strong enterprisewide risk culture as the foundation. Boards & Audit and Risk Committee (ARC) • Oversee risk governance and ensure Management maintains adequate and effective risk management and internal control systems to safeguard the interests of CLAS and our stakeholders • Approve CLAS’ risk appetite which determines the nature and extent of material risks that Managers are willing to take to achieve its strategic objectives • Oversee implementation of risk frameworks and policies • Regularly review CLAS’ risk profile, including financial and non-financial risks, and mitigation strategies that arise from business activities Management • Accountable to the Boards, through the ARC, on all risk-related matters • Conduct forward-looking risk assessments to anticipate market, operational and regulatory shifts • Monitor key risk indicators and metrics, conduct scenario analysis and ensure timely and regular reporting to the Boards • Maintain escalation process to provide transparency and confidence that material risks are actively managed 1st Line – Business & Operations (Risk Owners) • Primary risk owners are accountable for effectively identifying and managing risks arising from their business activities • Conduct forward-looking risk assessments, which cover a broad spectrum of risks, to support informed decision-making and responsible risk-taking • Implement controls to manage the day-to-day business risks and ensure compliance with regulations, ethical expectations and CLAS-wide policies 1 2nd Line – Risk Management & Specialist Functions • Risk management and specialist functions include Legal, Compliance, Digital & Technology and Sustainability, who are independent of the business units • Provide risk oversight and necessary checks and balances through monitoring and reporting processes • Foster a strong risk culture through ongoing training, guidance and communication 2 3rd Line – Internal Audit and External Audit • Internal Audit and External Audit provide independent assurance on the adequacy and effectiveness of risk management and internal control systems 3
RkJQdWJsaXNoZXIy NTkwNzg=