Corporate Governance Standards in Investment Companies

‘Approved’ Central Bank of the Republic of Azerbaijan Resolution № ____ ‘__’ ___________ 2024 Corporate governance standards in investment companies

1. General provisions 1.1. These Standards have been developed in accordance with Article 31.13 of the Law of the Republic of Azerbaijan ‘on the Securities Market’ (hereinafter – the Law) and determine corporate governance standards in investment companies. 1.2. The objective of these standards is to establish reliable and transparent management and reporting systems and ensure effective internal control and risk management in investment companies guided by the requirements, set by the corporate governance law. 1.3. Item 3.9, Parts 14 and 15 of these Standards also apply to local branches of foreign investment companies.
2. Definitions 2.1. The definitions used in these Standards bear the following meanings: 2.1.1. corporate governance – a management method, which ensures setting of strategic objectives and targets based upon investment company’s strategic view, tools, and processes in place to achieve them, clear segregation of authorities across all management levels, as well as introduction of an effective internal control system to provide effective risk management and transparent performance. 2.1.2. internal control system – a system covering the management and organizational structure that provides monitoring of investment company's activities, including risk management, compliance, and internal audit functions. 2.1.3. strategic vision – long-term performance program targeting stronger market position and higher value of the investment company. 2.1.4. mission statement – summary of key principles of the strategic vision. 2.1.5. strategic plan – a periodic plan, which links the strategic vision of the investment company to clearly defined measurable goals and coordinated measures. 2.1.6. fiduciary duties – tasks aimed at protection of investment company’s current and future interests. 2.1.7. risk management – the process, which addresses identification, evaluation, management, monitoring and reporting of risks, inherent to investment company’s performance. 2.1.8. strategic planning process – development of a strategic plan of the investment company to set and achieve long-term performance targets.

2.1.9. independence – ability to make objective and independent decisions without being directly and/or indirectly influenced by the investment company and/or other outsiders. 2.1.10. financial indicators – relative quantitative indicators, used to evaluate investment company’s performance results, computed based upon financial statements. 2.1.11. inside information – undisclosed information of accurate nature, directly or indirectly related to one or more issuers, securities, or derivative financial instruments and which, if disclosed, could materially affect the price of the securities or derivative financial instruments. 2.1.12. special category employees - the following employees who perform functions that exert a significant influence on the risk profile of the investment company: 2.1.12.1. members of the investment company’s executive body (the head of the sole executive body). 2.1.12.2. heads of the control function of the investment company (structural units engaged in risk management, compliance, and internal audit functions). 2.1.12.3. an investment company employee working within the structural unit whose total income earned from the investment company in the previous year (salaries and bonuses), except for the bonuses awarded to members of the executive body of the investment company (the head of the sole executive body), is not less than average annual income paid to investment company employees and exerts significant influence on the risk profile of the investment company specified in the remuneration policy of the investment company (e.g., structural units engaged in investment services specified in Articles 30.3.2, 30.3.5 and 30.3.6 of the Law) and whose activities have an impact on the risk profile of the investment company. 2.1.13. data users – existing and potential shareholders, market players and other stakeholders, interested in obtaining data related to investment company’s performance. 2.1.14. reward - payments made by the investment company in the form of money, shares and other financial instruments in exchange for the professional activity of employees. One-time rewards￾gifts not provided for by the salary system and paid to investment company's employees based on the decision of the investment company management (payments made in connection with holidays, special days, and other payments of a social nature) do not qualify to this definition. 2.1.15. risk – probability that costs (losses) caused by probable or unexpected events will have a negative impact on investment company's capital. 2.1.16. risk management system – the system comprising the risk management elements specified herein. 2.1.17. risk limit – maximum limit of the assumed risk per service by the investment company. 2.1.18. risk profile - the aggregated level of risks the invested company is exposed to. 2.1.19. risk appetite – amount of the risk, the investment company is willing to take within its risk-taking capacity to achieve its strategic goals. 2.1.20. risk-taking capacity – maximum amount of risk that the investment company can take without violating prudential requirements. 2.1.21. risk appetite statement – a document that addresses total risk limits that the investment company will assume to achieve its business goals. 2.1.22. risk culture – the investment company's set of norms, approaches and behaviors on risk identification, acceptance, and management, as well as risk decision-making.

