Good Corporate Governance

GRI 103-2

The corporate governance management approaches of the company are as follows:

Strategy

Adhering to good corporate governance policies.

Process
  • Charter of the Board of Directors and Charter of 4 sub-committees: Audit Committee, Nomination and Remuneration Committee, Risk Management Committee, Risk Management Committee and Corporate Governance Committee.
  • Principles of good corporate governance for listed companies in 2017 (Corporate Governance Code).
  • Screening and approving policies, as well as operating practices for sustainability management by the Good Corporate Governance Committee.
  • Analysis of areas of knowledge, expertise and potential development of the Board of Directors.
  • Evaluation of the Corporate Governance Report of Thai Listed Companies (CGR) by the Thai Institute of Directors Association.
Storing and Reporting of Performance
  • Using a system for collecting and reporting information in an information system, such as reports of the meetings of the Board of Directors and crucial information regarding company directors.
  • Utilization of an information reporting system on the company, shareholders and directors according to the regulations and requirements of the Securities and Exchange Commission (SEC), as well as the Stock Exchange of Thailand (SET).
GRI 102-19
Corporate Governance

The current structure of the Board of Directors consists of the Board of Directors and 4 sub-committees, including the Audit Committee, the Nomination and Remuneration Committee, the Risk Management Committee, and the Corporate Governance Committee. The Company has established the scope, authority, duties, and responsibilities of the Board of Directors, along with the Charter of the Four Sub-Committees with a focus on creating benefits and managing sustainability for all stakeholders covering in all economic, social, and environmental dimensions while conducting business fairly, transparently, and auditable. The Company's Corporate Governance Committee sets the company's policies and guidelines for good corporate governance, as well as regular reviews of the Company's good corporate governance principles in comparison with international practices and overseeing the performance of directors. In order to comply with the good corporate governance principles of various regulatory institutions, the Board of Directors has established a good corporate governance policy and has designated personnel at all levels as a guideline for their operations.

Corporate Governance Code for Listed Companies 2017

The Board of Directors has supervised the Company by implementing the Principles of Good Corporate Governance Principles for Listed Companies in 2017 (CG Code) of the Securities and Exchange Commission (SEC). According to the joint assessment of the Board of Directors and the Management Committee, the Company found that its business operation is comply with the 8 principles of good corporate governance for listed companies in 2017. Therefore, the Company will review such operations annually to ensure that the Company operates in a balanced manner to contribute to the sustainability of the business.

GRI 102-18, 102-22
Composition of the Board of Directors

The Company has a one-tier system board structure. The Board of Directors has established the nomination criteria, considering the diversity in the selection process, including skills, experience, gender, age, competence, and specific characteristics necessary for achieving the objectives and culture of the organization by establishing the Board Skills Matrix. Moreover, at least 1 - 2 independent non-executive directors must have experience in electricity, utilities, as well as related businesses.

(More details of the Board of Directors' structure can be obtained at and the qualifications of independent directors can be obtained More at)

GRI 102-24
Nomination and Appointment of the Board of Directors

The Board of Directors has appointed the Nomination and Remuneration Committee to nominate and scrutinize appropriate persons to be appointed as directors of the Company based on proposals of major and minor shareholders, including the list of directors and Directors' Pool of trusted entities, which are databases of directors who have compiled a list of qualified persons in various fields, and then the Nomination and Remuneration Committee will consider the qualifications of directors on various issues in accordance with the criteria set by the Company and present them to the Board of Directors' meeting and the AGM for further approval.

In the nomination of directors, the Board of Directors has established the criteria for nomination with a focus on transparency, considering the diversity of director qualifications, in terms of independence, knowledge, skills, experience, expertise, and diversity are deliberately included in the nomination process to promote and leverage the diversity of our board of director in terms of gender, race, nationality, religion, age, cultural background, or other differences, as the Company values its views, participation, and non-discrimination. The Board of Directors has established the table of board's knowledge and expertise elements (Board Skills Matrix) to ensure that the composition of the board as a whole is appropriate and complete as necessary to achieve the main objectives and goals of the organization, able to meet the needs of stakeholders. As a result, the composition of the current committee complies with international laws and principles of good corporate governance as the detail below.

GRI 102-27
Director Development

In addition to recruiting qualified persons in various fields to serve as directors, the Company continues to focus on improving the skills and knowledge of the Directors. The Company's directors have participated in training courses to develop their competence and knowledge as follow:

Course Training Institute Number of Directors Participating
IT Governance and Cyber Resilience Program (ITG) Course, Batch 16/2021 Thai Institute of Directors Association 1
Lessons Learnt from Financial Cases: How Board should React, Director Refreshment Program (DRP 3/2021) Thai Institute of Directors Association 1
Board skills and expertise

(GPSC's Board Skill Matrix, as of December 31, 2021)

Name-Surname Director Pool Skill / Expertise
Core Skills Specific Skills Experience
Policy Development Business Judgment Strategic Planning Finance& Accounting Internal Audit Law Corporate Governance&CSR Risk Management&Internal Control HR & Organization Development  Power Industry Expertise* International Business Innovation Management M - Management
A - Academia
C - Consulting
R - research
1. Mr. Pailin Chuchottaworn / / / / / / / / / / / / / M, A
2. Mr. Kurujit Nakornthap / / / /   / / / / / / /   M, A
3. Mr. Pakorn Apaphant / / / /   /   / / / / / / M, A
4. MG. Chaowalek Chayansupap   / / /   /   /   / /     M, A
5. Mrs. Nicha Hiranburana Thuvatham   /   /   /   / / /       M, A
6. Mrs. Saowanee Kamolbutr   / / / / / / /   / / / / M, A
7. Mr. Somchai Meesen   / / /       /   / /     M, A
8. Mr. Noppadol Pinsupa   / / /       / / / /   / M, A
9. Mr. Wuttikorn Stithit   / / / /       / / /     M, A
10. Mr. Atikom Terbsiri / / / / /     / / / / /   M, A
11. Mr. Wirat Uanarumit   / / / /     / / / / /   M, A
12. Mr. Kongkrapan Intarajang   / / / /     / / /   / / M, A
13. Mr. Lavaron Sangsnit   / / / /     / / /       M, A
14. Mr. Jeerawat Pattanasomsit   / / /         /   / / / M, A
15. Mr. Worawat Pitayasiri   / / / /       / / / / / M, A
Total 4 15 14 15 10 5 3 12 12 14 12 9 7  

Remark: *Expertise in the electrical industry, which complies with the Global Industry Classification Standard (GICS) in the electrical industry business category.

