Terms of Reference of Risk Management Committee

The brief description of terms of reference of the RiskManagementCommittee are:

1. reviewing risks including cyber security and evaluating the treatment including initiating mitigation actions;
2. monitor and review the risk management plan of the Company;
3. oversee risk management process, systems and measures implemented to mitigate the same; and
4. any other matter as may be mandated/referred by the Board
5. To formulate a detailed risk management policy which shall include:
   (a) A framework for identification of internal and external risks specifically faced by the listed entity, in particular including financial, operational, sectoral, sustainability (particularly, ESG related risks), information, cyber security risks or any other risk as may be determined by the Committee.
   (b) Measures for risk mitigation including systems and processes for internal control of identified risks.
   (c) Business continuity plan
6. To ensure that appropriate methodology, processes and systems are in place to monitor and evaluate risks associated with the business of the Company;
7. To monitor and oversee implementation of the risk management policy, including evaluating the adequacy of risk management systems;
8. To periodically review the risk management policy, at least once in two years, including by considering the changing industry dynamics and evolving complexity;
9. To keep the board of directors informed about the nature and content of its discussions, recommendations and actions to be taken;
10. The appointment, removal and terms of remuneration of the Chief Risk Officer (if any) shall be subject to review by the Risk Management Committee.