2.1.23. compliance risk – the risk of corrective measures and sanctions, financial losses, or loss of reputation that the investment company may face as a result of non-compliance with the legislation and the requirements of legal acts regulating financial markets, as well as internal rules of the investment company. 2.2. Other definitions used in these Standards bear the meanings specified in the Law and other legal acts of the Republic of Azerbaijan. 3. Main principles of corporate governance 3.1. The application of corporate governance in an investment company is provided by the Supervisory Board. The executive body should provide effective implementation of the strategy and policies approved by the Supervisory Board 3.2. An investment company should have a management and organizational structure based on main activity directions, segregation of authorities, effective risk management, an adequate internal control system, including accounting procedures, effective information systems and an effective remuneration policy. The investment company's organizational structure is approved by the general meeting of shareholders or by the Supervisory Board, if authorized. The organizational structure should be regularly revised and updated, as necessary. 3.3. The management and organizational structure, as well as segregation of authorities should be commensurate with the nature, size, and complexity of investment company’s operations, avoid a conflict of interests, be understandable and communicated to the investment company staff. 3.4. Every investment company establishes its strategic vision and develops mission statement for the strategic planning period on its basis. The strategic vision and the mission statement are approved by the Supervisory Board and submitted to the general meeting of shareholders for information. 3.5. A strategic plan should be developed based on the investment company’s strategic vision and mission statement. The strategic plan is approved by the Supervisory Board and covers at least a three-year period. The plan is reviewed annually after the end of each year based on results of the previous year and in the event of a change in the investment company’s risk profile, as well as in response to any events and threats in the external environment that affect investment company’s activities, relevant changes are made to the strategic plan. The strategic plan and changes made therein are submitted to the general meeting of shareholders and the Central Bank of the Republic of Azerbaijan (hereinafter – the Central Bank) for information within 30 (thirty) days upon the date of approval. The plan addresses investment company’s strategic vision, mission statement, risk analysis, development priorities and types of activities to be provided, strategic targets and actions plan on them, the organizational structure required for the implementation of the strategic plan and financial forecasts. 3.6. To ensure long-term resilience the investment company should consider environmental (climate changes, environmental degradation, disturbances in the ecosystem, etc.), social (gender issues, inclusion, labor relations, investment in human resources, etc.) and governance (organizational structure, remuneration, employee relations, diversity, and equality, etc.) factors (hereinafter - ESG factors) which have or might have a significant impact on its activities.

3.7. The investment company’s Supervisory Board and executive body should be aware of investment company’s goals, activity targets, internal risks, as well as events and threats in the external environment that affect investment company’s activities. In the investment company's subsidiary located in a foreign country, the requirements of these Standards are applied to the extent that they do not conflict with the corporate governance standards established in the host country. 3.8. The investment company should have a reporting system that effectively informs Supervisory Board and the executive body on its operations, financial standing, risks faced and decisions affecting investment company's business processes. 3.9. Every investment company establishes rules of ethical conduct in relation to its employees. The document should at least address employee's behavior at work and outside of work on behalf of the investment company, avoiding corruption, preventing the legalization of criminally obtained property and the financing of terrorism, working in other organizations and holding managerial positions, attitude to investment company property, protection of the person who provides information to the investment company management on violation of the legislation and internal rules from pressure, including financial or moral damage, insults and threats, as well as the protection of the confidentiality regime and legality in the investment company. 4. Supervisory Board 4.1. The Supervisory Board oversees the investment company, its structural units, and subsidiaries to ensure performance of the investment company under the legislation. 4.2. To ensure more effective oversight over investment company’s management and performance, the Supervisory Board is entitled to request any report and information on the investment company’s performance from investment company’s managerial bodies, it oversees, and internal committees, as well as structural units. 4.3. The Supervisory Board ensures harmony of the corporate governance system, procedure and regulations and internal control mechanisms of the investment company’s subsidiaries created under the Law with the risks inherent to the subsidiary’s activity, provides their adequate oversight, as well as periodically evaluates subsidiaries’ relations to each other and to the investment company. 4.4. The Supervisory Board oversees proper and timely implementation of methods and internal procedures determined in the accounting policy. 4.5. Where the investment company is a subsidiary of another legal entity, the Supervisory Board assesses instructions of the parent company whether they have a negative impact on investment company’s financial standing and contradict the legislation, including prudential rules and takes actions according to assessment findings. 4.6. When determining the meeting procedure of the Supervisory Board the following should be considered: 4.6.1. The Supervisory Board may convene next and extraordinary meetings. Probable venue and timing for the next meeting is defined at a current meeting of the Supervisory Board at the latest. If there are any changes to the venue and timing, as well as holding of the meeting, Supervisory Board members, as well as related structural units should be accordingly informed in advance.

