DFZQ — Governance Information 2025

Oct 24, 2025

东方证券
—DFZQ—
(A joint stock company incorporated in the People's Republic of China with limited liability under the Chinese corporate name “东方证券股份有限公司” and carrying on business in Hong Kong as “東方證券” (in Chinese) and “DFZQ” (in English))
(Stock Code: 03958)

TERMS OF REFERENCE OF THE COMPLIANCE AND RISK MANAGEMENT COMMITTEE OF THE BOARD OF DIRECTORS

CHAPTER 1 GENERAL PROVISIONS

Article 1 In order to improve the corporate governance structure and the ability and level of the Company to manage risks, the board of directors (the "Board") of the Company has set up the Compliance and Risk Management Committee and formulated the Terms of Reference in accordance with the Company Law of the People's Republic of China, the Securities Law of the People's Republic of China, the Regulations on Supervision and Management of Securities Companies and the Rules Governing the Listing of Securities on The Stock Exchange of Hong Kong Limited and relevant laws, regulations, rules, normative documents as well as the Articles of Association of Orient Securities Company Limited (hereinafter referred to as the "Articles of Association").

Article 2 The Compliance and Risk Management Committee of the Board is a specific working body set up in accordance with the Articles of Association.

CHAPTER 2 COMPOSITION

Article 3 The Compliance and Risk Management Committee consists of three to five directors.

Article 4 Members of the Compliance and Risk Management Committee shall be elected by the Board.

Article 5 The Compliance and Risk Management Committee shall have one chairman (i.e. the convener) who shall be responsible for convening and chairing the Compliance and Risk Management Committee; the chairman shall be elected by the Compliance and Risk Management Committee or the Board.

Article 6 The terms of office of members of the Compliance and Risk Management Committee shall be equivalent to that of the directors. A member may offer himself/herself for re-election upon the expiration of his/her term of office. Any member of the Committee who ceases to be a director of the Company during the term shall automatically cease to be a member of the Committee, and the vacancy shall be filled by the Board in accordance with Articles 3 to 5 above.

Article 7 Based on their respective functions, the Board office, the compliance and legal management department, the risk management department, the planning and financial management department and other relevant departments of the Company shall be responsible for the preliminary preparatory and serving work for the decision making of the Committee, including collecting and providing related information, preparing research reports for relevant subjects, work liaison, meeting organization, drafting resolutions of the Committee, file management and follow-up on implementation of meeting resolutions.

• 1 -

---

CHAPTER 3 DUTIES AND AUTHORITIES

Article 8 The main duties of the Compliance and Risk Management Committee include:

(1) reviewing and advising on the overall target and basic policy of compliance and risk management;

(2) reviewing and advising on the compliance and risk management system, the establishment and duties of the compliance and risk management department;

(3) overseeing and evaluating the compliance and risk management work of the Company, and reviewing and monitoring the Company's policies and practices on compliance with legal and regulatory requirements;

(4) evaluating and advising on the risks and risk management solutions relating to the significant matters that require approval by the Board;

(5) reviewing the scale of risk and risk tolerance of the Company as a whole and for each business; and evaluating the asset allocation system in place with reference to the tolerance of risk;

(6) reviewing and evaluating the risks associated with the Company's operating activities and the effectiveness of the corresponding measures, discussing the risk management system with the management, and ensuring that the management has fulfilled its responsibilities in establishing an effective risk management system;

(7) considering major investigation findings on risk management matters and management's response to the findings on its own initiative or as delegated by the board;

(8) reviewing and advising on the compliance and risk assessment reports that need to be reviewed by the Board;

(9) developing and reviewing the Company's policies and practices on corporate governance and making recommendations to the Board;

(10) reviewing and monitoring the training and continuous professional development of directors and senior management;

(11) developing, reviewing and monitoring the Company's code of conduct and compliance manual (if any) applicable to employees and directors;

(12) reviewing the Company's compliance with the Corporate Governance Code set out in Appendix C1 to the Rules Governing the Listing of Securities on the Stock Exchange of Hong Kong Limited and its disclosures in the Corporate Governance Report; and

(13) other duties as determined by the Board and as required by the listing rules or regulatory rules of the places where the Company's shares are listed.

