Risk Management

Risk Management Policy

SCGP has established risk management processes that conform to international standards and integrated these processes into our business operations. This allows the Company to appropriately identify risks and opportunities in a timely manner and mitigate risks to acceptable levels. Simultaneously, the Company can explore opportunities that add value to the business to achieve organizational objectives, meet stakeholder expectations, support sustainable business practices, and follow the principles of good corporate governance. SCGP’s Risk Management Policy can be found on the company’s website (https://investor.scgpackaging.com/storage/downloads/corporate-governance/corporate-policies/20250103-risk-management-policy-en.pdf).

Risk Appetite Statement

“To grow its business in a profitable, sustainable manner,
SCGP will proactively manage its risks.
In doing so, SCGP does not tolerate risk that endangers the health & safety of its employees, business partners, customers or the communities in which it operates; violates SCGP’s environmental or compliance standards; OR that harms SCGP’s reputation.
SCGP will also knowingly take on risks with financial impact in line with prevailing corporate guidelines (note that these may change over time).”

Risk Management Framework

SCGP has implemented the Enterprise Risk Management Framework (ERM) in alignment with the COSO ERM Framework and ISO 31000 to effectively reduce the likelihood and/or impact of potential risks. SCGP’s risk management framework encompasses the areas below.

1. Strategy and Objective Setting

To ensure that risk management is aligned consistently throughout the organization, SCGP has explicitly outlined its objectives and risk appetite, considering short-term, medium-term, and long-term risks, including strategic risks that may significantly impact the business, investment project risks, and specific risks related to the current context and situation. In addition, SCGP has integrated risk consideration into the company’s medium-term and annual business plan.

2. Risk Management Governance and Structure

SCGP has established a risk management structure, as depicted in the diagram below:

Zoom In

Remark:
The Meeting of the Board of Directors held on November 26, 2024, passed a resolution to establish one additional sub-committee, namely the Risk Oversight Committee, effective from January 1, 2025, onwards. This sub-committee is therefore not included in the Corporate Governance Structure information as of December 31, 2024.

2.1 Corporate-level Risk Management

Roles and Responsibilities of the Board of Directors

The Board of Directors is responsible for establishing comprehensive risk management policies for entire organization, overseeing effective implementation, and regularly reviewing and assessing the risk management system, including when risk levels change, as detailed in the Charter of the Board of Directors.

Roles and Responsibilities of the Risk Oversight Committee

The Board of Directors assigns the Risk Oversight Committee with outlining appropriate risk management policies for the Company and providing recommendations on risk management policies to the Board of Directors, as well as promoting continuous improvement of risk management systems at all levels throughout the organization.

Roles and Responsibilities of the Audit Committee

The Board of Directors assigns the Audit Committee to review and ensure that the risk management process is efficient and effective, and that regular reports on risk management shall be made to the Audit Committee and the Board of Directors respectively.

Roles and Responsibilities of the Risk Management Committee

The Risk Management Committee consists of the Chief Executive Officer, who serves as Committee The Risk Management Committee consists of the Chief Executive Officer, who serves as the Committee Chairman, Chief Operational Officer of each business unit, Chief Regional Officer, Chief Customer Officer, Chief Operating Officer - Technology Sustainability and Productivity Officer, and Chief Financial Officer. The Risk Management Committee has the following core responsibilities:

Establish the risk management structure and identify responsible persons.
Consider and approve the risk management strategy, the risk management framework, and the risk management plan.
Review SCGP’s risk profile and monitor the performance of risk management throughout the organization.

2.2 Business-level Risk Management and Operational-level Risk Management

Strengthening risk management structures at both business and operational levels to align with company’s strategy. Risk Champions in each business unit, and Risk Coordinators at the operational level play a crucial role in implementing policies, processes, and risk management frameworks at their respective levels, as well as following established procedures. Using the Risk Assessment System (RAS) to identify, assess, monitor risk items, enabling access to monitor risks in a timely manner. Together with the Enterprise Dashboard and Performance Management System (PMS) to track performance to achieve business target and prepare risk management plans as part of the medium-term and annual business planning proposed to the Board of Directors

3. Risk Management Process

SCGP integrates the risk management framework into core operations, including strategic, investment project risk management, and operational risk management. The risk management process consists of the following key steps:

(1) Identify business risks/opportunities from both existing risks and emerging risks to align with the circumstances at each period.