GPSC's Board Industry Experience, as of December 31, 2021
Name Surname Position Work Experience
1. Mr. Pailin Chuchottaworn
Chairman of the Board / Independent Director (Non-Executive Director) Mr. Pailin Chuchottaworn is a Chairman of the Board and independent director of GPSC Group since 2019. He has background in chemical engineering (Ph.D.) with more than 30 years working experienced with roles of being director, executive, advisor, expert in variety of industry sectors including utility, power, oil & gas, petrochemical, transportation, research & academic and governmental institutions. Mr. Pailin previously held the position as Chief Executive Officer of PTT Public Company Limited. Thus, he deeply understands on the insight of the business and strategic operations in the industry. Additionally, he also receives regular capacity building and training to continuously update and elevate his competency and skills on the critical issues such as director certification program, finance for non-finance directors program, certificate in Top Executives in the Energy Education Program from Thailand Energy Academy, etc.
2. Mr. Kurujit Nakornthap
Independent Director / Chairman of the Corporate Governance Committee / Member of the Audit Committee (Non-Executive Director) Mr. Kurujit Nakornthap received Ph.D. in Petroleum Engineering. He is an Independent Director, Chairman of the Corporate Governance Committee, and Member of the Audit Committee of GPSC Group since 2017. Before joining GPSC Group, Mr. Kurujit worked in the energy and utility sectors for a number of years. In particular, he worked for Electricity Generating Authority of Thailand as a Director and Chairman of the Board in 2011, switched to Ministry of Energy as General Director of Department of Mineral Fuels in 2014, and joined the National Reform Steering Assembly as Chairman of Energy Affairs Committee in 2015. In addition, he has received several trainings related to financials, energy and utilities, such as the Top Executives in the Energy Education Program from Thailand Energy Academy, Senior Executive Program from London Business School and Money Laundering Seminar.
3. MG. Chaowalek Chayansupap
Independent Director / Member of the Audit Committee (Non-Executive Director) Maj.Gen. Chaowalek Chayansupap is an Independent Director and Member of the Audit Committee of GPSC Group since 2016. Maj.Gen. Chaowalek was a member of the Corporate Governance Committee of GPSC Group in which he monitored and reviewed the GPSC corporate governance guidelines based on international practices of the energy and utility sectors. He brings unique perspective to the GPSC board as he served Royal Thai Army for multiple years. Also, he received a number of trainings including the Top Executives in the Energy Education Program from Thailand Energy Academy, and Logistics Management Course from the Royal Thai Army Logistics School.
4. Mrs. Nicha Hiranburana Thuvatham
Independent Director / Member of the Corporate Governance Committee (Non-Executive Director) Mrs. Nicha Hiranburana Thuvatham is an Independent Director and Member of the Corporate Governance Committee of GPSC Group since 2018. She has more than 10 years' experience in government sector. She previously held position as an advisor to the Prime Minister on social, Secretariat of the Prime Minister. Currently, she holds position as Deputy Secretary-General to the Prime Minister for administrative affairs. She is a key person who oversee and ensure good corporate governance and business transparency across the company.
5. Mrs. Saowanee Kamolbutr
Independent Director / Chairman of the Audit Committee (Non-Executive Director) Mrs. Saowanee Kamolbutr is an Independent Director and Chairman of the Audit Committee of GPSC Group in 2020. She has a strong understanding of the industry, particularly in utility power sector as she previously was an Independent Director of Glow Energy Public Company and Pacific Pipe Public Company Limited. In addition to the experience in energy sector, Mrs. Saowanee brings a unique perspective to the board as she has an experience in communication services and financials, as she was an Independent Director and Member of the Audit Committee of Interlink Communication from 2013-2017, and Deputy Permanent Secretary of Ministry of Finance from 2009-2012.
6. Mr.Somchai Meesen
Independent Director / Member of the Corporate Governance Committee (Non-Executive Director) Mr. Somchai Meesen is an Independent Director and Member of the Corporate Governance Committee of GPSC Group in 2020. He brings an information technology perspective to the board as he was a Director of Spring News and a Managing Director of Thansettakij Multimedia. In addition, his understanding of real estate from Aquarius Estate Company Limited in 2018 helps GPSC Group to shape and implement our strategies.
7. Mr. Wuttikorn Stithit
Director (Non-Executive Director) Mr. Wuttikorn Stithit is a Director of GPSC Group since 2019. He also currently holds a Senior Executive Vice President position of Gas Business Unit, PTT Public Company Limited. Mr. Wuttikorn has vast experience in an energy sector, as he was an Executive Vice President, Natural Gas Supply & Trading, PTT Public Company Limited and Executive Vice President, Natural Gas Distribution, PTT Public Company Limited before joining GPSC Group.
8. Mr. Atikom Terbsiri
Director / Member of the Nomination and Remuneration Committee (Non-Executive Director) Mr. Atikom Terbsiri received a master's degree in Finance and International Business from Armstrong University. He is a Director and Member of the Nomination and Remuneration Committee of GPSC Group since 2020. He is also a Chief Operating Officer, Upstream Petroleum and Gas Business Group of PTT Public Company Limited, and a Director of PTT Exploration & Production Public Company Limited. Mr. Atikom brings industry insights to the board with experience in the energy and utilities as the President and Chief Executive Officer of Thai Oil Public Company Limited, Senior Executive Vice President at PTT Public Company Limited, and a President of IRPC Public Company Limited. Mr. Atikom also received many trainings including the Executive Education Program from Harvard Business School and Executive Program in Energy Literacy for a Sustainable Future from Thailand Energy Academy.
9. Mr. Wirat Uanarumit
Director / Member of the Risk Management Committee (Non-Executive Director) Mr. Wirat Uanarumit is a Director and Member of the Risk Management Committee of GPSC Group since 2019. He received master's degree in Financial Management from Pennsylvania State University and Bachelor of Engineering (Electrical Engineering), Chulalongkorn University. Mr. Wirat brings a unique perspective to the board as he is also a Director and Secretary of the Board of Directors / Member of the Risk Management Committee / President and Chief Executive Officer of Thai Oil Public Company Limited.
10. Mr. Kongkrapan Intarajang
Director / Member of the Risk Management Committee (Non-Executive Director) Mr. Kongkrapan Intarajang is a Director and Member of the Risk Management Committee of GPSC Group Since 2017. His educational background was a chemical engineering, Ph.D. from University of Houston and electrical engineering, B.S. from Chulalongkorn University. Mr. Kongkrapan has responsibility for GPSC risk management as he has insights on from being a Director of the Risk Management Committee and Chief Executive Officer at PTT Global Chemical Public Company Limited. In addition, Mr. Kongkrapan brings international perspective to the board, as he was a director of PTTGC international Private Limited. He received several trainings related to energy and utilities including the Executive Program in Energy Literacy for a Sustainable Future, Thailand Energy Academy.
11. Mr.Pakorn Apaphant
Independent Director / Member of the Risk Management (Non-Executive Director) Mr. Pakorn Apaphant is an Independent Director of GPSC Group, appointed in April 2, 2021. Mr. Pakorn brings the utilities and information technology knowledge into the GPSC board from his previous positions. He was a director at Electricity Generating Authority of Thailand (EGAT), and an executive director at Geo-informatics and Space Technology Development Agency. Mr Pakorn hold a PhD in Civil Engineer from Purdue University, Indiana, USA. He is a key person who oversee risk management to ensure an effectiveness of risk management process across GPSC Group.
12. Mr.Noppadol Pinsupa
Director / Member of the Nomination and Remuneration Committee / Chairman of the Risk Management Committee (Non-Executive Director) Mr. Noppadol Pinsupa is a Director, member of the Nomination and Remuneration Committee, and Chairman of the Risk Management Committee. He hold a master's degree and bachelor's degree in Engineer from Chulalongkorn University. He joined the GPSC board in 2021. His recent work experience had been in the field of utilities, energy, and information technology, making Mr. Noppadol a valuable person to the GPSC board. He brings a wide experience ranging from risk management to finance, from anti-corruption to business management, and from leadership to sustainability.
13. Mr.Lavaron Sangsnit
Director / Member of the Corporate Governance Committee (Non-Executive Director) Mr. Lavaron Sangsnit is a Director of the Corporate Governance Committee. He joined GPSC in 2021. Mr. Lavaron brings a unique perspective into the GPSC board as he has experience in the Thai government, specifically Excise Department (2020 - present) and Ministry of Finance (2016-2018). Mr. Lavaron expertise lies in finance with more than 25 years of experience. His education backgroud is a master's degree in Economic Policy and Planning from Northeastern University, USA, and a Bachelor degree in Economic from Chulalongkorn University.
14. Mr. Jeerawat Pattanasomsit
Director (Non-Executive Director) Mr. Jeerawat Pattanasomsit is a Director. He joined the GPSC board in 2021. He holds a master's degree in Petrochemical Technology from Chulalongkorn University. He previously worked with renowned companies in the energy and petrochemical sectors, for example, Thai Oil PCL, Sak Chaisidhi PCL, and Thai Lube Base PCL. He also holds a position as an Executive Vice President-Power, New Business and Digitalization at Thai Oil PCL. Mr. Jeerawat also participated in several capacity building programs such as PTT-Harvard Business School Leadership Development Program from Harvard University, Director Certification Program from Thai Institute of Directors, and many more.
15. Mr. Worawat Pitayasiri
Director / Secretary to the Board / Member of the Risk Management Committee / President and Chief Executive Officer (Executive Director) Mr. Worawat Pitayasiri is a Director, Secretary to the Board, Member of the Risk Management Committee and President and Chief Executive Officer of GPSC Group since 2020. He also holds a position as a director of many utility organizations, such as Xayaburi Power Company, Ratchaburi Power Company and Glow Group. Previously, Mr. Worawat brings strong industrial and utility insights to the board, as he was a President at PTT MCC Biochem Company Limited, Executive Vice President, Downstream Business Group Collaboration at PTT Public Company Limited, and Executive Vice President, Downstream Business Group Planning at PTT Public Company Limited. He brings more than 20 years of in-depth experiences and operational insight that can strategically apply across the group effectively.
Performance evaluation of the Board of Directors by independent assessment

