CHAIRMAN'S MESSAGE ON CORPORATE GOVERNANCE

"I firmly believe that strong corporate governance is the bedrock of a resilient, responsible and future-ready institution."

As Chairman of the Bank of Ceylon, I firmly believe that strong corporate governance is the bedrock of a resilient, responsible and future-ready institution. In today's dynamic financial landscape, governance is not merely a compliance requirement, it is a strategic imperative that underpins trust, drives performance, and safeguards long-term value creation for all stakeholders.

At Bank of Ceylon, governance extends beyond boardroom processes. It encompasses a culture of accountability, transparency, prudent risk management and ethical conduct embedded across all levels of the organisation. We are entrusted with the immense responsibility of serving as the nation's most systemically important financial institution, and it is incumbent upon us to uphold the highest standards of governance to maintain public confidence and ensure financial system stability.

In my role, I place utmost importance on enhancing board effectiveness, ensuring a clear division of responsibilities, maintaining an appropriate mix of skills and independence, and fostering a culture of constructive challenge. We remain guided by sound risk appetite frameworks, comprehensive oversight mechanisms, and a strong commitment to responsible financing and Environmental, Social, and Governance (ESG) principles.

As we navigate an evolving regulatory, economic, and digital landscape, I am committed to continuous improvement in our governance practices aligning them with global best standards, while being deeply rooted in our national purpose. Through this, we will continue to deliver on our promise of stewardship, innovation and service excellence as Bankers to the Nation.

We recognise that strong corporate governance is not only crucial for the long-term success and sustainability of the Bank but also for upholding our responsibility to society and throughout the year remained dedicated to maintaining a governance framework that promotes effective oversight, sound decision making and ethical conduct at all levels of the Bank.

Strategic direction

Our Board of directors plays a critical role in guiding the Bank's strategic direction, risk management and overall performance. We are committed to fostering a culture of continuous improvement and accountability, where decisions are made with due consideration of both financial and non-financial factors. As our country continued to face challenges, such as persistent inflation, cost of living pressures and geopolitical uncertainty the Board engaged with key stakeholders to understand their requirements in order to support and guide them on the right path.

Ethics and integrity

Maintaining a high standard of governance is essential in delivering on our strategy and ensuring that we do right by our customers and communities. Our governance framework ensures that our Board of directors and management team adhere to the highest ethical standards. We have implemented clear policies and practices that promote accountability, foster transparency, and prevent conflicts of interest. By doing so, we aim to create an environment where ethical conduct is the foundation of every decision and action we take.

Promise for the future

Looking ahead, we remain committed to upholding the highest standards of corporate governance and ethical conduct. We will continue to review and enhance our governance

framework to adapt to evolving regulatory requirements and best practices, ensuring that we remain at the forefront of corporate governance excellence. The Board has recognised the need to comply with new requirements such as the IFRS S1 and S2 standards, as well as the new governance regulations and listing rules of Colombo Stock Exchange (CSE) and Corporate Governance Directions issued by the Central Bank of Sri Lanka. The current progression and expected plans of the governance framework are provided on pages 114-142. BOC is well positioned for the future, to continue supporting our customers, communities and the nation. By executing our strategy, we aim to contribute to a more prosperous, sustainable and resilient future for Sri Lanka.

Declaration

This report and the compliance annexures on pages 351 to 394 demonstrate the Bank's approach to governance in practice and continued compliance with corporate governance regulations and best practices. I wish to declare that the principles of good corporate governance are well integrated across BOC and all directors and employees of the Bank have executed their duties and responsibilities in line with established policies and procedures as well as the Bank's guidelines for ethical business conduct.

Kavinda M L de Zoysa
Chairman

24 February 2025
Colombo

OUR APPROACH TO GOVERNANCE

GRI 2-9

Maintaining a high standard of governance is essential in delivering on our strategy and ensuring that we do right by our customers and communities. The Board ensures that the governance framework supports the achievement of the Bank's strategic objectives while safeguarding the corporate values,

reputation and assets and regularly reviews and updates this to be in line with the evolving regulations and best practices. BOC's corporate governance framework seeks to provide clear guidance on how authority is exercised, and oversight is provided. The Bank ventures beyond mandatory compliance and expands conformance practices across all areas of business, promoting responsible corporate behaviour.

strengthening operations, addressing expectations of various stakeholder groups and eventually supporting sustained performance.

Our approach to governance is reflected through four key elements of the Bank's corporate governance framework: People, Processes, Purpose and Performance.

Regulatory Requirements

Bank of Ceylon Ordinance No. 53 of 1938 (referred to as "The Ordinance") and its amendments.
Banking Act No.30 of 1988 and subsequent amendments.
Banking Act Direction No.11 of 2007 on Corporate Governance for Licensed Commercial Banks and Banking Act Direction No.5 of 2024 which supersede the Direction No.11 of 2007.
Continuing listing requirements of the Colombo Stock Exchange.
Securities and Exchange Commission of Sri Lanka Act No. 19 of 2021.

