Risk Management Report

Remgro Limited / ESG and Sustainability / Risk Management Report

Introduction

The risk management process takes cognisance of risks and opportunities within the Company, its investment mandate, its operating environment as well as the risks and opportunities inherent to its investment portfolio.

Remgro exercises influence over the risk management of its investee companies via non-executive representation on their autonomous boards, as well as shareholder agreements for Remgro’s associates and joint ventures, where other major shareholders are involved.

Ethical leadership and human capital are the cornerstones of Remgro’s risk and opportunities management philosophy as these ensure alignment on the primacy of our reputation, effective governance, operational competence and entrepreneurial aptitude.

Report parameters

Due to the nature and magnitude of Remgro’s investment portfolio, this report focuses on the activities of the Company and its subsidiaries, save where such entities are separately operated listed subsidiaries with autonomous boards and adequate external reporting, or the materiality of such information is deemed insufficient to warrant detailed disclosure. As a result, this report contains risk and opportunities management information of the Company, including Remgro Management Services Limited (RMS) (Remgro’s service company) and V&R Management Services AG(1). This aligns to the defined scope and boundaries of Remgro’s reporting.

(1)A wholly owned subsidiary, registered and managed in Switzerland, rendering administrative, accounting and treasury services for Remgro’s foreign subsidiaries and third parties.

Risk governance structure

The Board is ultimately accountable for the risk and opportunities management process and system of internal control within Remgro. The Board has reviewed the comprehensive Risk and Opportunities Management Policy and plan, which has been implemented by management. This plan incorporates continuous risk and opportunity scanning, identification and assessment, and embedding internal control as well as risk reduction and insurance strategies.

The Audit and Risk Committee is mandated to monitor the effectiveness of the risk and opportunities management process and systems of internal control and is supported in this regard by its subcommittee, the RMS Risk and Operational Committee (ROC).

The internal and external auditors, along with management and certain external consultants, are tasked to render combined assurance reports to the Audit and Risk Committee.

The Social and Ethics Committee plays an important role in supporting the Audit and Risk Committee by overseeing and monitoring Remgro’s Environmental, Social and Governance (ESG) performance and stewardship through policies, frameworks, standards, guidelines and approved goals.

Cognisance is taken of the dedicated structures outside the above, which furthermore give effect to Remgro’s investment strategy and portfolio performance, which is overseen by the Board, the Investment Committee which, per delegation of authority, considers and approves or motivates to the Board corporate transactions and investments, and the Valuation Committee which considers the director valuations of nonlisted entities and the valuations, using market prices, of listed investments in the portfolio.

The structure above and processes are maintained to ensure the effective and efficient management of risk and opportunities within the Company.

The risk management accountability framework is based on the Three Lines Model (IIA Inc), with the primary first line of defence players being executive directors serving on the Management Board. The Group Risk Register is signed off by the Management Board, chaired by the CEO, prior to being presented to the Audit and Risk Committee. The material risks being investments, treasury, ESG and operations are under the direct responsibility of executive directors chairing and attending the above Committees.

The Chief Risk Officer (CRO) serves as the second line of defence and is responsible for the facilitation and implementation of allocated risk management instructions from the Audit and Risk Committee, Management Board, Treasury Committee, Operational ESG Committee, ROC and Security Steering Committee. This incorporates direct collaboration with executives in supporting the continuous enhancement of the risk management process.

The Chief Audit Executive (CAE) serves as the third line of defence and renders value-adding considerations and independent assurance regarding the effectiveness of the risk management process and system of internal control. The CAE also, by invitation, attends meetings of the Treasury Committee and ROC.

Risk governance metrics

This section outlines the key parameters risk appetite, risk tolerance and risk-bearing capacity – that collectively guide Remgro’s strategic decision-making behaviour. These elements ensure that risks are aligned with the Group’s objectives, financial strength, and stakeholder expectations, while maintaining resilience in the face of uncertainty.

Risk appetite

Risk appetite is defined as the risk the Company is prepared for or willing to accept without further mitigating action being put in place or the amount and nature of risk the Company is willing to accept in pursuit of objectives. This is also defined as the risk propensity of the Board in pursuing the creation of sustainable wealth.