In 2021, the Company considered assigning Kincentric (Thailand) Co., Ltd., an independent external assessor. Conduct a performance evaluation of the Board of Directors with a total of 3 assessments, including the Board of Directors Assessment Form, the Individual Directors Assessment Form (Self-Assessment and other Directors), and the Assessment Form of the Four Sub-Committees (Faculty-by-Committee), which the Directors have evaluated all 15 members. Summary of performance evaluation of the Board of Directors and sub-committees is as follows:

Result of Performance Evaluation of the Board of Directors Average Score (%) 2021
Type 1 : Results of the evaluation of the entire board of directors 91.39 %
Type 2 : Individual Director Evaluation Results  
1. Self-assessment results 94.12 %
2. Cross evaluation results 94.65 %
Type 3 : Results of the Evaluation of the Sub-Committee  
1. Audit Committee 99.15 %
2. Nomination and Remuneration Committee 85.83 %
3. Corporate Governance Committee 97.27 %
4. Risk Management Committee 96.00 %
GRI 102-36

Global Power Synergy Public Company Limited (GPSC Group) has established guidelines for the President and Chief Executive Officer to determine appropriate remuneration that reflects the success of organizations and individuals. The Board of Directors, in accordance with the recommendations of the Nomination and Remuneration Committee, conducts performance evaluations and determines the remuneration of the President and Chief Executive Officer. By using the performance evaluation criteria set in conjunction with the self-assessment of the President and Chief Executive Officer.

  1. Performance related to key performance indicators (KPIs) in the short term covers the following indicators:
    • a. Financial returns (e.g. operating income, earnings before interest, taxes, depreciation and amortization (EBITDA), net profit, return on assets (ROA), return on equity (ROE), and return on investment for operations (ROIC))
    • b. Relative financial indicators compared to companies in the same industry (e.g. return on assets (ROA), return on equity (ROE), and return on investment to operate (ROIC))
    • c. Other non-financial indicators (e.g. customer perspective, internal business process view, and learning and growth perspective)
  2. Performance aimed at building the company's long-term performance and management capabilities and leadership capabilities that will affect the company's long-term sustainability.

The success of these KPIs reflects short- term and long-term returns for the Chief Executive Officer and management. There is a transparent and reasonable process for determining compensation. Short-term compensation consists of salaries, bonuses, and other benefits, long-term compensation (e.g. long-term performance bonuses, etc.) will be given to chief executive officers and executives over a period of 4 years.

