D14 of 2025 – Large Exposure Requirements

P O Box 427 Pretoria 0001 South Africa 370 Helen Joseph Street Pretoria 0002 +27 12 313 3911 / 0861 12 7272 www.resbank.co.za 1 Ref.: 15/8/1/3 D14/2025 To: All banks, controlling companies, branches of foreign institutions, eligible institutions and auditors of banks or controlling companies Directive issued in terms of section 6(6) of the Banks Act, 1990 (Act No. 94 of 1990) Composition of the committee appointed by the Board of Directors to approve large exposures and matters related to the requirements for measuring and controlling large exposures Executive summary This Directive directs banks, branches of foreign institutions and controlling companies (hereinafter collectively referred to as ‘banks’) to apply the conditions and/or limits specified herein for measuring and controlling large exposures (LEX) as well as the criteria required when the Prudential Authority (PA) considers the composition of the committee appointed by the bank’s Board of Directors (Board) for such LEX approval. The Board of a bank is ultimately responsible for ensuring that effective governance and risk management policies, processes and procedures are in place. In discharging its duties, the Board plays a critical role in overseeing, among other aspects, the credit-granting and credit risk management functions of the bank. In terms of section 73 of the Banks Act, 1990 (Act No. 94 of 1990) (Banks Act), a bank shall not make investments with, or grant loans or advances or other credit, to any person to an aggregate amount exceeding 10% of such amount of its capital and reserves as may be prescribed without first having obtained the approval of the bank’s Board or a committee established by the Board and approved by the PA. The amendments to the Regulations relating to Banks (Regulations) incorporated the relevant revised market risk framework requirements impacting the LEX framework issued by the Basel Committee on Banking Supervision (BCBS). This Directive replaces Directive 5 of 2008 (dated 7 May 2008) and Directive 3 of 2022 (dated 1 April 2022).

2

1. Introduction 1.1 The BCBS standard issued in April 2014 titled ‘Supervisory framework for measuring and controlling large exposures’1 (LEX framework) complements the BCBS’s risk-based capital standard. The LEX framework is designed to specifically protect banks from material losses resulting from the non￾performance of a single counterparty or a group of connected counterparties that could ultimately threaten the solvency and liquidity of banks or banking groups. 1.2 Amendments to the LEX framework, which incorporate the relevant revisions to the market risk framework, published in January 2019 and revised in February 2019,2 required specific amendments to regulation 24 of the Regulations. These amendments ensure that relevant parts of the revised market risk framework are integrated into the LEX regulatory requirements, which form part of the Basel III post-crisis reforms. 1.3 The LEX framework specifies that the sum of all exposure values of a bank to a counterparty or to a group of connected counterparties must be defined as a LEX if it is equal to or exceeds 10% of the bank’s qualifying common equity tier 1 capital and reserve funds and additional tier 1 capital and reserve funds (tier 1 capital and reserve funds). 1.4 Credit concentration can result in substantial losses if such concentration risk is not managed adequately by the bank. When a bank evaluates a credit application for approval, the bank must take into consideration potential future changes in economic conditions and assess its credit risk exposures under stressful conditions. In terms of section 73 of the Banks Act, a bank shall not make investments with, or grant loans or advances or other credit, to any person to an aggregate amount exceeding 10% of such amount of its capital and reserves as may be prescribed, without first having obtained the permission of the bank’s Board or a committee established by the Board and approved by the PA. 1.5 This Directive directs banks to apply the criteria related to the composition of the aforementioned committee as well as the requirements, conditions and/or limits specified herein.
2. Banks Act references 2.1 In terms of section 73(1)(a) of the Banks Act, a bank “shall not make investments with or grant loans or advances or other credit to any person, to an aggregate amount exceeding 10 per cent of such amount of its capital and reserves as may be prescribed, without first having obtained the permission of its board of directors, or of a committee appointed for such purpose (for the 1 Available at https://www.bis.org/basel_framework/standard/LEX.htm 2 Available at https://www.bis.org/bcbs/publ/d457.pdf