4.6.2. The order and timing of delivery of a written notice (electronically or in a hard copy) on the meeting agenda to every member of Supervisory Board should be determined. 4.6.3. The agenda should be attached with detailed and fully elucidated written materials, which address the topics to be discussed at the meeting. Each Supervisory Board member should be provided with the information and reports to be submitted on the periodicity set by internal rules of the investment company together with the agenda of the next meeting. The information and reports should at least cover investment company’s financial standing and sustainability indicators, annual budget analysis, all considerable correspondence with the Central Bank, tax, executive and other public authorities (institutions) (shortcomings revealed in investment company’s activities, obligatory instructions, decrees, etc.) and the implied actions plan, innovations in the legal framework regulating investment company’s activities, proposals and recommendations by the internal and external audit and the status of their implementation, and analysis of the risks exposed by the investment company. 4.6.4. The agenda is developed considering proposals provided by members of the Supervisory Board, the Audit Committee, and the executive body (the head of the sole executive body), as well as shareholders with qualifying holding or owners of at least 5 (five) percent of voting shares. Topics on the agenda are discussed at the meeting. Urgent and unexpected topics not implied on the agenda may be discussed and relevant decisions taken if all Supervisory Board members are participating and there is an agreement with simple majority of votes. 4.6.5. Under Article 61.16 of the Law on the topic discussed at the meeting, the information on the interest declared by the member of the Supervisory Board is included in meeting minutes 4.7. Supervisory Board members may participate in meetings either personally or via telecommunication facilities (video conference, phone call, or dedicated software (application)), and e-mail. Meeting minutes should include notes on member’s participation via telecommunication, meeting’s video- or audio-recording, or other supporting documents of participation should be stored in the investment company for at least 3 (three) years on durable media. Each Supervisory Board member should voice exact and implicit attitude (for or against) to the topic on the agenda, personally sign meeting minutes or submit a written document on his/her attitude to the topic, his/her signature being approved as per the legislation. If the Chair of the Supervisory Board is unable to attend the meeting, he/she may be replaced by the Deputy Chair of the Supervisory Board, and in the absence of the deputy, by another member of the Supervisory Board appointed based on the voting at the Supervisory Board meeting. If any Supervisory Board member misses 3 (three) meetings on end, the Chair of the Supervisory Board, or his/her substitute, should submit a written notice to the Central Bank no later than 5 (five) working days upon the last meeting. 4.8. The distribution of the total number and content of decisions made at meetings of the Supervisory Board by months, including the number of participating members in making those decisions and their votes (for, against, etc.), if the proposals submitted by the executive body and the unis included in the organizational structure are not accepted, and or when accepted in a different manner, information on the number and reason of those decisions is submitted to the Central Bank on a quarterly basis no later than the end of the following month.

5. Fiduciary duties of the Supervisory Board 5.1. Each member of the Supervisory Board should: 5.1.1. be aware of investment company’s financial standing, as well as its main operations, and regularly analyze reports submitted by internal committees. 5.1.2. be aware of key events occurred in the securities market and other financial sectors and available trends 5.1.3. decide and vote solely based upon his/her judgment and internal belief to protect investment company’s interests. 5.1.4. not prefer interests of any shareholder or a group of shareholders when voting or decision-making or not act under their instructions, avoid deciding to earn short-term income confronting the investment company’s interest and against long-term risks. 5.1.5. protect investment company’s legal interests, not criticize the investment company, managers and other persons holding positions in the investment company defined by Article 63 of the Law before the public. 5.1.6. avoid negative impact of his/her business activity on the investment company. 5.1.7. not disclose any confidential information, known to him/her, regarding performance of duties and responsibilities on the investment company, related parties, customers, and other persons, who are in business relations with the investment company, to any persons, except for the cases specified in the law. 5.1.8. not incite other persons to buy (sell) or refuse to buy (sell) securities and derivative financial instruments or issue recommendations based on insider information. 5.1.9. not try to buy and sell securities or derivative financial instruments or conclude such transactions using insider information at the expense of him/herself or others directly or indirectly. 5.1.10. not pass on the information to other persons, except in cases of disclosure of insider information related to the performance of official duties. 5.1.11. discuss problems related to internal control, results of financial activities and strategic plan implementation in the investment company with company’s related officials. 5.1.12. ensure independency of the Audit Committee. 5.1.13. ensure independence of internal auditors’ activities, only issue recommendations to the Audit Committee, which establish key directions of the internal audit plan and ensure accountability of the internal audit unit to the Audit Committee. 5.1.14. ensure delivery of all necessary information and documents by investment company employees to internal auditors on the investment company and related parties. 5.1.15. at least once a year evaluate qualifications of executive body members (the sole executive body), their services in investment company’s operation with profit, financial stability, and timely attainment of strategic goals, as well as their fitness to the positions they hold. 5.2. With respect to the risk management the Supervisory Board: 5.2.1. approves the risk appetite statement, the risk management policy and rules, risk limits and changes therein.

5.2.2. monitors availability of procedures that ensure compliance of the investment company's activity with the risk management policy, as well as the application of the risk appetite statement by the executive body. 5.2.3. oversees activities of structural units engaged in risk management functions. 5.2.4. monitors compliance of investment company's objectives for capital and liquidity management, and all investment company specific risks with the investment company's risk appetite. 5.3. With respect to corporate governance the Supervisory Board: 5.3.1. oversees compliance of the activity, organizational and management structure of the investment company with corporate governance standards, takes measures to eliminate identified inconsistencies and improve corporate governance. 5.3.2. ensures the timely disclosure and accuracy of the information to be disclosed to the public about corporate governance of the investment company. 5.4. With respect to the remuneration the Supervisory Board: 5.4.1. approves the remuneration policy of the investment company. 5.4.2. monitors the remuneration process and assesses the efficiency of the remuneration system at least once a year. 5.4.3. reviews the effect of internal and external events on the investment company's remuneration policy and process. 5.5. With respect to appointments the Supervisory Board: 5.5.1. issues recommendations and opinions on new and potential candidates for membership of the Supervisory Board, the executive body (in cases where it is appointed by the general meeting of shareholders) and the committees of the Supervisory Board. 5.5.2. oversees the process of formation of human resources for the Supervisory Board, its committees and the executive body. 5.5.3. establishes criteria for the appointment, duties, and remuneration of external persons (if any) to committees of the Supervisory Board. 6. Composition of the Supervisory Board 6.1. The Supervisory Board consists of an odd number of members, not less than 3 (three) people. The number of members is set according to the size and activities of the investment company. 6.2. Members of the Supervisory Board are individuals appointed by the general meeting of shareholders from shareholders and/or independent external persons for a term of not more than 3 (three) years, unless otherwise outlined in the charter of the investment company. Board members may be re-elected for next terms. The general meeting of shareholders appoints the chairperson of the Supervisory Board from among members of the Supervisory Board. 6.3. The Supervisory Board should be composed of members with different skills, qualifications, and expertise, and the gender diversity principle of should be considered in the composition of the Board. 7. Supervisory Board committees 7.1. An Audit Committee is established within each investment company.

