Regulations/Rules relevant to the function of the Committee

The role, functions and the composition of the BAC are defined by the provisions of the:

• Banking Act Directions No. 05 of 2024 on Corporate Governance for Licensed Banks in Sri Lanka and amendments thereto (Effective January 01, 2025)
• Section 9.13 of the Listing Rules of the Colombo Stock Exchange
• Code of Best Practice on Corporate Governance 2023 issued by The Institute of Chartered Accountants of Sri Lanka (CA Sri Lanka)

Terms of Reference of the Committee

The BAC, operating under delegated authority from the Board, plays a key role in supporting the Board’s responsibilities by providing structured oversight of the Group’s financial reporting requirements, internal audit, internal controls, and external audit processes.

The Board-approved Charter/Terms of Reference (TOR) of the Committee comprehensively outline its purpose, composition, duties, responsibilities, and authority. The Committee is tasked with ensuring the quality and integrity of the Bank’s financial statements and disclosures, monitoring compliance with internal policies and regulatory requirements, strengthening internal controls over financial reporting, and assessing the performance and independence of the external auditor to protect the interests of shareholders and all other stakeholders.

The Committee’s Charter/TOR is reviewed annually to ensure continued alignment with evolving regulatory, governance, and operational requirements. During the year, the BAC Charter was reviewed and approved by the Board at its meeting held on October 31, 2025, reflecting the revisions introduced under the Banking Act Directions No. 05 of 2024 amendments thereto on Corporate Governance for Licensed Banks as well as to oversee the operating effectiveness of internal controls over sustainability reporting processes and disclosures. The revisions primarily incorporated the oversight responsibilities delegated to the BAC in relation to Sustainability-Related Risks and Opportunities (SRROs).

Key responsibilities of the Committee

• Ensure that financial reporting systems in place are effective and well managed in order to provide accurate, appropriate and timely information to the Board, Regulatory Authorities, the Management, and other stakeholders.
• Review the appropriateness of accounting policies, and ensure adherence to statutory and regulatory compliance requirements, and applicable accounting standards.
• Review the appropriateness and reasonableness of the underlying assumptions that inform the estimates and judgments applied in the preparation of the financial statements.
• Ensure that the Bank adopts and adheres to high standards of corporate governance practices, conforming to the highest ethical standards, and good industry practices, in the best interest of all stakeholders.
• Evaluate the adequacy, efficiency, and effectiveness of risk management measures, internal controls, including information systems controls, and governance processes in place to avoid, mitigate, or transfer current and evolving risks.
• Monitor all aspects of Internal Audit, Information Systems Audit, and External Audit program of the Bank, and review Internal and External Audit Reports for follow up with the Management on responses to their findings and recommendations.
• Review the Interim and Annual Financial Statements of the Bank, to ensure the integrity of such Statements prepared for disclosure, prior to submission to the Board.
• Oversee the design, implementation, and operating effectiveness of internal controls over sustainability data collection, aggregation, validation, and reporting to ensure completeness, accuracy, and reliability of sustainability disclosures.
• Oversee the independence of the Internal Audit Department and evaluate the adequacy of its scope, responsibilities, and resource allocation.
• Evaluate the independence, performance, and remuneration of external auditors, including limits on non-audit services and auditor rotation requirements.

Highlights of the year 2025

In 2025, BAC focused on reinforcing the integrity of the Bank’s financial reporting processes and enhancing oversight of key governance functions. In fulfilling its oversight responsibilities, the Committee independently reviewed significant accounting policies, material estimates, and management assumptions to ensure integrity and reliability of financial information presented to stakeholders.

During the year, the BAC reviewed the Bank’s Expected Credit Loss (ECL) framework, which was developed in accordance with applicable accounting standards and regulatory requirements. The Committee also assessed the adequacy of impairment provisions and material impairment-related adjustments, with due consideration of the key assumptions and management judgments applied. These reviews were conducted to ensure compliance with relevant accounting standards and supervisory expectations, and to provide assurance on the appropriateness, consistency, and robustness of the Bank’s impairment provisioning practices.

The Committee also reviewed the Group’s consolidated financial results, with particular emphasis on CAPEX investments, to ensure that such investments were appropriately justified, properly accounted for, and supported by the Group’s financial strength and long-term strategic objectives.

The Committee also assessed the impact of portfolio growth on key regulatory liquidity indicators, such as the Liquidity Coverage Ratio (LCR) and the Net Stable Funding Ratio (NSFR), with a view to ensuring ongoing compliance with regulatory requirements and adherence to the Bank’s approved risk appetite framework.

The Committee continued to monitor the effectiveness of the internal control framework, with emphasis on governance, compliance, and technology-related risks. Progress on management action plans was tracked to ensure sustainable resolution of control weaknesses and continuous improvement across the Bank’s operations.

The Committee reviewed the effectiveness of internal control systems over Related Party Transactions (RPTs) undertaken during the year to ensure compliance with applicable regulatory requirements, accounting standards, and the Bank’s approved policies. The Committee assessed the appropriateness of such transactions, including pricing and terms, to confirm that they were conducted on an arm’s length basis, duly approved, transparently disclosed, and did not give rise to conflicts of interest or undue risk to the Bank.

As the Bank accelerates its digital-first strategy, the Committee strengthened its oversight of technology governance and information system controls, ensuring that the Bank’s digital infrastructure remains resilient against the evolving threat landscape. In this context, the Committee encouraged the expeditious establishment of a Managed Security Operations Center (MSOC) as a key initiative to enhance real-time threat monitoring, detection, and incident response capabilities.

The Committee also maintained close oversight of the implementation of the Identity and Access Management (IAM) project, aimed at strengthening the Bank’s logical access controls and overall security posture.

In discharging its oversight responsibilities over the assurance functions, the Committee evaluated the effectiveness, independence, and objectivity of both the internal and external audit activities. The BAC further assessed the adequacy of internal audit resources, professional competencies, audit methodologies, and coverage to ensure continued alignment with the Bank’s evolving risk profile and regulatory expectations.

The Committee maintained regular and constructive engagement with the external auditor to support an independent, objective, and high-quality audit process, thereby strengthening the integrity and reliability of the Bank’s financial reporting.

Financial reporting

During 2025, BAC diligently discharged its responsibilities to ensure the reliability of financial reporting. The Committee rigorously reviewed the Bank's financial statements to confirm compliance with Sri Lanka Accounting Standards, maintaining transparency and the adequacy of disclosures. Special attention was given to evaluating critical accounting policies and significant judgments made in preparing the financial statements, ensuring consistency with industry standards and providing an

accurate and fair representation of the Bank’s financial position. The BAC also reviewed the assumptions underlying the Bank’s going concern status, including the viability statement, to validate their appropriateness in light of current and future risks. Furthermore, the Committee ensured that supplementary regulatory information, including tax assessments outstanding, was reported accurately and in full compliance with applicable laws and regulations.

In addition, the Committee reviewed the Group’s consolidated financial statements, focusing on the accuracy, completeness, and consistency of consolidation processes, inter-company balances, and related adjustments. The BAC assessed the financial performance and position of subsidiaries and its overseas operations to ensure that Group financial results appropriately reflected underlying business activities, capital investments, and risk exposures, and that they were aligned with the Bank’s strategic and capital management objectives.

The Committee also conducted focused reviews on the integrity of financial reporting for the Bank and the Group, taking into account key developments and risks during the year, including exchange rate movements, inflation trends, changes in interest rates, government debt restructuring and evolving regulatory requirements.

Additionally, the Committee obtained assurances from the Managing Director/Chief Executive Officer and the Chief Financial Officer regarding the integrity of the Bank’s financial records, confirming that the financial statements provided a true and fair view of the operations and financial position of the Bank and the Group.

Internal controls over financial reporting (ICOFR)

In accordance with Section 9.2(b) of Banking Act Directions No. 05 of 2024, and amendments thereto the Bank has established and maintains a robust framework to ensure the reliability and integrity of its financial reporting systems.

The Committee continued to assess the adequacy and effectiveness of the Bank’s internal control environment, ensuring the integrity and accuracy of its financial reporting. This oversight encompassed the evaluation of control design and execution within financial reporting processes, verification of compliance with regulatory requirements, and proactive identification of potential risks. In fulfilling its duties, BAC worked closely with both internal and external auditors to rigorously review these controls and promptly address any weakness identified. The Committee also ensured that Management has established robust processes to sustain continuous compliance, thereby ensuring the financial statements reliably reflect the Bank’s operational and financial position.