The following qualitative and quantitative factors are considered by the Board in evaluating risk appetite and related tolerance levels:

  • risk-return profile of the current investment portfolio;
  • availability of cash resources and other liquid assets that could easily be converted into cash;
  • available funding opportunities;
  • risk-return profile of prospective opportunities;
  • ESG or sustainability profile of the current portfolio and investment sectors;
  • financial metrics relevant to measuring performance, including:
    • intrinsic net asset value (INAV);
    • return on INAV relative to comparable risk investments;
    • dividend policy;
    • free cash flow; and
    • gearing ratios
  • international and local economic cycles and trends;
  • foreign currency rates and trends;
  • materiality of risks with reference to the INAV of the Group;
  • risk management capability and maturity; and
  • resource allocation and strategy.

Risk tolerance levels

Remgro, due to the nature of its core activities, deals with risk tolerance levels in the following three risk categories using dedicated and bespoke methodologies:

Investments

As a long-term, strategic investor, Remgro’s investment risk tolerance is not mathematically defined, but a function of portfolio composition, contractual rights and protections, stakeholder engagement and capital structure. Remgro seeks to have its portfolio appropriately balanced in terms of growth and maturity cycles, supported by a robust capital position and appropriate shareholder protection to mitigate the risk of large adverse portfolio impacts.

Investment performance is measured against return hurdles, and regularly presented to the Board, along with dashboards reporting key investment attributes, governance and strategic developments.

Treasury

Treasury funds are invested as per a Board-approved Treasury Policy which deals with counterparty (credit) risk, liquidity risk, interest rate risk, currency risk, instrument risk and commercial risk (terms of trade), as well as the policies deployed to safeguard cash and liquid assets.

Other

This category includes risks associated with unplanned losses to assets, exposure to liabilities, fidelity, business interruption and other operational risks.

In these instances, the Board has, in addition to stringent internal controls, adopted a conservative approach by taking sufficient insurance cover to mitigate the anticipated maximum loss risk should realise in these categories.

Risk-bearing capacity

Risk-bearing capacity is defined as a monetary value which is used as a yardstick, measuring the maximum loss the Company can endure without exposing it to the point where its existence and going concern status is under threat, given an equivalent loss.

Given the nature of Remgro’s INAV composition, i.e., equity investments and net excess cash, there are no known current exposures that could jeopardise the going concern status of the Group.

Risk management approach

The risk management process in Remgro encompasses the arrangement of resources to ensure the achievement of the Company’s stated objectives along with its purpose, strategy and aligned business plans, including the seizing of available opportunities that meet the risk appetite criteria set by the Board. Risk profiles inherent to existing activities and investments are furthermore monitored against expected investment performance criteria, thereby managing the risk-return parameters for the creation of sustainable growth and value for shareholders and other stakeholders. The ESG risk management process is incorporated into the enterprise-wide risk management process, with the ESG Risk Management Framework guiding responsible investment.

The Risk and Opportunities Management Policy is based on the principles of the internationally recognised COSO (Committee of Sponsoring Organisations of the Treadway Commission) Enterprise Risk Management Framework and complies with the recommendations of King IV.

The ROC renders oversight of RMS’s operational activities and functions, whilst striving to proactively enhance value to the RMS risk and control environment.

The Security Steering Committee furthermore focuses on material risk trends in safeguarding human capital and assets.

The following renders insight into Remgro’s approach to responsible risk-taking in pursuit of sustainable value creation:

  • Remgro’s purpose is to help shape the future and partner for the prosperity of South Africa, as this underscores its accountability to the South African community at large.
  • A values-driven culture of accountability, whilst remaining realistic optimists, supports our single-minded focused approach to addressing challenges with a long-term perspective, whilst proactively collaborating in rendering support to investee executives in creating value.
  • Maintaining a strong balance sheet and quality assets enhances resilience during sustained adverse conditions. This extends to a cautious approach to gearing and with a “return of capital” focus on cash at the centre enhances liquidity whilst maintaining Remgro’s favourable credit rating.
  • Remgro’s investment philosophy reflects a conservative, long-term investment approach characterised by reputable and values-driven business selection, sound management teams with the potential to deliver superior returns and strong cashflow generation, depending on where the entity is in its developmental cycle, coupled with decentralised management structures.

The Group is willing to accept concentration risk in a few large investees as part of its portfolio composition, whilst including early-stage investees with high growth potential over the long term.

  • Entrepreneurial flair, coupled with disciplined capital allocation and deploying financial, human and relationship capital to support and enhance investee growth and performance.