3 composition of which committee the prior written approval of the PA has to be obtained), to make such investments or to grant such loans, advances or other credit”. 2.2 To enhance independence and objectivity of the bank’s Board or the bank’s Board appointed committee approved by the PA, section 60(3) of the Banks Act requires that the majority of a bank’s Board members be non-executive directors. 3. Regulatory references 3.1 Regulation 8 of the Regulations deals with the calculation of average daily balances for a month in respect of any liability or asset item by totalling the amounts thereof for each day of the month and dividing the total by the number of calendar days in that particular month. 3.2 Regulation 23 of the Regulations deals with the measurement of credit risk exposures, including the application of credit conversion factors (CCF) and credit risk mitigation (CRM). 3.3 Regulation 24 of the Regulations deals with various requirements relating to measuring, monitoring and controlling LEX in accordance with the LEX framework issued by the BCBS. 3.4 Regulation 36 of the Regulations deals with various requirements relating to measuring, monitoring and controlling LEX in accordance with the LEX framework, in relation to consolidated reporting. 3.5 Regulation 37 of the Regulations specifies that foreign operations of South African banks must, mutatis mutandis, apply the directives and interpretations related to the completion of risk-based returns on a solo basis by a bank in the Republic of South Africa, or for the calculation of the relevant minimum required amount of capital and reserve funds on a solo basis by a bank in the Republic, as set out in the form BA 610. 3.6 Regulations 39 to 41 of the Regulations deal with provisions relating to corporate governance and set out, among other things, the duties and responsibilities of directors and the senior management of a bank. 4. International references 4.1 The Basel Core Principles for Effective Banking Supervision (Core Principles) comprise 29 global standards developed by the BCBS to guide regulatory authorities in ensuring a sound and stable banking system. These Core Principles serve as a benchmark for prudential regulation, risk management and supervisory practices worldwide. 4.2 Basel Core Principle (BCP) 12 of the Core Principles3 issued by the BCBS on 25 April 2024 addresses consolidated supervision. BCP 12 imposes a duty on supervisors to supervise banking groups on a consolidated basis as well as, 3 Available at https://www.bis.org/bcbs/publ/d573.pdf

4 to adequately monitor and, where appropriate, apply prudential standards to all aspects of the business conducted by the banking group worldwide. 4.3 BCP 19 of the Core Principles requires banking supervisors to ensure “banks have adequate policies and processes to identify, measure, evaluate, monitor, report and control or mitigate concentrations of risk on a timely basis” and “set prudential limits to restrict bank exposures to single counterparties or groups of connected counterparties”. 4.4 BCP 20 of the Core Principles deals with transactions with related parties. To prevent abuses arising in transactions with related parties, and to address the risk of conflicts of interest, supervisors should require banks to enter into any transactions with related parties on an arm’s-length basis, monitor these transactions, take appropriate steps to control or mitigate the risks; and write off exposures to related parties in accordance with standard policies and processes. 5. Directive 5.1 Based on the aforesaid, and in accordance with the provisions of section 6(6) of the Banks Act, banks are hereby directed to comply with the respective requirements specified in paragraphs 6 to 15 below: 6. Criteria relating to composition of Board-appointed committees to approve LEX 6.1 The Board of a bank is ultimately responsible for overseeing the maintenance of effective risk management within the bank. In discharging its responsibilities, the Board plays a critical role in overseeing the credit-granting and credit risk management functions of the bank and must ensure, among other things, that: 6.1.1 credit activities are conducted in line with the risk strategy, policies and tolerances approved by the Board; 6.1.2 the bank conducts business according to sound and well-defined credit￾granting criteria; 6.1.3 all extensions of credit are made on an arm’s-length basis; 6.1.4 the senior management of the bank is fully capable of managing the credit activities conducted by the bank; 6.1.5 credit activities are subject to adequate internal controls and appropriate internal audit coverage; and 6.1.6 the bank maintains adequate capital and reserve funds for the risks that it assumes. 6.2 A bank or controlling company must ensure that a credit committee appointed by the Board to approve LEX includes, at a minimum:

