The Board of Directors of Supalai Public Company Limited has been committed and has attached importance to risk management by adopting the risk management process covering strategic, operational, financial, legal and regulatory, corruption, marketing, cyber, materiality issues regarding sustainability of the company through environmental, climate change, social, and corporate governance (ESG) aspects and emerging risks that have an impact on the company are managed in accordance with the COSO Enterprise Risk Management (2017) framework, in order to ensure that risk management is conducted in a systematic and effective manner, while reducing the likelihood of damage which might affect the achievement of the Company’s objectives to an acceptable level and be consistent with the strategic plan of the Company, which covers;
causes of risks affecting the Company in financial and non-financial aspects, and provide a review of the risks every time there is a change of various factors affecting the capital fund of the Company;
categories of risks and determine the risk appetite to be used as a basis for responding to the risks of the Company;
assessment of risks by adding measures for risk assessment to achieve greater accuracy in terms of both quantitative and / or qualitative aspects;
management of risks and monitoring each category of risk according to the priority by arranging for monitoring of risks at least on a quarterly basis.
The above-mentioned policy covers the operations of its subsidiaries, associated companies and other companies under the Company’s control. The 8th amendment was made in accordance with the resolution of the Board of Directors’ Meeting No. 12/2025 held on 9 December 2025. The guidelines are as follows:
Establishing the risk management process with the same standard throughout the Company.
Implementing integrated risk management throughout the Company with a systematic and continuous management and operation in accordance with the Company's indicators and strategic plans.
Encouraging employees at all levels to proactively manage risks and also providing a risk management plan related to material sustainability issues of the Company, including environmental issues, climate change, social responsibility, and corporate governance (ESG). Additionally, the plan covers emerging risks so that the Company can operate its business continuously (Business Continuity Plan) and sustainably.
Executives and supervisors at all levels are responsible for supporting activities related to risk assessment, risk analysis, and ESG risk management in accordance with the criteria set by the Stock Exchange of Thailand and external regulatory bodies, ensuring tangible implementation.
Promoting and developing employees and executives at all levels to have knowledge, understanding, participation, and awareness of the importance of risk management and fostering the risk management culture throughout the Company.
Providing an internal control system that covers all major risks in various aspects as follows:
Strategy Risk
Operation Risk
Financial Risk
Compliance Risk
Corruption Risk
Market Risk
Cyber Risk
Risks related to the Company's key sustainability issues, covering Environmental, Climate Change, Social, and Corporate Governance (ESG) Risk
Emerging Risk
This is done to ensure that the Company has an appropriate and efficient internal control system.
Encouraging all employees at all levels to participate in risk management and be responsible for identifying risks that affect the Company's action plan, directions, and strategies, and assessing risks by considering the likelihood and potential impact of risks and proposing methods or seeking approaches to manage risks and complying with the plan to maintain the risk appetite. The risk management plan and the risk appetite for the risk in medium, high, or very high level shall be reported to the Risk Management Committee.
When employees encounter or acknowledge risks that may affect the Company, such risks must be reported to the Company's Management and the Risk Management Committee to seek the appropriate approach for risk management under such circumstances or they can report such risks via riskmgt@supalai.com.
Monitoring, evaluating and preparing a risk management report, presenting it to the Risk Management Committee, and reporting it to the Board of Directors for approval or suggestion. Additionally, reviewing, improving and reporting incidents of potential emerging risks to mitigate impacts on the achievement of the Company's objectives.
Establishing a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) to fully prepare for crisis in a timely manner and prevent disruption to the Company's business operations.