During the year, the Committee conducted a thorough review of the governance practices within the Finance function, including accounting policies and operational procedures, to ensure the robustness and adequacy of the account reconciliation process and the effective monitoring of suspense accounts. Pursuant to the recommendations of the BAC, an external consultant was engaged to assess and provide guidance on strengthening the internal control environment supporting the financial reporting process within the Finance Department. The Committee continues to closely oversee the engagement, monitoring the implementation of recommended enhancements and evaluating their effectiveness in improving the reliability, robustness, and sustainability of the Bank’s financial reporting controls.

The BAC also reviewed the adequacy and integrity of the Bank’s Management Information System (MIS) through internal audit reports to ascertain whether information presented to the Board is “fit for purpose”.

For Group companies, changes to internal control systems were reviewed by the respective Board Audit Committees, with significant matters escalated to the BAC for attention and resolution. This systematic approach ensures that internal control systems across the Bank and its Group companies remain strong and effective, aligned with regulatory requirements and the Bank’s commitment to sound governance.

The Committee reviewed and approved the Directors’ Statement on Internal Controls over Financial Reporting and Risk Management for disclosure in the Annual Report.

Integrated Audit, Internal Audit and IS Audit

The BAC provides oversight of the Bank’s Integrated Audit Function, which encompasses both Internal Audit and Information Systems Audit (ISA). The Committee ensured the independence and operational effectiveness of the Integrated Audit, maintaining its strategic alignment with the Bank’s evolving risk profile and organisational objectives. The Deputy General Manager – Management Audit reports directly to, and meets frequently with, the Chair of the BAC to maintain open and transparent communication.

The Integrated Audit function remained compliant with all applicable local regulatory requirements governing Internal Audit function, while aligning its methodologies and practices with internationally recognised professional standards. This included adherence to the International Standards for the Professional Practice of Internal Auditing issued by The Institute of Internal Auditors (IIA), as well as the Code of Ethics promulgated by Information Systems Audit and Control Association (ISACA).

In 2025, the BAC reviewed and approved a risk-based Integrated Audit Plan, developed jointly by the Inspection Department and the Information Systems Audit Unit. The plan adopts a proactive approach to audit prioritisation, integrating thorough risk assessments that encompass both conventional operational risks and emerging challenges, including cybersecurity threats, digital transformation complexities, risks associated with portfolio growth and climate-related financial risks. This approach ensures that audit efforts are concentrated on the most critical areas with the highest potential impact across the Bank and its subsidiaries.

The audit coverage is comprehensive, encompassing a blend of onsite, online, offsite and integrated audits to assess the effectiveness of processes and controls. In addition, thematic reviews and special reviews are undertaken to provide deeper insights into emerging risk areas, control weaknesses, and cross-functional process themes that may not be captured through routine audits. This combined approach ensured broader risk coverage, enhanced assurance, and proactive identification of systemic and emerging issues.

Regular updates from the Deputy General Manager – Management Audit provided the Committee with insights into key findings, risk exposures, and the progress of corrective actions implemented by the Management.

During the year, the Committee’s oversight priorities centered on key operational and financial control areas such as Financial Reporting, Treasury Operations, Lending, Branch Operations, Procurement, Payments, and ECL provisioning. The Committee’s independent oversight helped reinforce credit risk management

and ensured the adequacy and accuracy of impairment provisions. This oversight supported robust compliance with internal policies and regulatory requirements, while contributing to the ongoing enhancement of the Bank’s risk management framework and the strengthening of financial integrity and transparency.

During the year, the Committee reviewed and evaluated the audit coverage of the Information Systems Audit Unit (ISAU), ensuring that it remained aligned with the Bank’s key technology risk exposures, with particular emphasis on cyber resilience, IT governance, and regulatory compliance. The Committee’s deliberations covered both existing and emerging risk areas associated with the Bank’s digital transformation, including cloud adoption, API integrations, endpoint security, and the adequacy of vulnerability and privileged access management controls.

In addition, the Committee maintained oversight of key technology risk domains, including cyber risk, compliance with relevant standards (ISO 27001:2022 and PCI-DSS), IT operational risk, data governance and protection, access management, business continuity readiness, third-party service management, and network vulnerability management. Through such oversight, the Committee ensured that IT Controls and governance frameworks remained effective and consistently applied across local and overseas operations, thereby strengthening the overall technology control environment.

Additionally, the Committee evaluated the resource requirements of the Integrated Audit Department to ensure its capacity to deliver comprehensive audit coverage. The BAC will conduct the performance evaluation of the Deputy General Manager – Management Audit and senior staff members of the Internal Audit Department for 2025.

During the year, Committee members visited twelve branches and their corresponding Regional Offices. Insights and observations from these visits were shared with the Board and the Management, prompting deliberations on key strategic and business-related process improvements. Clear action points identified for immediate execution, as well as broader strategic initiatives to improve business operating models, strengthen control environments, and drive operational transformation across the branch network.

Effectiveness of the External Audit

The Committee reviewed the independence and effectiveness of the Bank’s External Auditor. To uphold stringent governance standards, the Committee ensures compliance with regulatory requirements, including limiting the auditor’s tenure to a maximum of six years and mandating the rotation of the lead engagement partner after three years within this period. Accordingly, Messrs KPMG, Chartered Accountants, continued as the Bank’s External Auditor for the financial year 2025, providing independent assurance and supporting the BAC’s oversight of financial reporting integrity.

The Committee met with the External Auditors independently, without the presence of Executive Directors and Management, providing them the opportunity to express their views freely on any matter. This process assured the BAC that management had provided all necessary information and explanations, imposed no restrictions on the audit’s scope, and maintained a cooperative relationship with the External Auditors, free of disagreements.

The BAC reviewed the Auditors’ Declaration regarding their independence, confirming compliance with the Code of Conduct and Ethics of The Institute of Chartered Accountants of Sri Lanka. Audit fees, expenses, and any non-audit services provided by the Auditors were scrutinised to ensure these did not impair their independence or objectivity. The Committee ensured that non-audit services adhered to regulatory requirements and the Board approved Policy on Non-Audit Services, thereby avoiding any restricted activities.

Following completion of the annual audit for the year ended December 31, 2024, the BAC reviewed other assurance reports, including the Management Letter and discussed its findings with the External Auditors before its formal submission to the Board and the Central Bank of Sri Lanka (CBSL). Further, the Committee evaluated the proposed Audit Plan and scope for the year ending December 31, 2025, ensuring that it remains aligned with the Bank’s strategic priorities and regulatory expectations.

Oversight on regulatory compliance

The Committee exercised diligent oversight to ensure the Bank’s full compliance with all relevant regulatory and statutory obligations. It comprehensively reviewed the Bank’s adherence to mandatory banking regulations and other legal requirements, evaluating the robustness of the existing compliance frameworks and internal controls. Quarterly compliance reports submitted by the Assistant General Manager – Compliance served as a key tool for the Committee to monitor ongoing compliance and promptly identify emerging risks. Furthermore, independent audits conducted by the Bank’s Inspection Department provided an additional layer of assurance, reinforcing the Committee’s confidence in the Bank’s regulatory compliance.

The Committee closely monitored the implementation of recommendations arising from the Central Bank of Sri Lanka’s Statutory Examination Reports through regular progress updates. It also reviewed the status of corrective actions taken in response to findings from the Bangladesh Bank’s Statutory Examination Report concerning the Bank’s operations in Bangladesh, ensuring that all issues were addressed in a timely and effective manner.

Risk management

The Committee diligently reviewed the effectiveness of the Bank's internal control mechanisms, ensuring compliance with regulatory requirements, particularly in relation to ICAAP, and the capital assessment process for the year 2024. In alignment with Section 10 (Pillar II – Supervisory Review Process) of the Banking Act Directions No. 01 of 2016 on the “Capital requirements under Basel III”, the Committee confirmed the integrity, accuracy, and reasonableness of the Bank’s capital adequacy assessment procedures.

The positive assurance statements submitted by the Chief Risk Officer provided the Committee with confidence that appropriate processes were in place to identify and manage significant risks. The Committee proactively sought and received assurances from relevant Business Units regarding the remedial actions implemented to address identified risks, ensuring the ongoing effectiveness and robustness of the internal control framework.

Governance, conduct, and ethics

Through a review of regulatory, external audit, compliance, risk and internal audit reports, the Committee ensured that Management’s role over the first and the second lines is clearly defined and segregated to fortify good governance. The Committee strongly advocated for and strengthened the internal audit function. The Deputy General Manager – Management Audit is independent from the Management in their reporting lines, and holds no operational decision-making responsibilities, which provides an additional degree of independence and governance.

