Corporate Governance / Risk Management / Corporate Compliance

CHALLENGES

CKPower recognizes that corporate governance forms the foundation of its efficient and sustainable business operations and society. Thus, it adheres to corporate governance policies, business codes of conduct, and practices guided by transparency and accountability and takes into account all stakeholder groups. In addition, it operates in strict compliance with relevant regulations and laws and strives to maintain international standards to demonstrate its commitment and responsibility to ethical business practices and efforts against all forms of corruption.

Furthermore, CKPower has put in place corporate risk management processes in anticipation of various risks and changes that may arise to prevent or minimize potential damage from such risks, thus inspiring confidence among its stakeholders and investors towards its business operations.

Operational Guidelines

Corporate Governance

CKPower’s Board of Directors, executives, and employees at all levels place importance on compliance with corporate governance principles. To this end, the Company has established a corporate governance policy and a business code of conduct which are aligned with corporate governance principles as well as the Securities and Exchange Commission’s (SEC) and the Stock Exchange of Thailand’s (SET) Corporate Governance Code for Listed Companies to ensure that there are clear guidelines, transparency, and accountability. The corporate governance policy has been reviewed by the Board of Directors.

Targets

2022 Targets

Long-term Goals

Corporate Governance Policy Structure
The Rights of Shareholders	The right to profit sharing The right to sufficient information regarding the business The right to attend shareholders’ and exercise voting rights to appoint and remove directors and to appoint an auditor The right to participate in decision making regarding company of consequence.
The Equal Treatment for Shareholders	CKPower shall treat and protect the rights of all shareholders equally and fairly, whether they be Thai shareholders, foreign shareholders, institutional investors, major shareholders, or minor shareholders.
The Role of Stakeholders	CKPower has established policies and operational guidelines that take into account all stakeholders and enable them to participate in the management of the Company.
Disclosure and Transparency	The Company prioritizes accurate, complete, transparent, and timely disclosure of information, especially information that affects the decision-making process or is significant to its performance.
Responsibilities of the Board of Director	The authority, duties, and responsibilities of the Board of and the management are Directors clearly segregated.

Governance Structure

The Board of Directors also consisted of four independent directors, the definition and qualifications of whom were as specified in the Notification of the Stock Exchange of Thailand (SET) and the Office of the Securities and Exchange Commission (SEC) Re: the Qualifications of Independent Directors. All directors possessed the full set of qualifications stipulated in and are free of the characteristics prohibited by the relevant laws and regulations. They also had a variety of knowledge, expertise, skills, and experience in line with the Company’s business strategies. In 2022, the Board of Directors comprised eleven directors, ten of whom were non-executive directors and one of whom was an executive director.

Enlarge Image

Board Composition

The segregation of duties between directors and the chief executive officer results in checks and balances and auditability between executive and non-executive directors.

In addition, CKPower has placed director nomination in the purview of the Nomination and Remuneration Committee and charged it with the task of selecting individuals with qualifications, including knowledge, professional skills, specialized expertise, and experiences beneficial to the Company’s business operations, without any discrimination on the basis of age, gender, ethnicity, nationality, religion, or physical disability, as well as considering their suitability to directorship or membership in sub-committees so as to ensure that the board composition is appropriate, diverse, and consistent with the organization’s strategies and that the Board of Directors is prepared for business challenges and problems and ready to support the Company’s operations to achieve sustainable growth.

CKPower recognizes the significance of stakeholder engagement and believes that their opinions and suggestions contribute to its ability to accomplish its goals. As such, the Company has instituted stakeholder consultation as part of the process to achieve its goals as an organization with sustainable development and growth.