7.2. To enhance efficiency of the investment company's activity, a Compliance Committee, a Risk Management Committee, a Corporate Governance Committee and/or other committees may be established, considering the risk profile of the investment company, as well as the directions and characteristics of its activity. The composition, functions and powers of committees, the decision￾making procedure are determined by their statutes, considering the requirements of these Standards. The committees are independent of the executive body in their activities and report to the Supervisory Board 7.3. Committees are competent with the participation of over half of their members at meetings. Committees take decisions with simple majority of votes of members, participating in the meeting. Committee members may not abstain during voting. In the event of a tie, the vote of the head of the Committee is deemed decisive. 7.4. Committee members may participate at meetings personally or via telecommunication facilities (video conference, phone calls or dedicated software (application), and e-mail). Meeting minutes should include notes on member’s participation via telecommunication or e -mail; meeting’s video- or audio-recording, or other supporting documents of participation should be stored in the investment company for at least 3 (three) years on durable media. Each Committee member should voice clear and implicit attitude (for or against) to the topic on the agenda, personally sign meeting minutes or submit a written document on his/her attitude to the topic, his/her signature being approved as per the legislation. 7.5. The following requirements should be met on the composition of committees considering the requirements specified in Part 8 of these Standards: 7.5.1. committees should have at least odd number of 3 (three) persons. 7.5.2. committees may be established of Supervisory Board members and/or independent external members. 7.5.3. heads and members of committees are appointed by the Supervisory Board. 7.5.4. committee members are appointed from among Supervisory Board members. 7.5.5. knowledge, skills, and expertise of committee members should be consistent with activities of the committee. The consistency should be considered during the appointment of committee members by the Supervisory Board. 7.6. In each investment company, a Corporate Secretary function may be established to support effective functioning of the Supervisory Board, the Chair, and Supervisory Board committees. Additionally, the Office of the Corporate Secretary may be established by the decision of the investment company’s Supervisory Board to ensure efficient activity of the Corporate Secretary. 8. The Audit Committee 8.1. In addition to the requirements specified in Item 7.5 of these Standards the following also should be provided in terms of the composition of the Audit Committee: 8.1.1. At least the one third of the Audit Committee is composed of (in the calculation, the result is rounded up to one upper whole number) Supervisory Board members. 8.1.2. The Audit Committee chair may not be the Chair of the Supervisory Board and/or other committees.

8.2. In addition to the authorities specified in the Law of the Republic of Azerbaijan ‘on Internal Audit’, the Audit Committee also: 8.2.1. monitors the improvement of the investment company’s accounting policy. 8.2.2. monitors transparency, integrity of investment company’s financial statements, ensuring compliance of the investment company performance with the legislation and the requirements of these Standards. 8.2.3. reviews recommendations of the external audit and other third parties with respect to effectiveness of internal control and risk management systems in the investment company. 8.2.4. submits internal audit plans to the Central Bank within 10 (ten) working days upon approval. 8.2.5. submits the report on internal audit reviews conducted in the investment company within a year to the Central Bank after the end of each calendar year by the end of the next quarter, as well as ensures the submission of information on individual internal audit reviews at the request of the Central Bank. 8.2.6. issues proposals to the Supervisory Board on the statute of the internal audit unit and its maintenance cost. 8.2.7. issues proposals to the Supervisory Board on salary amounts, promotion, dismissal, or release, as well as compensation of internal auditors. 8.2.8. ensures timely and complete submission of all essential information and investment company documents on activities of the investment company and its subsidiaries to the external auditor in connection with the external audit. 8.2.9. requests the external auditor to immediately provide him/her with information on key facts and instances identified during the audit. 8.3. Audit Committee meetings are held no less than once every three months, at least 5 (five) working days before the next meeting of the Supervisory Board 8.4. The chairperson and members of the executive body (the head of the sole executive body), the external auditor, heads of the investment company's internal audit, compliance, risk management, financial management and other functions may be invited to Audit Committee meetings. 8.5. The internal audit review, not outlined in the approved internal audit plan of the investment company, is conducted based on the decision of the general meeting of shareholders or the Supervisory Board, as well as at the request of the shareholders who own more than 10 (ten) percent of ordinary shares of the investment company or the executive body. The Audit Committee takes necessary actions in this regard. 9. Executive body 9.1. The executive body ensures the management and implementation of investment company's activities, compliance of the financial control system with the requirements of financial management and reporting, the implementation of the budget of the investment company, submission of reports to public authorities (institutions) in accordance with the requirements of the legislation and their accuracy. 9.2. The executive body:

9.2.1. develops investment company’s draft strategic vision and mission statements. 9.2.2. develops a strategic plan based on the strategic vision and mission statement. 9.2.3. ensures the implementation of the approved strategic plan. 9.2.4. analyzes the implementation of the strategic plan at least once every six months and reports to the Supervisory Board on its findings. 9.2.5. reviews the strategic plan every year after the end of the year based on results of the previous year and, if required, makes proposals to the Supervisory Board to make changes. 9.2.6. ensures timely publication of annual financial statements to data users. 9.2.7. creates a financial planning system and analyzes the status of annual budget implementation. 9.2.8. consents to investment company's annual budget and submits for approval to the general meeting of shareholders or, if authorized, to the Supervisory Board before the beginning of the budget year. 9.2.9. ensures the implementation of the risk management policy. 9.2.10. analyzes the risks the investment company is exposed to and takes necessary actions to eliminate weaknesses identified. 9.2.11. submits reports on risks and their management to the Supervisory Board. 9.2.12. creates appropriate conditions for structural units engaged in risk management functions to operate adequately to investment company risks. 9.2.13. ensures the cooperation of other structural units of the investment company with structural units engaged in risk management functions, as well as takes actions to prevent interference into its activities. 9.2.14. approves internal rules except for the cases specified in regulations of the Central Bank and if authorized by the Supervisory Board. 9.3. The executive body is accountable to the Supervisory Board. 9.4. The executive body should professionally and consciously discharge its duties and responsibilities in the internal control and risk management systems. 9.5. The direct or indirect control (curation) of one or more structural units of the investment company (except for the internal audit service) is conducted by a member of the executive body (the head of the sole executive body).

10. The risk management and internal control systems 10.1. A risk management system should be established in the investment company commensurate with the type and size of its operations, the nature and environment of its activities, as well as the complexity and risks faced. The risk management system of the investment company should comply with the requirements of Article 31.9 of the Law. The system incorporates 3 (three) defense lines: 10.1.1. Defense line 1: includes structural units responsible for identification, evaluation, management, reporting and monitoring of risks that pose direct risks to the investment company and risks on services, activities, processes, and systems at an initial phase, including investment company’s branches and divisions.

10.1.2. Defense line 2: includes structural units engaged in risk management and compliance functions in the investment company. 10.1.3. Defense line 3: includes the structural unit engaged in the internal audit function authorized to assess Defense lines 1 and 2. 10.2. Investment company’s risk appetite statement, risk management organizational structure, the risk management policy, risk limits, risk management on new services, consolidation of data and risk reporting are main elements of the risk management system. 10.3. Investment company’s risk appetite statement should fully cover all material risks and the risk appetite should be commensurate with the investment company’s business strategy. The statement determines resilience zones of the risk appetite on qualitative and quantitative indicators covering the risks exposed by the investment company and, in case of discrepancies, actions to be taken by the investment company. The statement is revised based on results of the previous year after the end of each calendar year during the first quarter of the next year and, if required, relevant changes are made. Compliance of risk appetite statement indicators with tolerance zones is monitored monthly. 10.4. The risk management policy covers at least the arrangement of the risk management, including segregation of authorities, types of services (operations) of the investment company, the risk management on business processes and information systems, as well as investment company’s risk approach to the introduction of new service (operation) types and systems. The risk management policy is revised at least once a year and, if required, changes are made therein. 10.5. In line with the risk appetite, risks limits are set on the entire investment company in accordance with the investment company’s size, risk profile and activity directions. The executive body approves sub-limits within the risk limits approved by the Supervisory Board. Risk limits are monitored on an ongoing basis and are adjusted to current market conditions and the investment company’s strategy. 10.6. The investment company’s internal control system should ensure risk identification and assessment likely to affect compliance with capital requirements, long-term profitability of investment company’s activities, the organization of a reliable and transparent reporting system, the evaluation of accounting and reporting systems, compliance with the requirements of legal acts regulating investment company activities, and business continuity in emergencies. 10.7. The internal control function includes structural units performing functions of Defense lines 2 and 3 (risk management, compliance, internal audit). At least the following should be provided on the internal control function: 10.7.1. powers of structural units engaged in control functions should be clearly specified and should be independent from business lines and units they examine. 10.7.2. heads of the structural units engaged in the control function should not perform different executive tasks simultaneously, and employees of the structural units engaged in the control function should not have executive obligations in the areas they monitor. 10.7.3. heads of the structural units engaged in the control function should report directly to the Supervisory Board and its committees, if necessary. 10.7.4. heads of the structural units engaged in the control function are appointed and dismissed at the decision of the Supervisory Board. Information on the dismissal (with reasons for