During the year, a comprehensive assessment of the Bank’s governance framework was conducted, with particular focus on Board oversight, regulatory compliance, and the effectiveness of internal controls. Through this review, the Committee evaluated the Bank’s alignment with applicable legal, regulatory, and industry best practices. The assessment enabled the BAC to identify areas of strength, highlight opportunities for improvement, and make recommendations to enhance governance practices, reinforce regulatory compliance, and support the Bank’s long-term sustainability and resilience.

The Committee continuously emphasised on upholding ethical values of the staff members. In this regard, the Bank has a Code of Ethics, a Whistleblowers’ Charter and an Anti-Bribery and Anti-Corruption Policy in place, which ensure and encourage all staff members to be ethical, transparent and accountable and resort to whistleblowing if they suspect any wrongdoings or other improprieties.

The Committee ensured that appropriate mechanisms were in place to uphold the highest standards of corporate governance and to facilitate impartial investigations into incidents reported through the whistleblowing mechanism or identified through other means. Throughout the year, the Deputy General Manager – Management Audit provided the Committee with regular updates on the effectiveness of the whistleblowing program, including adequacy of control measures and the outcomes of key investigations.

In 2025, the Committee conducted a thorough review of the Whistleblowers’ Charter, which was subsequently endorsed by the Board, reinforcing the Bank’s commitment to ethical conduct and accountability.

Reporting to the Board

The minutes of the Committee meetings were tabled at Board meetings, thereby providing Board members with access to the deliberations of the Committee.

Committee evaluation and effectiveness

During the year, an independent evaluation of the BAC’s overall effectiveness was conducted by the other members of the Board. This review assessed the Committee’s discharge of its responsibilities, quality of oversight, engagement with Management and the auditors, and its overall contribution to the Bank’s governance and risk management framework. The evaluation concluded that the Committee was highly effective in fulfilling its mandate and supporting the Bank’s strategic objectives.

In addition, the BAC undertakes an annual self-assessment to support continuous improvement in its operations, reaffirm its independence, evaluate the adequacy of its collective expertise and resources, and confirm alignment with evolving best practices in corporate governance and audit oversight.

P Y S Perera
Chairman
Board Audit Committee

February 26, 2026

Terms of Reference of the Committee

The BIRMC was established in accordance with the Central Bank of Sri Lanka (CBSL) regulatory framework for Corporate Governance in licensed banks. Its formation historically aligned with Directions No. 11 of 2007, which was superseded by the Banking Act Directions on Corporate Governance for Licensed Banks No. 05 of 2024, dated September 30, 2024 and amendments thereto, issued by the CBSL. The composition and the scope of work of the Committee are in line with the said Directions, as set out in the BIRMC Charter which is reviewed annually, most recently in January 2026, which clearly sets out the membership, authority, duties and responsibilities of the BIRMC as described in the “Risk Governance and Management” Section of this Annual Report on pages 273 to 296.

The BIRMC assists the Board of Directors in fulfilling its responsibilities of overseeing the Bank’s risk management framework and activities including the review of major risk exposures, the steps taken to monitor and control those exposures pertaining to the myriad of risks faced by the Bank in its business operations. Responsibilities of the BIRMC include determining the adequacy and effectiveness of such measures and ensuring that the actual overall risk profile of the Bank conforms to the desirable risk profile, as defined by the Board. Special attention is given to the material risks that the Bank may face within its existing portfolio of risks, as well as for forward-looking and emerging risks that require action to minimise their potential impact on future performance.

All key risks such as Credit, Operational, Market, Liquidity, Information Security, Technology Risk and Cybersecurity, Strategic, etc. are assessed by the BIRMC regularly through a set of defined risk indicators. The Committee works very closely with the Key Management Personnel and the Board in fulfilling its statutory, fiduciary and regulatory responsibilities for risk management. The risk profile of the Bank is communicated to the Board of Directors periodically through the Risk Assessment report following each BIRMC meeting.

Activities in 2025

In discharging the above duties and responsibilities vested in the BIRMC, the Committee reviewed all significant and emerging risks during the year, focusing on their potential impact on the Bank’s operations, financial stability and strategic objectives. The activities carried out by the Committee are appended below:

• The Bank demonstrated continued resilience in 2025, proactively managing its credit portfolio amidst a dynamic market environment as the overall market showed improved signs of recovery and more stability compared to 2024. Recognising that the impact of shifting market conditions in various sectors required continued vigilance, the Bank, with the help of the Integrated Risk Management Department (IRMD), leveraged various internal capabilities and know-how to navigate the evolving economic landscape effectively.
• Local and global macro-economic factors were discussed with a view to identify and assess the impact of such factors on changes in the Banking sector as a whole and for the Bank, in order to initiate remedial action in a proactive manner. Further, various challenges experienced by the Bank due to socio-economic and geo-political factors gave rise to volatile market conditions. The impact of these factors on the Bank’s capital and performance were reviewed closely by the BIRMC, and mitigatory measures were deliberated accordingly to reduce the impact.
• Comprehensive risk oversight was maintained on all financial subsidiaries including Commercial Bank of Maldives and the Bangladesh operations. The Committee deliberated extensively on various risk aspects associated with the Maldives and the Bangladesh Operations, taking into account the macro-economic and political uncertainties that prevailed in both countries. Strategic decisions were made to mitigate potential impacts, strengthen resilience and proactively address emerging challenges.
• Comprehensive Policy and Guideline frameworks for Overseas Lending, Supply Chain and Distributor Financing, as well as Agency Banking, have been developed and implemented to reinforce and enhance the Bank’s overall Risk Management framework, ensuring robust governance, effective oversight, and alignment with regulatory and strategic objectives.
• Successfully established and operationalised the Operational Risk Review function to enhance the Bank’s operational risk landscape, enabling timely identification and escalation of critical risks to support informed Management decision-making.
• Reviewed and approved comprehensive scorecards for assessing climate related risks within Internal Capital Adequacy Assessment Process (ICAAP) 2024, covering the Bank’s lending portfolio, to ensure effective integration of climate risk into the capital planning process in alignment with industry best practices and regulatory expectations.
• Provided oversight of sustainability-related risks and reviewed and approved the Bank’s sustainability disclosures, ensuring compliance with SLFRS S1 and S2 standards and alignment with global best practices in sustainability reporting.
• Provided oversight of risk mitigation measures for IT incidents, cybersecurity breaches, and digital fraud, ensuring quarterly monitoring and reporting of IT and cybersecurity risks in compliance with regulatory requirements.
• Successfully implemented an automated, web-based solution for Individually Significant Customer (ISC) impairment assessments. This solution establishes a seamless end-to-end data pipeline for the accurate identification and validation of ISC exposures, thereby strengthening the Bank’s credit risk assessment framework. Implemented as part of the Bank’s broader digital transformation agenda and ongoing commitment to enhancing risk management practices, the initiative supports more robust credit risk assessments, timelier decision-making, and improved regulatory compliance.
• Artificial Intelligence & Machine Learning (AI & ML) Model Governance and Data Cleansing Policy frameworks were implemented to strengthen and enhance the Bank’s overall Data Governance framework, in line with the Personal Data Protection Act No. 09 of 2022 and industry best practices.
• Approval of parameters and limits set by the Management against various risk categories upon ascertaining that they are in accordance with the relevant laws and regulations as well as the desired policy levels stipulated by the Board of Directors.
• Periodic reports from the Management were reviewed on the metrics used to measure, monitor and manage risks, including acceptable and appropriate levels of risk exposures. The reviews covered both inherent and residual risk levels which indicated the progress of implementing controls and assessing the effectiveness of measures to address the sources of risk.
• Improvements were recommended to the Bank’s Risk Management Framework and related policies and procedures as deemed suitable, in consideration of anticipated changes in the economic and business environment, including consideration for emerging risks, legislative or regulatory changes and other factors relevant to the Group’s risk profile.
• The Key Risk Indicators (KRIs) designed to monitor the level of specific risks were reviewed regularly, with a view of determining the adequacy of such indicators to serve the intended risk management objectives. Moreover, proactive measures were taken to control risk exposures. The actual results computed monthly were reviewed against each risk indicator and prompt corrective actions were recommended to mitigate the effects of specific risks, in case such risks exceeded the prudent thresholds defined by the Board of Directors.
• Reviewed and revised the Terms of Reference of all Management Committees dealing with specific risks or some aspects of risk such as the Executive Integrated Risk Management Committee, Executive Committee on Monitoring NPLs, Credit Policy Committee, Information Security Council, Asset and Liability Committee, etc. for enhanced effectiveness. Actions initiated by the Senior Management were monitored periodically to verify the effectiveness of the measures taken by these respective Committees.
• The annual work plans, related strategies, policies and frameworks of the above Committees were reviewed to ensure that these Committees have a sound understanding of their mandates and mechanisms to identify, measure, avoid, mitigate, transfer or manage the risks within the qualitative and quantitative parameters set by the BIRMC.
• Reviewed and approved the ICAAP results related to Commercial Bank Group entities to ensure that the Group maintains an appropriate level and quality of capital in line with the risks inherent in its activities and projected business performance.
• Reviewed, approved and oversaw the Bank’s Recovery Plan (RCP) framework and accountability matrix whilst ensuring that RCP is subject to comprehensive internal audit. Moreover, the Early Warning Indicators/Trigger events defined in the RCP paper were periodically monitored in order to assess compliance with regulatory guidelines and Board approved RCP Policy parameters.
• Reviewed and approved the identified critical systems essential for uninterrupted banking operations, as per CBSL Banking Act Directions No. 16 of 2021 on Technology Risk Management and Resilience.
• Monitored the effectiveness and the independence of the risk management function within the Bank and ensured the adequacy of resources deployed for this purpose.
• Reviewed the effectiveness of the compliance function in order to assess the Bank’s compliance with laws, regulations, regulatory guidelines, internal controls and approved policies in all areas of business operation. Increasing regulatory expectations, challenging working conditions and heightened levels of misbehaviour of certain customer segments posed further challenges during the period under review in this front.
• Initiated appropriate action through the Management against failures of the Risk Owners in order to improve the overall effectiveness of the Risk Management of the Bank.
• The risk profiles of the Subsidiaries of the Bank were monitored through periodic review of KRIs and comprehensive annual risk reviews.
• Continually overseeing the Sustainable Banking Initiatives performed by the Bank (through Executive Sustainability Committee) whilst consistently directing the Data Governance Framework of the Bank and periodically evaluating the adequacy of controls deployed with regard to confidentiality, integrity and availability of Data Assets.
• Reviewed the adequacy of the Business Continuity and Disaster Recovery plans of the Bank, in line with the statutory requirements.
• Findings from the bi-annual Risk Control Self-Assessment (RCSA) exercise were reviewed.

