Although risk management and governance frameworks are drivers of a positive risk culture, the underlying factors are the awareness, attitudes and behaviors of employees and executives in the organization. Therefore, WHA Group's works to enhance an effective risk culture throughout all business operations.

The Group has worked on aligning motivational systems from top-down approach. Identified risk aspects are embedded into executive's and risk owner's key performance indicators (KPIs). With risk indicators integrated as one of the performance evaluation criteria, it directly drives the promotion of risk-oriented communication and practices. An example of evaluation criteria used throughout the Group are compliance, reputation, financial performance.

To further strengthen the risk culture, WHA Group regularly organizes trainings and activities on risk management to raise awareness and build employee's competency to identify, assess, control and mitigate potential risks associated with their duties and responsibilities. Key trainings and activities are as follow:

• Executives are updated on global trends via RMC report during the Board meeting. This ensures that throughout the overall risk management process, executives, RMC as well as Risk Working Groups are well aware of risk profiles, emerging risks and risk mitigation measures. Therefore, it is presumed that 100% of the top managements are trained and informed of risk management. In addition, the company regularly update knowledge and training about risk management to new non-executive directors namely those serving in RMC.
• Aiming to enhance effective communication on risk management and control, WHA Group has adopted the Three Lines of Defence (3LOD) model since 2020. The model helps clarify essential roles and duties of relevant employees involved. It also helps create risk awareness and culture as all level employees play a part in risk management. In the 3LOD model, the first line is management control, the various risk controls and compliance oversight functions are the second line of defence, and independent assurance is the third. Each of these "lines" has a distinct role within the organization's governance framework. All relevant functions are expected be well aware and communicated on such model to ensure effective risk management within the organization.
• WHA Group conducts risk management trainings to director management and all staff level throughout all business hubs, aiming to enhance the employees' awareness and responsibility on risk management area. This will be leading to an effective risk culture. The training set in 3 online sessions to cover all management and employee of WHA Group.
• In addition, WHA Group conduct risk management workshop for Site Operation Managers and REIT (for all staff level). This is to provide understanding of risk identification, risk assessment and risk mitigation measures at their responsible areas of work and constantly raising awareness of risk management importance.

In addition, WHA Group aims to adopt digital innovations to promote effective risk culture. The Group is developing a digitalized system, equipped with an alarm, to portray all key risk statuses to effectively monitor and track the risk management implementation.