the dismissal and information on the new manager) should be reported to the Central Bank within 5 (five) working days after the decision was made. 10.7.5. structural units engaged in the control function should have adequate resources (e.g., professional staff, IT systems, access to necessary information sources, etc.) and authority to perform their duties effectively and objectively. 10.8. The internal control system of the investment company should be monitored on an ongoing basis. The structural units included to the internal control function should immediately report identified shortcomings that will have an adverse effect on investment company's stability indicators to the investment company's Supervisory Board, its committees, and the executive body, and other shortcomings on a periodic basis determined by investment company's internal rules. 11. The risk management function 11.1. The organizational structure of risk management in investment companies ensures clearly defined risk management powers and responsibilities, communication, and information flow between all levels of the organizational structure, actions against the conflicts of interests between structural units and authorized persons, an independent and transparent decision-making process, and an effective reporting system. 11.2. The Supervisory Board ensures the establishment of the risk management system, approves the risk management policy, internal rules, and the organizational structure, as well as the risk appetite statement, risk limits and the contingency plan, monitors risk management efforts by the executive body. 11.3. The main executor of the elements of the risk management system is the investment company’s centralized unit that manages investment company’s risks or one or some structural units, depending on the size and directions of investment company's activities. The structural units engaged in risk management are mainly responsible for risk assessment, analysis, monitoring, reporting, as well as for the development of the investment company’s internal risk management rules and the risk appetite statement. 11.4. Heads of structural units engaged in the risk management function should have at least 2 (two) year experience in risk management and be appointed by the Supervisory Board. The staff of the units should have access to any database in the investment company, internal operating systems, as well as internal audit reports. 11.5. The risk management process comprises necessary procedures and assessment methodologies for effective risk management in an investment company. The methods for identifying and evaluating the risks arising in the company’s activities are tailored to the volume and complexity of its risk profile. The risk assessment process should also consider both financial and non-financial risks incorporating ESG factors. 11.6. Structural units engaged in the risk management functions: 11.6.1. prepare and submit it to the Supervisory Board the risk management policy taking into account the input of the executive body. 11.6.2. monthly report to the executive body on risk limits monitoring results, as well as the risk profile of the investment company; when there are deviations in the risk appetite indicators,

immediately inform the Supervisory Board, indicating the reasons; in case of violation, submit the action plan on reducing the risk or adjusting risk limits to market conditions together with monitoring results of the next month at the latest to the Supervisory Board. 11.6.3. ensure reliable, transparent, comprehensive, and timely preparation of periodic reports indicating types and size of risks related to investment company activities. 11.6.4. submit proposals for enhancing the risk management system to the Supervisory Board. If deemed necessary, the Supervisory Board may request feedback from the executive body regarding the proposals. 11.6.5. ensure compliance of investment company risks with its risk-taking capacity. 11.6.6. participate in reviewing the risk appetite statement and in discussing matters related to risk management during Supervisory Board meetings. 11.6.7. make proposals to the Supervisory Board regarding the investment company’s current and future risk appetite for aggregate and individual risk types. 11.6.8. report to the Supervisory Board on the status of investment company’s risk culture. 11.6.9. review the investment company’s risk management policy at least annually. 11.7. The Supervisory Board reviews and assesses activities of structural units engaged in risk management functions annually. 12. The compliance functions 12.1. Every investment company establishes an independent compliance function equipped with specialized human and technological resources tailored to the nature of its activities, and the size and complexity of its operations. 12.2. The compliance function: 12.2.1. determines internal procedures and methods, as well as actions to be taken to identify, measure, monitor and control the investment company’s compliance risk. 12.2.2. submits reports to the Supervisory Board on a periodical, in the event of considerable compliance risks resulting from violations, on an extraordinary basis. 12.2.3. informs the Central Bank about risks and deficiencies identified that are likely to have adverse effects on investment company’s sustainability indicators, as well as actions taken or to be taken to address them. 12.2.4. develops training programs for investment company staff related to compliance risks and ensures the implementation of the program together with related structural units. 12.2.5. participates in the development of internal risk management rules and monitoring of observance of the risk appetite statement and policy in coordination with the risk management unit 12.2.6. supports the executive body in compliance risk management continuously. 12.2.7. participates in the expansion of investment services (operations) provided by the investment company, as well as in the development and introduction of new projects. 12.2.8. ensures internal communication on new requirements covering compliance risks. 12.2.9. identifies and periodically evaluates the conflict of interests in the decision-making process on investment company activities 12.2.10. monitors appeals of citizens related to activities of the investment company.