• 2 -

---

Article 9 The Compliance and Risk Management Committee shall be accountable to the Board and shall submit its advice on decisions and reports to the Board for consideration and approval.

CHAPTER 4 PROCEEDINGS AND RULES OF PROCEDURES

Article 10 The meetings of the Compliance and Risk Management Committee shall be held on-site in principle, and if necessary, they may be held by videoconference, teleconference or other means in accordance with relevant procedures, provided that all the attending members are able to fully communicate with each other and express their opinions.

Article 11 The Compliance and Risk Management Committee shall convene meetings based on the proposal of the chairman, conduct discussions and form written resolutions (or review opinions) for submission to the Board of Directors.

Article 12 Meetings of the Compliance and Risk Management Committee shall be convened at least once every year. The notice of relevant meeting shall be given to all members of the Committee at least three days prior to the convening of such meeting, and the relevant material to be used at the meeting shall be provided. In the urgent situation where a meeting must be convened as soon as possible, such notice may be issued orally by telephone or otherwise, but the meeting convener shall give an explanation at the meeting. Meetings shall be chaired by the chairman. In case of absence of the chairman, another Committee member may be appointed to chair the meeting. If a member is unable to attend the meeting in person for any reason, he or she should review the meeting materials in advance, form a clear opinion, and appoint another member in writing to attend the meeting on his or her behalf.

Article 13 Meetings of the Compliance and Risk Management Committee could only be convened with presence of more than two-thirds of the Committee members. Each member has one vote. Resolutions (or review opinions) may only be passed by more than half of all members of the Committee voting in favor of such resolutions.

Article 14 As for meetings of the Compliance and Risk Management Committee, votes could be made by show of hands or by poll. For exceptional cases, votes may be made by members through communications.

Article 15 Where the Compliance and Risk Management Committee deems necessary, it may also invite directors, senior management and relevant staffs of the Company to attend meetings.

Article 16 Where the Compliance and Risk Management Committee deems necessary, it may engage intermediary agencies or professionals to provide professional advice for its decisions and relevant expenses shall be borne by the Company.

Article 17 The Compliance and Risk Management Committee shall form resolutions (or review opinions) and keep minutes for its meetings, and the opinion of the independent directors shall be recorded in the minutes. The minutes should record in sufficient detail the matters considered by the Committee and decisions (or review opinions) reached, including any concerns raised or dissenting views expressed by committee members. Minutes of committee meetings should be sent by the secretary to the Board to all committee members within a reasonable time after the meeting. Members present at such meetings shall sign on the minutes that shall be maintained by the secretary to the Board.

• 3 -

---

Any director may review the minutes of committee meetings within a reasonable time after reasonable notice was sent to the Company.

Article 18 Members present at meetings and others invited to attend such meetings are obliged to keep all matters discussed at such meetings confidential, and shall not disclose any relevant information without authorization.

CHAPTER 5 SUPPLEMENTARY PROVISIONS

Article 19 The power to interpret the Terms of Reference shall be vested in the Board.

Article 20 This Terms of Reference shall come into effect upon approval by the Board. The original Terms of Reference of the Compliance and Risk Management Committee of Orient Securities Company Limited (2024 Revision) shall be repealed simultaneously.

Article 21 Any matters not covered in the Terms of Reference or in conflict with the provisions of laws, regulations, normative documents, the listing rules of the places where the Company’s shares are listed or the Articles of Association promulgated or amended after the effective date of the Terms of Reference shall follow such provisions of relevant laws, regulations and normative documents of China, the listing rules of the places where the Company’s shares are listed or the Articles of Association.

• 4 -