EN
TH

Risk and Crisis Management

Challenges and Commitments

GGC recognizes the current global transformation trends that bring both risks and new opportunities which may affect future business operations, including technological advancements that influence human lifestyles and behaviors, climate change, as well as the expectations and behaviors of the modern workforce. Therefore, GGC places importance on systematic enterprise risk management, taking into consideration both internal and external business environments that may continuously affect operations. This enables GGC to identify emerging risks and potential issues in a timely manner, allowing the organization to effectively respond to challenges and drive progress toward its strategic goals.

Key Stakeholders

Employee
Shareholder, Investor and Analyst

For additional information on stakeholder engagement: Stakeholder Engagement

Goals

Achieve efficient and effective enterprise risk management aligned with
business goals and long-term corporate strategies.
Monitor and manage risks
to reduce impact to an acceptable and appropriate level.

Key Performance in 2025

Enterprise risk management aligned with business goals and long-term corporate strategies.
Risk monitoring and management conducted at least once per quarter.

Management Approach

Guidelines for Risk Management and Internal Control

GGC has adopted risk management and internal control guidelines based on international standards, including COSO (The Committee of Sponsoring Organizations of the Treadway Commission) 2017 and ISO 31000. These standards aim to support effective operations, ensure accurate and complete reporting, and promote compliance with applicable laws and regulations. The guidelines also enhance transparency, strengthen corporate credibility, and support GGC in achieving organizational objectives, while meeting stakeholder expectations for ethical, transparent, and responsible business conduct.

To ensure the effectiveness of the internal control system, GGC has established a dedicated unit responsible for continuous supervision and monitoring of internal controls. The purpose is to support operational efficiency, ensure the accuracy and reliability of reporting, and maintain full compliance with relevant laws and regulations. GGC is also able to prevent unauthorized use of assets by authorized personnel or related individuals, as well as appropriately control transactions that may involve conflicts of interest or related parties. Meanwhile, the Internal Audit Unit conducts reviews of internal controls based on the risk-based audit plan.

Risk Management Structure

GGC adopts the Three Lines of Defense model to clearly define roles and responsibilities for risk management and internal control across the organization. This structure establishes systematic separation of duties and strengthens accountability in managing enterprise risks.

First Line:

Corporate Risk Management and Internal Control, together with Risk Owners and Risk and Internal Control Coordinators, form the first line of defense at the operational level. Their responsibilities include implementing risk management guidelines, identifying and assessing risks, monitoring risk mitigation activities, and preparing quarterly reports for management in alignment with the Corporate Strategy for Enterprise Risk Management.

Second Line:

The Enterprise Risk Management Committee (ERMC) and the Risk Management Committee (RMC) constitute the second line of defense. They are responsible for reviewing reported risks, overseeing governance practices, providing oversight and recommendations to support functions, and conducting quarterly enterprise risk assessments to enhance the effectiveness of risk controls.

Third Line:

The Internal Audit Unit operates independently from business functions and reports directly to the Audit Committee on a quarterly basis. Its primary responsibility is to evaluate the effectiveness of enterprise risk management, internal control practices, and the relevant functions’ ability to prevent and respond to risks, thereby strengthening corporate governance and risk management across GGC.

Risk Management Committee

Risk Management Committee

Board of Directors

Risk Management Committee

Board Level

Responsible for defining enterprise risk management policies, overseeing senior management in managing related risks, determining strategic direction, and monitoring overall risk management performance.

Enterprise Risk Management Committee

Senior Management Level

Responsible for overseeing risk management activities across the organization to ensure alignment, together with strategic management, linking to strategic objectives and key organizational goals. The Committee ensures consistency with the principles, policies, and risk management framework established by the Risk Management Committee (RMC).

Enterprise Risk Management and Internal Control Unit

Risk Management and Internal Control Coordinators

Department Level

Responsible for implementing risk management guidelines, identifying and assessing risks, monitoring risk mitigation activities, and preparing quarterly reports for the Management Team in accordance with the Corporate Strategy for Enterprise Risk Management.

Risk Management Process

GGC defines its risk management processes based on the organizational risk structure and assigned responsibilities. The process begins with risk identification at the functional level and continues through the decision-making process at the Board of Directors level. These processes are established to enable timely identification and response to emerging risks.