(2) Assess the likelihood and impact of risks and opportunities with the RAS and Risk Map tool to determine the severity level and priority, using a common risk assessment system.

(3) Establish risk management measures, including key risk indicators and key performance indicators as both leading and lagging indicators, to anticipate risk events and control operations to achieve desired targets.

(4) Report risks to the Risk Management Committee and the Risk Oversight Committee, covering immediate risks, intermediate risks, and specific risks related to current situations, such as IT risks, while reporting to the Audit Committee on a quarterly basis.

(5) Regularly review risk management policies by taking into account significant changes to the organization.

To ensure a thorough risk consideration and alignment with the organizational context, the risk assessments must be conducted across the following risk universe categories:

(1) Safety, Health, and Environmental risk (2) Compliance risk (3) Intangible Risk (4) Hazard risk (5) Input risk (6) Process risk (7) Financial risk (8) Business risk

4. Risk Management Culture within the Organization

SCGP recognizes that corporate culture is an essential enabler for the success of risk management. Therefore, an organizational culture that promotes risk management is encouraged through the following activities :

Assigning top executives to communicate the significance of risk management and serve as role models. This includes establishing practical guidelines for a common risk language, risk appetite, and common risk assessment systems throughout the organization.
Assigning clear roles and responsibilities of risk owners for each risk item to ensure clarity and accountability in risk management.
Embedding risk management agendas in key meetings of each subsidiary at the executive level.
Encouraging experience sharing across departments and subsidiaries to continually communicate the benefits of risk management.
Systematically developing risk management capabilities by assigning Risk Champions at business level and Risk Coordinators at operational level to attend risk management training annually so that risk management tools can be applied appropriately.
Incorporating risk management into new hire training and development programs, as well as developing e-Learning courses accessible to all employees.

5. Risk Factors and Risk Management

In 2025, SCGP identified, assessed, and developed risk management plans for significant risks covering strategic, operational, financial, and compliance risks, as well as emerging risks that may impact organizational goals and operations, as well as risks posed to the investment of shareholders as follows:

	Key Risks	Severity	Key Risk Indicators
Strategic Risk	Volatility in Global Economy, Trade, and Geopolitics	High	Packaging demand growth rate, sales volume and selling prices of packaging products
	Merger & Partnership (M&P) Integration	Medium	Success level in business integration, operating results of acquired businesses
	Low-carbon Economy Transition	Medium	Greenhouse gas emissions, proportion of renewable energy consumption, carbon tax-related costs, proportion of low carbon footprint products
	Talent Development for Expansion	Low	Talent retention rate, employee engagement level within the organization
Operational Risk	Health and Safety from Operations, Transportation, and Travel	High	Number of accidents and work-related fatality rate, proportion of employees trained in safety and accident prevention, number of complaints or reports of workplace safety issues
	Cybersecurity and Data Security	Medium	Cybersecurity threat detection rate, number of cyber-attack incidents, proportion of employees trained in cybersecurity
	Cost Management in Supply Chains	Low	Energy and key raw material price index, freight index, labor costs, proportion of domestically sourced raw materials
	Human Rights	Low	Number of human rights complaints, number of suppliers assessed for human rights risks
	Natural Disasters Disrupting Supply Chain	Low	Water levels of nearby water sources, disruption rate of raw material and product transportation
Financial Risk	Interest Rate	Low	Proportion of floating and fixed interest rate debt, changes in market interest rates, cash flows for debt repayment
	Exchange Rate	Low	Rate of change in major currency exchange rates, ratio of foreign currency-denominated liabilities, gains or losses from exchange rates
Compliance Risk	Changes in Government Policies, Laws, and International Regulations	Low	Number of expired licenses and intellectual property, number of new laws or regulations affecting business operations
Emerging Risk	Global Supply Chain Shift Leading to Increased Regional Competition	Medium	Number of competitors in regional markets, market share, FDI investment value
	Technological Changes and Artificial Intelligence (AI) Adoption	Medium	Number of cybersecurity incidents caused by AI usage or application, proportion of employees trained in digital and AI, coverage of AI policies and governance frameworks
Risk to the Investments of Securities Holders	Risk from a Major Shareholder Holding More Than 50% of the Shares	Medium	Proportion of directors and executives who are independent from the major shareholder
Risk from Investment in Foreign Securities (in the Case Where the Issuer Is Foreign Agency)