12.3. The compliance function may involve employees of other structural units and/or external experts to investigate identified violations. 12.4. Heads of the compliance function should: 12.4.1. have at least 2 (two) year work experience in the control function in the financial sector. 12.4.2. be fit and proper persons. 12.5. To ensure an effective compliance function, adequate information sharing with the internal audit unit should be facilitated. The internal audit unit should assess the effectiveness of this function at least once a year. 12.6. Head(s) of the compliance function are appointed by the Supervisory Board. 13. Internal audit 13.1. The investment company should apply the internal audit system that complies with the requirements specified in Article 32.2 of the Law. The internal audit function is Defense line 3 of the risk management system. It provides an independent support service to Supervisory Board and the executive body regarding the quality and effectiveness of the internal control and risk management system to safeguard the investment company and its reputation. 13.2. All areas of investment company's activities (including outsourcing) are encompassed within the scope of the audit function. 13.3. To ensure the effectiveness of the audit function, the Supervisory Board ensures full and unrestricted access to the entire database, including the investment company's assets, as well as prompt and efficient action by the executive body in response to the audit function's recommendations. 13.4. When performing audit activities, internal auditors should comply with the legislation, the statute of the internal audit service, professional standards, principles, guidelines, and rules established by the Institute of Internal Auditors. 13.5. The internal audit unit should include specialists in the areas requiring high technical knowledge and experience (e.g., IT, payment services, modeling, etc.). 13.6. In the areas requiring special knowledge and skills, the internal audit unit may use outsourcing (except for the investment company's external auditor). The internal audit unit is responsible for the effectiveness and quality of the audit work conducted in this way. 13.7. To avoid the potential loss of objectivity resulting from continuous performance of similar tasks, personnel within the internal audit unit are periodically rotated without prejudice to auditing (when the activity of several employees is envisaged within the function). The rotation order is outlined in the investment company's internal audit policy. 13.8. The head of the internal audit service is responsible for preparing the annual audit plan. The plan should consider the needs of the Supervisory Board and the executive body for enhancing oversight. The plan implementation audit may conduct reviews in any area of investment company's activities, considering the requirements of Item 8.5 herein.

13.9. The Audit Committee approves the audit plan. The budget for the plan should be sufficient to ensure activities of the internal audit function and should be adaptable to potential changes in the investment company's risk profile. 13.10. The internal audit assessment framework includes at least the following: 13.10.1. effectiveness and efficiency of internal control and risk management systems. 13.10.2. quality and adequacy of risk management function resources (staff, software, etc.). 13.10.3. consistency, accuracy, integrity, accessibility, confidentiality, and comprehensiveness of the information used on internal and external reporting. 13.10.4. compliance of investment company activities with the legislation and investment company’s internal rules. 13.10.5. safeguarding and safety of assets. 13.10.6. effectiveness and efficiency of IT, cyber and information security. 13.11. To enhance the internal audit, the executive body should inform the internal audit function on internal initiatives and projects, improvements, services, and changes to operations. 13.12. Internal audit reports are developed based on internal audit review findings. Audit findings are justified with facts and responsible persons (structural units) are specified in reports. 13.13. The audit unit monitors results of actions taken by the executive body regarding the audit report and reports to the Audit Committee and the Supervisory Board at least twice a year on the status of implementation of recommendations. 13.14. The Audit Committee assesses the effectiveness of the internal audit function no less than once a year, and the external audit no less than once in two years. If findings of recent three external audit reviews are satisfactory, the effectiveness of the internal audit function may be evaluated no less than once every five years. 13.15. Findings of external auditing of the internal audit function and actions plan on elimination of identified deficiencies are submitted to the Central Bank within 10 (ten) working days after obtaining review results, and the report on the implementation of the internal audit plan is submitted to the Central Bank on a semiannual basis within 10 (ten) working days after the end of each half-year. 14. Requirements for the remuneration process in investment companies 14.1. Every investment company establishes a remuneration policy tailored to its risk management policy. The remuneration policy should at least: 14.1.1. be oriented towards achieving investment company’s strategic targets. 14.1.2. be based upon investment company’s long term activity results and profitability. 14.1.3. be adequate to investment company’s risk appetite and contain excess risk perception. 14.1.4. not promote short-term income earning by assuming long-term risks. 14.1.5. avoid the conflict of interests. 14.2. The reward payment should aim to prevent the deterioration of capital adequacy and should not have an adverse effect on capital sustainability in the long term. 14.3. Remuneration of investment company staff and members of management bodies (except for members of the Supervisory Board who are paid as a percentage of retained earnings of the investment company) should not be provided only through bonuses (without position salary).