Performance and key performance indicators of CEO and executives

The Company evaluates the performance of chief executive officers, executives, and employees annually using the Core Performance Indicators of the Organization (KPI). Performance is evaluated based on: Creative Initiatives (70%) which supports corporate KPIs and special assignments and core behaviors (30%) which is evaluated according to the behavior of ACT SPIRIT

Long-term remuneration (remuneration linked to the share price, proportional to the duration of the share and the intermittent performance for variable remuneration) and provisions of recall

Global Power Synergy Public Company Limited (GPSC Group) Longest operating performance 1 Year in the variable remuneration assessment of the President and Chief Executive Officer While the maximum entitlement period is 4 years, the company has a recall provision, the GPSC group cites the recall provisions under Section 85. of the Public Limited Companies Act B.E. 2535 ("Public Companies Act") and Section 89/7 of the Securities and Exchange Act B.E. 2551 (2008), which requires directors and executives to perform their duties responsibly in accordance with the law, objectives and regulations of the Company. In the event that any director or executive does not act in any way or fail to comply with the law, objectives and regulations of the Company and that caused any damage to the Company, the Company will claim for damages from such directors or executives and they may receive civil and/or criminal penalties under the law.

To drive and promote personal ownership as part of the behavior that the organization needs. The President and Chief Executive Officer encouraged the Company's employees, especially senior executives, to voluntarily hold the Company shares in order to build long-term commitment and trust from our investors. However, all must strictly comply with the regulations set out by the Securities and Exchange Commission. To prevent trading using insider data or unethical conduct. For more information on the number of shares held by the Chief Executive Officer and President, including executive members, please refer to the following:

Chief Executive Officer and President (as of Dec, 2021)
Position Multiple of base salary
Chief Executive Officer and President 0
Executive (Average) 0.28
Updated as of February 2022

The content above is based on sustainability reporting standards by The Global Reporting Initiative (GRI Standards) and externally validated and verified for accuracy of the reporting data at "Limited Assurance" level.

Risk and Crisis
Management

Among the current and emerging business risk and uncertainty situations, both can impact directly and indirectly business goals. This must be managed systematically and efficiently. If, on the one hand, risks and uncertainties can also create business opportunities, the organization must seek ways to take advantage of such opportunities. As a result, the company has adopted the Enterprise Risk Management framework (ERM) from The Committee of Sponsoring Organizations of the Treadway Commission (COSO) and ISO31000:2009 to ensure that those involved have an understanding of the risk management principles and can apply them appropriately in order to make the most of them. The Company has established a Risk Management Committee under the authority of the Board of Directors to oversee the organization's overall risk management. The Company has guidelines for managing risk and crisis as follows:
Risk Management Policy

The Company, by the Risk Management Committee, has established a risk management policy to serve as a framework for the supervision of risk management in all dimensions, covering strategy and investment risks, finance, business, technology and operations, legal and regulatory aspects, personnel and organizational structure, as well as environmental, social and governance risks (ESG Risk) Corruption and emerging risks of the Company and the GPSC Group. To guide all management and employees to implement the same standards and in the same direction.

Risk Management Policy

Governance and Risk Management Structure

GRI 102-30, 103-2

The company's risk management will operate within the scope, authority, duties, and responsibilities of the Board of Director who is responsible for considering the significant risk factors that may occur, defining comprehensive risk management guidelines, and guiding the management team to have effective processes for risk management. The operation will also include risk factors that may arise from the pursuit of business opportunities and for the effectiveness of the risk management system and processes to have a consistent response to the constantly changing business context. The Board of Directors has approved the Risk Management Committee Charter by assigning some of the directors to perform the duties of the Risk Management Committee (RMC) and assigning the scope of duties and responsibilities to define and review the corporate risk management policy framework, review supervision, monitor the performance and results of operations in several dimensions such as strategy risk, financial risk, and risk on business operations and production, etc. Moreover, the assigned directors will support implementing enterprise risk management to align with business strategy and goals. This also includes establishing a comprehensive review of the company's acceptable risk framework according to the changing business context, including monitoring, screening, giving feedback, and risk advising in order to ensure the continued effectiveness of risk management operations. (Further details on the scope of responsibilities of the Risk Management Committee can be found in the Risk Management Committee Charter. https://www.gpscgroup.com/storage/content/about/management-structure/risk-management-committee-charter-2021-en.pdf)

The Audit Committee also reviewed the risk management system under the Audit Committee Charter to ensure the effectiveness and adequacy of the risk management system as a whole.

Enterprise Risk Management Framework

Apart from the enterprise risk management framework pushed by the Board of Directors and the Risk Management Committee, driving risk management in practice by management committee is also an important component. The company has designated the management committee of the company ( GPSCMC), which consists of senior management of the company from several departments, the Risk Management and Internal Control Committee (RMCC), which includes the Company's senior management responsible for overseeing the risk management system and internal control system of the Company to be appropriate and effective. The monitoring and reporting on the organization's risk management progress are done through RMCC meetings and reporting to the RMC. Meet at least quarterly.

The company's enterprise risk management framework and the link between risk management as shown in the diagram.

Risk Management Strategies and Processes

Under the company's enterprise risk management framework (ERM), The company has established guidelines for risk management operations in 2 levels: the Corporate Level and the Functional Level. There are strategies and processes for risk management, including:

Strategies for Risk Management

The company establishes strategies for risk management throughout the organization. The goal is to create a risk culture through training for management, employees, and those involved, including the appointment of representatives of agencies as Risk Agent by the group of risks related to all aspects of work which has risk management as a central coordinator and supervision as well as defining the strategy and driving the continuous improvement of the risk management system. Also, within the context of risk management, the company has set objectives and acceptable risk levels (Risk Appetite) and acceptable levels of deviation (Risk Tolerance) to provide risk management with the same direction throughout the organization and in accordance with the strategy for business. The company has also established cooperation with the PTT Group. In pursuit of developing risk management knowledge in areas such as Operational Excellence Management System (OEMS)

Organization Acceptable Risk (Risk Appetite)

GRI 102-11

Corporate Risk Management Process

The Company focuses on the systematic management of risk issues, from the assessment of risk factors to the analysis and preparation of risk issues in line with the strategy and risk management from the changes under fluctuations in the business environment and new emerging risks. Consideration, approval, supervision, management, monitoring, reviewing, escalation, and driving risk mitigation are essential to the risk management system to drive the strategic plan and business operations to achieve the stated goals. In addition to promoting the thrust of risk management into the organization's work culture through operations such as the Company risk management policy, the company has also driven the performance of risks management at all levels through the performance assessment (KPI). 1)Organizational level risks that senior management and personnel in relevant departments will be exposed to. They will receive an annual performance assessment on the relevant risk-management dimensions to achieve the goals. Contribute to driving performance at the organizational level and in responsibility. And 2) Unit-level risks. Workers in each unit will receive an annual performance assessment in the scope of their duties. To ensure that the performance under risk management and work uncertainty is achieved in accordance with the goals they are responsible for. This will be a factor that will affect the overall risk management and business goals at the organizational level.

