Risk Management

Management Approach and Value Creation

The Company places great importance on risk management, particularly in addressing emerging risks that may be associated with its business operations.

The Company operates under an Enterprise Risk Management (ERM) framework based on the international standards of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). Risk assessments are conducted annually to ensure that the Company’s business continues to grow on a foundation of sustainability.

The Company conducts organization-wide risk assessments, covering both existing risks and emerging risks, in order to proactively prepare for changes in external and internal factors that could potentially impact the achievement of its business objectives. These risks may also lead to new business models that could affect the Company’s traditional products or services. Furthermore, the Company is committed to enhancing employee engagement in the risk management process to strengthen a risk-aware organizational culture, enabling early detection and response to potential impacts from various risk factors. The results of the risk assessment and management processes are then utilized to formulate the Company’s strategic objectives and business development plans, both in the short and long term.

Risk Management Structure

Click to Enlarge

Risk Management Structure and Responsibility

All executives and employees across the Group are considered risk owners, sharing collective responsibility for identifying and assessing risks within their respective areas of responsibility, as well as for implementing appropriate measures to manage those risks. The Company aims to maintain risks at an acceptable level (Risk Appetite), or within a tolerance level (Risk Tolerances) that does not exceed what the Company deems acceptable. To instill this risk-aware mindset among executives and employees, the Company actively promotes a strong Risk Management Culture fostering a shared understanding, awareness, and accountability regarding risk management throughout the organization.

The Company recognizes the importance of enterprise risk management, which enables the Company to achieve its strategies, objectives, and goals, while ensuring good corporate governance and fostering stable and sustainable growth. Accordingly, the Company has established a Risk Management Policy to serve as a guideline and framework for operations across all departments of the Company and its subsidiaries.

Responsibilities in Risk Management

Risk management is the responsibility of all personnel at every level of the Company and its subsidiaries, including consultants, representatives, and individuals authorized to act on behalf of the Company and its subsidiaries. Their roles, duties, and responsibilities are as follows

• The Board of Directors

  Responsible for supporting, promoting, and overseeing the management of risks that may have a significant impact on the company.

• The Audit Committee

  Responsible for overseeing and independently monitoring risk management, reviewing the internal control system, communicating with the Executive Committee, and reporting to the Board of Directors regarding risks.

• The Executive Committee

  Responsible for approving risk management policies, monitoring the development of processes, and evaluating risks. Additionally, they communicate and coordinate with the Audit Committee regarding significant risks.

• The Chief Executive Officer

  Responsible for creating and reviewing risk management policies to align with changing circumstances, ensuring that the company has adequate and appropriate risk management plans in place.

• The Legal Officer / Regulatory Authority

  Responsible for establishing frameworks, plans, and processes for risk management within the department, presenting them to the Executive Committee for approval, and supporting and monitoring the department's risk management within their area of responsibility.

• The Internal Auditor

  Responsible for reviewing the internal control systems and the risk management operations.

• Supervisors and employees

  Responsible for identifying, measuring, controlling, monitoring, and reporting risks, as well as collaborating in the development and implementation of risk management plans.

Risk Management Process

The Company continuously evaluates and monitors risk issues by considering both internal and external factors that may impact its operations in all dimensions. The Company’s risk management process is designed to be systematic and comprehensive, enabling effective identification, analysis, and management of risks, with a focus on maintaining risks within acceptable levels.

The Company recognizes the importance of proper risk management to support business operations in alignment with its strategies, objectives, and goals, while also strengthening long-term stability and sustainability. The process consists of 8 steps, as follows

Strategy and Objective Setting

Identifies Risks

Assesses Severity of Risk

Prioritizes Risks

Implements Risk Responses

Develops Portfolio View

Review and Revision

Monitoring and Evaluation

This is to ensure that the corporate governance system aligns with best practices, regulations, and oversight requirements. To keep the risk management policy up-to-date and suitable for current situations, the policy should be reviewed at least annually.

Sustainability Risk Management

In the context of a volatile economic and business environment — encompassing economic fluctuations, regulatory changes, technological advancements, and cyber threats, as well as challenges from climate change and resource constraints that may affect energy consumption, building management, and operational costs — businesses engaged in the development and management of commercial real estate must navigate a diverse range of risks spanning operations, finance, technology, and the environment. For JAS ASSET, risk management is an integral part of good corporate governance and serves as a mechanism supporting sustainable business operations. Significant risks may affect business operational efficiency, asset management and development, commercial space revenue, as well as the confidence of tenants, service users, investors, and stakeholders. The company therefore places great importance on systematic, comprehensive, and proactive risk management, taking into account impacts across economic, environmental, and social dimensions.

