The Company's Code of Ethics is a standard of business and work ethics prepared with due regard to the principles of Good Corporate Governance, based on the values and norms applicable within the Company, and continuously adjusted to developments in prevailing laws and regulations and practices.

1. The main objectives of this Code of Ethics are:

   a. To integrate the Company's values into employees' ethical business practices in accordance with the Company's vision and mission.

   b. To clearly illustrate the Company's values and acceptable behaviors that all employees must follow in carrying out their daily duties and responsibilities.
2. To provide basic guidelines for all levels within the Company regarding interactions between employers and employees, shareholders, suppliers, the Government, and other stakeholders.

These guidelines are periodically reviewed to ensure that the Code is consistent with these objectives.

Content of the Code of Ethics
This Code of Ethics provides guidance for employees on their interactions with colleagues, employees, shareholders, suppliers, and regulatory officials regarding the following:

1. Enhancing accountability, transparency, and compliance with existing laws and regulations;
2. Performing duties with the highest level of professionalism and integrity;
3. Avoiding giving or receiving improper gifts and bribes in any form and for any reason, such as: cash and equivalents, memberships/entertainment, unusual discounts, unusual meals or hospitality (in terms of frequency and/or value), financial support for travel or holidays, parcels, bouquets;
4. Avoiding activities that could create conflicts of interest with their work in any form or situation, for example: an employee having a financial interest with a vendor, contractor, or broker that has a business relationship with the Company; an employee operating and managing a company related to the Company; an employee using Company assets for personal gain; and
5. Protecting the Company's proprietary information, both during and after the employee's employment with the Company.

The Whistleblowing System is part of the Company's Code of Ethics. It is a form of inherent supervision in implementing consistent and continuous internal control, involving all members of the Company to be proactive in maintaining order and combating activities that could damage the Company's reputation.

Suara Matahari is the Company's official mechanism for whistleblowers to report violations, offering various closed channels through which employees and other stakeholders can report if they genuinely suspect violations of the Code of Ethics or other misconduct, and remain anonymous if they wish. The Company's whistleblowing policy, including reporting procedures and contact numbers, has been disseminated to all employees, management, suppliers, and our business partners.

Suara Matahari has several features that support its accessibility, trust, and effectiveness:

1. Various hotline channels, including toll-free phone lines, Short Message Services/SMS, website, email, and mailbox;
2. Dissemination of anti-fraud awareness and whistleblowing programs to all management, employees, and suppliers;
3. Contact center operators experienced in handling incoming reports;
4. Forensic investigation experts follow up on incoming reports and escalate issues to management;
5. Recommendations for improvement.

Whistleblowing System Administrator

Suara Matahari is managed by an independent administrator, Deloitte, a third party to ensure objectivity and effectiveness. This arrangement ensures that informants have complete anonymity and protection. The Risk Management and Internal Audit Division monitors the status of incoming reports and consolidates them for reporting to the Board of Directors and the Risk Management Committee.

Reporting Procedure

The Company provides various means for anyone to report suspected irregularities or violations of the Code of Ethics, as follows:

• Hotline : +62 21 2350 7056;
• SMS / WhatsApp : +6281586709196;
• Email : suaramatahari@tipoffs.info.
• Website : https://id.deloitte-halo.com/suaramatahari/

Reports submitted in writing must be accompanied by a statement form, which can be downloaded from the Suara Matahari website. The whistleblower must include the following information to ensure that their reporting action can be identified:

1. Names of those involved;
2. Names of witnesses (if any);
3. Information about the incident, including date, time, and location;
4. Evidence;
5. Nominal value or related assets; and
6. Frequency of the incident.

Report Handling

1. Suara Matahari operators receive whistleblowing reports through one of the channels above and provide the whistleblower with a unique and anonymous reference number, which can be used to obtain information about the progress of the case.
2. Reports are sent to Deloitte analysts for assessment. The results are returned to the Company's representative within one business day.
3. The Risk Management and Internal Audit Division determines further investigative and clarification actions to be taken, and then presents the results to the Risk Management Committee to decide on the penalties or sanctions to be imposed on the suspect and to determine internal control improvements or changes to be made by the Company.

The Company recognizes that risk has become an inseparable part of every business process. The possibility of risk can occur at any time, and if significant, the consequences will impact operational stability and performance achievement.

To ensure business sustainability and growth, the Company is committed to managing all risks proactively, systematically, effectively, and efficiently.

The Risk Management Committee, Audit Committee, Internal Audit, and External Auditors of the Company work together to identify, evaluate, and mitigate risks by reviewing risk parameters in various areas, especially critical systems, areas affecting expenditure and/or profit, fraud, and abuse of authority.

Risk Management Framework

The Company's risk management objectives, strategy, governance, organization, monitoring, and reporting processes are outlined in the Enterprise Risk Management (ERM) framework. This framework enables the Company to actively and consistently analyze, identify, and respond to risks in strategic areas across every part of the organization, including:

1. Risk identification, measurement, monitoring, and control, including risk awareness;
2. Risk management infrastructure, including organizational structure, governance systems, data collection, analytical methods, policies and procedures, and reporting; and
3. Corporate culture, including training, performance appraisal, value development, and rewards.

To protect the Company's assets, the Company has developed a roadmap to implement risk management processes throughout the organization through several functions in the areas of Loss Prevention, Security, and Safety.

The Company also implements a Risk Control Awareness and Assessment Program to ensure that all stakeholders (including business partners) understand and support the Company-wide risk management approach. As a result, the Company has developed a risk treatment matrix, risk tolerance, and risk control.

The Company constantly strives to create a healthy business climate, avoid actions, behaviors, and activities that could lead to conflicts of interest, corruption, collusion, and nepotism; prioritizing the Company's interests above personal, family, and group interests. These efforts are part of the Company's commitment to uphold fair competition, sportsmanship, professionalism, and corporate governance principles. To achieve this, the Company has established a series of guidelines related to ethical behavior consisting of:

1. Code of Conduct for Employees and Business Partners;
2. Whistleblowing Program – Suara Matahari; and
3. Other Company Regulations/Policies.

All the above policies/programs have been routinely disseminated, and training has been provided to the Company's employees and business partners.

Information Access

The audit of the Company's Consolidated Financial Statements for the year ended December 31, 2023, which include the Statement of Financial Position, Statement of Profit or Loss and Other Comprehensive Income, Statement of Changes in Equity, and Statement of Cash Flows, was prepared in accordance with Indonesian Financial Accounting Standards.