Internal Frameworks

Corporate Governance Policy
• Board charter.
• Subcommittee charters.
• Code of business conduct and ethics for Directors.
Comprehensive policies and procedures .
Subsidiary Management charter.
Customer charter.
HR and people management.
Strategic and corporate planning.
Risk management.
IT and Cybersecurity Governance.
Code of Ethics for employees.

Voluntary Compliance

Code of Best Practice on Corporate Governance issued by the Institute of Chartered Accountants of Sri Lanka.
GRI Standards issued by the Global Reporting Initiative.
IR Framework issued by IIRC.
COBIT 2019 framework issued by ISACA.
ISO 27001.
Sustainable Development Goals (SDG's).

GOVERNANCE OF OVERSEAS OPERATIONS

The Bank operates across three overseas locations via overseas branches and a fully owned subsidiary in UK, which are established under the clearance received from CBSL and relevant authorities in those countries. These branches comply with and are monitored by the relevant authorities in their respective countries.

The overseas branches are governed through an "Overseas Branch Charter" which is supervised under the dedicated Assistant General Manager Division. The overseas branch unit reports their performance quarterly to Board of directors of the Bank and all strategic level decisions are also escalated to Board for approval. When appointing Country Manager for the overseas branches, approval from relevant authorities in that country is obtained. Compliance, audit and performance are monitored through the BOC head office by regular audits. The National Audit Office also reviews and conducts audit procedures covering those branches in line with annual audit of the Bank. Furthermore, external auditors in the country of operation also conduct independent audits as per the relevant regulations.

OUR VALUE CREATING GOVERNANCE APPROACH IN ACTION

Key inputs

Effective leadership

Strategy performance and reporting

Diversity of skills and independence

Assurance and controls

Stakeholder relationships

Transforming actions taken during the year

Revisiting the Corporate Governance Policy.

Formation of a Related Party Transaction Review Committee.

Changes to the composition of the Board of Directors.

Annual evaluation of the Board to ensure efficiency and effectiveness.

Revised Key Performance Indicators (KPIs) for management linked to strategic objectives and operational performance.

Adopted Terms of Reference of the Digital Transformation Steering Committee.

Reviewed the succession plan for Key Management Personnel.

Monitored COBIT 2019 implementation.

Key outcomes

BOC has embarked on a path of continually strengthening its governance value creation. Through transformative actions BOC continues to deliver on-

Long term sustainability
Increased accountability
Improved performance
An ethical culture
Compliance

PEOPLE – MAINTAINING A WELL-BALANCED BOARD

Board Composition

The Board recognises the value of having an appropriate mix of skills, experience and diversity to support sound decision making. The Board of directors comprises of six directors who serve in a non-executive capacity, while five of them are considered independent. A representative of the ministry in charge of the subject of finance holds an Ex-officio position on the Board. The composition of the Board is established in the ordinance, and the relevant minister responsible for state banks appoints the directors. The latest Banking Act Determination No. 3 of 2024 issued on 11.09.2024 requires the minimum number of Directors to be 10 and maximum to be 13. This is to be complied by 01.06.2025. New members are to be appointed. A skilled Corporate Management Team supports the Board, and their expertise underpins the Bank’s ability to deliver on its strategy.

STRENGTH IN DIVERSE SKILLS AND EXPERIENCE

Independence

Independence of directors is assessed based on the guidelines set forth by the CBSL and CSE. Based on CBSL Directions, we consider only the representative of the ministry in charge of the subject of Finance as representing a specific stakeholder and therefore not independent. The Board is satisfied there are no relationships or circumstances likely to affect or appear to affect, directors' independence during the period under review.

Roles and Responsibilities

GRI 2-11, 12

The Bank remains committed to ensuring the Board functions effectively, including how it allocates its time and how it is constituted. The Board's primary purpose includes the provision of leadership and strategic guidance. Our governance practices play an essential role in providing oversight of the Bank's operations and contribute to the development of our strategy.

The Bank ensures clarity in roles and effective segregation of responsibilities through the Board Charter, which explicitly outlines the roles and responsibilities of the Board. The Chairman of the Board is a non-executive director and provides leadership to the Board, while the General Manager

leads the executive leadership team and does not hold a Board position. This separation ensures clarity in roles and effective decision-making. Additionally, no single director holds unrestricted power in the decision-making process.

Role of Chairman

Providing leadership to the Board.
Promoting a culture of good governance practices and maintaining the standard of integrity.
Fostering a culture of inclusivity by encouraging the expression of diverse views by Board members and ensuring the participation of all Directors during discussions.
Ensuring compliance to all applicable laws and regulations.
Ensuring shareholder concerns are appropriately addressed.

Role of the General Manager

Execution of the strategic agenda set out in the Bank's Strategic Plan in line with the financial and non-financial targets set by the Board.
Monitoring and reporting the Bank's performance to the Board.
Implementing a system including internal controls and audits to identify and manage risks that are material to the business of the Bank.
Development of the succession plan for the Senior Management.
Building a culture that is based on the Bank's values.