Assessing and labeling risk (Risk Register)

GRI 102-11

The relevant departments will conduct the assessment, analysis, consideration, and preparation of risk issues. As shown, the company focuses on operating comprehensively and has adequate support measures under the risk assessment dimension.

With the same standardized assessment criteria across the organization, including an emphasis on escalation as an organizational risk on items that have a significant impact on corporate goals and strategic plans, the following procedures for assessing and maintaining risk registers are in place:

1. Identification of Risk Factors

The Company identifies risk factors by

  1. Assessing future scenarios based on changes both internal and external factors that cover emerging risks based on changing activities or business contexts that may impact organizational goals.
  2. Assessing the situation of changes in normal business operations that may affect business operations and current operations, which may affect the company's business goals. Identifying risk factors Can be carried out by personnel in relevant departments and through the review and management of risks according to the next steps

The identification of risk factors can be carried out by personnel in the relevant risk owner/function and presented for review and further risk management procedures.

2. Risk Assessment and Analysis

The Company has assessed and analyzed all potential risks, including corporate, agency, and project/product development investment risks. The criteria for assessing the risk that is the central standard of the organization are as follows:

  • The criteria for assessing the impact of risk in finance, business processes & operations, the reputation of the organization, and customers & people are divided into 4 levels: low, medium, high, and severe.
  • Likelihood assessment criteria are divided into 4 levels from
    • Low chance of occurrence (less than 10 percent or never or only 1 occurrence in 5 years)
    • Moderate chance of occurrence (between > 10 and < 20 percent or 1 occurrence in 3 years)
    • High chance of occurrence (between > 20% to < 50% or1 occurrence in 1 year)
    • Very high chance of occurrence (severe) (more than 50% or has occurred more than once in 1 year)

The company presents the assessment results using a Risk Matrix to prioritize the risks. Risk groups assessed as having high to severe impact are classified as Risks that need to be managed, and Risks with medium to low impact are classified as Risks that need to be monitored.

The risk dimensions that the company has framed include strategic risk, business risk, operational risk, and financial risk. At the level of risk management, the company has divided into two levels of management and supervision:

  • Corporate Level: Consider the impact or damage that may result in the company not being able to achieve the objectives, strategies, and business plans of the organization.
  • Functional Level: Consider the impact or damage that may result in the entity not being able to achieve its objectives and responsibilities.
3. Risk Management

The company considers the proper management of risks to be at an acceptable level. The company determines the timeframe for risk management actions to reduce the likelihood and impact of risk events. And designate the person responsible for the action (Risk Owner). To prepare a risk Mitigation Plan.

  1. Approval of the list of risks

    After assessment and preparation of the risk register, the verification of completeness of the management approach and consideration of the approval of the operation and risk closure are important steps for the integrity of such a management process. The company is divided into 2 levels of risk:

    • Corporate Risk: this will be prepared by the Corporate Risk Management team together with relevant departments and presented for approval to the Risk Management and Internal Control Committee (RMCC) and the Risk Management Committee (RMC) before presentation for approval to the Board of Directors.
    • Functional Level: It will be prepared by the Risk Owner together with the relevant departments and presented for approval to the Senior Manager according to the following functions.
  2. Monitoring, reporting, communication

    Under the Company's Risk Management Policy, Risk Management Committee Rules, and the Directive on Appointment and Assignment of Functions of the Risk Management and Internal Control Committee (RMCC), the Company organizes continuous monitoring and reporting of risk management. It requires a straightforward person responsible for monitoring and reporting as follows:

    • The Company requires the Risk Management and Internal Control Committee (RMCC) to manage the level of agency monitoring and corporate risks as well as emerging risks on an ongoing basis and present the results of corporate & emerging risks monitoring that are significant to the business. The Company proposes to the Risk Management Committee (RMC) to monitor the progress of management on an ongoing basis.
    • The company requires a central risk assessment representative of each workgroup (Risk Agent) to identify risk factors and assess risk through a risk register. The Risk Management Section will report the results to the Risk Management and Internal Control Committee (RMCC), which is the management level, to monitor the progress of management on an ongoing basis.

    In addition, the Company communicates risk issues to all managers and employees to create a robust risk management culture. The company provides ongoing risk management training, and risk information is communicated to all managers and employees through email. The company defines risk management as one of the operational indicators of all managers and employees.

  3. Review of Risk Management Plan and Risk Escalation

    The Company pays attention to the review and adjustment of the risk management plan to the situation. The goal of integrated risk management is to regularly keep the risk at an acceptable level. In addition to the corporate risk issues approved by the Board of Directors, during the year, if there are emerging risk issues that may significantly affect the company, the management of the Corporate Risk Management Section, together with the relevant departments, will prepare information for approval to the Risk Management and Internal Control Committee (RMCC) Before presenting for approval to the Risk Management Committee (RMC)

  4. Risk Management Overview

    The risk management overview can be shown in the diagram.

Correlation of risks

The risk issues classified as the most impactful on the Company's operations are the efficiency of the investment, organizational capacity, compliance, power plant security, and project implementation. Risk correlation is significant for the Company's risk management since risk correlation will cause chain effects which may cause the level of risk to increase or decrease according to each other's relationship.

Annual risk correlation analysis flowchart

Emerging Risk

GPSC Group recognizes and aware of the long-term emerging risks that could cause impact to the company. Accordingly, GPSC Group identify risks that may arise in the next 3-5 years, which will result in opportunity loss for the company if it is not appropriately managed. Therefore, the company has assessed the emerging risks, evaluated the impacts as well as defined mitigation actions to manage those risks effectively.