Nomination of the Board of Directors

The Company has placed the nomination of directors under the responsibility of the Nomination and Remuneration Committee, which is charged with the responsibility of nominating suitable candidates with a diverse range of qualifications for directorship, such as professional skills and specialization, without discrimination based on age, gender, nationality, religion, cultural background, or other differences as the Company places importance on diversity and non-discrimination. In nominating directors, the Committee considers their knowledge and expertise based on education, training records, practical experience, and specializations based on the Board Skills Matrix to ensure that the Board consists of directors with a diverse range of skills and experience that are in alignment with corporate strategies and support CKPower’s sustainable business growth.

Recruitment and Appointment of Managing Director

The Board of Directors has authorized the Nomination and Remuneration Committee to nominate the individual to be appointed as the Managing Director. The nominee for Managing Director shall be a qualified individual with the knowledge, skills, experience, and attributes necessary to lead the organization toward its goals, without limitations related to gender or ethnicity and should not possess any characteristics prohibited by law or related regulations.

Recruitment and Appointment of Managing Director

Click Here

Remuneration for Directors and Executives

The Company has the criteria for determination of remuneration for its directors and subcommittee members for submission of the same to the shareholders’ meeting for consideration and approval, and the policy on determination of appropriate remuneration for its executives in line with their duties and responsibilities.

Criteria for Determination of Remuneration for Directors

Click Here

Criteria for Determination of Remuneration for Executives of the Company

Click Here

MEASURING MANAGING DIRECTOR AND EXECUTIVE PERFORMANCE

CKPower assesses the performance of the Managing Director and the executives on a yearly basis, using performance indicators that encompass growth, suitable returns on investment, and sustainability in all aspects of the business, in accordance with the Company’s 5 Core Values (CAWTA)

COACHING AND LEARNING: Coach one another from generation to generation
ACCOUNTABILITY: Do your best and take accountability for consequences
WORK ETHICS: Choose what’s right over what you want.
TEAMWORK: 1+1 is greater than 2.
ADAPTABILITY: changing and adapting. Open-minded and adapt to changes

KEY PERFORMANCE		MD	DMD, AMD	GM
Growth	Performance excellence to accelerate growth opportunity
Profitability	Operational excellence to achieve high productivity
Sustainability	Driving operational sustainability across all aspects of the C-K-P framework to achieve the established goals

CKPower annually defines short-term key performance indicators (KPIs), which serve as performance assessment criteria for the Chief Executive Officers and top executives, consisting of the following.

KPIs, namely financial return indicators, such as revenue; earnings before interest, taxes, depreciation and amortization (EBITDA), net profit, and economic value added (EVA).
Related financial efficiency indicators, namely the ability to raise funds from debt capital markets and financial institutions, the optimal capital structure for investment in new projects, and the efficiency and availability of electricity production
Sustainability indicators according to the C-K-P sustainability framework.
- Environmental indicators (C – Clean Electricity)
  
  These include energy management, GHG emission reduction, and increasing internal use of renewable energy in order to strive towards net zero emissions by 2050.
- Social indicators (K – Kind Neighbor)
  
  These include safety in the production process, human rights complaints, community satisfaction surveys, and zero unmanaged complaints.
- Governance and economic indicators (P – Partnership for Life)
  
  These include zero corruption complaints and business expansion towards new ASEAN countries.

Determination of Executive Remuneration

Click Here

Business Code of Conduct

In addition to corporate governance principles, CKPower also adheres to a business code of conduct that is transparent, accountable, and mindful of its responsibility to all stakeholders. Directors, executives, and employees at all levels are required to strictly adhere to and perform their duties in accordance with the corporate governance policy and related guidelines and the business code of conduct. CKPower has also communicated and disseminated policies, codes of conduct, and various practices related to corporate governance through its website, mobile application, and intranet to provide easy access to all directors, executives, and employees for further implementation. In 2022, CKPower provided training on the matters

Ensuing Compliance With Applicable Laws, Rules, Regulations, And Requirements

CKPower, along with its subsidiaries, promotes compliance with regulations and its code of conduct among directors, executives, and employees at all levels and encourages the Board of Directors and executives to continuously foster the practice and culture across the organization in order to promote adherence to business ethics and codes of conduct related to corporate governance as well as compliance with applicable laws, rules, regulations, and requirements among employees. In addition, all employees and new recruits of CKPower and its subsidiaries are required to undergo business ethics training. CKPower’s code of business conduct is disseminated to all stakeholders across the supply chain on a regular basis through its website.