Material risks

The following principal integrated risks are featured on the Group Risk Register and are elaborated on
below:

Context and impact

Mitigation strategies and actions
Geopolitical tension, political instability, wars and global trade policy uncertainty
Global
During 2025 global geopolitical and economic risks were amplified by uncertainty around the USA trade policy and consequent tariff wars. Trade uncertainty could have a major economic impact on South African exports and, coupled with import and export tariff adjustments and regulatory changes such as the Carbon Border Adjustment Mechanism (CBAM), continue to weigh on South Africa’s export competitiveness.Furthermore, the ongoing Israel-Gaza war, military actions between Iran and Israel and the US interventions, the ongoing Russia-Ukraine war, the crisis in Yemen, the tension between North Korea and the Indo-Asia-Pacific Region, as well as between China and Taiwan, provide a complex backdrop for the global economy. These situations present a risk to the global economy, foreign exchange, inflation and interest rate projections, dampening consumer spend and business confidence.		 Strategic and business plans factor in macro and sector-specific data and informs budgeting and risk appetite in times on prolonged uncertainty, whilst seeking competitive advantage and resilience.

Remgro is optimising and simplifying its portfolio to ensure that it is streamlined, robustly capitalised and positioned for growth.

Assessments by investee companies and investment managers as regards the implications of this on their business forecasts, supply chains and internal risk and opportunities are ongoing.
Local
The Government of National Unity in South Africa has provided some encouraging signs for investors, but tensions are rising. Local government failings contribute to the daily frustrations of many. This impedes investor and business confidence.		 Remgro is politically neutral, and its values system ensures rigid compliance with all related legislation.

Remgro’s approach of partnering with business and government via approved structures, in giving effect to its purpose, seeks to eradicate historical trust deficits and add value to the economy, governance, prudent policy making, job creation and upliftment of society, along with restoring investor and business confidence.

Given the success in PPPs (energy distribution and generation for example) there are potentially major investment opportunities in key areas such as education, basic healthcare and infrastructure under specific dispensation and in national interest.

Misalignment on policy direction and changes to legislation, such as National Health Insurance, are addressed at industry level via structured processes.

Remgro joins national interest debates and, through its investee companies, is represented on industry bodies. Its compliance processes highlight legislative changes, and Remgro submits comments to regulators when necessary.
Global economic pressure and constrained economic growth
The South African economy continues to navigate a challenging environment, both globally and locally. Following a weak first quarter in 2025 and persistent headwinds, the annual growth for the year is expected to remain subdued.

Consumer spending has shown resilience, supported by declining inflation and modest interest rate relief. This momentum will be challenged in the remainder of the year given structural barriers, including growing employment, decaying infrastructure and persistently high levels of crime.

Although there has been a modest recovery in fixed investment, the Bureau for Economic Research (BER) notes that current investment activity is insufficient to catalyse sustainably higher economic growth. The subdued economic performance, reflected in a GDP growth rate of just 0.6%, underscores the need for stronger investment momentum to support long-term development.

 As baseline mitigation, Remgro maintains a realistic, but positive posture, whilst maintaining a strong balance sheet and prudent capital allocation. The earnings and dividends from investee companies contribute to capital allocation considerations.

Remgro’s treasury policies are conservative and prioritise counterparty risk, robust cashflow forecasting, limiting the use of derivatives to corporate activities controlled by stringent procedures, and the optimisation of yield on cash at the centre, and robust fraud and theft prevention, detection and response procedures.

Prudent financial planning and budgeting processes, coupled with accurate and transparent financial management reporting.

The green transition and technological advancement hold the potential to boost growth, with the possibility of this being disproportionately concentrated in developed economies.
Societal challenges
South Africa is currently grappling with a complex web of societal challenges that are deeply interconnected and have significant implications for its stability and development. These include, inter alia:

  • Unemployment rates hovering around 35%, of which youth unemployment is of particular concern, contributing to social unrest and economic stagnation risks.
  • South Africa is ranked as the most unequal country in the world. Africa Check (2025) reported that as of March 2025, 30.4 million people, or 55.5% of the population, were living below the upper-bound poverty line of R1 634 per month.
  • Corruption is pervasive across both public and private sectors and the mismanagement of public funds and lack of accountability undermine governance and service delivery.
  • Electricity instability, water shortages, and crumbling transport systems disrupt daily life and economic activity, eroding investor confidence and hindering development.
  • Major focus is being placed on augmenting infrastructure challenges.
  • Enhancements in both healthcare and education services are required.
 Remgro is partnering with business and government in approved structures addressing crime and corruption, electricity supply, job creation and rail transport logistical challenges.

