COMPREHENSIVE RISK MANAGEMENT

Bohao has established three lines of defense for risk prevention and control, including internal audit, management department, and various functional departments, and is committed to promoting full-process risk management for ESG risk identification, assessment, response, and monitoring. Since 2021, Bohao has begun to reference the internationally recognized Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management (ERM) framework and gradually incorporate ESG into the Company's comprehensive risk management system. Currently, the Company's comprehensive risk management system has undergone three rounds of upgrades, and has been progressively incorporating considerations of climate-related risks and opportunities.

THREE LINES OF DEFENSE FOR BOHAO RISK MANAGEMENT

RISK MANAGEMENT

· Establish a comprehensive risk management system that incorporates ESG and climate change factors, and systematically manages all types of risks in accordance with the three lines of defense for risk management.
· Clarify that the Board of Directors, as the highest decision-making body for risk management of the Company, is responsible for reviewing the Company's risk management policies such as risk appetite, risk tolerance, etc., and overseeing the effective operation of the risk management system.
· Clarify that the Internal Audit Department is responsible for coordinating the work of the three lines of defense and reporting material risk issues to the Board of Directors.
· Regularly conduct comprehensive risk assessments to systematically analyze the various risks faced by the Company, such as strategic risk, financial risk, operational risk, ESG and climate risk, and gain insights into the potential opportunities brought by climate change.
· Regularly conduct risk management training, promote risk management knowledge, and enhance the risk management awareness and capability of all staff.
COMPLIANCE OPERATION

· Pay close attention to the latest changes in national laws, regulations and policies, continuously improve the compliance management system, optimize the compliance management process, and integrate compliance management into the whole process of the Company's operation and decision-making.
· Attach great importance to anti-corruption and integrity work, and establish a comprehensive anti-fraud mechanism, including risk assessment, reporting and investigation, accountability and punishment, to secure business ethics.
· Regularly conduct compliance publicity and education activities to ensure that all staff participate in compliance training.
INFORMATION SECURITY

· Strictly comply with relevant laws such as the Cybersecurity Law of the People's Republic of China to ensure the security of customer information. Actively promote the information security management system to ensure the normal operation of customer business throughout the year.
· Establish a comprehensive data privacy and protection and cybersecurity management process to safeguard the security of the information system.
· Conduct special training for employees responsible for operation and maintenance, and conduct regular security assessments for all employees to continuously improve their awareness of data security and behavioral norms.

BOHAO ESG RISK MANAGEMENT SYSTEM

Step 1: ESG Risk Factor Database Development

By referring to authoritative standards and guidelines such as the Stock Exchange ESG disclosure guidelines, the International Sustainability Standards Board (ISSB) International Financial Reporting Standards (IFRS) and Global Real Estate Sustainability Benchmark (GRESB) Assessment Standards, and based on industry characteristics, we sort out 46 ESG risk factors that are closely related to the Company's operations, covering various dimensions of the Environment, Social, and Governance, and develop a comprehensive and systematic ESG risk factor database.
Step 2: ESG Risk Description

Reference to the Committee of Sponsoring Organizations of the Treadway Commission (COSO) Enterprise Risk Management (ERM) framework, analyze the potential impact of each ESG risk factor on the Company's finance, operation, reputation, compliance, etc. from both qualitative and quantitative perspectives, and assess the potential loss caused by each type of ESG risk under different scenarios by means of scenario analysis and subject matter expert (SME) assessment.
Step 3: ESG Risk Assessment

By setting risk assessment standards to quantify the risk level of ESG risk factors, we score the impact and likelihood of ESG risk factors on the company's finance, operations, reputation, compliance and stakeholders, and evaluate the corresponding high, medium, and low risk levels of ESG risk factors.
Step 4: ESG Risk Control

We finally propose targeted risk control measuresfor relevant ESG risks, clarify the responsible departments, set tracking KPls, regularly monitorrelevant risks, ensure the effective implementation of risk management measures, and continuously update and improve the ESG risk management system.

COMPREHENSIVE RISK MANAGEMENT

THREE LINES OF DEFENSE FOR BOHAO RISK MANAGEMENT

RISK MANAGEMENT

COMPLIANCE OPERATION

INFORMATION SECURITY

Step 1: ESG Risk Factor Database Development

Step 2: ESG Risk Description

Step 3: ESG Risk Assessment

Step 4: ESG Risk Control

For questions or comments related to sustainability, please contact us