CKPower has set down anti-corruption guidelines in writing to provide clear guidance for business operations, which the personnel of the company and its affiliates are required to strictly follow. The Company has also announced a no-gift policy as well as communicated the principles of business ethics and anti-corruption to all groups of stakeholders in a concrete manner through a variety of communication channels, such as its website, internal public relations screens, digital signage, and intranet. In addition, employees are encouraged to attend anti-corruption training to foster knowledge and understanding on the guidelines for fighting and preventing corruption in the hopes that employees can implement the knowledge in their operations as well as further disseminate it to other employees in the Company. In 2022, CKPower’s employees participated in the Anti-Corruption the Practical Guide (ACPG) training course with the Thai Institute of Directors Association.

2022 Compliance Performance

Handling of Complaints and Corruption Cases

CKPower has established various reliable and independent whistleblower channels, through which whistleblowers will be given protection and ensured fairness. Any non-compliance with the codes of conduct, violation of laws, or any suspected fraud or misconduct committed by personnel of the Company can be reported through the following channels:

Whistleblowing: The Company has arranged for three whistleblower channels through which a whistleblower report can be filed with the executives and the Board of Directors, as follows:
- To the Company Secretary and the Investor Relations at www.ckpower.co.th/en/investor-relations/ir-home
- To the audit committee members and the Board of Directors at directors@ckpower.co.th or Invester Relations Department at directors@ckpower.co.th or ir@ckpower.co.th
- Send a Sealed Letter to CK Power Public Company Limited 587 Viriyathavorn Building, Sutthisan Winitchai Road, Ratchadaphisek Sub-district, Din Daeng District, Bangkok 10400.
Implementation: The executives and the Board of Directors have assigned the Audit Committee to collect information, review and investigate facts, and determine suitable methods for dealing with each case. The Audit Committee is to track the progress and outcome periodically.
Reporting of results: The Company Secretary, executives, or Audit Committee Members shall report findings to the Board of Directors for acknowledgement, to be further reported to stakeholders.

In addition, CKPower has prescribed whistleblower protection measures and confidentiality policy, the details of which appear under stakeholder engagement guidelines published on the Company’s website along with the whistleblower channels. Access to complaints and tip-offs is restricted to only relevant individuals in order to foster confidence and a sense of security to the complainant.

TAX ACTION

To ensure that the Company and its subsidiaries operate in accordance with the principle of good corporate governance and a code of business conduct that corresponds with sustainability practices, CKPower has placed emphasis on legal compliance, transparency, and accountability with regard to tax management and fulfilled its duties under its tax policy by paying taxes correctly in order to foster public confidence in the organization.

Click Here

RISK MANAGEMENT

CKPower places importance on introducing a risk management system to business operations to ensure the ability to efficiently handle challenges and changes in external factors and enable the Company to conduct business with stability and bring maximum benefits to all stakeholders sustainably. To this end, the Board of Directors has charged the Corporate Governance and Risk Management Committee with the responsibility of reviewing and approving risk management actions, acknowledging the risk management of CKPower and its subsidiaries, prescribing risk management policies, and providing recommendations to the Board of Directors and the Management, effectively overseeing and reviewing risk management, monitoring and assessing the management of key risks that affect the Company’s businesses, as well as acknowledging the risk management plans of the Company and its subsidiaries. The committee is to report issues and obstacles related to key risks and the progress on the resolution of such issues at board meetings on a quarterly basis.

