111 SWIRE PROPERTIES ANNUAL REPORT 2024 Risk Appetite The Board acknowledges its responsibility to determine the nature and extent of the risks the Company is willing to take in achieving the Company’s strategic objectives whilst not exposing the Company to excessive risk of financial losses, business disruption, negative reputation, regulatory incompliance and people’s health and safety. The Company has established and maintains an appropriate and effective risk management process and internal control systems to retain only risks that are manageable and at a reasonable level, whilst exploring and capturing opportunities where appropriate. In alignment with our risk appetite, the Company has established a risk assessment matrix and corporate risk register to evaluate and prioritise the key risks by taking into account of both financial and non-financial impact, as well as impact to our Sustainable Development 2030 (“SD 2030”) Strategy. Moreover, the Company’s vulnerability and exposure to the key risks are assessed regularly to ensure that the appropriate internal controls and mitigating measures are in place for preventing and responding to any major incidents. The Board has ultimate responsibility for risk management, overseeing its design and implementation. The Board is supported by the Audit Committee. The Company has implemented the three lines of defence model of risk governance. The model is designed to minimise conflicts of interest and ensure independent oversight of risk management. In the first line of defence, the management of each business and operating unit identifies, analyses and reports the risks for which it is responsible. Risks are mitigated, minimised and eliminated, where practicable and economically viable. Where risk cannot be eliminated, the related economic returns are required to reflect the level of risk retained and to balance threats against opportunities. The first line of defence is supervised by the functional heads and portfolio directors. The second line of defence led by the Executive Committee (“ExCom”) supports the first line and provides assurance to the Board that risk is being managed effectively. The ExCom chaired by the Chief Executive (also acting in the capacity of Executive Director) comprises two other Executive Directors and six executive officers. It manages all the risks to which the Company is subject and is responsible for the design, implementation and monitoring of the relevant risk management processes and internal control systems of the Company. Among each ExCom meetings in general, review of the corporate risk register will be conducted to evaluate the Company’s risk profile and exposure, to oversee the management of major risks, to identify emerging and potential risks and to analyse risk events which materialise, with a view to their resolution and to learning from them. Sensitivity analysis or deep dive sessions on contemporary risk area such as geopolitical, economic or operational issues are conducted by ExCom as appropriate. Matters of significance that arise are reported as appropriate to the Audit Committee and ultimately to the Board of Directors. ExCom is supported by committees with specialisation in respective corporate and operating functions across the Company including investment appraisal, joint venture management, health and safety, crisis management, information security and data protection. ExCom is also supported by the risk management team headed by the Finance Director. In relation to the Company’s SD 2030 Strategy, the Environmental, Social and Governance (“ESG”) Steering Committee has been set up and reports to the Board. The ESG Steering Committee is supported by working groups to manage the ESG risks and opportunities, including climate-related and nature-related ones with respect to the five SD pillars: Places, People, Partners, Performance (Environment) and Performance (Economic).