Audit & Risk Committee Charter

Audit and Risk Committee Charter V3.0

DOCUMENT CHANGE RECORD

January 2016

Date V1.0 approved by Group Chairman Date

Date Approved Approved by:

August 11, 2022 Board of Directors

1.0 Purpose

The purpose of the Audit and Risk Committee (ARC) is to assist the Board of Directors in fulfilling its corporate governance and oversight responsibilities relating to:

• The integrity of financial reporting.

• The effectiveness of systems of financial risk management and internal control.

• The internal and external audit functions.

• The risk profile and risk policy.

• The effectiveness of the risk management framework and supporting risk management systems.

• The Group’s process for monitoring compliance with laws and regulations.

The duties and responsibilities of the ARC to fulfill this purpose are described in detail in Section 5.0 of this document.

This charter will be reviewed at a minimum every two years and more frequently if there has been a material change warranting or significant event an earlier review.

2.0 Authority and Access

The ARC has authority to conduct or authorise investigations into any matters within its scope of responsibility. It is empowered, upon consultation with and agreement of the Group Chairman and, in the absence of such agreement, of the Parent Board of Directors to:

• Obtain external Legal Counsel, Professional Accountants, Actuaries or other Specialists to advise the ARC or assist in the conduct of an investigation in any case where the ARC considers this necessary

• Seek any information it requires from employees -all of whom are directed to cooperate with the ARC's requests - or external parties.

3.0 Composition

• The ARC will comprise at least three (3) and no more than five (5) members in totality, a majority of whom shall be Non-Executive Directors.

• The members of the ARC and the ARC Chair shall be appointed by the Parent Board of Directors or its Nominating Committee

• The ARC Chair shall be an independent Non-Executive Director and a financial expert and if the Chairperson is unable to attend any meeting, the ARC Members present shall appoint a temporary Chairperson of the meeting from among the independent Non-Executive Directors.

• Each Non-Executive Committee Member of the ARC shall be ‘independent’. The ‘independence’ of the members is adjudged by the Board in accordance with the requirements of applicable legislation and regulation, and in the light of relevant codes of practice.

• Each member of the ARC shall be ‘financially literate’. The ‘financial literacy’ of the members is adjudged by the Board in accordance with the requirements of current legislation and regulation, and in the light of relevant codes of practice.

• At least one (1) member of the ARC should be a ‘financial expert’. The ‘financial expertise’ of this member is adjudged by the Board in accordance with the requirements of current

legislation and regulation, and in the light of relevant codes of practice.

• The Company Secretary or nominee will be the Secretary of the ARC

For the purposes of this Clause:

(a) “financially literate” means a person who is able to understand fundamental financial statements.

(b) “financial expert” means a person who has the necessary financial education from an accredited educational institute, a sound understanding of generally accepted accounting principles, financial statements and the way in which financial statements are prepared and audited and substantive experience as a qualified accountant;

(c) “qualified accountant” means a person who is a member of the ICATT or such other professional association as may be approved by the Central Bank; and

(d) “independent director” means a director who (i) is not the holder of five per cent or more of the shares of the insurer or of a connected party of the insurer; (ii) is not a current officer of the insurer or of a connected party of the insurer; (iii) is not a relative of a current officer or director, or of a person who was, within two years prior to his appointment, an officer or director of the insurer or a connected party of the insurer; (iv) is not the auditor, nor has been employed by the auditor of an insurer nor the auditor of any of the connected parties of the insurer within three years prior to his appointment; (v) has not been employed by the insurer or any of its connected parties within three years prior to his appointment; (vi) is not an incorporator of the insurer or of a connected party of the insurer; (vii) is not a professional adviser of the insurer or of a connected party of the insurer; (viii) is not a significant supplier to the insurer or of a connected party of the insurer; and (ix) is not indebted to the insurer or any of its affiliates, other than by virtue of a fully collateralized loan.

4.0 Administrative Matters Meetings

• The ARC will meet at least four times a year and will meet at other times on the request of the Chairperson, Internal or External Auditors, or any member of the ARC.

• Three (3) ARC members, at least two of whom shall be Non-Executive Directors shall form a quorum and no business shall be transacted unless this quorum is present.