5 6.2.1 at least three non-executive directors who are persons that are not employees of the bank or of any of its subsidiaries, its controlling company or any subsidiary of its controlling company, with one serving as the Chairperson of the said committee; 6.2.2 the Chief Executive Officer of the bank; 6.2.3 the bank’s Head of Finance; 6.2.4 the bank’s Head of Risk or an equivalent function, such as the Head of Enterprise-wide Risk Management; and 6.2.5 the bank’s Head of Credit. 6.3 When a bank’s Board-appointed LEX credit committee requires specific input from particular business units in respect of a proposed credit exposure, it may invite the relevant executive director or executive officer to make the required presentations to it. 6.4 The decisions on LEX made by the Board-appointed LEX credit committee must be recorded in writing and tabled at the Board meeting immediately following the meeting of the said LEX credit committee for the Board's review and ratification. 6.5 The LEX credit committee of the bank must also periodically assess its own performance, determine where weaknesses exist and, where possible, take appropriate corrective actions. 7. Definition of LEX and limits specified in regulation 24(7)(c) of the Regulations 7.1 An exposure is a LEX if the relevant aggregate amount related to the exposure is equal to or exceeds 10% of the bank’s tier 1 capital and reserve funds, as specified in regulation 24(7)(a) of the Regulations: 7.1.1 after taking into consideration any relevant CCF, subject to a CCF floor of 10%; and 7.1.2 after taking into consideration any specific credit impairment raised against the exposure; but 7.1.3 before taking into consideration any eligible CRM to mitigate the bank’s original exposure to the relevant person or counterparty. 7.2 The relevant aggregate amount relating to the LEX must be less than or equal to the limits specified in regulation 24(7)(c) of the Regulations after taking into consideration: 7.2.1 any relevant CCF, subject to a CCF floor of 10%; 7.2.2 any specific credit impairment raised against the exposure; and

6 7.2.3 any eligible CRM to mitigate or reduce the bank’s original exposure to the relevant person or counterparty. 7.3 Where an exposure meets the definition of a LEX, as stipulated under paragraph 7.1, banks must identify and monitor these exposures in compliance with the provisions of the Directive. Where the prescribed or specified LEX limit is breached, banks must report the breach to the PA as soon as possible but no later than 24 hours of identification for all the prescribed or specified requirements. 8. Eligible CRM considerations when calculating relevant adjusted exposure post-CCF and post-specific credit impairments 8.1 A bank or controlling company that obtained eligible CRM must elect whether or not to take that eligible CRM into consideration when calculating the relevant adjusted exposure after applying the relevant CCF and any specific credit impairments to that counterparty, provided that the relevant provisions of regulation 24(6)(d) of the Regulations are met. 8.2 When a bank elects not to take the eligible CRM into consideration, then the bank must not reduce the relevant exposure value of the counterparty in respect of which eligible credit protection was obtained, however; the bank must account and report for the subsequent and related exposure to the provider of the eligible CRM provided that the exposure is a LEX and/forms part of the “20 largest exposures”. 8.3 When a bank elects to take the eligible CRM into consideration to a counterparty, then the bank or controlling company must reduce the relevant adjusted exposure value of the counterparty in respect of which eligible credit protection was obtained; however: 8.3.1 in the case of exposures – regardless of whether the exposures are exempt in terms of LEX – that do meet the requirements as being considered a LEX and form part of the “20 largest exposures” based on gross exposure pre-CCF, pre-specific impairments and pre-CRM, then: 8.3.1.1 the bank must account and report the subsequent and related exposure to the provider of the eligible CRM for both “large exposures to a person” and “20 largest exposures” reporting purposes. 8.3.2. in the case of exposures – regardless of whether they are exempt exposures – that do meet the requirements as being considered a LEX but do not form part of the “20 largest exposures” based on gross exposure pre-CCF, pre￾specific impairments and pre-CRM then: 8.3.2.1 the bank must account and report for the subsequent and related exposure to the provider of the eligible CRM for “large exposures to a person” for reporting purposes only.

