Decision on Minimum Standards for Risk Management in Credit Guarantee Fund of Montenegro

1 Pursuant to Article 44 paragraph 2 item 3 of the Central Bank of Montenegro Law (OGM 40/10, 06/13, 7/17, 125/23) and Article 31 paragraph 8 of the Law on Credit Guarantee Fund of Montenegro (OGM 89/25), the Council of the Central Bank of Montenegro, at its meeting held on 5 February 2026, passed the following DECISION ON MINIMUM STANDARDS FOR RISK MANAGEMENT IN CREDIT GUARANTEE FUND OF MONTENEGRO Subject matter Article 1 This Decision shall prescribe minimum standards for managing risks to which the Credit Guarantee Fund of Montenegro (hereinafter: the Fund) is exposed in its operations. Types of risk Article 2 The Fund shall properly, and in accordance with the type and size of its operations, identify, measure, monitor and control the risks it is exposed to in its operations, and particularly:

1. credit risk;
2. liquidity risk;
3. market risks; and
4. operational risk. Risk management system Article 3 (1) For the purpose of establishing risk management system, the Fund shall:
5. establish the procedures for:

• identifying, measuring and assessing the risk;
• managing the risk;
• assessing and controlling risks associated with guaranteed loans; and
• reporting to Fund’s bodies and the Central Bank of Montenegro (hereinafter: the Central Bank);

2. identify employees to be involved in the risk management system;
3. properly document risk management process;
4. establish, monitor and maintain internal exposure limits in line with the Fund’s strategic goals;
5. analyse impact of macroeconomic trends on risk exposures and investment portfolios. (2) The Fund shall periodically, and at least once in two years, revise and, as needed, update the procedures referred to in paragraph (1) item 1) of this Article. (3) The Fund shall ensure clear division between the organisational part responsible for risk management and the organisational parts engaged in decision-making process on business transactions and risk taking.

2 (4) The Fund shall establish and maintain an efficient information system that enables the provision of timely, accurate, reliable and detailed information and reports of the Fund’s bodies necessary for making business decisions and risk management. Credit risk management Article 4 (1) Credit risk, within the meaning of this Decision, shall be the risk of incurring losses in the Fund due to the debtor's default in the case of guaranteed event occurrence, or in the case of deterioration in the counterparty’s creditworthiness, when investing funds into deposits, bonds, and other investment instruments on domestic and international financial markets. (2) The Fund shall measure, monitor and asses regularly, and at least quarterly, the exposure to credit risk based on the guarantees issued and investment portfolios approved in the manner that enables timely taking of appropriate measures for the purpose of mitigating credit risk, and it shall report to the Fund’s bodies thereof. Investment portfolio management Article 5 (1) When making decisions on investing funds into deposits and bonds and other investment instruments, the Fund shall ensure independent opinion of the organisational part responsible for risk management on the assessment of the credit risk of the intended investment. (2) The Fund shall define exposure limits to a single person or a group of connected persons and regularly monitor the compliance of its operations with those limits. (3) The Fund shall regularly carry out sensitivity analyses of the impact of market and macroeconomic factors, as well as factors specific to the issuers of investments on the quality of investment portfolio. (4) The Fund shall ensure a separate monitoring of the exposures exhibiting higher credit risk and non-performing exposures and take actions to mitigate such exposures. Guarantee file Article 6 The Fund shall ensure that each issued guarantee is properly and accurately documented, and it shall establish and maintain an orderly and complete guarantee file that chronologically tracks the guarantee from issuance to its expiration or the settlement of paid funds under the guarantee in the guaranteed event occurrence. Liquidity risk management Article 7 (1) Liquidity risk, within the meaning of this Decision, shall be the risk arising from the existing or expected inability of the Fund to meet its cash obligations as they become due. (2) The Fund shall establish a system for liquidity risk management, which provides:

1. identification of the sources of liquidity risk;
2. monitoring of contingent liabilities of the payment of funds based on issued guarantees;

3 3) the projection of cash inflows and outflows; 4) creation of liquidity indicators and their use in the process of monitoring of liquidity; 5) adequate treatment in case of temporary and long-term liquidity distortions. (3) The Fund shall, in case of inability to settle matured obligations, immediately notify the Central Bank on the amount of lacking liquid assets, reasons for illiquidity and planned activities to overcome illiquidity. Market risk management Article 8 (1) Market risk, within the meaning of this Decision, shall be the risk of incurring adverse effects on the financial result and capital of the Fund arising from the changes in values of investment portfolio caused by negative trends in market prices. (2) The Fund shall prescribe, in its internal act, the procedure for reporting to Fund’s bodies on all important transactions not agreed in accordance with the market conditions. (3) For the purposes of market risk management, the Fund shall, periodically and at least quarterly, analyse sensitivity of Fund’s investments on changes in market factors, trends and liquidity of relevant financial markets and volatility and corelation of market prices of different financial instruments, and assess the potential adverse effect on the financial result and capital of the Fund. Operational risk management Article 9 (1) Operational risk, within the meaning of this Decision, shall be the risk of incurring losses in the operations of the Fund resulting from inadequate or failed internal processes and systems, errors (deliberate or negligent) in the performance of employees or external events, including legal risk. (2) The Fund shall, within its operational risk management, include in particular the following:

1. information system risk;
2. business changes, including new products, activities, processes and systems;
3. legal risk;
4. external events,
5. operational risk arising from outsourcing; and
6. significant inherent risks in the existing products, activities, processes and systems. (3) For the purposes of identifying and measuring or assessing operational risk, the Fund shall take into account all relevant internal and external factors, and events that have resulted in losses, as well as risk to which the Fund is exposed that may be considered operational risk, but which has not resulted in losses. (4) The Fund shall measure or assess exposures to the identified operational risk taking into account the probability and frequency of risk occurrence and the potential impact thereof.

4 (5) For the purposes of paragraph (2) item 1) of this Article, the Fund shall, in its internal act, define and apply rules to prevent security issues in IT systems and services and to minimise the negative impact that these issues might have on the provision of IT services. (6) The Fund shall continuously assess whether changes in the existing operational environment affect the effectiveness of current security measures, require their adjustment, or the introduction of additional measures to reduce associated risks. Reporting to the Central Bank Article 10 The reporting to the Central Bank on risks set forth in this Decision shall be made in the manner and within the time limits specified in the decision governing the reporting of the Fund to the Central Bank Entry into force Article 11 This Decision shall enter into force on the eighth day following that of its publication in the “Official Gazette of Montenegro”. THE COUNCIL OF THE CENTRAL BANK OF MONTENEGRO CHAIRPERSON G O V E R N O R, Irena Radović, m.p. Decision number: 0101-1167-2/2026 Podgorica, 5 February 2026