The company conducts risk management under the Enterprise Risk Management (ERM) approach in accordance with the COSO Framework, covering strategic, financial, operational, legal, and information technology risks, as well as sustainability-related risks such as climate change, resource and energy management, personal data protection, human rights, and business ethics. In terms of governance, the Audit Committee is responsible for overseeing the company's risk management and internal control systems, while the Nomination and Remuneration, Corporate Governance, and Sustainable Development Committee is responsible for overseeing sustainability matters, including the consideration of risks, opportunities, and impacts across environmental, social, and governance (ESG) dimensions. Through this structure, the company is able to monitor, assess, and manage risks appropriately in order to support stable and sustainable business growth.

1

Risk of Personal Data Breach and Non-Compliance with PDPA

The company faces risks of personal data breaches and non-compliance with the Personal Data Protection Act (PDPA), as the operation of commercial real estate development and management involves the collection, use, and processing of data from multiple groups of stakeholders — such as tenants, service users, customers, business partners, and employees — through information systems, digital platforms, and building management systems. These risks may arise from inappropriate access control, employee errors, the use of external service providers, or cyber threats, which may lead to data leakage, use of data beyond its intended purpose, and non-compliance with legal requirements — impacting the company's reputation, stakeholder confidence, and potentially giving rise to legal risks and financial penalties.

Risk Management Approach

• Establish a corporate personal data governance framework encompassing policies, roles and responsibilities, and data usage guidelines
• Strengthen access control and information system security
• Ensure that service providers and business partners strictly comply with PDPA requirements
• Build employee awareness and preparedness for data breach incidents.

---

2

Risk of Shortage of Personnel with Specialized Skills and Experience

The company faces risks from the shortage and retention of personnel with specialized skills and experience essential to the operation of commercial real estate development and management, such as property and shopping mall management, project development, tenant management, building engineering, as well as information technology and digital systems.

Competition in the labor market, technological change, and increasing demand for specialized skills may render the recruitment and development of personnel increasingly challenging. Meanwhile, the resignation of personnel in key positions or over-reliance on key individuals may impact work continuity, operational efficiency, and the company's capacity for growth.

Risk Management Approach

• Develop a human resources strategy, identify critical skills, and establish workforce plans aligned with the business direction
• Enhance personnel development and retention through Upskilling/Reskilling programs and succession plans for key positions
• Strengthen employee motivation and engagement, while leveraging technology to improve work processes in order to increase efficiency and reduce reliance on key personnel

---

3

Climate Change Risk

The company faces risks from climate change, both in terms of Physical Risk and Transition Risk relating to the shift toward a low-carbon economy, which may affect the operation of commercial real estate development and management.

In terms of physical impacts, extreme weather events such as floods, storms, or heat waves may affect buildings, utility systems, and shopping center services, as well as the safety of service users and employees — potentially impacting business continuity, maintenance costs, and rental income.

At the same time, risks from the transition to a low-carbon economy — including trends in environmental regulations, energy-efficient building standards, and the expectations of investors and tenants who prioritize ESG — may require the company to improve energy efficiency, resource management, and climate-related disclosures. If the company is unable to adapt appropriately, this may affect its competitiveness, asset value, and long-term stakeholder confidence.

Risk Management Approach

• Regularly monitor and assess climate-related risks, encompassing physical impacts, the transition to a low-carbon economy, and regulatory requirements, while applying assessment results to appropriately adjust strategies and business plans
• Develop and review business continuity plans, strengthen asset and infrastructure resilience, and improve energy and resource efficiency in order to reduce long-term operational impacts and costs
• Integrate climate-related matters into strategic decision-making and investment, develop data systems, governance, and disclosures in alignment with relevant standards and requirements, and transparently communicate progress to stakeholders

---

4

Human Rights Risk

The Company faces human rights risks arising from business operations involving employees, customers, business partners, and stakeholders throughout the value chain. These may stem from unfair practices, violations of labor rights, privacy rights, or supplier operations that are inconsistent with human rights principles. Such risks may affect reputation, stakeholder confidence, and give rise to legal and operational risks in the long term.

Risk Management Approach

• Establish group-level human rights policies and commitments in alignment with international principles, and communicate these to employees and business partners throughout the value chain
• Systematically conduct Human Rights Due Diligence (HRDD) processes to identify, prevent, and mitigate potential impacts arising from the organization's and business partners' operations
• Provide accessible grievance and remedy mechanisms, while promoting human rights knowledge and awareness within the organization

---

5

Corruption Risk

The company faces corruption risks arising from the operation of commercial real estate development and management, which involves procurement, selection of business partners and contractors, rental space management, and operations with external service providers. These risks may arise from the receipt or offering of bribes, conflicts of interest, or abuse of authority — potentially affecting transparency, the company's reputation, and giving rise to legal risks and financial damages if internal control systems are insufficient.

Risk Management Approach

• Establish anti-corruption policies and practices encompassing executives, employees, and business partners
• Strengthen internal control systems, approval processes, and appropriate oversight mechanisms, including business partner risk management
• Promote an ethical corporate culture, while providing whistleblowing mechanisms and whistleblower protection