During the year under review, the BIRMC held four (04) meetings on a quarterly basis and one (01) additional meeting specifically to discuss the ICAAP of the Bank.

Proceedings of the Committee meetings which also included activities under its Charter were regularly reported to the Board of Directors.

R Senanayake
Chairman
Board Integrated Risk Management Committee

February 26, 2026

Terms of Reference of the Committee

The Committee was established to ensure Board’s oversight and control over the selection of Directors, Chief Executive Officer and Key Management Personnel. The Composition and the scope of work of the Committee are in line with the Terms of Reference (TOR) of the Committee. The Committee makes recommendations to the Board on all new appointments to the Board and Key Management Personnel in line with its TOR. The Committee has overall responsibility for ensuring that the Board and its Committees have the appropriate balance of skills, experience, independence, diversity, and expertise to effectively discharge their respective duties and responsibilities. Refer Composition of the Board (as at December 31, 2025) – Figure – 63 on page 223 for further information in this connection.

The BNGC assists the Board of Directors in fulfilling the following responsibilities:

• Review the composition of the Board and its Committees and make recommendations for approval by the Board of the membership of Board and Board Committees ensuring appropriate skills and experience in sustainability, climate change and stakeholder governance to arrange Director development where required.
• Review the leadership needs of the organisation, both Executive and Non-Executive with a view to ensuring long term sustainability of the Bank to compete effectively in the market place.
• Implement a procedure for the appointment and re-appointment of Directors to the Board taking into account factors such as fitness, propriety including qualifications, competencies, independence and relevant statutory provisions and regulations.
• Oversee appointment and composition of the Sharia Supervisory Board (SSB or Sharia Board) of the Islamic Banking Unit (IBU).
• Implement a procedure for the selection/appointment of Managing Director/Chief Executive Officer (MD/CEO), Chief Operating Officer (COO) and other Key Management Personnel (KMP).
• Set the criteria such as academic/professional qualifications, skills, competencies, experience, independence, conflict of interest and other key attributes required for the eligibility to be considered for the appointment or promotion to the position of MD/CEO, COO and KMP.
• Prior to any appointment being made to the Board, evaluate the balance of skills, knowledge, experience and diversity on the Board and in light of this evaluation, prepare a description of the role and capabilities required for a particular appointment, and to conduct periodic evaluations of the performance of Board of Directors and the CEO to ensure that their responsibilities are satisfactorily discharged.
• Consider in respect of the Executive Directors and KMP proposals for their appointment or promotion and any proposal for their dismissal or any substantial change in their duties or responsibilities or the terms of their appointment.
• Prior to the appointment of a Director, ensure that the proposed appointee would disclose any other business interests that
• may result in a conflict of interest and report any future business interests that could result in a conflict of interest.
• Consider and recommend from time to time, the requirements of additional/new expertise for Directors and other KMP.
• Propose the maximum number of listed Company Board representations which any Director may hold in accordance with relevant statutory provisions and regulations.
• Peruse duly completed Affidavits and Declarations of all Directors and KMP and recommend same for approval of the Board.
• Consider if each Director is able to and has been adequately carrying out his or her duties as a Director taking into consideration the knowledge, experience and qualifications required to meet the strategic demands faced by the Bank, the number of directorships of listed Company Boards on which the Director is represented, other principal commitments and applicable provisions of Law.
• Establish and maintain a formal and transparent procedure to evaluate, select and appoint/ re-appoint Directors of the Bank.
• Ensure the Directors, CEO and the KMP are fit and proper persons to hold office as specified in Directions 03 and 8.2 of the Banking Act Directions No.05 of 2024 and amendments thereto in any other applicable laws and regulation.
• Formulate and annually review plans for succession for KMP, Executive and Non-Executive Directors in the Board and in particular the key roles of Chairman, CEO and Chief Operating Officer, taking into account challenges and opportunities facing the Company and skills needed in the future.
• Make recommendations to the Board concerning suitable candidates for the role of Senior Independent Director in instances where Chairman is not an Independent Director, and membership of other Board Committees as appropriate in consultation with the Chairpersons of those Committees. Additionally, the Committee ensures that all Directors are required to submit themselves for re-election at regular intervals, and at least once every three years, in accordance with the Section 9.11.6 of the Listing Rules of the CSE.
• Review and recommend the overall Corporate Governance framework of the Bank taking into account the Listing Rules of the CSE, other applicable regulatory requirements and industry/international best practices.
• Monitor the progress of any relevant Corporate Governance or Regulatory Developments and recommend any actions or changes it considers necessary for Board approval and ensure compliance with existing Laws and regulations.
• Be authorised to express their independent views when making decisions.
• Be authorised by the Board to obtain, at the Bank’s expense, outside legal or other professional advice on any matters within its TOR.
• Invite any Member of the Corporate Management, any Member of the Bank staff or any external advisers to attend meetings as and when appropriate and necessary.
• Periodically review and update the Corporate Governance Policies/framework of the Bank in line with the regulatory and legal developments relating to the same.
• Recommend to Board on the indemnity and insurance cover to be taken in respect of all Directors and other KMP in accordance with the Companies Act No. 07 of 2007 (as amended), Articles of Association and other applicable regulations or laws.
• Obtain the views of the Board Integrated Risk Management Committee in selecting the Chief Risk Officer and the Compliance Officer, and that of the Board Audit Committee in selection of the Deputy General Manager – Management Audit.
• Quarterly evaluate the status of Independence of the Independent Non-Executive Directors in terms of Direction 2.5(b) of the Banking Act Directions No. 05 of 2024 and amendment thereto.
• Ensure that the Directors are updated on the applicable laws, regulations, macroeconomic policies, latest technological developments and emerging financial sector and market developments relevant to the Banking industry on a continuous basis.
• Identify the training needs of the Directors and make recommendations to the Board relating to training, capacity building and professional development programmes for the Directors on a regular basis.