GGC’s risk management process comprises three key steps as follows:

1. Risk Identification and Assessment

GGC considers risks at multiple levels, including enterprise risks, operational risks, and emerging risks, based on the COSO (Committee of Sponsoring Organizations of the Treadway Commission) framework. The Company also applies various risk management tools to analyze, assess, and establish comprehensive risk management approaches. This includes a thorough assessment of the business environment, considering both internal and external factors, determination of acceptable risk levels, risk assessment, and prioritization of risks using a Risk Matrix based on likelihood and impact.

GGC has also established enterprise risk assessment guidance as a key mechanism to identify emerging trends and potential issues that may affect business operations. This assessment takes into account the overall internal and external business environment. Risks considered include both Business as Usual Risk Factors and Strategic Risk Factors to ensure that risk management is appropriate and aligned with GGC’s objectives at all levels.
Business as Usual Risk Factors

Strategic Market Operation Compliance Sustainability
Strategic Risk Factors

Competitiveness Growth Sustainability

In conducting risk analysis and prioritization, GGC considers two factors: the likelihood of occurrence and the severity of impact. The Company prioritizes risks through the development of a Risk Matrix, resulting in the identification of key operational and strategic risk issues. This prioritization enables GGC to address each risk appropriately and effectively.

GGC establishes its risk management framework through a defined Risk Appetite, as outlined in the Risk Profile. This framework covers enterprise risk identification, analysis, and assessment at both the organizational and operational levels that may affect GGC’s ability to achieve its objectives throughout the year. Based on the risk analysis results, GGC identifies three primary groups of potential business risks:

Operational Risk Group (Existing Risks)

  • Sales and market risks
  • Supply chain management risks
  • Operational and safety risks
  • Foreign exchange risks
  • Risks from operations of GGC Group companies GGC
  • Cybersecurity risks

Strategic Risk Group

  • Risks related to the Company’s major project execution
  • Risks associated with readiness toward achieving Net Zero
  • Human capital and organizational risks

Emerging Risks

  • Misalignment with modern workforce dynamics
  • Adoption of artificial intelligence in business development
  • Biodiversity loss from oil palm plantations

GGC also conducts Sensitivity Analysis to assess the severity of risks in cases where risk-related factors change. The analysis covers two key scenarios: Financial risks associated with raw material price volatility that may affect profitability and non-financial risks such as fluctuating reservoir water levels that may impact plant operations. Additionally, GGC assesses risks related to new product development, covering safety, production process, pricing, and business operation risks.

Based on the risk assessment results, GGC incorporates these findings into the development of investment strategies and business plans to align with corporate policies and objectives. Regular quarterly meetings are held between the Enterprise Risk Management Committee (ERMC) and the Risk Management Committee (RMC) to ensure continuous improvement in risk evaluation and control.

GGC currently establishes risk responses by considering scenarios, conditions, and significance levels, taking into account acceptable risk levels and cost-benefit considerations to ensure effective risk management. The responses include:

  • Avoid or Terminate: discontinue or prevent risk-related activities
  • Reduce or Control: take additional measures to reduce likelihood or impact
  • Share or Transfer: assign responsibility to another party
  • Accept: accept residual risks without additional action

2. Risk Mitigation

GGC has appointed the Enterprise Risk Management and Internal Control Unit along with Risk Coordinators (Risk Owners) responsible for complete risk identification and assessment. The Company also establishes risk mitigation plans based on acceptable risk levels and defines Key Risk Indicators (KRI). Sensitivity analysis, scenario planning, and stress testing are applied to assess potential impacts across both financial and non-financial risk areas. Measures are implemented to enhance preparedness, monitor situations, and analyze external trends using the PESTEL framework.

3. Monitoring and Review

The Risk Management Committee oversees and monitors the risk management process, while the Internal Audit Unit evaluates the effectiveness of internal controls and reports results to the Audit Committee. GGC continuously monitors and reports risk management performance across all levels: corporate, business group, business line, business unit, and subsidiaries.

For Risk Management Process Audit, GGC has established the following audit procedures:

  1. Internal Audit reviews key risks that may affect operations, provides recommendations on internal controls to Management, determines corrective actions based on such recommendations, and reports audit results to the Audit Committee on a regular basis.
  2. Monthly inspections and monitoring of machinery and equipment performance are conducted in accordance with comprehensive equipment inspection standards.
  3. Assessment of the operational performance of utility service providers is conducted to evaluate potential risks and jointly determine appropriate risk management measures.
Risk Management Process

GGC continuously manages enterprise risks in parallel with internal control, integrating both elements into strategic planning to ensure that business operations align with strategic objectives and key organizational goals within an acceptable risk level. Risk management encompasses quality, security, safety, occupational health and environment (Environment), Human Rights, Labor Rights, compliance with applicable laws, regulations, and relevant operational manuals, as well as Anti-Corruption, with a commitment to fair treatment of Stakeholders. GGC analyzes internal and external business environment factors that may affect current operations and incorporates risk assessment into strategic planning, investment planning, and annual business planning to ensure alignment with both Short-Term Goals and Long-Term Goals. Control measures are implemented to maintain risks within acceptable levels, together with Root Cause Analysis in cases where performance deviates from established plans.

