1 161 Table of Contents 163 264

EXMAR report 2025

4.2 Internal control and risk management systems – assessment 158 4.2 4.2.1 Main characteristics of internal control and risk management systems Internal control can be defined as a system developed and implemented by management, which contributes to managing the activities of the Company, its efficient functioning and the efficient use of its resources, appropriate to the objectives, the size and the complexity of its activities. Risk management can be defined as a structured, consistent, and continuous process aimed at identifying, assessing, deciding responses to and reporting on the opportunities and threats that may affect the achievement of the Company's objectives. Risks, as described in more detail in the ‘Risk Factors’ section below, are all compiled in the risk register and include the key strategic, operational and financial risks to the Company. The Board of Directors, Audit and Risk Committee, Executive Committee and all employees with managerial responsibilities are responsible for controlling the risks. The Executive Committee is responsible for the day-to-day management and policies of the EXMAR group. The Executive Committee meets on a regular basis. The Executive Committee develops, maintains and ongoingly improves (with the support of external advisers) adequate internal control and risk management (i) to offer a reasonable assurance concerning the realization of goals, the reliability of the financial information and the observance of applicable laws and regulations and (ii) to enable the execution of internal control and risk management procedures. The quality of internal control and risk management is assessed throughout the financial year and by the execution of internal audits for the identified potential risks. The conclusions are shared and validated by the Audit and Risk Committee. Compliance risks are assessed by the Company’s Key Risk Officers, in accordance with EXMAR’s Compliance Model. They report to the Audit and Risk Committee. More information regarding EXMAR’s Compliance Risk Universe and the risk assessment can be found in the Governance chapter of EXMAR’s Sustainability Report. EXMAR has established an internal audit function for the purpose of reviewing and analyzing strategic, operational and financial risks, to conduct specific assignments in accordance with the annual internal audit plan and to report and discuss the findings with the Audit and Risk Committee. The scope of internal audit is both on operations and on internal control over financial reporting. In 2025, the Internal Audit function was outsourced to a qualified service provider, PwC. The PwC Internal Audit Manager reported both to the CFO and to the Audit and Risk Committee. INTERNAL CONTROL AND RISK MANAGEMENT SYSTEMS – ASSESSMENT

RkJQdWJsaXNoZXIy NzgyMw==