7 8.3.3. in the case of exposures – regardless of whether they are exempt exposures, – that do not meet the requirements as being considered a LEX but do form part of the “20 largest exposures” based on gross exposure pre-CCF, pre￾specific impairments and pre-CRM then: 8.3.3.1 the bank must account and report for the subsequent and related exposure to the provider of the eligible CRM for the purposes of “20 largest exposures” reporting only. 9. Treatment of the revised market risk framework in the LEX framework 9.1 All relevant requirements specified in this Directive apply to the revised market risk provisions contained in regulation 24(6)(e) of the Regulations. 10. Identification, monitoring and reporting 10.1 A relevant aggregated exposure must be considered as part of the “20 largest exposures” based on the “20 largest gross exposures” pre-CCF, pre-specific impairments and pre-CRM to a single counterparty or a group of connected counterparties regarded as a single counterparty, irrespective of whether the relevant aggregated exposures is considered a LEX. 10.2 For reporting purposes related to “large exposures to a person” and “20 largest exposures”, the respective columns must be completed in accordance with: 10.2.1 the respective requirements for the completion of forms BA 210, BA 600 and BA 610 as specified in regulations 24(6) to 24(8), 36(14) and 37 of the Regulations, respectively; and 10.2.2 Directive 6 of 2025,4 or any subsequent Directive replacing the aforementioned Directive, for the completion of forms BA 210, BA 600 and BA 610 respectively. 10.3 In accordance with regulation 24(6)(a) of the Regulations, a bank or controlling company must calculate and report its credit concentration risk at every relevant tier within the banking group, that is, at a minimum, at every relevant branch, bank solo and consolidated level, in accordance with the relevant requirements specified in the Regulations. 10.4 When calculating and reporting credit concentration risk exposures to a single counterparty or a group of connected counterparties, which must be regarded as a single counterparty in forms BA 210, BA 600 and BA 610: 10.4.1 for internal LEX identification purposes – the relevant aggregate exposure amount must be calculated on any given day in a month as the sum of all relevant on-balance-sheet and off-balance-sheet credit exposures, including transactions in instruments that give rise to counterparty credit risk, included in either the bank’s banking book or trading book as required in 4 Available online at: D6-2025 - Directive returns to be submitted to the PA from 1 July 2025

8 regulations 24(6)(c) and 24(6)(e) of the Regulations which is post-CCF, post￾specific impairments but before CRM. 10.4.2 for LEX identification and reporting purposes – the relevant aggregate exposure amount must be calculated and reported to the PA at month-end for the relevant reporting period(s) as the sum of all relevant on-balance sheet and off-balance sheet credit exposures, including transactions in instruments that give rise to counterparty credit risk, included in either the bank’s banking book or trading book as required in regulations 24(6)(c) and 24(6)(e) of the Regulations which is post-CCF, post-specific impairments but before CRM. 10.4.3 for internal LEX limit monitoring purposes – the relevant aggregate exposure amount must be calculated on any day in a given month as the sum of all relevant on-balance sheet and off-balance sheet credit exposures, including transactions in instruments that give rise to counterparty credit risk, included in either the bank’s banking book or trading book as required in regulation 24(6)(c), regulations 24(6)(d) and 24(6)(e) of the Regulations which is post-CCF, post-specific impairments and post-CRM. 10.4.4 for LEX limit monitoring purposes – the relevant aggregate exposure amount must be calculated and reported to the PA at month-end for the relevant reporting period(s) as the sum of all relevant on-balance-sheet and off-balance sheet credit exposures, including transactions in instruments that give rise to counterparty credit risk, included in either the bank’s banking book or trading book as required in regulations 24(6)(c), 24(6)(d) and 24(6)(e) of the Regulations which is post-CCF, post-specific impairments and post-CRM. 10.4.5 in this regard, average daily balances for each reporting month must not be calculated in determining relevant exposure values for reporting purposes in the “large exposures to a person” tables in forms BA 210, BA 600 and BA 610, as well as in the “20 largest exposures” tables in forms BA 210 and BA 600. 10.5 For exposures to the counterparty acting as a CRM provider, regardless of whether banks elect or do not elect to take eligible CRM into consideration – banks must account and report the subsequent and related exposure to the provider of the eligible CRM provided that the exposure is a LEX and/or forms part of the “20 largest exposures” as follows: 10.5.1 In respect of the “large exposures to a person” and the “20 largest exposures” tables in forms BA 210 and BA 600 – in the column specified as “Exposure to the counterparty acting as a CRM provider” and all relevant subsequent columns; 10.5.2 In respect of the “large exposures to a person” table in form BA 610 – in the column specified as “Gross credit exposure (pre-CCF, pre-specific credit impairments and pre-CRM)” and all relevant subsequent columns; and