In 2025, GGC conducted Internal Audit activities covering enterprise risk management alongside performance assessments across various areas. Improvements to the risk management process were implemented based on audit recommendations to enhance overall efficiency and align with the organizational direction, while appropriately mitigating uncertainties that may arise. GGC also established risk management as one of the performance indicators for Management and Employees, linked to compensation considerations. Achievement of the defined indicators results in special rewards as recognition and motivation for performance excellence

GGC also performs quarterly risk assessments to ensure that risk management and internal control practices align with Corporate Governance principles of the SEC and the good practices of the Company Group. The Company continues to enhance internal control efficiency in accordance with international standards, covering all three core objectives: Operation, Reporting, and Compliance. The Risk Management Committee provides support and recommendations in developing the Risk and Control Self-Assessment (RCSA) program to strengthen Employees’ understanding of process-level risks and control points, while promoting a strong risk culture that is recognized and practiced across all organizational levels.

Risk Culture

Risk Management Training

To strengthen the organizational risk culture, GGC invites experts to provide guidance on enterprise risk management to Employees. The training covers Board members, Management, and Employees at all levels to reinforce that risk management is a shared responsibility. This approach enhances knowledge and understanding of enterprise risk management, improves organizational effectiveness, and encourages Employees to recognize and adopt risk culture principles through the following initiatives:

Risk Management Workshop for Top Management

The Risk Management Workshop for Top Management Project was organized to enhance understanding and strengthen risk management capabilities at both operational and enterprise levels for senior executives. The program aims to enable Management to assess, manage, and make strategic decisions based on comprehensive risk information, supporting long-term organizational sustainability and competitiveness.

In 2025, GGC conducted training for executives on economic and financial risk management amid uncertainties surrounding U.S. economic policies following the reinstatement of President Trump. Potential impacts include trade conflicts, increased import tariffs, and interventions in the Federal Reserve’s monetary policy. These conditions have caused volatility in global financial markets, particularly downward pressure on the Thai Baht. At the same time, the Thai economy continues to face challenges such as high household debt and a global economic slowdown. As a result, risk management this year places emphasis on closely monitoring global economic trends, applying appropriate hedging tools, and ensuring preparedness to respond to ongoing volatility.

Outcomes and Benefits

  • Participation of 11 Board members
  • Enhanced understanding among Management of systemic risk management and its application in actual operations
  • Strengthened strategic decision-making capability to reduce potential future risks
  • Improved alignment between risk management and GGC’s strategic business objectives

Training Program on EUDR Risk Management Requirements

The training on EUDR risk management requirements, conducted as part of the GGC Sustainability Session, aimed to support Thailand’s industries in preparing for the European Union’s new regulation designed to prevent the import of products linked to deforestation. The program emphasized awareness of potential risks arising from non-compliance, while promoting Due Diligence, supply chain traceability, and adherence to EU legal requirements. Thai industries must accelerate adaptation, build understanding of regulatory requirements, and enhance operational support systems to ensure compliance. The EU’s support initiatives, such as the LIFE Program, can help strengthen competitiveness in the EU market.

Outcomes and Benefits

  • Enhanced understanding of EUDR requirements and Due Diligence among Thai industries
  • Strengthened audit systems and improved competitiveness in the European market

Risk and Control Self-Assessment (RCSA) Program

The Risk and Control Self-Assessment (RCSA) Program was organized to strengthen GGC’s capability in managing enterprise risk and internal controls through self-assessments conducted by each functional unit. In 2025, the risk assessment system was improved and migrated to an online platform, accompanied by online training to ensure accuracy of financial reporting, protection of assets, compliance with laws and regulations, and safeguarding the organization from potential risks.