Activities in 2025

• In discharging the above duties and responsibilities vested in the BNGC, the Committee obtained declarations from all Directors (except the two Executive Directors) through a prescribed format, confirming their status of independence to ensure compliance with the Listing Rules of the CSE and the Banking Act Directions No. 05 of 2024 and amendment thereto. During the reporting period, there were no major issues that needed to be communicated to the Independent Directors.
• Affidavits signed by each of the Directors in the prescribed format were obtained with the assistance of the Company Secretary to satisfy an annual requirement imposed under a Direction issued by the Central Bank of Sri Lanka (CBSL) and the originals of same were furnished to the Director of Bank Supervision of CBSL to enable the CBSL to re-assess their fitness and propriety.
• In addition, Affidavits signed by each of the Director was obtained with the assistance of the Company Secretary to satisfy a regulatory requirement imposed on the Bank by the CSE to reinforce the Directors commitment towards upholding their Fitness and Propriety.
• Deliberated and recommended the Board Sustainability Committee (BSC) to align with global best practices and provide Board-level oversight to the Bank's existing Corporate Social Responsibility (CSR) Trust and green financing initiatives.
• The Committee, having considered the vacancy created in the Board by the retirement of Mr L D Niyangoda, identified a suitable candidate and recommended the appointment of Ms R M A S Parakrama as an Independent Non-Executive Director to the Board in August 2025.

Based on the Committee's recommendations, the Board approved several significant changes in the KMP cadre during the year. These changes included the appointment of a new Chief Digital Officer and Assistant General Manager – Marketing to the Bank. Deputy General Manager – HRM (Designate) was re-designated as the Deputy General Manager – Human Resource Management (HRM) pursuant to the retirement of the incumbent Deputy General Manager – HRM. Three Senior Officers were promoted to the grade of Assistant General Manager, and one Assistant General Manager was promoted to the grade of Deputy General

Manager. Three Assistant General Managers were re-designated to oversee Operations, Personal Banking and Corporate Banking and the Deputy General Manager – Finance was re-designated as the Chief Financial Officer.

• The BNGC recommended the proposed Director appointments for Board approval and subsequent nomination to the respective subsidiary boards.
• The BNGC conducted periodic evaluations on the performance of the Board of Directors and the CEO to ensure that their responsibilities are satisfactorily discharged. The Board approved the Succession Plan in May 2025, as recommended by the Committee.
• An Evaluation of the BNGC Performance by Directors who are not Members of the Committee was conducted to ensure that the Committee responsibilities are satisfactorily discharged.
• The BNGC deliberated in detail pertaining to results of the Self-Assessment Questionnaires, Board Assessment Questionnaires, and Assessment of the Effectiveness of Corporate Governance Practices.
• The BNGC ensures that induction programmes and orientation sessions for newly appointed Directors, covering Corporate Governance, Listing Rules, Securities Market Regulations, and other applicable laws and regulations, are conducted by the Bank after their appointment. The Committee continued to work closely with the Board of Directors on matters assigned to it and duties and responsibilities delegated to it in terms of the Committee’s TOR and reported back to the Board of Directors with its recommendations.
• An annual update was provided to existing Directors on Corporate Governance, Listing Rules, and other applicable laws and regulations by the Compliance Officer and the Company Secretary. The Bank has fully complied with the Corporate Governance requirements stipulated under the Listing Rules of the CSE. Additionally, the Bank has met all provisions outlined in the Banking Act Directions No. 05 of 2024 and thereto. Corporate Governance for Licensed Commercial Banks in Sri Lanka.
• During the year under review, the BNGC held nine (09) meetings.
• Proceedings of the Committee meetings which also included activities under the TOR were regularly reported to the Board of Directors.

Re-election/Election of Directors at the AGM 2026

As provided for in the Articles of Association of the Bank, the Committee recommended the retirement by rotation of two Directors and the election of one Director who was appointed to fill a casual vacancy on the Board during the year 2025. The Committee ensures that all Directors are required to submit themselves for re-election at regular intervals, and at least once in every three years, in accordance with the provisions of the Section 9.11.6 of the Listing Rules of the CSE.

Directors proposed to be re-elected/elected at the AGM 2026 Table – 86

Name of Director	Board Committees in which the Director is a Chairperson	Date of first appointment as Director	Date of last re- appointment	Directorships or Chairpersonships and other principal commitments both present and those held over the preceding three years in other Listed Entities	Any relationships including close family relationships between the candidate and the directors, the Listed Entity or its shareholders holding more than ten per-centum (10%) of the shares of the Bank
Ms J Lee	Board Nominations and Governance Committee	August 13, 2020	March 30, 2023 (Elected under Article 92 of the Articles of Association)	Refer “Board of Directors and Profiles” on pages 32 to 39	None
Dr S Selliah	Board Human Resources & Remuneration Committee Board Investment Committee	April 27, 2022	March 30, 2023 (Elected under Article 92 of the Articles of Association)	Refer “Board of Directors and Profiles” on pages 32 to 39	None
Ms R M A S Parakrama	N/A	August 11, 2025	N/A	Refer “Board of Directors and Profiles” on pages 32 to 39	None

Ms J Lee
Chairperson
Board Nominations and Governance Committee

February 26, 2026

Terms of Reference of the Committee

The Committee is vested with power to evaluate, assess, decide and recommend to the Board of Directors on any matter that may affect the Human Resources Management of the Bank and shall specifically include:

• Determining the compensation of the Chairman, Deputy Chairman, Managing Director and other members of the Board of Directors of the Bank.
• Determining the compensation and benefits of the Key Management Personnel (KMP) and establishing performance parameters in setting their individual targets.
• Lay down guidelines, policies and parameters for the compensation structures for all executive staff of the Bank and oversee the implementation thereof.
• Review information related to executive pay from time to time to ensure same is in par with the market/industry rates as per the strategy of the Bank.
• Setting goals and targets for the Directors, Managing Director and KMP.
• Evaluate the performance of the Managing Director and KMP against the pre agreed targets and goals.
• Make recommendations to the Board of Directors from time to time of the additional/new expertise required at the Bank.
• Review and recommend Sustainability – linked KPIs for relevant Executive Directors, Corporate management, and senior leadership and ensure appropriate linkage between Sustainability-Related Risks and Opportunities (SRRO) outcomes and remuneration.
• Assess and recommends to the Board of Directors, succession management and issues connected to the Organisational Structure.
• Recommend/decide/direct on disciplinary action where significant financial or reputational loss to the Bank is caused by KMP of the Bank.
• Review of the effectiveness of Terms of Reference of the Executive Human Resources Steering Management Committee.

The Chairman of the Committee can convene a special meeting in the event a requirement arises provided all members are given sufficient notice of such special meeting. The quorum for a meeting is three (3) members. Members of the Corporate Management may be invited to participate at the sittings of the Committee meetings as and when required by the Chairman, considering the topics for deliberation at such meetings.

Guiding principles

The overall focus of the Committee:

• Setting guidelines and policies to formulate compensation packages, which are attractive, motivating and capable of retaining qualified and experienced employees in the Bank.
• Providing guidance and policy direction for relevant matters connected to general areas of Human Resources Management of the Bank.
• Ensuring that the performance related element of remuneration is designed and tailored to align employee interests with those of the Bank and its main stakeholders and support sustainable growth.
• Structuring remuneration packages to ensure that a significant portion of the remuneration is linked to performance, to promote a pay for performance culture.
• Promoting a culture of regular performance reviews to enable staff to obtain feedback from their superiors in furtherance of achieving their objectives and development goals.
• Developing a robust pipeline of talent capable and available to fill key positions in the Bank.

Methodology adopted by the Committee

The Committee recognises rewards as one of the key drivers influencing employee behaviour, thereby impacting business results. Therefore, the reward programmes are designed to attract, retain and motivate employees to perform by linking performance to demonstrable performance-based criteria. In this regard, the Committee evaluates the performance of the Managing Director and KMP against the pre-agreed targets and goals that balance short-term and long-term financial and strategic objectives of the Bank.

The Bank’s variable (bonus) pay plan is determined according to the overall achievements of the Bank and pre-agreed individual targets, which are based on various performance parameters. The level of variable pay is set to ensure that individual rewards reflect the performance of the Bank overall, the particular business unit and individual performance. The Committee makes appropriate adjustments to the bonus pool in the event of over or under achievement against predetermined targets. In this regard, the Committee can seek external independent professional advice on matters falling within its purview.

Further, the Committee may seek external agencies to carry out salary surveys to determine the salaries paid to staff vis-à-vis the market position, enabling the Committee to make informed decisions regarding the salaries and perquisites in the Bank.