The risk management working group also reviews emerging risks, analyzes potential impacts and opportunities, and determines risk appetite or risk tolerance, risk indicators, risk management measures. It is also responsible for reporting risk management performance on a quarterly basis so as to ensure that the risk management measures are regularly assessed and can effectively keep risk levels within the risk appetite. CKPower has also assigned the Internal Audit Division, which works independently from the risk management working group, to monitor and review its risk management processes and appoint a knowledgeable and capable candidate as the secretary to the Corporate Governance and Risk Management Committee, responsible for gathering information and report risk management performance to the Corporate Governance and Risk Management Committee, which then submits such reports to the Board of Directors for acknowledgment.

RISK MANAGEMENT STRUCTURE

Enlarge Image

Risk Management Process

To manage potential risks in its business operations, CKPower utilizes a risk management process comprising the following six steps:

Enlarge Image

Furthermore, CKPower conducts risk analysis based on risk assessment criteria, which take into account the type and severity of impact in conjunction with the likelihood of such impact and are divided into five levels of risk exposure ranging from very low to very high. The overall risk level considered to be within the risk appetite/risk tolerance is the medium or low level. For risks that exceed the risk appetite, CKPower will formulate additional risk mitigation plans to manage such risks as well as designate responsible persons and specify completion time.

In 2022, CKPower assessed risks associated with the Company, which can be divided into four categories as well as formulated the 2022 risk management plan to serve as guidelines for effective risk management. The risk management working team of CKPower and its subsidiaries, comprising executives from all lines of work, including business planning, engineering, operations and maintenance, and power plant managers, was responsible for formulating the annual risk management plan, which encompassed the following four risk categories.

RISKS	DESCRIPTION	MANAGEMENT PLAN
Strategic risks	Risks that affect CKPower’s operational strategies and may cause damage to the Company’s business operations in both short and long terms	CKPower has appointed the Exploration team to study and research the development of new power production business models as well as analyze internal and external environments to establish the Company’s directions and strategies while also developing the capabilities and preparedness of its personnel to accommodate future business growth. CKPower has also formulated ESG strategies and established the Corporate Sustainability Working Group to support and implement its sustainable development activities and operations.
Operational risks	Risks resulting from the operations of the Company and its power plants due to personnel shortage, inappropriate operational plans, as well as accidents or natural disasters beyond the control of the Company	CKPower manages the availability of its power plants, machinery, and equipment by establishing annual preventive maintenance plans in order to inspect the machinery and equipment according to the schedule and by ensuring the implementation of such plans as well as sufficient and suitable backup of necessary equipment, supplies, and critical spare parts for maintenance of the power plants. CKPower has also applied the ISO 9001: 2015 Quality Management System (International Organization for Standardization: ISO) to its power plants.
Financial risks	Risks related to expense and budget management and control for ensuring the Company’s continuous financial liquidity or risks that may arise as a result of external financial circumstances, such as interest rates, foreign exchange rates, and inflation, that may impact the Company’s revenue and expenses	CKPower implements risk management, prepares case flow projections, and update the data on a regular basis as well as manages its loan agreements and coordinates closely with the lending banks to minimize risks of breaching the loan agreement terms. CKPower also manages its excess cash by investing in bank deposits and short-term high-liquidity investments with reliable financial institutions as well as arranges for credit availability when fund is needed.
Compliance risks	Risks from failure to comply with operational procedures and applicable laws	CKPower keeps abreast with the situation and new developments regarding new laws enforced in Thailand and in countries related to its business operations on a regular basis to ensure that it has sufficient time to make preparations to improve and handle changes with significant impact on every aspect of business operations. CKPower also shares knowledge with its employees and engages legal advisors when there are inquiries or when expert opinions are required to ensure that CKPower operates prudently, transparently, and in compliance with corporate governance principles.

