The Company is fully committed to becoming a good business entity, performing in consistency with the laws, regulations, and code of ethics, as well as implementing an effective management system.

1. Transparency
   The Company consistently provides clear, accurate, complete, and timely information to the shareholders and other stakeholders, in the form of financial statements, investor information, and other relevant materials or disclosures. These are available on the corporate website, www.matahari.com /corporate/, and disclosed in the Company's annual reports.
2. Accountability
   The Management accepts its responsibility to the shareholders and other stakeholders regarding the implementation of the Company's strategies and the achievement of its objectives and is ready to be accountable for all its actions and decisions to the Board of Commissioners, the shareholders, and other stakeholders. The Board of Commissioners is responsible for the effective supervision of Management and is accountable to the shareholders.
3. Responsibility
   

   The Company complies with the relevant laws and regulations and respects the rights of all the stakeholders. It also fulfills its responsibility to protect and promote the sustainability of the environment, public welfare and healthy living.

4. Independence
   

   The Company manages the business in a professional manner, without any conflict of interest or influence or pressure from any party that is in conflict with the laws and regulations. This is demonstrated in the Company's objective decision making, which is free of any intervention from third parties.

5. Fairness
   

   The Company treats all the shareholders equally, regardless of whether they are majority or minority shareholders, and guarantees the rights of the shareholders and stakeholders. Therefore, the Company always provides equal opportunities to all shareholders to make decisions and engage with the company in AGMS, and treats all stakeholders fairly by providing equal opportunities related to employment, training, promotion, access to information, and so on.

The Company's Code of Conduct is a standard of business ethics and work ethics which is prepared by taking into account the principles of Good Corporate Governance, based on the values ​​and norms that apply in the Company, and is constantly tailored to the development of laws and regulations and applicable practices.

1. The key objectives of the Code of Conduct are:
   

   a. Integrating the Company's values ​​into employees' ethical business practices in line with the Company's vision and mission; and

   b. Clearly describes the Company's values ​​and the acceptable conduct that must be followed by all employees in carrying out their day-to-day duties and responsibilities.

2. Providing basic guidelines for all levels in the Company with regard to the interaction between employers and employees, shareholders, suppliers, Government, and other stakeholders.

The Code is reviewed periodically to ensure that it remains consistent with these objectives.

Contents of the Code of Conduct

The Code provides guidance for employees on their interactions with colleagues, employees, shareholders, suppliers, and regulatory officials in the following areas:

Improving accountability, transparency, and compliance with existing laws and regulations;
Implementing tasks with the highest degree of professionalism and integrity;
Avoiding giving or accepting inappropriate corporate gifts, bribery and kickbacks in any form and for any reason, for example, cash and its equivalent, membership/entertainment, unusual discounts, unusual (in terms of frequency and/or value), fund support for tours or vacations, hampers, and bouquets;
Avoiding activities which may give rise to a conflict of interest with their work in any form or situation for example, an employee has a financial interest with vendors, contractors or brokers who have business relations with the Company; an employee operates and manages an enterprise that is related to the Company; an employee uses the Company's assets for personal benefit; and
Protecting the Company's proprietary information, both during and after an employee's employment term with the Company.

The Whistleblowing System (WBS) is part of the Company's Code of Conducts. It is a form of supervision inherent in carrying out consistent and continuous internal control, by involving all members of the Company to be proactive in maintaining order, and combating the practice of activities that may damage the Company's reputation.

Suara Matahari is the Company's official mechanism for a whistleblower to report misconduct which offers a range of confidential channels through which employees and other stakeholders can report if they sincerely suspect that a violation of the Code of Conduct or other misconduct has taken place, remaining anonymous if they wish. The Company's whistleblowing policy, including the procedures and contact numbers for reporting, has been disseminated to all our employees, management, suppliers and business partners.