Activities in 2025

During the year, the Committee carried out its duties in accordance with the Committee’s Terms of Reference and regulatory requirements and maintained rigorous oversight of leadership performance and organisational stability throughout 2025. The Committee maintained rigorous oversight of the Bank's internal frameworks to ensure alignment with local labor laws and international best practices.

The Key activities carried out included the following:

• Executive Performance & Rewards: The Committee evaluated the performance of the Corporate Management, including the Managing Director/CEO. Based on a holistic review of the Bank’s financial results, market benchmarks, and the established reward scheme, the Committee recommended performance-based incentives for Board approval.
• Succession Planning & Talent Management: To ensure long-term leadership continuity, the Committee reviewed the Corporate Management structure. This assessment integrated the Bank’s Succession Plan with the career trajectories of high-potential internal candidates to align with future strategic needs.
• Enhancement of Staff Loan benefits: To ensure that total remuneration package remains competitive within the evolving talent market, the Committee conducted a comprehensive review of staff loan entitlements. Following this assessment, amendments were approved to enhance the benefit offerings, reinforcing our commitment to employee financial well-being and long-term retention.
• Review of HR Policy: The Committee carried out a comprehensive review of the Bank’s overarching Human Resources Policy to enhance employee welfare and operational efficiency. The Bangladesh Human Resources Policy was also reviewed by the Committee.
• Renewal of Outsourcing Policy: The Committee conducted a comprehensive review and renewal of the Bank’s Outsourcing Policy. This update ensures robust governance of third-party engagements, strengthens risk management frameworks, and aligns vendor performance with the Bank’s operational efficiency goals.
• Manpower Planning: Reviewed and formally submitted the Manpower Plan for 2025-2026. This plan focuses on optimising staff strength across branches and head office departments to meet the Bank’s growth targets.
• Organisational Structure Modification: In response to the Bank’s digital transformation goals, the Committee oversaw critical changes to the management hierarchy and approved strategic modifications to the Bank’s organisational chart to remove silos and improve cross-departmental agility.
• Resource Optimisation and Workforce Planning: To optimise organisational resources and facilitate career progression, the Committee reviewed and recommended a Voluntary Retirement Scheme (VRS) for Executive Assistants (EA). This initiative was specifically designed for EAs who have completed 20 years of service within the grade, ensuring a balanced workforce structure and addressing potential career stagnation.
• Corporate Management Recruitment: The Committee oversaw the recruitment process for Key Corporate leadership roles.

The Committee convened seven (07) times during the year. Further, the Committee maintained agility by reviewing and approving urgent matters via circular resolutions. Proceedings of the Committee meetings which also included activities under its Charter were regularly reported to the Board of Directors.

Dr S Selliah
Chairman
Board Human Resources and Remuneration Committee

February 26, 2026

Terms of reference of the Committee

Demonstrating its commitment to good governance, the Board of Directors of the formed the BRPTRC in 2014 by early adopting the Code of Best Practice on Related Party Transactions as issued by the Securities and Exchange Commission of Sri Lanka (SEC) which became mandatory for all listed entities from January 01, 2016.

The Committee assists the Board in reviewing all related party transactions (RPT) carried out by the Bank, all its subsidiaries in the Group to ensure that the interests of shareholders as a whole are taken into account by the Bank when entering into RPT and also to ensure that Directors, Key Management Personnel (KMP) and shareholders with material shareholding of the Bank do not secure any undue advantage due to their positions, thereby avoiding any conflicts of interest. The Committee also assists the Board in maintaining transparency in relation to RPT with the required disclosures.

The mandate of the Committee includes inter-alia, the following:

• Developing, updating and recommending a RPT Policy consistent with that proposed by the Section 9 of the Listing Rules on Corporate Governance issued by the Colombo Stock Exchange (CSE), the Banking Act No. 30 of 1988 and amendments thereto and the Directions issued thereunder for adoption by the Board of Directors of the Bank and its listed subsidiary.
• Updating the Board of Directors on the RPT of the Bank and each of the companies in the Group as and when required.
• Advising the Board in making immediate market disclosures on applicable RPT as required by the Section 9.14.7 of the Listing Rules of the CSE.
• Advising the Board in making appropriate disclosures on RPT in the Annual Report as required by the Section 9.14.8 of the Listing Rules of the CSE.
• Reviewing and recommending RPT as per the RPT Policy for the approval of the Board of Directors.

Methodology adopted by the Committee

• Reviewing the mechanisms in place to obtain declarations from all Directors (at the time of joining the Board and quarterly thereafter) by the Company Secretary, the primary contact point for Directors, of any existing or potential RPT carried out by them or their Close Family Members (CFM) and obtaining further declarations in the event of any change during the quarter to the positions previously disclosed.
• Reviewing the mechanisms in place to obtain confirmations on any new appointments accepted by Directors of the Bank in other entities as KMP, informing the Company Secretary to identify and capture transactions carried out by the Bank with such entities, if any, which need to be disclosed under ‘Directors’ Interest in Contracts with the Bank’ as disclosed on pages 271 and 272 of this Annual Report.
• Reviewing the mechanisms in place to capture and feed relevant information on RPT, which also includes information on KMP, CFM and the Bank’s subsidiaries into the data collection system and the accuracy of such information.
• Ensuring that a Director who has a material personal interest in matters considered at meetings is abstained while the matter is being discussed at meetings and does not take part in recommending such RPT to the Board of Directors.
• Obtaining an annual declaration from each Director, as required by the CBSL which is designed to elicit information about any existing or potential RPT.
• Ensuring that annual declarations are submitted by Directors directly to the Bank’s external auditor immediately after the closure of the Financial Year for external audit purposes.
• Obtaining independent validation from the Bank’s Internal Audit division for information submitted to the Committee for its review.

Following types of RPT were brought to the attention of the Committee during the year under review as required by the Sections 7.3 and 7.4 of the Banking Act Directions No. 05 of 2024 on Corporate Governance for Licensed Banks and amendments thereto issued by the CBSL.

• Any credit facility or any other form of accommodation for Related Parties- “Individuals” as identified by the Directions aforesaid as approved by the Board.
• Any credit facility or any other form of accommodation for Related Parties- “Entities” as identified by the Directions aforesaid as approved by the Board.

Activities in 2025

During 2025, under the oversight and guidance of the BRPTRC, the Bank implemented a range of strategic initiatives aimed at enhancing the governance and monitoring framework for RPT, as given below.

• Established the Executive Related Party Transactions Review Committee (ERPTRC) to support the BRPTRC in identifying potential issues in RPT, reviewing quarterly declarations from business and other units, evaluating the RPT Policy for improvements, conducting staff training and awareness, and escalating matters requiring corrective action or guidance to the BRPTRC.
• Implemented a Related Party Framework within the Core Banking System To enhance RPT tracking and monitoring. This system enhancement enables the client-facing teams to identify and monitor Related Parties during customer onboarding, customer inquiry, and maintenance functions on customer information, with system alerts configured to display the relationship during these functions. Complementing this, the RPT Knowledge Hub was developed and hosted on the Bank's intranet to serve as a central repository for all RPT-related policies, guidelines, and information, improving accessibility and awareness across the Bank.
• The RPT Policy and the Terms of Reference (TOR) of the Committee was reviewed and updated during the year as part of the Bank's ongoing policy review process. The amended RPT Policy and the TOR was reviewed and approved by the Board and arrangements were made to disseminate the amended RPT Policy among all relevant stakeholders for their acknowledgement and implementation.
• Awareness sessions were also conducted by the Finance Division for relationship managers and the regional managers to educate them on the requirements of the Banking Act Directions for compliance.

Meetings

The Committee held four (4) meetings during the year under review as required by Section 9.14.4 ( I ) of the Listing Rules. The Committee reviewed all RPT carried out during the year at its quarterly meetings and the proceedings of the Committee meetings, which also included activities under its TOR, were regularly reported to the Board of Directors for information.

P M Kumarasinghe
Chairman
Board Related Party Transactions Review Committee

February 26, 2026

Terms of Reference of the Committee

The BCC assists the Board of Directors in effectively fulfilling its responsibilities relating to Credit Direction, Credit Policy and Lending Guidelines of the Bank in order to inculcate healthy lending culture, meeting standards and best practices and ensure relevant rules, regulations and directions issued by the appropriate authorities are complied with.