14.4. The remuneration policy should separately address conditions for granting bonuses for investment company staff and members of managerial bodies at least under the following categories: 14.4.1. special category staff of the investment company. 14.4.2. investment company staff engaged in the control function (this category includes staff of structural units of the investment company engaged in risk management, compliance, and internal audit functions). 14.4.3. specialists engaged in investment services defined by Article 30.3 of the Law and managers of such structural units. 14.4.4. other employees of investment companies not listed in sub-items 14.4.1 – 14.4.3 herein. 14.5. The amount of reward to be paid to the employees of the investment company defined in sub-item 14.4.2 of these Standards should not depend on the activity of the audited structural unit, nor should it compromise the independence of these employees. 14.6. The remuneration policy is approved by the Supervisory Board. The policy and changes therein are submitted to the Central Bank within 30 (thirty) days upon the date of approval. 14.7. The general meeting of shareholders decides on remuneration of members of the Supervisory Board and its committees. 14.8. The Supervisory Board approves the decision on remuneration of the staff of the investment company in consideration of Item 14.7 of these Standards. Except in cases where the general meeting of shareholders of an investment company, meeting the requirements of capital adequacy but operating at a loss (e.g., due to expansion of activities, changing the business model, financial rehabilitation, etc.), when deciding on the remuneration of the investment company's staff, the investment company should generate net profit as per the results of the financial year approved by an external auditor, the capital adequacy of the investment company should align with the prudential norms determined by the Central Bank both at the end of the financial year and at the time of the decision on remuneration. Circumstances leading to the decision by the general meeting of shareholders regarding the operation of the investment company at a loss should be reflected in the strategic plan of the investment company, as well as the maximum size of the award for the categories outlined in Item 14.4 of these Standards and the financial indicators used in the calculation during this period should be determined by the internal rules of the investment company. 14.9. Copies of remuneration decisions mentioned in Items 14.7 and 14.8 of these Standards are submitted to the Central Bank within 15 (fifteen) days from the date of the decisions. 14.10. A report detailing awards granted by the investment company to individuals specified in Items 14.4 and 14.7 herein, throughout the year and based on annual results (including the amount of the award per person), is to be submitted to the Central Bank by July 7 of each subsequent year. 15. Information disclosure 15.1. The data used in decision-making in investment companies, as well as the data made public should be adequate and comprehensive. Data should be reliable, updated, accessible and consistent. Communication channels should ensure that the staff fully understand and adhere to internal regulatory documents, including remuneration policies and procedures, as well as

communicate relevant information to the relevant staff. The investment company should have a recovery and business continuity plan in place to avoid data loss during unexpected events. 15.2. Financial statements, reflecting investment company’s performance and financial standing, are developed separately and on a consolidated basis following the International Financial Reporting Standards, while annual financial statements are audited and approved by an external auditor and disclosed along with the auditor opinion within the timeframe, specified in Article 61.12 of the Law. The annual financial report and consolidated financial statements are published on the investment company’s website along with the auditor opinion as per the legislation. Annual financial statements may also be published in print media. 15.3. Every investment company discloses the following information to data users to enable informed economic decisions, assess investment companies’ financial standing and effectively compare various investment companies when making decisions not less than once a year, in the event of significant changes to these data, not less than once evert six months: 15.3.1. general information on investment company’s related party operations (size, number). 15.3.2. attracted funds. 15.3.3. managerial bodies and officials (officials on local branches of foreign investment companies (a branch manager and his/her deputy, as well as an employee responsible for one or several structural units (curator)), their main and additional jobs, phone number, e-mail address, education, and qualification). 15.3.4. organizational structure. 15.3.5. the development policy (strategic vision and mission statement, targets). 15.3.6. return on shareholder capital and the dividend policy. 15.3.7. the size and source of investments. 15.3.8. turnover of and yield on securities of the investment company (including the type, form, state registration number, face value of investment securities, owners’ rights, maturity). 15.3.9. public projects. 15.3.10. information on investment company ratings, if any (the name of the rating agency, the date of rating, investment company’s current and previous rating). 15.3.11. internal committees functioning in the investment company, information on their main duties and composition. 15.3.12. information on significant changes in the investment company management and organizational structure. 15.3.13. main principles of the remuneration policy. 15.3.14. information on the external auditor auditing the company recent financial year. 15.3.15. information on investment company branches (the name, address, services (operations) provided, the date of opening and contact details). 15.3.16. information on investment company subsidiaries (the name, services provided). 15.3.17. shareholders with qualifying holding in investment company capital and information on their participation shares obtained according to requirements of the securities market legislation. 15.3.18. summary information on the number, content, and results of complaints from clients on the relevant period.

15.4. Local branches of a foreign investment company are not subject to the requirement on disclosure of the information specified in sub-items 15.3.5, 15.3.6, 15.3.8, 15.3.11, 15.3.15 and 15.3.16 herein. 15.5. Every investment company may disclose other information about its activity that it finds important, except for the information protected by law. 15.6. The information should adhere to the principles of reliability, comprehensibility, promptness, significance, actuality, comparability, when being disclosed a balance between transparency and protection of commercial interests should be maintained. 15.7. The order and periodicity of data disclosure, composition, and delivery to users, as well as the mechanism of coverage of these processes with internal control are established with internal rules approved by the Supervisory Board given the requirements herein. 15.8. Disclosed information is placed in a separate section of the investment company's website, clearly visible to users, structured in an accessible format and in excel or another exportable format. Financial statements should be kept on the investment company's website for at least three years from the posting date while other disclosed information until updated. The date the disclosed information was posted on the investment company's website and the information on the person responsible for responding to requests for disclosed information (1st, last names, phone number, e￾mail address) should be indicated. In addition, the same information may be placed in other media outlets. Based on data user requests, the data should be made available directly to them at no charge. 15.9. Financial statements and other disclosed information are signed by the head of the executive body of the investment company and the chief accountant. 16. Final provisions 16.1. Within 30 (thirty) days from the date of entry into force of these Standards, investment companies should submit the approved strategic plan for the next period to the Central Bank 16.2. Every 6 (six) months during the two years following the effective date of these Standards, the investment company should evaluate the compliance of the application of corporate governance with these Standards and the results should be submitted to the Central Bank within 15 (fifteen) working days after the completion of the evaluation.