GF Securities Co., Ltd. — Governance Information 2024

Aug 30, 2024

GF Securities Co., Ltd.

Rules of Procedure for the Risk Management Committee of the

Board of Directors

==> picture [33 x 33] intentionally omitted <==

1

Contents

Chapter	1	General Provisions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	3
Chapter	2	Composition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	3
Chapter	3	Duties and Authorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	4
Chapter	4	Convening and Notices of Meetings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	6
Chapter	5	Consideration and Voting Procedures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	7
Chapter	6	Resolutions and Minutes of Meetings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	7
Chapter	7	Supplementary Provisions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .	8

2

Chapter 1 General Provisions

Article 1 In order to fully perform the function of the Board of Directors of GF Securities Co., Ltd. (hereinafter referred to as “the Company”), strengthen the risk management, and prevent and mitigate risks effectively, the Company has established a risk management committee of the Board of Directors (hereinafter referred to as the “Risk Management Committee”) and formulated the Rules of Procedure in accordance with the Company Law of the People’s Republic of China (hereinafter referred to as the “Company Law”), the Regulations on the Supervision and Management of Securities Companies (《證券公司監督管理條例》), the Standards on Corporate Governance of Securities Companies (《證券公司治理準則》), the Standards on Corporate Governance of Listed Companies (《上市公司治理準則》), the Measures for the Administration of Independent Directors of Listed Companies (《上市公司獨立董事管理辦法》), the Rules Governing the Listing of Securities on The Stock Exchange of Hong Kong Limited (hereinafter referred to as the “Hong Kong Listing Rules”), the Rules Governing the Listing of Stocks on the Shenzhen Stock Exchange (《深圳證券交易所股票上市規則》), the Self-regulatory Guideline No. 1 for Companies Listed on – the Standardized Operation of Companies Listed on the Main Board (《深圳證券交易 所上市公司自律監管指引第1號—— 主板上市公司規範運作》), the Articles of Association of GF Securities Co., Ltd. (hereinafter referred to as the “Articles of Association”) and other relevant provisions.

Article 2 As a specialized working body set up under the Board of Directors, the Risk Management Committee is accountable to and reports its work to the Board of Directors. The Risk Management Committee is mainly responsible for assessing the Company’s overall risk status, and monitoring the Company’s overall risk management, to ensure that all kinds of risks associated with its operational activities are controlled within a reasonable range.

Article 3 The Office of the Board of Directors is responsible for handling the day-to-day affairs of the Risk Management Committee, which may also engage a secretary where necessary.

Chapter 2 Composition

Article 4 The Risk Management Committee shall be composed of three to five directors. Members of the Risk Management Committee shall be nominated by the Chairman of the Board of Directors, or more than half of the Independent Directors or one-third of all Directors, and shall be elected by an absolute majority vote of the Board of Directors, among which, the Chairman of the Board of Directors is an ex-officio member of the Risk Management Committee.

Article 5 The Risk Management Committee shall have one chairman (the convener) who shall be the Chairman of the Board of Directors.

The chairman shall be responsible for convening and presiding over meetings of the Risk Management Committee. Where the chairman is unable to perform his/her duties, he/she shall appoint a member to perform the duties on his/her behalf. Where the chairman fails to perform his/ her duties and withholds from appointing another member to perform the duties on his/her behalf, a member elected by half or more of the members of the Risk Management Committee shall perform the duties of the chairman.

3

Article 6 The term of office of members of the Risk Management Committee shall be the same as that of members of the Board of Directors. A member of the Risk Management Committee may serve consecutive terms if re-elected upon the expiry of his/her term of office. Any member who ceases to serve as a Director of the Company during the term shall automatically be disqualified as a member of the Risk Management Committee.

No member of the Risk Management Committee may be removed from office without cause prior to the expiry of his/her term of office save as the occurrence of any of the circumstances that requires dismissal as stipulated in the Company Law or the Articles of Association and other provisions.

Article 7 A member of the Risk Management Committee may offer to resign before the expiry of his/her term of office. In this case, the member shall submit to the Board of Directors his/her written resignation report, which shall take effect from the date on which the written resignation report is delivered to the Board of Directors. However, if the number of members of the Risk Management Committee falls below the required minimum number due to the resignation of the member, and the member still possesses the qualifications for appointment as stipulated in the laws and regulations, regulatory requirements and the Rules of Procedure, the resignation shall take effect only after a new member fills the vacancy arising from the resignation of the member. Before the resignation takes effect, the member who intends to resign shall continue to perform the relevant duties.