The risk assessment results reveal that the risks in most categories were at an acceptable level or lower, except the environmental and social risks, which were subsumed under strategic risks, related to the areas around CKPower’s power plants, which were found to be at a very high level. CKPower was aware of the outcome and followed its risk management process by formulating a mitigation plan and designating responsible persons to address the risks. In addition, CKPower promotes risk culture within the organization by hosting training sessions on risks to its executives and all employees and communicating the significance of risk awareness internally on a regular basis.

Emerging Risks

As intensifying climate change may result in new risks and affect its future business operations, CKPower has studied and analyzed significant issues that may potentially affect the Company and might become emerging risks in the near future as follows:

Emerging Risk Factors	Potential Impact on Business	Management Approach/Opportunities
The downward trend in the consumption of nonrenewable energy sources, such as fossil fuels, gas, petroleum, coal and nuclear power, etc., and rising demand for alternative clean energy which is produced in an environmentally friendly way and can be infinitely circulated, such as solar energy, hydropower, wind energy, and geothermal energy, as well as electric vehicles powered by renewable energy sources and hydrogen, has mobilized energy innovation in Thailand, especially in renewable energy, in the past year. This has caused a reverberating impact on the electricity generation industry and triggered changes in consumer behavior and future energy sources.	Nowadays, technology tends to change rapidly in response to the energy consumption behavior of consumers in the public and industrial sectors. Moreover, power generation methods are also evolving quickly. CKPower sees a need to establish guidelines for managing energy technology risks to mitigate disruption to the Company’s business from new innovations and limitations to its competitiveness if the Company is unable to adapt to these technological changes. To this end, CKPower is accelerating its efforts to promote innovation and modern technology, both in adapting its operations and increasing the efficiency of its personnel to support new innovations. CKPower is in the process of researching and developing renewable energy projects in various forms in conjunction with business partners. If the initiative succeeds, it will enable the Company to achieve its target of expanding the business by 4,800 megawatts within the year 2024.	CKPower has studied the rules, regulations, and laws that may be relevant in Thailand and in ASEAN to seek new opportunities and mitigate various restrictions that the Company may encounter in its business operations. CKPower prioritizes business model resilience as one of the key issues in sustainable business operations and has formulated strategies, guidelines, and operational frameworks for a period of 5 years (2022-2216) in order to achieve concrete results. CKPower has also appointed a unit responsible for mobilizing and monitoring the implementation of the strategies, guidelines, and frameworks. CKPower has researched and assessed the viability of conducting business in renewable energy and has made preparations by establishing an exploration team consisting of executives and employees from the engineering department to study and research new ways to develop the power generation business. CKPower is researching solar power plants and solar and battery energy storage system (BESS) as a case study for future investments. CKPower has signed a memorandum of cooperation with suppliers to study green hydrogen production technology and green ammonia. A memorandum of cooperation was also signed with suppliers to study the use of hydrogen mixed with liquefied natural gas (LNG) as fuel for power generation at Bang Pa-in Cogeneration Power Plant.

Emerging Risk Factors

Potential Impact on Business

Management Approach/Opportunities

The downward trend in the consumption of nonrenewable energy sources, such as fossil fuels, gas, petroleum, coal and nuclear power, etc., and rising demand for alternative clean energy which is produced in an environmentally friendly way and can be infinitely circulated, such as solar energy, hydropower, wind energy, and geothermal energy, as well as electric vehicles powered by renewable energy sources and hydrogen, has mobilized energy innovation in Thailand, especially in renewable energy, in the past year. This has caused a reverberating impact on the electricity generation industry and triggered changes in consumer behavior and future energy sources.

Nowadays, technology tends to change rapidly in response to the energy consumption behavior of consumers in the public and industrial sectors. Moreover, power generation methods are also evolving quickly. CKPower sees a need to establish guidelines for managing energy technology risks to mitigate disruption to the Company’s business from new innovations and limitations to its competitiveness if the Company is unable to adapt to these technological changes.

