Circular Letter No. 02/2025 – Financial System – Sustainability Principles of the Angolan Financial System

---

CIRCULAR LETTER NO. 02/2025 SUBJECT: FINANCIAL SYSTEM

• Sustainability Principles of the Angolan Financial System
• Implementation Guide for Principle II – Identifying and Incorporating Socio-Environmental Risks into the Governance and Risk Management Model Considering the need to guide Institutions in gradually implementing the Sustainability Principles of the Angolan Financial System, approved by the Supervisory Council of the Angolan Financial System (CSSF); For the implementation of Principle II – Identifying and Incorporating Socio-Environmental Risks into the Governance and Risk Management Model, this Circular Letter serves to publish:

1. The “Implementation Guide for Principle II – Identifying and Incorporating Socio-Environmental Risks into the Governance and Risk Management Model”, hereinafter referred to as the Guide, attached to this Circular Letter.
2. The Guide applies to Institutions under the supervision of the Banco Nacional de Angola, as stipulated in paragraphs 2 and 3 of Article 7 of Law No. 14/21, dated May 19, the General Regime of Financial Institutions Law, hereinafter referred to as Institutions.
3. This Circular Letter enters into force on the date of its publication. Luanda, December 3, 2025. DEPARTMENT OF REGULATION AND ORGANIZATION OF THE FINANCIAL SYSTEM

---

Cândido Abrantes Pina -Director-

CONTINUATION OF CIRCULAR LETTER NO. 02/2025 Page 2 of 7 ANNEX IMPLEMENTATION GUIDE FOR PRINCIPLE II – IDENTIFYING AND INCORPORATING SOCIO-ENVIRONMENTAL RISKS INTO THE GOVERNANCE AND RISK MANAGEMENT MODEL

1. GOVERNANCE 1.1. To implement the principle of identifying and incorporating socio-environmental risks into the governance and risk management model, Institutions must define a transparent governance and management model in which all responsibilities related to the sustainability strategy are clearly defined. 1.2. Institutions must define the duties and responsibilities of the administration or management body, as well as other units at different hierarchical levels of the organization, to identify, measure, and incorporate socio-environmental risks. 1.3. The administration or management body must ensure the periodic assessment of the sustainability policy, defining key performance indicators to monitor compliance with sustainability objectives. 1.4. Institutions must define a training program on sustainability for members of the administration body, managers, directors, and other employees, as referred to in the Implementation Guide for Principle II. Gender Representation 1.5. Institutions must adopt practices and policies that promote gender equity at all decision-making levels. 1.6. The Institution must define diversity and gender targets, monitoring progress over time. 1.7. The recruitment and promotion policy must ensure that admission processes are fair, impartial, and transparent, encouraging diversity and gender equity. 1.8. Promoting an inclusive culture that values and respects diversity must be an integral part of the Institution's strategy, ensuring that representation is a priority in all its operations and decisions. Sustainability Policy 1.9. The sustainability policy must comprise a set of guidelines and practices to be adopted by the Institution, with the objective of integrating Environmental, Social, and Governance (ESG) responsibilities into its internal operations and business strategy. 1.10. The sustainability policy must address the following aspects: 1.10.1. Environmental Responsibility: commitment to reducing the carbon footprint and promoting sustainable management practices; financing renewable energy projects and sustainable infrastructure; implementing policies to minimize waste and promote resource efficiency. 1.10.2. Social Responsibility: promoting financial inclusion of underserved communities; supporting community development initiatives and local businesses; respecting human rights and ethical labor practices in all operations. 1.10.3. Governance and Transparency: establishing robust governance frameworks that promote accountability and ethical conduct; ensuring transparency in decision-making processes, communication of sustainability objectives and targets; engaging stakeholders, including clients, employees, and communities, in policy development. 1.10.4. Risk Management: integrating Environmental, Social, and Governance (ESG) factors into risk assessment and management processes; identifying and mitigating risks associated with climate change, as well as social issues. 1.10.5. Sustainable Investment: developing investment strategies that prioritize companies with sustainable and responsible initiatives; evaluating investments in sectors with higher exposure to environmental risks or those that violate Human Rights. 1.10.6. Innovation and Technology: promoting the development of sustainable technological initiatives, such as digital solutions that reduce paper usage, facilitate access for people with reduced mobility, and support fintech solutions that promote sustainable financing, inclusion, and financial literacy. 1.10.7. Employee Engagement and Training: promoting a sustainability culture within the organization through training and awareness programs, as per the Implementation Guide for Principle II on Training and Knowledge Promotion. 1.10.8. Long-Term Value Creation: ensuring that long-term financial performance is aligned with sustainable development objectives; guaranteeing a balance between short-term results and long-term sustainability goals. 1.10.9. Regulatory Compliance: complying with relevant regulations and standards related to sustainability. 1.11. The Sustainability Policy must define mechanisms for continuous monitoring and evaluation of its implementation. Definition of Priority Sustainable Development Goals (SDGs) 1.12. Institutions must define priority Sustainable Development Goals (SDGs) aligned with their business strategy and the specific needs of the communities in which they operate. 1.13. The process for identifying priority SDGs by Institutions must be aligned with United Nations recommendations. 1.14. Institutions must define an action plan for each SDG, including targets, Key Performance Indicators (KPIs), and an implementation team.