Responsibilities of the BCC include:

• Review and consider changes proposed by the Management from time to time to the Credit Policy and the Lending Guidelines of the Bank.
• Review the credit risk controls in lending, ensure alignment with the market context and the internal policy of the Bank and the prevailing regulatory framework in order to ensure continuous maintenance and enhancement of the overall quality of the Bank's loan book.
• Evaluate, assess and approve credit proposals which fall within the delegated authority level of the Committee as prescribed by the Board from time to time.
• Ensure Bank follows appropriate credit pricing taking in to account the capital charges in relation to the lending limits.
• Evaluate, assess and approve concessions on interest and writing off of bad debts within the delegated authority level of the Committee as prescribed by the Board from time to time.
• Review and recommend credit proposals which fall within the purview of the Board.
• Evaluate and recommend counterparty exposures, sector exposures and cross border exposures to the Board as per the frequencies identified in the Risk Management Policy of the Bank.
• Review and evaluate special reports called for by the BCC.
• Set lending directions based on the current economic climate and risk appetite of the Bank.
• Proactively review, discuss and remedy significantly large lending exposures with increased vulnerabilities.

The Committee works very closely with the Key Management Personnel and the Board in fulfilling its statutory, fiduciary and regulatory responsibilities for risk management.

Activities in 2025

The activities carried out by the Committee are appended below:

• The Committee navigated a complex macroeconomic and geopolitical landscape, the Committee provided strategic oversight of the Bank's credit direction, prioritised disciplined credit growth and portfolio quality, while further integrating Environmental, Social, and Governance (ESG) considerations into the Bank’s lending framework to ensure long-term resilience.
• The Bank closely monitored the significant physical and economic disruptions caused by Cyclone Ditwah when determining strategic credit directions.
• The Committee approved credit proposals above the predetermined limit and recommended credit proposals and other credit reports for approval/perusal by the Board of Directors after careful scrutiny.
• The Committee ensured strict compliance with applicable regulatory requirements concerning Large Exposure Limits and Related Party Transactions.
• The Committee provided guidance for the implementation of customer profitability metrics such as Gross Return on Assets (GROA), Net Return on Assets (NROA) and Capital Adjusted Return Metrics.
• The Committee deliberated strategies and framework for overseas lending for better credit and FX related risk management.
• The Committee deliberated on credit-related implications from political changes for the Bank's operations in Bangladesh and Maldives.
• The Committee conducted its first-ever meeting in Bangladesh, marking a significant milestone in the Bank’s oversight of its international operations and demonstrating a deepened commitment to the regional credit portfolio.
• Members of the Committee engaged in direct field assessments, visiting large-scale industrial facilities of key corporate clients in Bangladesh. These site visits provided the Committee with firsthand insights into the operational scale and market dynamics of the Bangladesh portfolio, further strengthening the Bank’s credit evaluation process for cross-border facilities.
• The Committee engaged in strategic dialogue with the Governor of the Central Bank of Bangladesh to assess the nation's macroeconomic stability. These discussions focused on the resilience of key economic drivers, including remittance flows and export performance, ensuring the Bank’s credit strategy remains aligned with Bangladesh’s regulatory and economic trajectory.
• The Committee executed its mandate in strict alignment with the Bank’s lending policies and regulatory requirements. By operating within the Board-approved credit risk appetite, the Committee ensured the portfolio was managed according to stipulated risk parameters while successfully meeting the Bank's strategic lending targets.
• The Committee deliberated and reviewed on various Policies such as the ‘Group Environmental and Social Risk Management Policy’ and the ‘Credit Risk Review Policy’, ‘Write off and Write down Policy of Credit Facilities’ of the Sri Lankan Operations of the Bank.
• The Committee reviewed the activities of the Business Revival and Rehabilitation unit on a quarterly basis.
• The Committee deliberated on credit exposures of the Bank to various sectors such as ‘Rice Mill Industry’ and ‘Tourism Sector’.

During the year under review, the BCC held Twelve (12) meetings, and the proceedings of the BCC meetings were regularly reported to the Board of Directors.

S Muhseen
Chairman Board Credit Committee
February 26, 2026

Terms of Reference of the Committee

The BSDC was established to have an overall Bank-wide strategic management oversight. The Committee is empowered:

• To assist the Board in performing its core responsibilities relating to the Bank’s strategy.
• To advise and monitor the Management on:
• Identification of business strategies geared for the sustainable development of the Bank; and
• Establishment of processes for planning, implementing, assessing and adjusting of the business strategies.
• To oversee the Management’s engagement on the strategic perspective, direction and development of the strategy for the Bank and its business units.
• To oversee the Management’s implementation of the approved strategic plan and the progress against strategic milestones and goals.
• To oversee the Management’s implementation of major business transformation projects and their execution.
• To engage in detailed discussion and provide guidance to the Management on:
• Whether the governance, risk appetite, financial and capital planning, liquidity and funding management, risk and control environment and resources can support the Bank’s strategic objectives.
• Divestitures, Mergers and Acquisitions (M&A) strategies including post transaction performance tracking.
• The impact of changes in the competitive environment.
• To foster a cooperative, interactive strategic planning process between the Board and the Management.
• To provide recommendations for strategic direction of the Bank’s subsidiaries whenever appropriate.

Activities in 2025

The activities carried out by the Committee are appended below:

• The Committee emphasised the elevation of customer experience as a core strategic differentiator. In this regard, the Committee evaluated the advancement of digital tools and the implementation of comprehensive human capital development programs designed to equip staff with the competencies required for a service-led transformation.
• The Committee deliberated on the importance of standardising service levels across all customer touch points.
• The Committee evaluated the strategic progression of the Bank’s digital banking platform, focusing on the impact of new product offerings on customer satisfaction and identifying future enhancements to optimise the platform’s overall effectiveness and market reach.
• The Committee discussed the use of data analytics and AI to improve customer experience.
• The Committee requested regular presentations by the Chief Information Officer on the technology road-map and ongoing technological developments within the Bank.
• The Committee conducted a comprehensive performance review of the Bank's subsidiaries, focusing on strengthening Group-wide synergies. Deliberations centered on optimising subsidiary operations and aligning their strategic road-maps with the Group’s overarching objectives to enhance their collective contribution to consolidated earnings and shareholder value.
• The Committee conducted a collaborative Mid-Year Review of the 2025 Budget and 2025–2029 Corporate Plan with the Board of Directors to assess progress.
• The Committee deliberated on the potential stress on the capital adequacy arising due to many external factors and measures that need to be taken to augment capital adequacy.
• The Committee reviewed and discussed matters of importance arising from the Minutes of the Executive Strategy Development Committee Meetings.
• The Committee discussed strategies for the Bank’s overseas expansion, focusing on potential markets and entry strategies.
• The Committee conducted discussions regarding the initiation of operations at the Colombo Port City, exploring feasibility, strategic implications, and operational considerations to make informed decisions moving forward.
• The Committee deliberated on the commencement of the Islamic Banking Window Operations during the year under review.
• The Committee formulated the strategic transition of the Elite Banking segment towards 'World-Class Excellence,' prioritising the delivery of superior customer experiences and the deployment of advanced wealth management capabilities to meet the expectations of the global affluent market.

During the year under review, the BSDC held nine (09) meetings and the proceedings of the BSDC meetings were regularly reported to the Board of Directors.

S Muhseen
Chairman
Board Strategy Development Committee

February 26, 2026

Terms of Reference of the Committee

The primary objective of the BTC is to ensure technology initiatives align with the Bank’s strategy while maintaining secure, reliable, and compliant systems. In 2025, the Terms of Reference (TOR) were updated to include oversight of the effectiveness of data governance, AI ethics frameworks, and the value realisation of technology investments. The Committee also expanded its focus to include governance of emerging technologies like Artificial Intelligence (AI) and the Cybersecurity Strategy roadmap.

Activities in 2025

The Committee convened on eight (08) occasions during the year. Proceedings were reported to the Board with recommendations on the 2026–2030 Strategy, which focuses on AI & Hyper-Personalisation, Customer-Facing Intelligence, and Ecosystem Banking. The Bank demonstrated a strong capacity for execution, delivering over 520 projects in 2025, exceeding the initial target of 350.