9 10.5.3 In cases where exposures to the counterparty acting as a CRM provider do not meet the definition of LEX and/or do not form part of the “20 largest exposures” – banks must report the names and the relevant notional values of the exposure to the “counterparty acting as a CRM provider” in the “Comments” worksheet in forms BA 210, BA 600 and BA610. 10.6 Average daily balances for each month must only be calculated in accordance with the requirements specified in regulation 8 of the Regulations, for internal monitoring and compliance purposes by banks, against the respective interbank monthly average limits specified in Annexure 1 of this Directive. 10.7 Banks must internally monitor all relevant aggregate exposure values – calculated in accordance with paragraph 7.2 above and the requirements of regulations 24(6)(c), 24(6)(d) and 24(6)(e) of the Regulations – to a single counterparty or group of connected counterparties regarded as a single counterparty, and are classified as a LEX in accordance with paragraph 7.1 above, against the respective maximum daily and monthly average limits specified in Annexure 1 of this Directive. 10.8 Where the prescribed or specified LEX limit is breached, banks must report the breach to the PA as soon as possible but no later than 24 hours of identification by submitting a duly completed Annexure 2 of this Directive, including a formal application requesting condonation, for such a breach. 11. Application of the LEX requirements to all subsidiaries within a banking group, where a bank within the group has been designated as a domestic systemically important bank, domestic systemically important financial institution or global systemically important bank 11.1 In the case where a bank within a banking group is designated as: 11.1.1 A domestic systemically important bank (D-SIB)/domestic systemically important financial institution (D-SIFI) by the PA or the South African Reserve Bank, for LEX purposes, and when determining the limit applicable to all other subsidiaries within the group where an entity within the group has been designated as a D-SIB/D-SIFI, the D-SIB/D-SIFI designation must be applied to the controlling company of the D-SIB/D-SIFI as well as all other subsidiaries of the bank and controlling company; or 11.1.2 A global systemically important bank (G-SIB), as published by the Financial Stability Board (FSB) from time to time, for LEX purposes, and when determining the limit applicable to all other subsidiaries within the group where an entity within the group has been designated as a G-SIB, the G-SIB designation must be applied to the controlling company of the G-SIB as well as all other subsidiaries of the bank and controlling company. 11.2 The D-SIB/D-SIFI/G-SIB limit applies to all subsidiaries of the bank’s controlling company and not only to the designated D-SIB/D-SIFI/G-SIB. For each subsidiary within the banking group, the limit must be based on the

10 relevant amount of tier 1 capital and reserve funds, as specified in regulation 24(7)(c) of the Regulations. 12. Treatment of intraday exposures 12.1 To avoid disturbing the payment and settlement system or any processes related thereto, intraday interbank exposures are exempt from the LEX requirements specified in the Regulations. 12.2 Any intraday exposure, limit and facility, other than intraday interbank exposures, is subject to the respective LEX requirements specified in the Regulations. 12.3 As at the relevant reporting date and where required, intraday exposures, limits and facilities must be reported as follows: 12.3.1 Utilised portions of on-balance sheet exposures, limits and facilities must be reported in forms BA100, BA200, BA210, BA600 and BA610. 12.3.2 Unutilised portions of committed and uncommitted exposures, limits and facilities must be reported in forms BA110, BA200, BA210, BA600 and BA610. 12.3.3 Unutilised portions of off-balance sheet commitments must be subject to a CCF floor of 10% for the purposes of “large exposures to a person” reporting in forms BA 210, BA 600 and BA 610, as well as “20 largest exposures” reporting in forms BA 210 and BA 600. 13. Monitoring and managing interbank exposures 13.1 A bank other than a D-SIB or D-SIFI must manage its business in such a manner that the aggregate amount of its concentrated credit exposure, calculated in accordance with the relevant requirements specified in regulation 24(6) of the Regulations to a D-SIB or D-SIFI, complies with the requirements specified below: 13.1.1 The aggregate exposure must not at any time exceed 25% of the sum of the bank or controlling company’s tier 1 capital and reserve funds, as reported in form BA 700, as at the end of the reporting date immediately preceding the reporting date to which the form BA 210 relates. 13.2 Following the 12th month after the date that the bank or controlling company itself has been designated as a D-SIB or D-SIFI, the aggregate amount of its concentrated credit exposure calculated in accordance with the relevant requirements specified in regulation 24(6) of the Regulations to a D-SIB or D-SIFI, must comply with the requirements specified below: 13.2.1 The aggregate exposure must not, at any time on an average daily balance basis for the month (calculated in accordance with the requirements specified in regulation 8 of the Regulations), exceed 15% of the sum of the bank or controlling company’s tier 1 capital and reserve funds, as reported in form