Where the number of members of the Risk Management Committee falls below the required minimum number due to the resignation or removal of any member or other reasons, the Board of Directors of the Company shall fill the vacancy in accordance with Article 4 of the Rules of Procedure as soon as possible.

The Risk Management Committee shall suspend the exercise of duties and powers stipulated by the Rules of Procedure when the number of members of the Risk Management Committee is less than the minimum requirement due to the fact that any member ceases to possess the qualifications required by the laws and regulations, regulatory requirements and the Rules of Procedure.

Chapter 3 Duties and Authorities

Article 8 The main duties and responsibilities of the Risk Management Committee include:

• (1) formulating major risk management policies such as risk appetite;

• (2) reviewing general goals and fundamental policies of the risk management and compliance management of the Company, and making recommendations on the same;

• (3) reviewing the establishment of specific departments of the compliance management and risk management and their responsibilities, and making recommendations on the same;

• (4) evaluating the risks of substantial decisions which shall be reviewed by the Board of Directors and the resolutions to the substantial risks and making recommendations on the same;

• (5) supervising the performance of the risk control committee under the executive management of the Company and the management of the Company and ensuring the relevant risk control committee would report to the Board of Directors in due course any material information relating to the design, implementation and monitoring of the risk management, compliance management and internal control systems of the Company;

4

• (6) reviewing and setting the scale and maximum risk limitation for each major business sector of the Company and the nature and extent of the risks the Company is willing to take, under the authorization of the Board of Directors;

• (7) reviewing and deciding the resolutions of the substantial risks arising during the operation and management of the Company, under the authorization of the Board of Directors;

• (8) reviewing the risk management report, compliance report and internal audit report of the Company and making recommendations on the same; regularly evaluating the risk situation of the Company and its subsidiaries and reviewing the effectiveness of its risk control and management ability (at least once annually);

• (9) evaluating and reviewing the effectiveness of the internal control system of the Company and its subsidiaries regularly (at least once annually) based on the advice of external supervision authorities, internal and external audit reports, and supervising the executive management to adopt rectification measures; the review should cover all material controls, including financial, operational and compliance controls:

• (a) the changes, since the last annual review, in the nature and extent of significant risks, and the ability of the Company to respond to changes in its business and the external environment;

• (b) the scope and quality of the management’s ongoing monitoring of risks and of the internal control system, and where applicable, the work of its internal audit function and other assurance providers;

• (c) the extent and frequency of communication of monitoring results to the Board of Directors (or Board committee(s)) which enables it to assess control of the Company and the effectiveness of risk management;

• (d) significant control failings or weaknesses that have been identified during the period. Also, the extent to which they have resulted in unforeseen outcomes or contingencies that have had, could have had, or may in the future have, a material impact on the financial performance or condition of the Company; and

• (e) the effectiveness of the procedures of the Company for financial reporting and compliance with the Hong Kong Listing Rules;

• (10) making decisions on and commanding on material and sudden crises of the Company;

• (11) making recommendations on drafting and amending policies in relation to corporate governance;

• (12) carrying on self-examination on corporate governance, supervising rectifications on the same, and promoting creativeness of the corporate governance management based on the practical situation of the Company;

• (13) reviewing the effectiveness of the internal control function of the Company regularly, and making recommendations and providing remedial measures; and ensuring the adequacy of resources, staff qualifications and experience, training programmes taken by the staff and budget in terms of the accounting, internal control and financial reporting function of the Company;

5

• (14) considering major investigation findings on risk management matters and the management’s response to these findings as delegated by the Board of Directors or on its own initiative; and reporting to the Board of Directors the decisions or recommendations of the Committee, unless there are legal or regulatory restrictions on the same; and

• (15) other duties as authorized by the Board of Directors and those as stipulated by laws, administrative regulations, departmental rules, normative documents, the rules governing the listing of securities at the place where the Company’s shares are listed and the Articles of Association.

Article 9 After considering the matters set out in the previous article hereof, the Risk Management Committee shall make and report the meeting resolutions, together with the proposals relating thereto, to the Board of Directors of the Company.

The Risk Management shall submit an annual work report to the Board of Directors within four months after the end date of each accounting year.

Article 10 When the Risk Management Committee performs its duties, relevant departments of the Company shall give cooperation and the expenses incurred thereby shall be borne by the Company. Where necessary, the Risk Management Committee may engage external professionals or intermediaries to provide services and provide professional advice for its decision-making, and the reasonable expenses incurred thereby shall be borne by the Company, provided that it shall ensure that the trade secrets of the Company shall not be leaked out.