To this end, CKPower is accelerating its efforts to promote innovation and modern technology, both in adapting its operations and increasing the efficiency of its personnel to support new innovations. CKPower is in the process of researching and developing renewable energy projects in various forms in conjunction with business partners. If the initiative succeeds, it will enable the Company to achieve its target of expanding the business by 4,800 megawatts within the year 2024.

CKPower has studied the rules, regulations, and laws that may be relevant in Thailand and in ASEAN to seek new opportunities and mitigate various restrictions that the Company may encounter in its business operations.
CKPower prioritizes business model resilience as one of the key issues in sustainable business operations and has formulated strategies, guidelines, and operational frameworks for a period of 5 years (2022-2216) in order to achieve concrete results.
CKPower has also appointed a unit responsible for mobilizing and monitoring the implementation of the strategies, guidelines, and frameworks.
CKPower has researched and assessed the viability of conducting business in renewable energy and has made preparations by establishing an exploration team consisting of executives and employees from the engineering department to study and research new ways to develop the power generation business.
CKPower is researching solar power plants and solar and battery energy storage system (BESS) as a case study for future investments.
CKPower has signed a memorandum of cooperation with suppliers to study green hydrogen production technology and green ammonia. A memorandum of cooperation was also signed with suppliers to study the use of hydrogen mixed with liquefied natural gas (LNG) as fuel for power generation at Bang Pa-in Cogeneration Power Plant.

Emerging Risks	Potential Impact	Management Approach/Opportunities
Cybersecurity is the application of technology, tools, processes, and practices that are designed to prevent and respond to potential attacks on information technology equipment, network, equipment, infrastructure, system, or program that may be damaged by unauthorized access by a third party as well as the maintenance of data integrity and confidentiality. CKPower foresees this risk, as currently, the targets and formats of cyberattacks are becoming more and more varied. Thus, it has the potential to cause significant impact on any organizations affected.	CKPower is prepared for all forms of threats that may affect the loss of important company data. As CKPower stores sensitive data in its server, such as data related to the management of its power plants, the stability of which is vital for energy security, and sensitive financial information, malicious agents may be motivated to attack its various data storage systems and networks, resulting in financial loss to the Company from theft or the cost of recovering stolen data. In 2022, CKPower had no case of information leakage. Additionally, in the event that the personal information of employees, suppliers, or customers is leaked or used for transactions, there would be wide-ranging impact on CKPower’s stakeholders. These losses would result in incalculable damage to its reputation, and it would take a long time to restore the confidence of stakeholders.	CKPower manages information technology risks in accordance with its Enterprise Risk Management Policy. IT system security is stipulated as part of business continuity management to CKPower has established the ISO27001 IT system security standards to systematically provide guidelines for and promote understanding of the risks and weak points of data protection. This is part of the effort to strengthen data security systems, reduce risks, and protect data from theft. CKPower has also instituted the management of incidents that may affect the security of the IT system by establishing procedures and administrative processes, appointing responsible parties, and requiring prompt and up-to-date situation reporting by the person or agencyresponsible for receiving the notification of the incident to ensure that incidents and vulnerabilities related to thesecurity of IT systems are properly and effectively handled in a timely manner CKPower has assigned personnel with the duties and responsibilities of properly securing its key IT assets. It has also organized training for employees, disseminated educational content about security awareness through mobile applications, and communicated various information via e-mail to increase knowledge of technology and strengthen awareness of IT security among all employees in CKPower as well as to familiarize them with the evolution and patterns of cyberattacks. CKPower regularly evaluates the efficiency of its IT security system and power plant operation security system.

Emerging Risks

Potential Impact

Management Approach/Opportunities

Cybersecurity is the application of technology, tools, processes, and practices that are designed to prevent and respond to potential attacks on information technology equipment, network, equipment, infrastructure, system, or program that may be damaged by unauthorized access by a third party as well as the maintenance of data integrity and confidentiality. CKPower foresees this risk, as currently, the targets and formats of cyberattacks are becoming more and more varied. Thus, it has the potential to cause significant impact on any organizations affected.