Outcomes and Benefits

  • Improved reliability of financial reporting and asset protection
  • Enhanced compliance with legal and regulatory requirements, reducing management-related risks

Business Continuity Plan (BCP) Drill

To enhance preparedness for unexpected events that may disrupt business operations, GGC organized a Business Continuity Plan (BCP) drill to ensure that all levels of the Business Continuity Team understand their roles and responsibilities as defined in the Business Continuity Plan.

The 2025 annual drill was conducted under the scenario “Power Outage,” referencing an actual power outage incident within the GC Group that could impact production processes. The drill aimed to test system readiness and evaluate crisis response performance in coordination, decision-making, and recovery.

This initiative plays a key role in proactive risk management and supports GGC’s capability to maintain stable and continuous operations while preparing for future challenges.

Outcomes and Benefits

  • Strengthened readiness and clear understanding of roles within the Business Continuity Plan
  • Reduced operational disruptions and accelerated recovery during emergencies
  • Enhanced confidence in organizational resilience and continuity

GRC Day 2025

GRC Day 2025 was organized to promote understanding and awareness of GRC (Governance, Risk Management, and Compliance) principles and practices. The event emphasized strengthening organizational culture to keep pace with rapidly changing business environments. Activities included a Motto competition, knowledge-sharing sessions with model organizations, learning activities on Internal Control and Whistle Blower mechanisms, and a Lucky Draw to encourage Employee engagement and application of GRC in daily operations.

Outcomes and Benefits

  • Participation from 140 Employees across on-site and online platforms
  • Enhanced understanding and skills in risk management, supporting decision-making based on good governance and transparency
  • Strengthened organizational culture and encouraged Employee participation in driving GRC Mindset throughout the workplace

Incorporation of Risk Criteria in Product Development

To align with GGC’s strategic direction, risk criteria have been integrated into the business and product development process, covering new projects and new products (organic growth), joint venture projects (JV Organic Growth), mergers and acquisitions (M&A), as well as investments in research and product development. In the early stage of business development, risk assessment is considered essential. GGC conducts feasibility studies, financial modeling analysis, license agreement reviews, and comprehensive risk assessments of each project. For product development, risk assessments are conducted based on established guidelines, with the Risk Management Unit coordinating with the Business Development Unit as required.

Incorporate Risk Management Metrics in Financial Incentives

Key Performance Indicators (KPI) define critical organizational targets and metrics, which are subsequently integrated into risk management indicators. These indicators cover various perspectives including strategic, operational, and financial objectives, with the aim of fostering a strong risk management culture across all organizational levels. For risk management, metrics are incorporated into the corporate KPI framework, particularly in areas related to TRIR and Process Safety Events.

Emerging Risk

GGC places importance on analyzing emerging risk issues that may arise and affect business operations over the next three to five years. Preventive measures are developed to mitigate potential impacts and ensure that risks remain within acceptable levels.

Misalignment in the Modern Workforce
Category of Risk Strategic
Sources of Risks Socioeconomic Factor
Risk Description The behaviors and expectations of Millennials and Generation Z differ from traditional business culture. As a leader in Biochemicals and environmentally responsible operations, GGC must maintain a strong corporate culture and reputation while adapting to modern workforce trends. Different workforce groups have diverse needs and working styles, such as flexibility, meaningful work, and the use of advanced technology. Failure to meet these expectations may lead to communication gaps and misalignment within the organization, resulting in decreased employee engagement and satisfaction. Ultimately, this may affect talent retention, operational continuity, productivity, and the innovation required for GGC’s long-term sustainable growth.
Mitigation and Opportunities

GGC recognizes the challenges arising from evolving business landscapes and the behaviors of new-generation Stakeholders. Measures have been established to mitigate risks while capturing emerging opportunities.

  1. Risk Management Measures

    GGC focuses on developing technological and innovation talent to mitigate risks of workforce shortages in specialized fields. The Company strengthens supply chain resilience by diversifying raw material sources and implementing digital systems to enhance monitoring and risk management.

  2. Operational and Cultural Adaptation

    GGC enhances production processes to align with ESG standards and international environmental requirements, reducing legal and reputational risks. Corporate culture is adapted to meet the expectations of Millennials and Generation Z by fostering a flexible, transparent, and participatory work environment.

  3. Business Opportunities

    GGC aims to expand its Biochemical and Eco-Friendly Product portfolio in response to growing global demand for sustainable solutions. Digital technologies such as Big Data, AI, and IoT are adopted to improve production efficiency, reduce costs, and drive innovation.