Suara Matahari has several features that support its accessibility, trustworthiness and effectiveness:

1. Numerous hotline channels, including toll-free telephone lines, Short Message Services/SMS, website, email and mailbox;

2. Promotion of anti-fraud awareness and the whistleblowing program to all management, employees and suppliers;

3. Experienced contact center operators who handle incoming reports;

4. Forensic investigation experts follow up the incoming reports and present the issues to management; and

5. Recommendations for improvements.

Whistleblowing System Management

Suara Matahari is managed independently by Deloitte as a third-party administrator in order to ensure reporting objectivity. The Company ensures that reporting parties have complete anonymity and protection. The status of incoming reports will be monitored by the Internal Risk Management and Audit Division. They will consolidate and report them to the Board of Directors and the Risk Management Committee.

Reporting Procedures

The Company provides various channels for anyone to report suspected misconduct or violations of the Code of Conduct as follows:

• Hotline : +62 21 2350 7056;
• SMS / WhatsApp : +6281586709196;
• Email : suaramatahari@tipoffs.info .
• Website : https://id.deloitte-halo.com/warnamatahari/

Reports submitted in writing must be accompanied by a disclosure cover sheet, which can be downloaded from the Suara Matahari website. Informants should provide at least the following information to ensure that the appropriate actions can be taken:

1. Name(s) of those involved;
2. Name of a witness (if available);
3. Information about the incident, including date, time and location;
4. Evidence;
5. The related nominal or assets; and
6. The frequency of incidents.

Report Handling

1. The Suara Matahari operator receives the whistleblowing report through one of the above channels and assigns a unique, anonymous reference number to the informant, which he or she can use when requesting information about the progress of the case.
2. The report is sent to a Deloitte analyst for assessment. The results are returned to the Company's representative within one working day.
3. The Risk Management and Internal Audit Division determines further investigation and clarification actions. Later on, this division will present the results to the Risk Management Committee to decide on the penalties or sanctions on the suspects and determine any internal control improvements or other changes the Company needs to make.

Protection for Whistleblowers

The Company guarantees to protect whistleblowers who report in good faith from any retaliation by the allegation's subject. The whistleblowers have the following options regarding the disclosure of their identity:

1. Full disclosure: the whistle-blower is willing to disclose his/her identity to Deloitte and the Company.
2. Partial anonymity: the whistle-blower is willing to disclose his/her identity only to Deloitte. In this case, Deloitte will keep the informant's identity confidential from the Company.
3. Full anonymity: the whistle-blower is not willing to disclose his or her identity to Deloitte or the Company. The Company guarantees to protect the whistle-blower, who acts in good faith, from any act of retaliation by the reported party.

The Company recognizes that risk has become an integral part of every business process. The possibility of risk occurring at any time and if significant, the consequences will impact on operational stability and performance achievement.

To ensure sustainability and business growth, the Company is committed to managing all risks proactively, systematically, effectively and efficiently.

The Risk Management Committee, the Audit Committee, the Internal Audit and the Company's External Auditors work closely to identify, evaluate and mitigate risks by reviewing risk parameters in various areas, particularly critical systems, areas affecting costing and/or profitability, fraud, and abuse of authority.

Risk Management Framework

The Company has an Enterprise Risk Management Framework which contains the Company's objectives, strategies, governance, organization, methodology, monitoring, and risk management reporting processes, thus enabling the Company to analyse, identify, and address risks in strategic areas in every part of the organization actively and consistently which includes:

1. Risk identification, measurement, monitoring and control, including awareness;
2. Risk management infrastructure, including organizational structure, governance systems, data collection, analysis methods, policies and procedures and reporting; and
3. Corporate culture, including training, performance measurement, value development, and rewards.

In order to protect the Company's assets, the Company has developed a roadmap for implementing risk management processes across the organization via several functions in Loss Prevention, Security, and Safety.

The Company also continuously implements a Risk Control Awareness and Assessment Program to ensure that all stakeholders (including business partners) understand and support the Company-wide risk management approach. As a result, the Company has developed a risk treatment, risk tolerance, and risk control matrix.

Audit on the Company's Consolidated Financial Statements for the year ended 31 December 2023, which includes the statements of financial position, statements of profit or loss and other comprehensive income, statements of changes in equity and statements of cash flows, prepared in accordance with Indonesian Financial Accounting Standards.