CKPower is prepared for all forms of threats that may affect the loss of important company data. As CKPower stores sensitive data in its server, such as data related to the management of its power plants, the stability of which is vital for energy security, and sensitive financial information, malicious agents may be motivated to attack its various data storage systems and networks, resulting in financial loss to the Company from theft or the cost of recovering stolen data.

In 2022, CKPower had no case of information leakage. Additionally, in the event that the personal information of employees, suppliers, or customers is leaked or used for transactions, there would be wide-ranging impact on CKPower’s stakeholders. These losses would result in incalculable damage to its reputation, and it would take a long time to restore the confidence of stakeholders.

CKPower manages information technology risks in accordance with its Enterprise Risk Management Policy. IT system security is stipulated as part of business continuity management to CKPower has established the ISO27001 IT system security standards to systematically provide guidelines for and promote understanding of the risks and weak points of data protection. This is part of the effort to strengthen data security systems, reduce risks, and protect data from theft. CKPower has also instituted the management of incidents that may affect the security of the IT system by establishing procedures and administrative processes, appointing responsible parties, and requiring prompt and up-to-date situation reporting by the person or agencyresponsible for receiving the notification of the incident to ensure that incidents and vulnerabilities related to thesecurity of IT systems are properly and effectively handled in a timely manner
CKPower has assigned personnel with the duties and responsibilities of properly securing its key IT assets. It has also organized training for employees, disseminated educational content about security awareness through mobile applications, and communicated various information via e-mail to increase knowledge of technology and strengthen awareness of IT security among all employees in CKPower as well as to familiarize them with the evolution and patterns of cyberattacks.
CKPower regularly evaluates the efficiency of its IT security system and power plant operation security system.

Risk Culture

CKPower fosters an enterprise-wide risk culture by organizing an enterprise risk management sharing session for the Board of Directors and communicating a risk management framework according to COSO ERM 2017 to the Risk Management Working Group of CKPower and its subsidiaries through a virtual meeting to continuously improve their knowledge on risk and risk management. In addition, the Company also raises awareness of risk management among employees at all levels and has incorporated risk management as part of its operations.

2022 Performance

Personnel Who Received Training and Communication	Communication Channel/ Training Curriculum and Objective	Percentage of Stakeholders Who Received Communication	Percentage of Stakeholders Who Received Training
Executives	Strategic Risk management	100	100
Employees	Enterprise Risk Management	100	100

Remark: Training was provided for the managing directors and executives of affiliated companies through the Strategic Risk Management Program and for the risk management working groups of affiliated companies in the Enterprise Risk Management Program.

Customer Data Protection

Protecting customer data is of the utmost importance to the business. To this end, CKPower has established prioritized access to information to prevent customer data from being leaked to third parties and mandated in its business code of conduct that all executives and employees must refrain from unethical behavior and from disclosing or exploiting confidential information gained from performing duties for their own benefit. In addition, CKPower has established a policy to protect third-party personal information and guidelines for maintaining information security which are in line with the guidelines for listed companies announced by SET. CKPower promotes the use of IT systems equipped with processes for monitoring and managing risks, cybersecurity systems, and measures to maintain the security of the IT system that encompass IT risk management and implementation.

CKPower places great importance on information access, confidentiality, use of insider information, and data and IT systems security and has, thus, incorporated policies and guidelines into its third-party personal data protection policy to provide cybersecurity for whistleblowers and customers. In the past year, there was no report of information leakage or misuse of customer information.

Key Performance Indicators	2022
Complaints received about the breach of customers’ personal data (Case)	0
Leakage or loss of customer data (Case)	0
Leakage, theft, or loss of customers’ personal data (Case)	0

Remark: CKPower began collecting data in 2022 following the enactment of the Personal Data Protection Act in mid-2022.