Investors

The Company formulated the “Risk Management Policy and Procedures” to strengthen corporate governance, establish an effective risk management mechanism, and achieve stable operation and sustainable development, which was approved by the board of directors in October 2020. The board of directors is designated as the highest-level risk management governing body responsible for approving general risk management policies and major decisions to ensure consistent operations and sustainable development; regularly monitoring the related financial risks, regulation risks, climate change risks, hydropower risks, supplier chain risks, cyber safety risks, and the occupational safety and health risks to enhance the competitiveness of the industry.

The Company and its subsidiaries’ risk management policies are based on the overall corporate operational guidance, and define the types of risks, establish early identification, accurate measurement, effective monitoring and strict control under the risk management mechanism; prevent possible loss not exceeding the tolerable risk, continuously adjust and improve the best practice of risk management according to internal and external environmental variations to protect the interests of the employees, shareholders, collaborative partners and customers; increase corporate value and meet the corporate principle of optimized resource allocation.

Risk management organization and functions

1.Audit Committee and Board of Directors

The Company charges the Audit Committee with the evaluation of the effectiveness of the internal control systems, ensures the implementation of internal control system, ensures the implementation of internal control, supervises the control of existing or potential risks; the Board of Directors shall approve the overall risk management policy and major decisions.

2.Internal Auditor Office

The Company’s Internal Auditor Office reports directly to the Boards of Directors, inspects the Company’s risk management, provides existing or potential risk issues regarding internal control to the management, and ensures compliance with the current rules and control procedures.

3.Each risk management unit

Each risk management unit in the Company shall fully understand the risks associated with its functions and businesses, and include risk management mechanisms in their procedural management regulations.

4.Each functional unit and subsidiary

Each functional unit and subsidiary shall identify the risks they face, comply with the rules and implement necessary procedures and risk management works, and ensure that the involved risks are controlled.

The operation on risk management policies and risk measurement standards for year 2024 were reported to the Audit Committee and Board of Directors in the first quarter of 2025.