Chapter 4 Convening and Notices of Meetings

Article 11 Meetings of the Risk Management Committee shall be convened by the chairman of the Risk Management Committee at the request of more than half of members of the Risk Management Committee.

Article 12 Meetings of the Risk Management Committee can be classified into physical meetings and correspondence meetings. Meetings of the Risk Management Committee shall be convened by way of physical meetings, or through correspondence meetings complemented by technological means such as video and teleconference except in special circumstances such as emergency case or due to force majeure. If a correspondence meeting is adopted, members of the Risk Management Committee who have signed on the meeting resolutions shall be deemed to have attended the relevant meeting and have agreed on the contents of the resolutions.

Article 13 The Risk Management Committee shall dispatch the meeting notice 3 days before the date of the meeting (exclusive of the date of the meeting).

6

Article 14 The meeting notice of the Risk Management Committee shall at least include the following items:

• (1) way of presentation, time and venue of the meeting;

• (2) duration of the meeting;

• (3) agenda of the meeting;

• (4) date of notice of the meeting.

Article 15 The meeting notice may be delivered to all the Risk Management Committee members and attendees by mail, facsimile, email or personal delivery, etc.. Subject to the consent of all members of the Risk Management Committee in writing, the foregoing requirement of notification may be waived.

Chapter 5 Consideration and Voting Procedures

Article 16 The Risk Management Committee meeting may not be held unless a quorum of more than two thirds of its members is present.

Article 17 Any member of the Risk Management Committee who is absent from the meeting twice successively without justified reasons, shall be considered as unable to perform his/ her duty, and the Board of Directors of the Company may remove his/her position as a member.

Article 18 Each member of the Risk Management Committee shall have one vote and the resolutions by the Risk Management Committee approved by more than half of all members shall become valid.

Article 19 The Risk Management Committee may, if considered necessary, invite other relevant personnel to attend the meetings to introduce the details or deliver opinions in relation to the resolutions to be discussed at the meetings, but the persons so present shall have no voting rights to the resolutions.

Article 20 The voting of the Risk Management Committee resolution is done by a written voting on site or a show of hand on site. The chairman of the meeting shall count the votes on each proposal and announce the voting results on the spot, which shall be recorded by the minute taker, or the voting shall be made by absentee ballot.

Chapter 6 Resolutions and Minutes of Meetings

Article 21 Each proposal for which a prescribed number of valid votes are cast shall become a resolution of the Risk Management Committee. Resolutions of the Risk Management Committee shall come into effect upon signature by members present at the meeting.

Article 22 The Risk Management Committee shall maintain a record of written meeting minutes on which members present and the minutes taker shall sign their names. Members present shall have the right to request explanatory remarks on their speech at the meeting to be written down in the minutes.

7

Article 23 The written documentation and minutes regarding the resolutions of the Risk Management Committee shall be kept by the Company or a duly-appointed secretary of the meeting as a corporate archive for a period of no less than 15 years. The meeting minutes shall be open for inspection at any reasonable time on a reasonable notice by any Director.

Article 24 Members of the Risk Management Committee who participate in the voting on a resolution shall be jointly liable for compensation to the Company should such resolution be in violation of laws and regulations, the Articles of Association or other relevant provisions and cause severe harm to the Company. However, if a member is proven to have cast his/her votes against such resolution and it was so recorded in the meeting minutes, he/she may be exempted from the liabilities.

Article 25 All members attending the meetings of the Risk Management Committee and persons sitting in at the meetings are obliged to keep confidential all the matters which have been considered at the meeting, and shall not disclose any related information without authorization.

Chapter 7 Supplementary Provisions

Article 26 Any matters not covered herein shall be implemented in accordance with laws, administrative regulations, departmental rules, normative documents, the rules governing the listing of securities at the place where the Company’s shares are listed, the Articles of Association and other relevant provisions. In case of any inconsistency between the relevant provisions of these Rules of Procedure and applicable laws, administrative regulations, departmental rules, normative documents, the rules governing the listing of securities at the place where the Company’s shares are listed, the Articles of Association and other relevant provisions, the laws, administrative regulations, departmental rules, normative documents, the rules governing the listing of securities at the place where the Company’s shares are listed, the Articles of Association and other relevant provisions shall prevail.

Article 27 The Board of Directors the Company shall be responsible for the interpretation of the Rules of Procedure.

Article 28 The Rules of Procedure shall become effective from the date of approval by the Board of Directors. As of the effective date of these Rules of Procedure, the original Rules of Procedure for the Risk Management Committee of the Board of Directors of the Company shall lapse automatically.

8