Emerging Risks Risk level Time
frame
Description of Risks Potential Business Impacts of the Risks Mitigating Actions
1. COVID-19 Pandemic Medium 2023 The Covid-19 pandemic has hurt the global society and economy including GPSC Group, its joint ventures, and customers. Rapid outbreak of this pandemic causes obstacles in operations and changes of customer behavior due to several containment measures i.e. lockdown, prohibition of mass gathering.
  • Constraints on National Power Policy and Macro Power balance
  • Constraints on power generation and the overall business outlook
  • Reduction of energy demand which cause an effect on GPSC revenues and profits
  • Shifting of customer energy consumption behavior
  • Shifting of business operation practices to new normal
  • Monitor the situation closely.
  • Development of a business continuity plan (BCP)
  • Provide safe houses for employees in charge of power generation and reliability and critical utility supply.
  • Screen employees and contractors operating on site, and work support of those working from homes.
  • Conduct stress tests on our financial system.
  • Provide cash flow to ensure proper liquidity in case of emergencies affecting business operations.
  • Develop new business to meet the needs of variety customers in the new normal (e.g. small scale distributed power generation, micro grid management).
2. IT Threats and Cybersecurity High 2026

Cyber threats can cause significant impacts on company information technology management and online operations since digital technologies have improved its efficiency and become much more widely used-particularly in the power generation business. Every facet of operations at plant facilities and our offices rely heavily on digital technologies and the internet. In addition, the need to adapt and work from homes amid the Covid-19 epidemic, which requires connection with the external internet. Also, the behavioral changes from new normal and global trend on digital transformation lead the company to actively adopt digitalization practices into business context with decent IT infrastructure and management to avoid negative impacts. Thus, cybersecurity becomes more important and IT threats using internet connections have become unwelcome risks.

  • Leak of company's confidential information
  • IT comes to a halt, affecting production and distribution systems, and thereby the company's reliability
  • Get penalized through fines and penalty from regulators
  • Potential to damage to company's financial and social capital
  • Loss of company reputation, reliability, and trust from stakeholders
  • Loss of business opportunities and revenue
  • Increase in infrastructure, operating, and insurance cost
  • Appoint a Digital and Cybersecurity Steering Committee (DCSC) to oversee and drive change management as well as assessing digital risks and cybersecurity. It also screens various projects to ensure alignment with GSPC’s strategies and businesses.
  • Define a clear cybersecurity policy for GPSC Group and form  the dedicated taskforces in charge of short-term and long-term management, thus winning information security management system certification (ISMS, ISO 27001:2013).
  • Educate the workforce on various IT threat patterns and related procedures for protecting against and handing each threat to minimize escalating damage to the company.
  • Periodically test the system with self-instructed decoys and organizing lessons learned to nurture awareness for all employees on the use of information technology.
  • Regularly organize workforce drills to respond to IT threats for office support functions.
  • Regularly perform information system
  • tests and system recovery drills in case of emergency threats to the power generation operating areas.
  • Regularly update for cyber-related law and regulations.
3. Innovation and Technology Transformation (Customer and consumer behavior changes in energy use) High 2026 With rapid change in customer and consumer energy consumption behaviors, technology transformation such as Blockchain and IoTs, businesses need to adapt to stay competitive and to develop innovations for future growth. In addition, disruptive technology has been rapidly driving energy technology changes, leading to changing consumer behavior for industrial and public users in energy transition towards renewable electricity such as EV heavily influenced by the stride into sustainability. These uncertainties are unavoidable and may affect on company competitiveness against its peers
  • Decrease competitiveness if the company is unable to adapt to technological changes
  • Loss of company reputation, reliability, and trust from stakeholders
  • Loss of business opportunities, market share and revenue
  • Increase financial and intellectual capital to build company's competency on new business.
  • Aggressively continue with the new S-Curve business model beyond the existing power generating business model to support future growth. This new model includes storage battery manufacturing; power storage system development and related businesses; and research and development (R&D) investment in new energy technologies to maintain our competitive advantages and drive our vision to become the leading innovative energy company.
  • Actively develop a system integrator, integrating energy production and consumption patterns to better respond to the needs of both such as Micro Grid and Smart Grid.
  • Develop a new energy trade platform to cope with new behaviors of users, simultaneously reducing impacts on our power generation and distribution business currently and in the future.
  • Conduct customer behavior analysis and shift in market pattern to understand current and future change in consumption behaviors.
  • Battery and Energy Storage Technology
4. Drought Crisis Medium 2026 Climatic feature caused by the lack of rainfall over an extended period of time cause an inadequate of water resources. As water is a critical component of our power generation business, drought and water shortages are a threat to GPSC's operation as previously seen on a drought crisis that became more severe in 2020.
  • Water shortages for manufacturing bases of many firms in Thailand and for hydropower generation from hydroelectric dams in neighboring countries. This impacts on company production and delivering processes, which resulted to company reliability and financial impacts for more than 739 MTHB.
  • Water shortages for manufacturing bases of many firms in Thailand and for hydropower generation from hydroelectric dams in neighboring countries. This impacts on company production and delivering processes, which resulted to company reliability and financial impacts for more than 739 MTHB.
  • Closely monitoring the national water supply and networks.
  • Participate with other organizations and state agencies in the Committee on Water Resource Management (a public-private cooperation in charge of monitoring and managing water resources at all storage facilities).
  • Implementing 3Rs program
  • Reduce water usage by up to 10-30 percent in case of crisis.
  • Install a mobile wastewater RO unit and a seawater reverse osmosis system.
  • Joint efforts with customers to cut water usage
  • Manage water both internally and externally with the representatives from PTT Group's water resource management committee in order to assess water situation in the Eastern region.
  • Have back-up emergency storage for at least 3 days of operations.
  • Set up water management plan to prepare for risky events related to water resource such as secure contract of demineralized water from other suppliers.

Information Security / Cybersecurity Governance

Information Technology and Cybersecurity Strategies for Success

As digital technology and information systems are critical to business operation both the production system and the operating network that connect to the internet network which could lead to a risk of cyber threats. To productively and effectively facilitate the digital technology and information operation of GPSC group as well as be able to prevent threats and effectively manage the cyber and information risk in accordance with ISO / IEC 27001, NIST standard and relevant laws, the company has guidelines for information security and cybersecurity as follows:

Cybersecurity Policy

GPSC's Information Technology and Cybersecurity governance structure are as follows:

Board of Directors (BOD)

Board of Directors are responsible for reviewing and approving GPSC' s key strategies, policies, objectives, action plans, and financial goals as well as regularly overseeing and monitoring the executives so that such plans are carried out in accordance with the prescribed directions and strategies. Moreover, the roles and responsibilities of them are to consider potential risk factors, formulate comprehensive risk management guidelines, ensure that the executives operate with efficient risk management systems and processes in place and to ensure sufficient and effective internal control as well as regular assessment of the suitability of GPSC's internal control systems.