Key IT initiatives in 2025

• Digital Transformation Performance: Overall digital penetration reached 86.42% as of August. Revenue from digital channels grew by 33%, surpassing the Rs. 1 billion mark.
• AI and Data Science (BCG Project): Successfully launched SME underwriting models and initiated personal and housing loan scorecards. The Bank is moving toward an "AI Super Assistant" model to provide ultra-personalised services to 100% of users.
• OneApp (Super App) Platform: Advanced the development of a unified application to consolidate existing mobile apps. The Phase 1 go-live is planned for H1 2026, with a full Sri Lanka launch in H2 2026.
• Micro services Architecture: Orchestrated the transition to a robust Micro services Architecture. This shift replaces rigid monolithic structures with a dynamic ecosystem, ensuring our infrastructure is fully AI-ready and highly adaptable to market demands.
• Identity and Access Management (IAM): Implemented Single Sign-On (SSO) for internal staff and critical systems like Corporate Banking to mitigate risks of dormant user accounts.
• Customer Data Platform (CDP): Commenced implementation of a CDP to act as the "central nervous system," unifying siloed data for a 360-degree customer view.
• Infrastructure Modernisation: Started Software-Defined Wide Area Network (SD-WAN) implementation for foreign regions to enhance security and centralised management.

Information security and resilience

The Bank continued its Information Security Roadmap (2025–2029), prioritising 20 critical projects. Key milestones included:

• Managed Security Operations Center (MSOC): Shortlisted and recommended vendors for 24/7 proactive threat detection and incident response.
• Network Access Control (NAC): Progressed with site-wise deployment after a successful Proof of Concept (POC) to ensure only authorised devices access the network with the posture verification.
• Database Encryption: Achieved full encryption for branch workstations and production/DR Nutanix virtual servers.

Modernisation & governance

To ensure the Bank remains at the forefront of the industry, the Committee prioritised a "Future-Ready" technology strategy. Major recommendations for the year focused on redefining the customer experience by developing an all-encompassing digital banking platform and integrating frictionless payment solutions.

By recommending the acquisition of centralised data platforms and advanced analytics engines, the Committee has prioritised a shift towards Data-driven Hyper-Personalisation, ensuring that customer interactions are timely, relevant, and tailored to individual needs.

Simultaneously, the Committee reinforced the Bank's defensive posture by approving the procurement of advanced cyber-surveillance tools and upgrading global disaster recovery capabilities. The roadmap also emphasised internal efficiency, with significant approvals for the digitisation of workforce management and risk compliance frameworks, ensuring the Bank’s operations are as agile as its digital channels.

Future outlook

The Bank is establishing a Change Acceleration Office (CAO) and a ‘Digital Academy’ to build agile, cross-functional skills. The strategic shift for the next decade focuses on transitioning from Graphical User Interfaces (GUI) to Language User Interfaces (LUI), powered by AI agents that anticipate and serve customer needs conversationally.

Ms D L T S Wijewardena
Chairperson
Board Technology Committee

February 26, 2026

Terms of Reference of the Committee

The BIC is mandated to achieve the Bank’s financial goals, whilst maintaining market risk and liquidity risk at desired levels and maintaining a healthy capital buffer at all times.

In October 2025, the Committee reviewed the Terms of Reference (TOR) and approved them with no changes incorporated. Subsequently, in November 2025, the Committee formally approved the TOR for the year. The Committee also reviewed the TOR for the Asset and Liability Committee (ALCO) and recommended it be submitted to the Board Integrated Risk Management Committee (BIRMC) for better alignment with risk management functions.

Methodology adopted by the Committee

The Committee met monthly during the year to discuss, review, and action key responsibilities, including defining investment objectives, overseeing asset allocation, approving investment limits, and evaluating macroeconomic developments.

Activities in 2025

The Committee evaluated and recommended actions proposed by the Management in areas of investment, risk management, and capital mobilisation. Following key areas where the Committee was required to recommend and make decisions can be highlighted:

• Capital Augmentation (Green Bond): Recommended for approval by the Board and monitored the issuance of a Basel III compliant Tier 2 Green Bond. This included setting provisional interest rates (10.5%-12.5% AER) and overseeing the successful conclusion of the issue in August 2025, which received Rs. 22 Bn. in bids for the Rs. 15 Bn. issuance.
• Strategic Asset Allocation: Guided the Bank’s strategy to liquidate portions of the LKR investment portfolio to fund credit growth and manage liquidity, ensuring the Net Interest Margin (NIM) was optimised against a backdrop of declining portfolio yields.
• Bangladesh Operations Expansion: Significant policy changes for Bangladesh operations, including the “Capital Markets Investment Policy” to commence equity investments and the enhancement of High Frequency Trading (HFT) portfolio limits to BDT 45 Bn. were recommended for approval by the Board. The Committee also approved Money Market limits for selected local banks to facilitate term lending.
• Foreign Currency Investment Strategy: Recommended the investment of USD 30 Mn. in Past Due Interest (PDI) bonds under the Fair Value through Other Comprehensive Income (FVOCI) portfolio to enhance foreign currency yields for approval by the Board. The Committee also monitored the impairment and capital repayment of these instruments.
• Risk and Limit Management: Reviewed and recommended counterparty limits for various international financial institutions, including Qatar National Bank, Bank of Bahrain, SMBC, and First Abu Dhabi Bank for approval by the Board. Additionally, the Committee approved the increase of overall USD/LKR swap limits to USD 350 Mn.
• Macroeconomic Monitoring: Conducted continuous assessment of macroeconomic risks, specifically the impact of US tariffs on the export sector, the economic impact of the “Ditwah” cyclone, and the application of the Taylor Rule in forecasting policy rates.
• Investor Relations: Tracking of the share price and pricing recommendations by different analysts, and discussion of the investor relations activities by the Bank.

Dr S Selliah
Chairman
Board Investment Committee

February 26, 2026

Formation of the Committee

The Board Sustainability Committee (BSC) was established on 2025, to provide structured guidance of the Bank’s sustainability matters. It supports the Board in sustainability strategy and disclosure credibility, with primary guidance for areas such as the sustainability roadmap, targets, external positioning, while ensuring compliance with SLFRS Sustainability Disclosure Standards and alignment with relevant national priorities and international best practices.

Term of Reference of the Committee

The Charter of the BSC sets out the authority, roles, responsibilities and operating procedures required for the Committee to assist the Board in providing strategic direction on Environmental, Social and Governance (ESG) matters. The Charter is reviewed annually to ensure it remains aligned with evolving relevant regulatory, accounting, or prudential requirements applicable to Licensed Commercial Banks, including updates to SLFRS Sustainability Disclosure Standards.

The primary responsibilities of the Committee

• Provide strategic guidance to promote alignment between sustainability considerations, the Bank’s corporate strategy and stakeholder expectations.
• Assist compliance with relevant national and international sustainability-related standards and disclosures, including SLFRS Sustainability Disclosure Standards.
• Provide strategic direction to ensure sustainability considerations are integrated into the Bank’s strategy, governance, operations and risk management.
• Review the material sustainability matters and management proposals, and recommend necessary improvements or alternative approaches to the Board of Directors.
• Advise the Board of Directors on significant sustainability strategies, policies, frameworks and disclosures for Board of Directors approval.

In order to discharge the above primary responsibilities, the Committee undertakes the following activities under four themes:

Strategic Integration

• Review Management proposals on the integration of sustainability and ESG considerations into business strategy, products, operations and governance, and recommend improvements or actions to the Board of Directors, as appropriate.

Sustainable Finance

• Provide strategic guidance and recommendations on emerging sustainable financing initiatives, innovative instruments, and global best practices to enhance the Bank’s sustainable finance positioning and alignment with international and national standards.

Climate Transition Plan and Net Zero Strategy

• Review and provide recommendations on the Bank’s Climate Transition Plan and associated initiatives to support long-term climate objectives, including the progression towards net zero by 2050 target.
• Provide strategic recommendations on the Bank's operational initiatives related to environmental performance, such as the adoption of renewable energy, strategies for Green Buildings, and plans to achieve and maintain Carbon Neutrality.
• Provide guidance to the Management in engaging additional stakeholders to enable successful execution of the plan, if required.

Disclosure, governance, and capacity building

• Provide guidance on sustainability-related disclosures across applicable national and international reporting frameworks, emphasising transparency, credibility, consistency, and clarity in communicating the Bank’s ESG performance to stakeholders.
• Assist the Bank in developing and maintaining the necessary skills, expertise, and internal capacity to effectively respond to evolving Sustainability and ESG best practices.
• Advise and provide strategic guidance on the Bank’s long-term sustainability plan, offering specialised ESG insights.

Activities in 2025

The Committee held its inaugural meeting on 2025. During this meeting, the members formally agreed on the Terms of Reference of the Committee, which are constituted by the Board Sustainability Committee Charter.

S Muhseen
Chairman
Board Sustainability Committee

February 26, 2026