11 BA 700, as at the end of the reporting date immediately preceding the reporting date to which the form BA 210 relates. 13.2.2 The maximum daily aggregate exposure during the month must not at any time exceed 18% of the sum of the bank or controlling company’s tier 1 capital and reserve funds, as reported in form BA 700, as at the end of the reporting date immediately preceding the reporting date to which the form BA 210 relates. 13.3 A bank other than a D-SIB or G-SIB must manage its business in such a manner that the aggregate amount of its concentrated credit exposure – calculated in accordance with the relevant requirements specified in regulation 24(6) of the Regulations – to an institution designated as and included in the list of G-SIBs (which includes any branch of a G-SIB), published by the FSB from time to time, complies with the requirements specified below: 13.3.1 The aggregate exposure must not at any time exceed 25% of the sum of the bank or controlling company’s tier 1 capital and reserve funds, as reported in form BA 700, as at the end of the reporting date immediately preceding the reporting date to which the form BA 210 relates. 13.4 A bank designated as a D-SIB must manage its business in such a manner that the aggregate amount of its concentrated credit exposure, calculated in accordance with the relevant requirements specified in regulation 24(6) of the Regulations to a G-SIB (which includes any branch of a G-SIB), complies with the requirements specified below: 13.4.1 The aggregate exposure must not at any time on an average daily balance basis for the month (calculated in accordance with the requirements specified in regulation 8 of the Regulations) exceed 15% of the sum of the bank or controlling company’s tier 1 capital and reserve funds, as reported in form BA 700, as at the end of the reporting date immediately preceding the reporting date to which the form BA 210 relates. 13.4.2 The maximum daily aggregate exposure during the month must not at any time exceed 18% of the sum of the bank or controlling company’s tier 1 capital and reserve funds, as reported in form BA 700, as at the end of the reporting date immediately preceding the reporting date to which the form BA 210 relates. 13.5 A bank designated as a G-SIB (which includes any branch of a G-SIB) must manage its business in such a manner that the aggregate amount of its concentrated credit exposure, calculated in accordance with the relevant requirements specified in regulation 24(6) of the Regulations to a G-SIB (which includes any branch of a G-SIB), complies with the requirements specified below: 13.5.1 The aggregate exposure must not at any time on an average daily balance basis for the month (calculated in accordance with the requirements specified in regulation 8 of the Regulations) exceed 15% of the sum of the bank or controlling company’s tier 1 capital and reserve funds, as reported in form

12 BA 700, as at the end of the reporting date immediately preceding the reporting date to which the form BA 210 relates. 13.5.2 The maximum daily aggregate exposure during the month must not at any time exceed 15% of the sum of the bank or controlling company’s tier 1 capital and reserve funds, as reported in form BA 700, as at the end of the reporting date immediately preceding the reporting date to which the form BA 210 relates. 13.6 A bank designated as a G-SIB (which includes any branch of a G-SIB) must manage its business in such a manner that the aggregate amount of its concentrated credit exposure, calculated in accordance with the relevant requirements specified in regulation 24(6) of the Regulations to a D-SIB or D-SIFI, must comply with the requirements specified below: 13.6.1 The aggregate exposure must not at any time on an average daily balance basis for the month (calculated in accordance with the requirements specified in regulation 8 of the Regulations) exceed 15% of the sum of the bank or controlling company’s tier 1 capital and reserve funds, as reported in form BA 700, as at the end of the reporting date immediately preceding the reporting date to which the form BA 210 relates. 13.6.2 The maximum daily aggregate exposure during the month must not at any time exceed 15% of the sum of the bank or controlling company’s tier 1 capital and reserve funds, as reported in form BA 700, as at the end of the reporting date immediately preceding the reporting date to which the form BA 210 relates. 14. Application of LEX requirements on intragroup exposures 14.1 A bank or controlling company must manage its intragroup exposures in such a manner that the aggregate amount of its exposure to entities within the group complies with the requirements specified below: 14.1.1 Unless otherwise specified in writing by the PA, intragroup exposures risk weighted at 0% in terms of regulation 23(6)(j) of the Regulations are exempt from the LEX limit. 14.1.2 For intragroup exposures other than intragroup exposures risk weighted at 0% in terms of regulation 23(6)(j) of the Regulations, the bank or controlling company is not required to determine the connectedness of the intragroup entities, unless otherwise specified in writing by the PA. However, the aggregate exposure to each intragroup entity must comply with the relevant LEX limit specified in regulation 24(6) and 24(7) of the Regulations. 14.1.3 Where the bank or controlling company is of the opinion that the LEX limit specified or imposed is not appropriate for a certain intragroup entity, the bank or controlling company must demonstrate to the satisfaction of the PA that, due to the existence of specific circumstances, a different LEX limit or treatment should be considered. 14.2 The PA acknowledges the interconnectedness between entities within a group, but also acknowledges that, for the LEX requirement purposes, intragroup