Risk Management Committee (RMC)

GPSC Risk Management Committee appointed by the Board, which has roles and responsibilities according to the charter consisting of determining and reviewing risk management policy and framework, monitoring and supporting the operation of risk management in accordance to the changing situations covering information technology and cybersecurity risk as well as providing recommendations for the Risk Management and Internal Control Committee (RMCC) (management level) and Management Committee (MC) to ensure that the company has an efficient risk management. The results of risk management operations will be reported to the Board.

Audit Committee (AC)

GPSC Audit Committee (AC) has duties to review to ensure that the internal audit systems, internal control systems and risk management of the company are appropriate and efficient as well as to guide and give any advice to management to improve processes effectively in order to reduce any risk factors.

Management Committee (MC)

GPSC Management Committee is responsible for monitoring and driving the business operations in accordance with the prescribed directions and strategies as well as managing any obstacles and risks which might affect business operations. In addition, the roles and responsibilities of them are to provide recommendations to President and Chief Executive Officer in order to make decisions on important issues to business operations and plans as well as to manage the working system with the same direction and to scrutinize the risk management of the company. The results of risk management and business operations will be reported to the Risk Management Committee and the Board, respectively.

Risk Management and Internal Control Committee (RMCC)

GPSC Risk Management and Internal Control Committee are responsible for governing risk management activities and internal control systems which cover all risks, including environmental, social, and governance risk (ESG risk) to ensure that the company can achieve organizational goals with reasonable confidence through supporting and monitoring the operation in accordance to the risk management policy and framework of GPSC Group as well as overseeing the operational risk management both corporate and functional risks. In addition, the roles and responsibilities of them are to scrutinize the risk management framework as well as to monitor and evaluate the results of risk management. They also have the responsibilities to support and provide recommendations to the management committee in risk management, according to their scope of duties as well as to develop enterprise risk management to align with international standard to ensure that the risk management system meets the requirements. The results of risk management will be reported to GPSC Risk Management Committee, Audit Committee, Management Committee and related functions. In case that there is a significant factor or situation which might affect the company significantly, the committee must report to the Board immediately.

Digital and Cybersecurity Steering Committee (DCSC)

Executive Vice President Corporate Strategy and Subsidiary Management performs the chairman of the DCSC and has responsibilities for managing any changes, assessing digital technology and cybersecurity risks, establishing strategies to achieve operational goals as well as driving and supervising various projects in accordance with the organization's strategies and operations.

In addition, senior executives from various departments join to perform the committee and be responsible for regulating and driving digital technology and cybersecurity operations to have the effective results and comply with the cybersecurity, ISO/IEC 27001, NIST standard, and relevant laws.

Digital technology and cybersecurity risk management and result of the operation will be reported to GPSC Management Committee as necessary. In case of emerging risk or high risk, the committee must report to the Risk Management and Internal Control Committee to consider and provide recommendations on the risk management as well as to concretely drive the efficient risk management.

Cybersecurity Working Team

Representatives from various departments, consisting of Information Technology (IT) and Operation Technology (OT) departments are responsible for preparing a plan, improving, and defining a framework for cybersecurity to comply with GPSC Group's cybersecurity policy, relevant laws and regulations in order to manage cybersecurity risks. The cybersecurity working team must monitor and report the operational result to DCSC as necessary.

ISO/IEC 27001 Information Security Management System (ISMS)

ISMS consists of 3 working groups as follows

Information Security Management Representative (ISMR)/ Information Security Management Assistance (ISMA) is the company's management representative which has responsibilities for supervising to establish, use and develop the information security management system in GPSC as well as for maintenance, continuously monitoring and improving to achieve the information security policy and to conform to ISO/IEC 27001 standard. In addition, ISMR/ISMA also has duties in providing recommendations and suggestions about information security and policy applying to all employees as well as supervising any changes that might occur in the company along with coordinating to assess, solve and appropriately control risks from those changes and in case of security breaches. ISMR/ISMA must report the result of the operation to DCSC.

ISMS Core Team (CT) consists of representatives from various departments. They have duties in coordinating with ISMR/ISMA to conduct risk assessments and manage risks for each segment as well as to measure the effectiveness of the process and control in the system. In addition, CT is responsible for coordinating with ISMR in the event of security breaches or any emergency cases to control and deal with these challenges that arise.

ISMS Document Controller (DC) is responsible for supervising and controlling the use of documents and records of the system to comply with the requirements of ISO/IEC 27001 standard, including coordinating with the GPSC central document controller team in order to operate the system to be in line with the company standard.

Information Technology and Cybersecurity Measure

GPSC has organized training courses on information security and cybersecurity awareness, including compliance standards of the company's Information and Communication Technology Policy Standard Practice such as computers and software usage, internet usage, sending and receiving e-mails, and computer virus protection to employees at all levels, as well as new employees through online channels such as e-Learning and orientation, to raise awareness of cyber threats and know the policies and regulations for the use of information technology systems that employees at all levels must strictly adhere to as part of their performance evaluation. Employees with violations will be subject to disciplinary measures by the company.

In 2021, the company held
2

courses in IT Policy and Cybersecurity
Awareness training through e-Learning

Persons employee participation of over
1,030

people

In addition, GPSC has assigned a third party to perform vulnerability analysis of the organization's information technology system annually. It consists of four activities, including external penetration, internal penetration, vulnerability scanning, and phishing mail testing, with close monitoring. If any employee misconduct and falls victim to the test, there will be communication and training courses to raise awareness and improve comprehension of cyber threats in specific target groups. In cases related to information and cyber security, employees can contact or notify service channels such as the IT Service Desk, system administrators, and PTT-Digital to investigate and take corrective action on incidents.

GPSC has established channels for reporting emails received by employees that are suspected to be spam or Phishing Mail through the Report Phishing function. In the past year, GPSC has been certified in Information Security Management System – ISO/IEC 27001:2013 for data center, supporting infrastructure and cloud management (IaaS).

Updated as of February 2022

The content above is based on sustainability reporting standards by The Global Reporting Initiative (GRI Standards) and externally validated and verified for accuracy of the reporting data at "Limited Assurance" level.