• The ARC shall meet with the external auditors in private session at least once a year and may also meet routinely in private sessions with any of the Internal Auditors, the External Auditors, and Management, or any combination of these.

Attendance

• All ARC Members are expected to attend each meeting, in person or via telephone or videoconference. The Company Secretary or a Nominee will attend the ARC meetings. The External Auditors shall be given notice of and shall be entitled at the cost and expense of the Company to attend all meetings of the ARC.

• The ARC may invite members of Management, Internal or External Auditors or others to attend meetings and provide pertinent information, as necessary.

Decision Making

• ARC decisions may be made by circular or written resolution. A circular or written resolution signed by all members will be effective as a resolution duly passed at an ARC meeting and may consist of several documents in like form, each signed by one or more members. The expression “written” includes email or other electronic means.

• Matters arising for determination at any meeting of the ARC shall be decided by a majority of votes. In case of an equality of votes the Chairperson of the meeting in addition to his or her original vote shall have a second or casting vote.

Agenda

• The agenda for the meetings will be determined by the Chairperson of the ARC, taking into account the views of other members of the ARC as appropriate.

• The agenda and supporting papers, unless otherwise agreed, will be circulated to each member of the ARC no fewer than three (3) days prior to the date of the meeting.

Minutes

• Minutes of ARC meetings will be prepared by the Secretary, approved by the Chairperson of the ARC in draft and circulated to all members. These minutes will be confirmed at the next ARC meeting and then signed by the Chairperson of the ARC.

• Minutes of any private sessions of the Committee will be prepared, approved by the Chairperson of the ARC in draft and circulated to all members. These minutes will be confirmed at the next ARC meeting and then signed by the Chairperson of the ARC.

5.0 Duties and Responsibilities

The ARC will carry out the following responsibilities:

5.1 Financial Reporting Process

• Review significant accounting and reporting issues, including complex or unusual transactions and highly judgmental areas, and recent professional and regulatory pronouncements, and understand their impact on the financial statements.

• Review with Management and the Internal and External Auditors the results of the audit, including any difficulties encountered.

• Review the annual financial statements and other annual returns, and consider whether they are complete, consistent with information known to ARC Members, and reflect appropriate accounting principles and report to the Board.

• Review other sections of the annual report and related regulatory filings before release and consider the accuracy and completeness of the information.

• Review with Management and the Internal and External Auditors all matters required to be communicated to the ARC under generally accepted auditing standards.

• Understand how Management develops interim financial information, and the nature and extent of Internal and External Auditor involvement.

• Review interim financial reports with Management and the Internal and External Auditors

as necessary or appropriate, before filing with Regulators, and consider whether his/her are complete and consistent with the information known to ARC Members.

5.2 Internal Controls

• Consider the effectiveness of the Company's internal control over annual and interim financial reporting, including information technology security and control.

• Understand the scope of Internal and External Auditors' review of internal control over financial reporting, and obtain reports on significant findings and recommendations, together with Management's responses.

• Ensure there is due process for the identification and management of key business risks having regard to any significant failings or weaknesses in internal control.

• Monitor compliance with established policies, plans, instructions, and procedures.

• Ensure there is due process for compliance with relevant National Laws and Regulations.

• Review the reliability of Management Information procedures in the Company including Management Reporting to the ANSA McAL Parent Board.

• Consider major areas of change prior to commencement and obtain assurance that proper plans for control have been developed.

• Ensure that there is due process for monitoring the efficiency and effectiveness of operational controls.

• Monitor the procedure for safeguarding of assets and ensure the Company has adequate policies in place for the prevention and detection of fraud.

• Monitor the procedures for assessing the levels of insurance cover required by the Group including Directors and Officers Liability Insurance.

5.3 Internal Audit

• Review with Management and the Head of Group Internal Audit (GIA) the plans, activities, staffing and organizational structure of the Internal Audit function.

• Review the reports of the Internal Audit function including the follow up work by Management where Management Teams are responsible and accountable for closing audit issues in a timely manner.

• As needed, meet separately with the Head of GIA to discuss any matters that the Committee or Internal Audit believes should be discussed privately.