Key Risks	Mitigations
Volatility in Global Economy, Trade, and Geopolitics	Diversified markets and expanded exports to new potential markets with high packaging demand growth, while supporting customer base diversification and lowering reliance on existing markets through product development and sales channel expansion. Increased the use of raw materials from within the fibrous business and the packaging paper business to enhance supply chain efficiency and control raw material costs. Managed profitability strategies and pricing flexibly in line with market conditions, alongside continuous efficiency improvement and cost control. Adjusted operational plans for each business group to align with market and regional conditions i.e. market diversification to reduce dependence on any single country, appropriate production capacity allocation, market expansion in ASEAN and new markets such as the Middle East, Oceania, and South Asia, as well as increasing wallet share with existing customers and developing value-added or environmentally friendly products to enhance long-term competitiveness. Enhanced the ability to reach and respond to customer needs through sales team development, use of data and digital tools for market demand analysis, and allocation of production capacity and products to match customer requirements.
Merger & Partnership (M&P) Integration	Implemented the Pre & Post Merger Integration Framework (PPMI), which is a clear screening and merging process aligned with best practices, including enterprise valuation, synergy value creation, good corporate governance, and culture integration. Appointed teams of advisors with expertise in various areas such as legal, accounting, IT, and finance to assess risks associated with investments and mergers and acquisitions, as well as to establish risk mitigation measures for value, business structure, and competitiveness. Regularly reported progress and presented business integration plans to senior executives for timely oversight and monitoring.
Low-carbon Economy Transition	SCGP set a target to reduce direct greenhouse gas emissions (Scope 1) and indirect energy-related greenhouse gas emissions (Scope 2) by 25% by 2030, compared with the 2020 base year, and to achieve net-zero greenhouse gas emissions by 2050. Investigated the needs of target industries in alignment with laws and government measures to offer Integrated Packaging Solutions that are environmentally friendly and help customers manage costs by utilizing resources efficiently from design to production. Enhanced efficiency and adjusted operational processes and equipment to reduce greenhouse gas emissions, increased the use of biomass fuels and solar roof projects. Regularly monitored and assessed climate-related events and risks under the supervision of the Climate Change and Energy Management working group, with disclosure in accordance with the Task Force on Climate-Related Financial Disclosures (TCFD) framework. Followed the Natural Climate Solution (NCS) principles by implementing forest planting and conservation projects to enhance carbon dioxide absorption and sequestration capacity through nature restoration and conservation activities both inside and outside plant areas in various provinces.
Talent Development for Expansion	Determined critical competencies, including leadership and functional competencies required for business operations and offered employees continuous opportunities to reskill and upskill, especially in capabilities required for the future. These competencies also serve as tools for capability assessment, development, and career planning to ensure business growth and competitiveness. Annually assessed talents and developed them by encouraging the establishment and implementation of self-development plans and learning programs that strengthen their competencies, such as learning sessions, a mentoring system, and project assignments. Established learning and development programs, succession planning, and career development plans. Blended learning sessions (70 20 10 model) were offered to equip employees with knowledge and skills required for the achievement of tasks and enable them to adapt to current and future changes of business. Implemented succession planning and talent management with a focus on future workforce preparation and employee potential development, while incorporating information technology systems in knowledge management to enhance organizational data and knowledge management efficiency.