13 exposures cannot necessarily and in all cases be regarded as a group of connected counterparties and be regarded as a single counterparty. Therefore, the Regulations have an enabling provision to specify conditions where intragroup exposures are not subject to all of the LEX requirements. 15. Application of LEX requirements on a foreign subsidiary or branch of a bank controlling company required to report on a solo basis 15.1 The PA acknowledges that foreign subsidiaries are subject to the regulatory requirements and concentration risk requirements imposed by the prudential supervisors in the jurisdictions where they conduct business, while the controlling company is subject to regulatory requirements and concentration risk requirements as imposed by the PA as the home supervisor. Therefore, unless otherwise instructed by the PA, the LEX limit imposed on a foreign subsidiary must be based on the controlling company’s tier 1 capital and reserve funds. 15.2 Foreign subsidiaries are, however, exposed to concentration risk similar to other separately capitalised institutions or banks, which potentially endangers their survival, that of their bank controlling companies or even the wider banking group. Therefore, for the PA to monitor and supervise concentration risk within a foreign subsidiary in accordance with the requirements specified in the LEX framework and the Core Principles, the said subsidiary is required to report credit concentration risk exposures on form BA 610 based on the foreign subsidiary’s own tier 1 capital and reserve funds calculated in accordance with the relevant requirements specified in the Regulations. 15.3 For the purposes of regulation 24(7)(a)(iii) of the Regulations, in the case of a foreign subsidiary of a controlling company required to report on a solo basis where the PA is also responsible for the supervision of the controlling company, the specified amount as contemplated in section 73(1)(a) of the Banks Act must for reporting purposes be 10% of the sum of the tier 1 capital and reserve funds of the relevant foreign subsidiary, calculated in accordance with the relevant requirements specified in the Regulations. 15.4 For the purposes of regulation 24(7)(c)(iii) of the Regulations, in the case of a foreign subsidiary of a controlling company required to report on a solo basis, the specified percentage and the specified amount must be the relevant percentage of the sum of the tier 1 capital and reserve funds of the controlling company of the foreign subsidiary unless specifically otherwise directed in writing in specific cases. 15.5 When completing returns in respect of a foreign operation of a South African bank, the definitions and interpretation of items in the Regulations must be applied. In this regard, for LEX purposes and with reference to the form BA610 reporting: 15.5.1 a foreign subsidiary or branch of a controlling company with an exposure to a South African designated D-SIB or D-SIFI must be reported under the ‘D-SIB or D-SIFI’ line item;

14 15.5.2 a foreign subsidiary or branch of a controlling company with an exposure to a bank not domiciled in South Africa but designated as a D-SIB or D-SIFI in the host/foreign jurisdiction must be reported under the ‘Banks other than D-SIBs and G-SIBs’ line item; and 15.5.3 a foreign subsidiary or branch of a controlling company with an exposure to a bank designated as a G-SIB by the FSB must be reported in the ‘G-SIBs’ line item. 16. Acknowledgement of receipt 16.1 Kindly ensure that a copy of this Directive is made available to your institution’s external auditors. In addition, the attached acknowledgement of receipt, duly completed and signed by both the Chief Executive Officer of the institution and the said auditors, should be returned to the PA at the earliest convenience of the signatories. Fundi Tshazibana Chief Executive Officer Date: Encl.: 3 The previous Directive issued was Directive 13/2025, dated 20 November 2025.