CONTINUATION OF CIRCULAR LETTER NO. 02/2025 Page 3 of 7 Three Lines of Defense Model and Socio-Environmental Risks 1.15. Institutions must adopt a robust governance structure, based on the three lines of defense model, ensuring that responsibilities for managing climate and environmental risks are clearly and effectively distributed across different organizational levels: 1.15.1. First Line of Defense: business units (operational managers) are responsible for identifying, managing, and mitigating socio-environmental risks directly in daily operations, ensuring that risks are adequately monitored and sustainability policies are applied in their decisions and activities. 1.15.2. Second Line of Defense: internal control functions, such as Compliance and Risk Management Departments (DRC), supervise and provide guidance on compliance with socio-environmental risk management policies, ensuring that practices adopted by the first line are consistent with internal standards, external regulations, and international best practices. 1.15.3. Third Line of Defense: internal audit must conduct an independent assessment of the effectiveness of the governance system and risk management process, monitoring first- and second-line practices to ensure that socio-environmental risks are adequately addressed and institutional policies are well implemented. 2. RISK MANAGEMENT Identification and Categorization of Socio-Environmental Risks 2.1. To identify and categorize socio-environmental risks in Institutions, it is necessary to develop a risk matrix that allows evaluating the potential impact of these risks on the Institution's activities, following these phases: 2.1.1. Identification of Socio-Environmental Risks: The Institution must conduct a comprehensive analysis to identify the different socio-environmental risks to which its business portfolio is exposed, including risks related to climate change, environmental degradation, human rights violations, negative impacts on local communities, and Environmental and Social Governance (ESG) issues. 2.1.2. Risk Categorization: following identification, risks must be categorized according to their type (environmental, social, and governance) and the client's sector of operation (e.g., agriculture, mining, and energy). 2.1.3. Risk Matrix Construction: building a risk matrix helps classify these risks based on two main criteria: probability of occurrence and severity of impact. The matrix may have quadrants ranging from low to high risk, facilitating the prioritization of risks requiring closer attention and immediate action. 2.1.4. Exposure Level Assessment: following categorization, the Institution must assess its exposure level to risks, including an analysis of how financial activities (such as lending, investment, or insurance) may be affected by socio-environmental factors and what the potential financial impacts are. 2.1.5. Monitoring: the risk matrix must be continuously monitored and updated to reflect changes in client business or the socio-environmental context. Risk Exposure Assessment 2.2. In assessing the Exposure Level of products, services, and clients to socio-environmental risks, Institutions must consider the nature and characteristics of the offered products and services, as well as activity sectors and client profiles, involving: 2.2.1. Economic Sector Classification: evaluating portfolio exposure to more vulnerable sectors such as Oil and Gas, Agriculture, Energy, Transport, and Construction. 2.2.2. Geographical Assessment: identifying regions where clients operate and may be subject to extreme events (floods, droughts, storms, landslides, etc.). 2.2.3. Nature of Financial Products: considering risk in long-term products (e.g., mortgage credit or infrastructure financing) that may be more affected by climate events over time. 2.2.4. Concentration Analysis: identifying whether there is significant concentration in sectors or geographies with high risk, such as regions with a history of drought, floods, wildfires, etc. 2.2.5. Client Segmentation: evaluating whether corporate clients have sustainability policies or depend on vulnerable value chains (e.g., an institution with high exposure to agricultural credit in water-scarce regions must consider prolonged drought scenarios and their impacts). 2.3. Institutions must apply the concept of double materiality, which considers two analysis vectors: 2.3.1. Financial Materiality: evaluates the impact of climate risks on the Institution's financial performance (e.g., losses in assets exposed to physical risks, depreciation of collateral, decline in demand for certain services). 2.3.2. Impact Materiality: evaluates the impact of the Institution's activities on climate and the environment (e.g., financing greenhouse gas-emitting projects, deforestation).