Remgro has dedicated processes in place to ensure compliance with employment equity legislation along with equity, diversity and inclusivity (EDI) best practice.

Remgro’s social corporate processes and CSI include community development and its investment portfolio includes social impact investments, specifically targeting upliftment through sport, including rugby and football. Business Partners invests in SMEs by providing funding, support and mentoring entrepreneurs who materially contribute to job creation opportunities.

The Collaboration Forum in the Group supports collaborations in optimising the impact of investee CSI programmes.
Environmental exposures
Global warming has increased the potential of more frequent adverse weather events. Severe flooding experienced in Limpopo, KwaZulu-Natal and the Eastern Cape, particularly in areas that had not yet recovered from previous floods, illustrates the challenges of climate-proofing our national infrastructure to protect people and livelihoods. These weather conditions have a negative compounding effect on the country’s socio-economic stability and further exacerbate the inequalities that exist. Damages were estimated at more than R11 billion and thousands of evacuations, with national disasters declared in some areas.

The WEF Global Risk Reports for 2024 and 2025 rank extreme weather events as the second biggest risk over the short term, and extreme weather events, critical change to earth systems, biodiversity loss and ecosystem collapse along with natural resource shortages as the top four global risks over the long term (plus 10 years). The future implications thereof on global economies, food security, health, people migration, social stability and concomitantly on the business environment are being assessed and monitored.

 Management of ESG and sustainability risks is an integral part of the Remgro Enterprise Risk Management system and underpins the Group’s commitment to building shared value through its investment portfolio.

Remgro furthermore surveyed key companies within its portfolio to establish the maturity of their risk management processes as well as the degree to which environmental – including climate change, social and governance (ESG) risks are incorporated into their mainstream risk processes. It has been reassuring to see the level of maturity in most risk management processes.

The impacts of adverse natural events along with the impact on performance and sustainability are being responded to as part of various initiatives launched via the Operational ESG Committee.

Please refer to ESG disclosures in the ESG and Sustainability Report.
Operational risks
Whilst the decentralised management model of autonomous boards at all investee companies renders sound structure and governance, the model can lead to inconsistent risk controls and reporting, coupled with specific strategic and operational risk incidents given the diversity of the investment portfolio. The approach is aligned with Remgro’s philosophy of decentralised managed and exercising influence through board representation and to monitor and proactively render support via investment managers to assist and add value to investees, where required.

During the year the investment division was restructured, creating additional capacity in the corporate finance function and adding additional research capability to the new business development function. Refreshed performance measurement processes were introduced to ensure that Remgro is sufficiently responsive to areas of the portfolio where additional support or intervention may be required.

Internal control and internal audit

The Group has implemented and maintained a sound control environment, including a comprehensive system of internal controls to mitigate the risks in the enterprise and to ensure the Group’s objectives are consistently achieved. Internal controls are based on the principle of acceptable risk being inherent to the design and implementation of a cost-effective system of internal control. The system includes monitoring mechanisms and mitigation processes to timeously augment deficiencies when they are detected. This system is benchmarked against the COSO Internal Control – Integrated Framework.

The internal audit function is employed by RMS and the CAE, Mr Neville Williams, reports to the Chairman of the Audit and Risk Committee and functionally to the CFO. The department complies with the requirements of King IV and the International Standards for the Professional Practice of Internal Auditing. The department maintains a comprehensive Quality Assurance and Improvement Program as prescribed by the Institute of Internal Auditors. The function has successfully maintained its Generally Compliant rating since inception.

The internal audit plans, as approved by the Audit and Risk Committee, are designed following a risk-based assurance approach and are focused on adding value to the control environment while rendering independent assurance to the Audit and Risk Committee and to the Board on, inter alia: the effectiveness of internal financial control, the effectiveness of internal control over operational and compliance activities, the adequacy of governance systems, including the “tone at the top“, the effectiveness of the combined assurance process and risk and opportunities management process.

The function is furthermore strategically aligned with the creation and preservation of value and rendering insight into emerging risk and opportunities.

The internal audit department also renders independent internal audit and risk and opportunities management services to certain Group companies that elect to outsource the function. In these instances, dedicated processes are maintained to ensure the independent functioning of the department, including its fiduciary duty to the respective Group companies and the safeguarding of their proprietary information.

When required, specialist skills are insourced to assist with information technology and forensic services.