  4. Talent Attraction and Strategic Partnerships

    GGC leverages its leadership in the Green Economy to enhance corporate reputation and attract high-quality young talent. Strategic partnerships with academic institutions, startups, and global organizations are strengthened to co-develop research and innovation that support stable and sustainable long-term growth.
AI application to business development
Category of Risk Technological
Sources of Risks Socioeconomic Factor and Technological Factors
Risk Description

The development and application of Artificial Intelligence (AI) within GGC, as a leading Oleochemical producer in Thailand, focuses on Big Data analytics, Machine Learning, and Generative AI to enhance efficiency and reduce production costs. Applications include AI-driven Process Simulation, optimization of chemical reactions, Predictive Maintenance, and strengthening supply chain management capabilities. These initiatives help reduce investment costs while supporting sustainable outcomes. Key risks associated with the use of AI include:

  • Risks arising from internal AI deployment, which may lead to inaccurate data or data leakage
  • Cybersecurity risks such as attacks through Deepfakes or AI-generated phishing
  • Personal data breach risks if Customer, Employee, or Partner data is used without proper assessment
  • Ethical risks if AI is trained on biased data or used in decision-making that affects Human Rights, Labor Rights, or the Environment
  • Risks from inaccurate AI outputs that may affect strategic decision-making, such as demand forecasting

Without proper mitigation measures, these risks may impact GGC’s reputation and operational performance.
Mitigation and Opportunities
  • Develop an AI Ethics and Governance Framework to ensure that AI usage complies with ethical principles and legal requirements, including data quality validation
  • Strengthen cybersecurity systems with continuous monitoring and updates to address new AI-related threats such as Deepfake attacks or AI-generated phishing.
  • Implement the IT/OT Convergent Project to enhance systems capable of monitoring and tracking information security risks, particularly in situations where third parties perform onsite operations. This measure prevents potential data leakage and reinforces effective access control to GGC’s information systems and technologies.
  • Conduct training and awareness programs on cybersecurity threats and safe AI usage for Employees at all levels, through training modules and simulated tests such as phishing email exercises.
  • Test and pilot AI applications in low-risk production and management processes before scaling to core systems, to address uncertainties arising from new technologies. The use of AI in production processes and Big Data Analytics also enhances efficiency and accuracy in production planning, while reducing raw material and energy costs.
Biodiversity Loss from Palm Oil Plantation
Category of Risk Environmental
Sources of Risks Macroeconomic Factor
Risk Description

The global economy is highly dependent on biodiversity, particularly in the agriculture, forestry, fisheries, and food and beverage industries. At the same time, business activities can contribute to biodiversity loss, such as monoculture oil palm plantations that lead to deforestation and negatively impact the environment, communities, and other agricultural sectors. Biodiversity has therefore become a critical global issue. A key focus of the 16th Conference of the Parties to the Convention on Biological Diversity (CBD COP) in 2025 is the implementation of national biodiversity frameworks. Many countries, including Thailand, are developing regulations aligned with the European Union Deforestation Regulation (EUDR).

Thailand also promotes conservation and restoration efforts based on the Sufficiency Economy Philosophy through the 20-Year National Strategy and the BCG Model. GGC may face financial, competitiveness, and reputational risks if oil palm cultivation is not conducted responsibly or if sustainable supply chain management is lacking, given that palm oil is a major raw material.
Mitigation and Opportunities
  • Develop GGC’s EUDR Statement and obtain external verification to support market expansion opportunities, while consistently monitoring and reporting progress on EUDR compliance.
  • Allocate reserve funds for expenses related to exporting products to the European Union, including anticipated increases in costs for high-quality raw materials.
  • Strengthen supply chain management by improving data collection and traceability systems, and integrating quality, occupational health and safety, environment, finance, social responsibility, and biodiversity considerations into supplier selection and annual evaluations.
  • Assess biodiversity-related risks to business operations across the supply chain, and evaluate the Company’s impacts on biodiversity and the environment throughout the supply chain.
  • Develop biodiversity risk mitigation plans tailored to regional conditions, following the mitigation hierarchy, including avoiding biodiversity disturbances and restoring forest areas to their original or improved conditions.
  • Support the Sustainable Palm Oil Production and Procurement (SPOPP) initiative in collaboration with the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) and the Thailand Oil Palm Smallholder Academy (TOPSA). This project supports Thai smallholder oil palm farmers in complying with the Roundtable on Sustainable Palm Oil (RSPO) standard, which emphasizes sustainable and deforestation-free oil palm cultivation to reduce environmental and social risks.