Risk Management and Internal Control

In accordance with the "Basic Norms of Enterprise Internal Control" jointly issued by the Ministry of Finance and other four ministries as well as applicable laws and regulations including listing rules of Shanghai Stock Exchange and Stock Exchange of Hong Kong, the Company has established a sound risk management and internal control system. Through continuous self-evaluation, management improvement and defect rectification, the Company strives for more scientific, standard and effective management and operation, so as to be more capable of preventing various risks, effectively operate the risk management and internal control system, and ensure sustained, stable and healthy growth of the Company's businesses.

Duties and Division of Labor

The Company's Board of Directors and Audit Committee are responsible for supervising and evaluating the integrity and effectiveness of the Company's risk management and internal control system, reviewing and approving the risk management and internal control evaluation report. The Company's management is responsible for building and improving the Company's risk management and internal control system, and reviewing the Company's risk management and internal control work plan and work report. As the first line of defense, the Company's business departments are responsible for the design and implementation of risk management and internal control system for relevant businesses, promoting the implementation and execution of control measures, and continuously improving internal control and risk prevention measures. As the second line of defense, the Company's Risk Management Department takes the lead in designing and establishing risk management and internal control system, organizes risk identification, assessment, treatment and reporting on an annual basis, continuously improves internal control, and urges treatment of major risks and rectification of internal defects. As the third line of defense, the Company's Audit Department fully implements internal audit for the Company's businesses, regularly evaluates the effectiveness of risk management and internal control, and employs third-party accounting firms to conduct independent audits, so as to uncover the potential risks and internal control defects in a timely manner.

Construction and Implementation

The Company continuously improves the risk management and internal control system by drawing on advanced international concepts. In consideration of objectives, subjects, procedures and safeguards, the Company constantly optimizes the risk management and internal control management framework, establishes a sound organizational system, and integrates the management functions such as risk management, internal control and compliance management, with a view to running the Company's risk management system in a healthy and effective manner, on the basis of risk culture building, ongoing optimization of management, improvement of the institutional process, and intervention in major risks.

The Company has formulated, released and implemented systems and processes related to risk management and internal control, and compiled the Risk Management Manual. The manual has clarified the principles, strategies and implementation procedures of risk management, and uncovered and defined the general risks in strategy, market, operation, finance and law. In the holding subsidiaries, the company has established customized risk heat maps and performed dynamic updates. It conducts risk identification and assessment at least once a year, prepares prevention and treatment solutions for major risks, and carries out regular self-examination on implementation progress and results, thus continuously improving the Company's risk management capabilities and reducing the risk level.

The Company has established a comprehensive internal management system and process system, which offers a strong institutional guarantee for the risk management and internal control. It has compiled the Internal Control Manual and rolled it out to business departments and holding subsidiaries by highlighting key points and making progress steadily. Nearly a hundred holding subsidiaries of the Company have tailored the "Internal Control Manual" to their needs and implemented it in newly established enterprises and M&A enterprises, effectively facilitating the ongoing improvement of the Company's internal control system.

Supervision and Evaluation

The Company has established a long-term risk management and internal control evaluation mechanism. The Audit Department is responsible for supervising and evaluating the effectiveness of the implementation of the Company's risk management and internal control system, formulating an evaluation work plan, building an evaluation team consisting of members with business competency, conducting risk management and internal control evaluation, providing warnings and correction suggestions for identified risks and internal control defects, urging risk treatment and defect rectification, preparing the risk management evaluation report and internal control evaluation report respectively and reporting to the Company's management, Audit Committee, Supervisory Committee and Board of Directors, and continuously improving the effectiveness of the Company's risk management and internal control.

The Company hires an accounting firm to conduct internal control audit of financial reports every year, in order to uncover the internal control defects in a timely manner, urge relevant business departments and units to implement corrective measures without delay, and make sure that Company's internal control works properly.