• Ensure that the Head of GIA has direct access to the Chairperson of the ARC

• Approving the appointment or termination of appointment of the Head of Group Internal Audit, assessing their performance and ensuring that their primary reporting line is to the Board and/or the ARC

• Reviewing the adequacy, effectiveness, independence, scope and results of the Internal Audit function.

5.4 External Audit

• Consider annually and discuss with the External Auditors the scope of their audit prior to its commencement and subsequently, the results, and review the adequacy and effectiveness of the process, taking into account relevant Professional and Regulatory requirements.

• Review the External Auditor’s Management Letter and any major recommendations of the

• Review the Terms of Engagement of External Auditors and recommend them to the Parent Board.

• Review and confirm the independence of the External Auditors by obtaining statements from the Auditors on relationships between the Auditors and the Company, including nonaudit services, and discussing the relationship with the Auditors.

• As needed, meet separately with the External Auditors to discuss any matters that the ARC or Auditors believe should be discussed privately.

• Approving, or recommending to the Board or shareholders for their approval, the appointment, remuneration or dismissal of external auditors.

5.5 Compliance with Laws and Regulations

• Review the effectiveness of the system for monitoring compliance with laws and regulations and the results of Management's investigation and follow-up of any instances of noncompliance.

• Review the findings of any examinations by Regulatory Agencies, and any Auditor observations and ensuring that senior management is taking necessary corrective actions in a timely manner to address control weaknesses, non-compliance with policies, laws and regulations, and other problems identified by auditorsand other control functions

• Obtain regular updates from the Internal Audit function and in-house legal counsel regarding compliance matters.

5.6 Risk Management

The ARC should have an understanding of the types of risks to which the Group may be exposed, the techniques and systems used to identify, measure and monitor, report and mitigate those risks having particular regard to any significant failings or weaknesses in internal control.

The ARC determines whether there is a current and comprehensive risk management system in place including associated procedures for effective identification and management of strategic and operational risks.

The ARC is responsible for:

• Assessing the impact of the Enterprise Risk Management Framework and Policy on its control environment.

• Reviewing the Group’s risk assessment matrix to ensure alignment with the Group’s risk appetite and ensure that identified material risks are reduced to or managed at levels determined to be acceptable by the Board.

• Overseeing the establishment, documentation, and maintenance of adequate risk management systems and internal controls.

• Monitoring the implementation of risk management or mitigation plans.

• Satisfying itself that risk assessments undertaken have applied the appropriate resources to the analysis and research supporting the assessments.

• Determining whether a sound and effective approach has been followed in establishing

business continuity planning arrangements, including whether business continuity and disaster recovery plans have been periodically updated and tested.

• Reviewing any disclosures made by the Internal Management or External Auditors, in relation to each reporting period.

• Reviewing and monitoring compliance with the Group’s Whistleblower Policy and reviewing any reported material incidents or breaches.

• Requesting and monitoring investigations into areas of risk, breaches of risk management policies and procedures and failures in internal control.

5.7 Other Responsibilities

Other responsibilities of the ARC include a duty to:

• Perform other activities related to their charge as requested by the Board of Directors.

• Institute and oversee special investigations as needed.

• Review and assess regularly, the adequacy of the ARC Charter requesting Board approval for proposed changes.

6.0 Reporting, Self-Assessment and Performance Evaluation

The following outlines some of the key reporting responsibilities of the ARC:

• Report promptly to the Board of Directors on the review of the annual financial statements and interim financial statements and any other matters that the Board may have specifically requested the ARC to investigate and also to report regularly to the Board on all other ARC activities, issues and related recommendations.

• Provide an open avenue of communication between Internal Audit, the External Auditors and the Board of Directors

• Review any other reports the Company issues that relate to ARC responsibilities.

• Annually, the ARC will perform a self-evaluation of its performance and effectiveness and review this Charter to determine its adequacy based on current circumstances and make recommendations to the Board. As required, the ARC will review its membership and make recommendations to the Board.

• The Chairperson will conduct an annual performance evaluation of the ARC to ensure that the ARC is functioning in accordance with its Charter Rules.