Effectiveness of risk and opportunities management process and system of internal control

The Board, via the Audit and Risk Committee, has considered the documented policies, procedures and independent assurance reports and is satisfied that the control environment along with the internal control and risk and opportunities management processes implemented in the Group are effective.

The Board is not aware of any exposure or position that could culminate in the residual risk profile of the Group exceeding the risk-bearing capacity limits set by the Board.

Key service activities with material inherent risk

Technology and information, along with legal compliance are considered as having material inherent risk and are elaborated on hereunder for additional transparency.

Technology and information

Approach

Remgro follows a structured approach to managing Technology and Information (T&I) risks and to evaluate and pursue technology-related opportunities. Remgro business areas are represented by senior management at the T&I Steering Committee. This committee, chaired by the Head of Technology and Information, provides direction and support for T&I-related matters, and reports to and advises the ROC (through to the Audit and Risk Committee) on significant operational, project and other technology-related issues. The roles and responsibilities of the respective committees are articulated in the T&I Governance Policy.

Methodology

Risks and controls are evaluated with reference to generally accepted industry frameworks, including NIST for cybersecurity, ITIL for service management, COBIT for information systems audits and CIS for internet security controls. This is integrated into the combined assurance process of Remgro’s internal audit function.

In general, Remgro follows a conservative T&I risk approach, striving to eliminate avoidable exposures, and to minimise risk within practical constraints. Remgro has a keen awareness of privacy expectations, both over its own confidential information as well as corporate and private information of stakeholders.

The role of the Innovations and Portfolio Manager within the T&I department is specifically focused on the evaluation of technology-related opportunities, both surfaced internally as well as identified by Remgro‘s business areas. This function is used to vet and advise on the impact of pursuing potential opportunities on Remgro‘s T&I Risk profile. T&I has steadily shifted from a support-only function, increasingly valued as a business enabler and even an opportunity across Remgro‘s business areas, promoting data-driven decision-making.

Preventative technologies

Remgro has implemented a comprehensive set of technologies to protect the environment and users. This includes physical and logical access controls, network firewalls, Endpoint Detection and Response (EDR), data encryption, strong identities with expanding use of multi-factor authentication, Intrusion Prevention Systems, Security Incident and Event Monitoring (SIEM), Continuous Vulnerability Management, cyber threat intelligence and digital risk protection.

These technologies are supplemented by operational monitoring and ongoing user awareness campaigns.

Monitoring

Adequacy and effectiveness of controls are monitored at several levels. Technology service providers track and provide regular feedback to the Head of Technology and Information on the performance of key controls, including the outcome of changes to the environment, activities performed using privileged identities, security infrastructure performance and the outcome of recovery tests.

Independent assurance is sourced via Remgro Internal Audit in the form of recurring annual reviews covering IT General Controls, Cybersecurity and Systems. In addition, annual external penetration tests are commissioned. The outcome and recommendations of independent assurance activities are tracked through the Risk Treatment Plan that is regularly reviewed by management. The application of mitigations is largely favoured over risk acceptance.

Besides the above monitoring activities, 24×7 operational security monitoring is provided by a third party. Security-related alerts and security infrastructure logs are forwarded in real time to the service provider for analysis and response. Remgro (supported by the incumbent primary technology service provider) remains accountable for incident response management. Risks related to Remgro’s external digital footprint are also observed and addressed through cyber threat intelligence and digital risk protection services.

Third parties play a significant role in supporting Remgro‘s T&I systems. The maturity of third-party risk management is increasing, and supply chain risks are well understood. Supplier performance and supplier risk profiles are subject to initial and periodic monitoring, with more frequent oversight for key suppliers.

Legal compliance

The Board, as part of its ethical leadership commitment, approved a Legal Compliance Policy and confirmed that there are sufficient management capacity and controls in place to ensure compliance with all relevant laws and salient industry practices.

The administration of the Legal Compliance System is vested in an official with the appropriate legal qualifications. Members of senior management of the Company are informed on a regular basis of all relevant new legislation and amendments.

Compliance controls also vest with senior management who are required to report to the Social and Ethics Committee on a regular basis regarding their compliance using a control self-assessment methodology. This process is incorporated into the annual combined assurance plan. The outcomes of compliance assessments are reported to the Board via the ROC and no incidents of non-compliance or fines incurred due to non-compliance were recorded.

The ROC and Operational ESG Committee also guide and monitor compliance with current and emerging global and local ESG and sustainability standards and guidelines, both voluntary and mandatory.