GRI 103-2

Approaches to Business Ethics and Anti-Corruption are as follows:

Strategies
  • Corporate Governance (CG) & Code of Conduct Policy and Manual
  • Anti-Corruption Policy
  • Compliance Policy & Charter
  • Whistleblowing and Complaints Handling Policy
  • Law and Regulation Policy
  • Asset Management, Confidentiality and Information Disclosure Policies
Action Plans
  • Roles and responsibilities for legal affairs
  • Practices on anti-corruption, anti-gift/benefit accepting and giving through information technology and communications
  • Reports on stakeholder engagement of directors, executives and related persons. The report criteria include those in the first report, quarterly reports on changes of stakeholders' information and annual reports on shareholders' information
  • Raising awareness of business ethics and anti-corruption among all stakeholders, including directors, employees, executives, representatives of affiliate companies, business partners and other groups
Filing and Reporting Performance
  • Filing and Reports on security holdings of the company's directors, and senior executives
  • Filing and Reports on shareholder engagement of the company's board members, executives, and persons involved
  • Filing and Reports on lists of gifts or other benefits incompliance with the practices on anti-corruption, anti-gift/benefit accepting and giving through information technology and communications
  • Filing and Reports on disclosure of the company's conflicts of interest

The Corporate Legal and Regulatory Authority is a division under the Corporate Secretarial and Corporate Governance Department. In accordance with the organizational regulations: Procedures for compliance with applicable laws and regulations The Corporate Legal and Regulatory Authority is responsible for collecting and monitoring laws relating to GPSC operations, considering the relevance and prying of the law. In order for all employees to strictly comply with applicable laws and regulations. If verified, inconsistencies are found in accordance with applicable laws and regulations. The review will be reported to agency executives to consider ways to take corrective action and determine the completion period to suit the risk level. And propose the results of the amendments to the management. Such regulations apply to all personnel. If found to be inaction and damage Disciplinary action will be held in accordance with GPSC work regulations. For example, a written warning, for example.

Currently, the Corporate Legal and Regulatory Authority has the tools to review the conformity of the law or compliance monitoring system (CMS), and the company's relevant laws and regulations are registered into the CMS system, consisting of details or processes that must be carried out in accordance with that law. By reviewing with the relevant authorities through the CMS system that the relevant laws and regulations have been implemented.

In 2021, the Regulatory Authority of Legal and Regulatory Affairs of the Organization is evolving. Application to support the implementation of the Personal Data Protection Act B.E. 2562, which will be effective on June 1, 2022. Application "One Trust" is a tool designed to keep operations in harmony with GPSC Privacy Policy and PDPA Management guideline

In addition, the Corporate Legal and Regulatory Authority has provided the communication of personal data management under the Personal Data Protection Act to employees through E-learning.

Corporate Governance & Code of Conduct of GPSC operations

All the Company's personnel are obliged to operate in accordance with the guidelines in the Corporate Governance Manual and Code of Conduct under the supervision of the Corporate Governance Manual and Code of Conduct under the supervision of the Corporate Governance Committee. In order to ensure sustainability in accordance with the Company's good corporate governance principles, which are equivalent to international practices, the Company promotes and cultivates a culture of ethical business practices by designating it as one of the corporate values and integrity, by promoting it through activities and channels regularly. The Company has designated the Board of Directors, Executives, and all employees to sign the acknowledgment of GPSC's Guide to Good Corporate Governance and Business Ethics. In addition, the Company has prepared a report revealing the Company's conflicts of interest, in which its personnel is obliged to report conflicts of interest at least once a year and report every time in case of change, which is specified in the Code of Conduct on Conflicts of Interest and Interest in order to ensure that the Company's business operations are transparent and fair.

Anti-Corruption

The Company adheres to business operations and management with integrity, transparency, and fairness. Responsible for society and all stakeholders in accordance with the Principles of Good Corporate Governance and Business Ethics, the Company does not accept all forms of corruption directly or indirectly by clearly declaring its intentions. The Company has signed a joint signing of the Thai Private Sector Collective Action against Corruption (CAC) coalition project since 2018. Moreover, the Company has established the Anti-Fraud and Corruption Policy and anti-corruption policy regarding receiving and offering gifts, raising or other benefits or No Gift Policy to assign to the Company's personnel to strictly adhere to the policy. The Company and GLOW have prepared an assessment form on anti-corruption measures that have been audited by external agencies. The Company has been certified and received a certificate from CAC in the third quarter of 2020. In E-learning format

Complaints and Protection Process

GRI 102-17

In order for the operation of the Company, its subsidiaries, and associates to be effective in accordance with laws, rules, and regulations. The Company's Good Corporate Governance Policy and Code of Conduct for Conducting the Company's Business In a transparent, fair, and auditable manner. The Company has issued a policy of complaints and protection (Whistleblowing and Complaints Handling Policy) and announced the process for receiving complaints and providing protection to complainants and related parties, along with mechanisms for monitoring and auditing in order to prevent risks and damages that may occur to all stakeholders. This includes providing protection to those who make whistleblowers or complain in good faith.

(https://www.gpscgroup.com/en/cg/whistle-blowing-measures)

In 2021, the Company received a complaint through the whistleblowing channel regarding violations of the Company's code of conduct with complaints through the Company's complaint channels that meet the criteria and receive 2 official complaint cases. The results of the investigation of the 2 complaints were not found to be fraudulent. The Corporate Legal and Regulatory Authority also provides such training to employees in E-learning format

Promoting and educating business ethics and combating fraud and corruption

The Company has encouraged, educated, and organized activities for all employees to be informed. Recognize the principles of business ethics and fighting corruption and concretely can be implemented in business operations. In 2021, the events include:

Orientation activities for new employees to communicate knowledge, and understanding of good corporate governance principles and business ethics, and anti-corruption.

Promote GPSC's business ethics and best practices through in-house communication channels to company personnel on the following topics:

  • Conflicts of interest
  • Procurement and Treatment of Partners
  • Confidentiality, data retention, and use of internal data
  • Receiving, gifting, property, or any other benefit.

In addition, the Corporate Legal and Regulatory Authority also provides such training to employees in E-learning format

"KM Day 2021" activities to communicate knowledge and understanding of complaints and protection policies On November 19, 2021

PTT Group CG Day 2021 under the concept of "The Power of Business Integrity" On December 22, 202, PTT Group is committed to driving the business of the organization based on CG principles, as well as receiving policies from the board/management of each company that focuses on CG as a contribution to driving the business, making it competitive and integrated with the everyday work process, not something new or something that causes obstacles to work.

Knowledge transfer of legal management of the Personal Data Protection Act Anti-Corruption and Conflict of Interest at the 2021 GPSC Group Supplier Day 2021 seminar on November 4, 2021

Updated as of February 2022

The content above is based on sustainability reporting standards by The Global Reporting Initiative (GRI Standards) and externally validated and verified for accuracy of the reporting data at "Limited Assurance" level.