Key Risks	Mitigations
Health and Safety from Operations, Transportation, and Travel	Complied with the SCG Safety Framework and performed annual self-declaration. Encouraged safety behaviors in employees and contractors following the Bradley Curve Model, setting goal for employees to adopt safety behaviors that ensure the safety of their teammates and enable them to work safely. Established risk identification and assessment processes, along with measures for risk mitigation and control, and set health and safety targets. Managed contractor safety through selection, control, and performance assessment processes under the Contractor Safety Management Committee. Stepped up transportation and vehicle use safety measures by developing skills and safety awareness of drivers and supporting compliance with relevant transportation standards. Promoted employee safety skills in each business line through the SCGP Felt Leadership program and fostered a safety culture through Caring Line Walk activities.
Cybersecurity and Data Security	Complied with SCGP e-Policy and ISO/IEC 27001 standards, and established the Security Operation Center (SOC) in the forms of on-premise SOC and on-cloud SOC. Complied with the Personal Data Protection Policy by developing management systems in accordance with laws, such as consent and withdrawal processes, Privacy Notice notifications, and appointment of Data Protection Officers (DPO) to provide advice and oversee internal operations. Tightened cybersecurity measures such as vulnerability scans, Privileged Access Management (PAM), network access controls, and the security of Industrial Control Systems (ICS), as well as network backup systems to provide alternative connection routes and support in case of incidents at the main data center. Established the Cyber Incident Response Plan to prevent business disruption from cyber-attacks, annual drills for the response plan and annual rehearsals of the Disaster Recovery Plan (DRP) for critical systems. Raised cybersecurity awareness through continuous training and activities, along with annual SCG e-Policy testing.
Cost Management in Supply Chains	Appointed the Coal Collaborative Committee to procure coal through pooled sourcing to achieve effective cost management. Increased the proportion of self-generated power production, reduced power purchases from external providers, and decreased the proportion of coal fuel usage by installing solar panels in the plants and enhancing the use of alternative fuels such as biomass energy from woodchips or bark. Adjusted procurement strategies and inventory management in line with market conditions and raw material prices by diversifying import sources from the U.S., Europe, Japan, and Australia. Increased the proportion of domestically sourced raw materials to reduce volatility from foreign dependence and maintained appropriate inventory levels. Adopted automation systems and AI technology to enhance competitiveness in production and service costs. Integrated supply chains among subsidiaries both domestically and internationally to improve production planning efficiency, shared use of raw materials, and inventory management.
Human Rights	Strictly complied with laws and international standards, particularly supporting and adhering to the Universal Declaration of Human Rights (UDHR), the United Nations Global Compact (UNGC), the International Labor Organization Declaration on Fundamental Principles and Rights at Work (ILO), and the Organization for Economic Co-operation and Development (OECD), as well as other relevant international requirements. Implemented a comprehensive Human Rights Due Diligence Process, from risk assessment, establishing prevention and remediation measures, monitoring results, and continuous communication, including assessing suppliers on various human rights issues and jointly developing improvement plans. Conducted Ethics e-Testing for employees covering topics such as human rights and labor, anti-corruption, trade competition, and anti-money laundering, with employees required to pass with a score of 100%. Improved employee benefits to cover all employee groups, such as leave for gender reassignment surgery, paternity leave to assist with childbirth, and leave for religious practices. Provided channels for inquiries and whistleblowing to enable stakeholders to report violations safely.
Natural Disasters Disrupting Supply Chain	Monitored water situations through information technology systems and Early Warning Systems (EWS), linking data from multiple sources such as the Royal Irrigation Department and the Meteorological Department for accurate risk assessment. Managed situations in risk areas through the Business Unit Management Team and Local Management Team, including implementing business continuity plans. Conducted drills for natural disaster response plans, both for cases affecting production processes or transportation routes, with preparation of backup resources such as alternative work areas and a Buddy Plant system to enable factories with similar production capabilities to substitute for each other. Reduced reliance on external water sources by improving water use efficiency in production processes according to the 3R principles (Reduce, Reuse, Recycle) and treating water to meet quality standards for reuse, enhancing water resource security and reducing risks from external water source volatility.

Key Risks	Mitigations
Interest Rate	Managed the proportion between floating and fixed interest rate debt at appropriate levels by offering debentures to public investors and obtaining term loans with fixed interest rates from commercial banks, as well as entering into interest rate swap agreements with international commercial banks to convert floating interest rates to fixed rates.
Exchange Rate	Implemented hedging through forward exchange contracts to reduce risks from exchange rate volatility. Monitored currency trends and used exchange rates in planning revenue from import and export sales to reduce volatility from currency conversion.

Key Risks	Mitigations
Changes in Government Policies, Laws, and International Regulations	Regularly monitored, assessed, and prepared for changes in government policies, laws, and regulations in countries where operations are conducted, while coordinating with relevant agencies to adjust operations in compliance with requirements in a timely manner. Utilized the Compliance and License Management System to store, monitor, and oversee legal compliance, including license status in countries where SCGP operates, with reporting to the Compliance Monitoring Committee and ESG Committee. Formulated and communicated key governance policies such as the Anti-Corruption Policy, Human Rights Policy, and Trade Competition Policy, alongside strengthening employee knowledge and understanding through annual Ethics e-Testing. Developed products to increasingly comply with international environmental standards, such as increasing the proportion of recycled materials, designing environmentally friendly packaging, and using FSC™-certified raw materials.

Key Risks

Mitigations

Changes in Government Policies, Laws, and International Regulations

Regularly monitored, assessed, and prepared for changes in government policies, laws, and regulations in countries where operations are conducted, while coordinating with relevant agencies to adjust operations in compliance with requirements in a timely manner.
Utilized the Compliance and License Management System to store, monitor, and oversee legal compliance, including license status in countries where SCGP operates, with reporting to the Compliance Monitoring Committee and ESG Committee.
Formulated and communicated key governance policies such as the Anti-Corruption Policy, Human Rights Policy, and Trade Competition Policy, alongside strengthening employee knowledge and understanding through annual Ethics e-Testing.
Developed products to increasingly comply with international environmental standards, such as increasing the proportion of recycled materials, designing environmentally friendly packaging, and using FSC™-certified raw materials.

Key Risks	Mitigations
Global Supply Chain Shift Leading to Increased Regional Competition	Expanded customer base to markets with potential and appropriate growth trends, such as export fruits, electronics, and electrical appliances, particularly in fiber packaging business, to enhance customer diversity and increase growth opportunities in new markets. Continuously maximized production capabilities and product development to create differentiation in quality, service, and value-added, accommodating increasingly diverse and complex customer needs. Developed strategic collaborations with Chinese customers and manufacturers in production, distribution, and joint product development to strengthen supply chain and expand the market base. Closely monitored competition trends, production base relocations, and impacts on regional supply chains to adjust strategies in line with situations in a timely manner.
Technological Changes and Artificial Intelligence (AI) Adoption	Established the SCGP AI Guideline based on the international standard ISO/IEC 42001, covering key principles including ethical AI usage, transparency and explainability of system outcomes, AI-related risk management, and compliance with laws and regulatory requirements. Communicated and encouraged employees to use internal AI systems within the organization to enhance cybersecurity and reduce data leakage risks. Continuously developed personnel capabilities and AI usage culture through communication, training, and new learning courses, while providing opportunities for employees to participate in experimenting with AI and further developing appropriate applications.

Key Risks

Mitigations

Global Supply Chain Shift Leading to Increased Regional Competition

Expanded customer base to markets with potential and appropriate growth trends, such as export fruits, electronics, and electrical appliances, particularly in fiber packaging business, to enhance customer diversity and increase growth opportunities in new markets.
Continuously maximized production capabilities and product development to create differentiation in quality, service, and value-added, accommodating increasingly diverse and complex customer needs.
Developed strategic collaborations with Chinese customers and manufacturers in production, distribution, and joint product development to strengthen supply chain and expand the market base.
Closely monitored competition trends, production base relocations, and impacts on regional supply chains to adjust strategies in line with situations in a timely manner.

Technological Changes and Artificial Intelligence (AI) Adoption

Established the SCGP AI Guideline based on the international standard ISO/IEC 42001, covering key principles including ethical AI usage, transparency and explainability of system outcomes, AI-related risk management, and compliance with laws and regulatory requirements.
Communicated and encouraged employees to use internal AI systems within the organization to enhance cybersecurity and reduce data leakage risks.
Continuously developed personnel capabilities and AI usage culture through communication, training, and new learning courses, while providing opportunities for employees to participate in experimenting with AI and further developing appropriate applications.

Key Risks	Mitigations
Risk from a Major Shareholder Holding More Than 50% of the Shares	The Board of Directors has established a conflict of-interest prevention policy, with guidelines, prohibitions, and various considerations for directors, executives, and employees to understand and comply with the policy. SCGP’s Board of Directors consists of 12 directors, of which 7 (or 58.3% of total directors) are independent directors. There are 11 non-executive directors, representing more than 90% of total directors. Furthermore, SCGP has stipulated the qualifications of an independent director with regard to shareholding: an independent director must hold shares not exceeding 0.5% of the total number of shares with voting rights of the Company, parent company, subsidiary, associated company, major shareholder, or controlling person, including shares held by related persons, to prevent any impact on independent judgment.

Key Risks

Mitigations

Risk from a Major Shareholder Holding More Than 50% of the Shares

The Board of Directors has established a conflict of-interest prevention policy, with guidelines, prohibitions, and various considerations for directors, executives, and employees to understand and comply with the policy.
SCGP’s Board of Directors consists of 12 directors, of which 7 (or 58.3% of total directors) are independent directors. There are 11 non-executive directors, representing more than 90% of total directors. Furthermore, SCGP has stipulated the qualifications of an independent director with regard to shareholding: an independent director must hold shares not exceeding 0.5% of the total number of shares with voting rights of the Company, parent company, subsidiary, associated company, major shareholder, or controlling person, including shares held by related persons, to prevent any impact on independent judgment.