DELEGATION OF AUTHORITY

GRI 2-13

The Bank now maintains six Board subcommittees. During the year it was seven with the Board Credit Committee which has now been suspended to be reviewed. The subcommittee Chairman is accountable for effective functioning and report to the Board. Through the subcommittees, the Board is able to deal effectively with complex or specialised issues with strong governance.

The committees are governed by Board approved mandates and Terms of References. The Chairperson of each committee reports on their respective activities and recommendations during Board meetings, and these are approved by the Board. The day-to-day management of the Bank is delegated to the Corporate Management Team, which is led by the General Manager. In addition, the Bank has established several executive-level committees with clearly defined mandates and responsibilities.

Board subcommittees

Board Subcommittee	Area of oversight
Audit Committee (AC) (Report of the Committee on pages 131-132)	Internal and external audit. Internal controls. Financial reporting and compliance.	FC, MC, IC S1
Human Resources and Remuneration Committee (HR&RC) (Report of the Committee on pages 136-137)	Remuneration policy. HR Policy. Goals and targets for Key Management Personnel. Performance evaluation.	FC, MC, HC, IC, SC S2, S5
Nomination and Corporate Governance Committee (N&CGC) (Report of the Committee on pages 138-139)	Appointment of Key Management Personnel. Code of Ethics. Effectiveness of the Board and its subcommittees. Corporate Governance	HC, IC S5
Integrated Risk Management Committee (IRMC) (Report of the Committee on pages 133-135)	Risk management including credit, market, operational, liquidity, cyber/ IT, strategic risks, ESG risk. Ensuring compliance with the risk management policy framework and laws and regulations.	FC, MC, IC, NC S1, S4
Information and Communication Technology Committee (ICTC) (Report of the Committee on pages 140-141)	Oversight responsibility for IT products, services, policies, practices and infrastructure.	IC S3
Board Credit Committee (BCC)	The Committee is now discontinued.
Related Party Transaction Review Committee (RPTRC) (Report of the Committee on page 142)	To ensure the implementation of effective control systems for reporting the Related Party Transactions in accordance with regulatory and other reporting requirements.

Executive Committees

Asset and Liability Management Committee (ALCO)

Branches Division Credit Committee

Business Continuity Coordinating Committee

Business Continuity Implementation Committee

Business Continuity Management Steering Committee (BCMAC)

Committee Dealing with Long Outstanding Credit Balances

Committee Dealing with Operational Losses

Committee for Investment in Government Securities

Corporate Information Security Committee

Corporate Management Committee

Corporate Strategic Review Committee

Credit Committee

Damage Assessment and Restoration Committee (DARC)

Foreign Currency Outflow Management Committee

Fraud Risk Management Committee

Human Resource Policy Committee (HRPC)

Idle Assets Committee

Internal Capital Adequacy Assessment Process (ICAAP) and Recovery Plan (PCP) steering Committee

Investment Committee

IT Steering Committee

Marketing Committee

Mobile Banking Steering Committee

Non-Performing Assets Review Committee (NPAC)

Operational Risk Management Executive Committee

Portfolio Management Committee

Reward and Recognition Policy Committee (RRPC)

Scholarship Programme Selection Committee (Review Committee)

Scholarships Committee

Steering Committee of tvBOC

Sustainability Committee

Technical and Operational Committee

Working Committee of tvBOC

COMPANY SECRETARY

The Company Secretary provides advice and support to the Board, and is accountable to the Board, for all matters relating to the proper functioning of the Board. The Company Secretary is responsible for advising the Board on governance matters and ensuring compliance with Board and relevant Board committee charters and procedures. Each member of the Board has access to the advice and services of the Secretary to the Board for matters relating to Board procedures and any clarification on applicable rules and regulations.

Plays a key role in implementing the Bank's Corporate Governance Framework.
Ensures that Board procedures are followed in line with applicable laws, rules and regulations.
Regularly reviews the Bank's governance framework in view of emerging best practices, regulatory changes and stakeholder interests.
Setting the agenda of Board meetings with the approval of the Chairman.

Ms Janaki Senanayake Siriwardane serves as the Secretary to the Board and has been appointed in accordance with the requirements of the Banking Act and relevant amendments.

BOARD REFRESHMENT

GRI 2-10

Board renewal is crucial in ensuring effective and sustainable Board performance. The Board is refreshed periodically through new appointments, retirements and resignations which allows for the introduction of members with new skills, insights, and perspectives, while retaining valuable industry knowledge and maintaining continuity.

APPOINTMENT

Appointments to the Board are made by the Minister responsible for state banks.

Once the criteria for fitness and propriety are verified against the Bank's internal policy, approval of the Central Bank of Sri Lanka (CBSL) is sought for the new appointments.

Securities and Exchange Commission of Sri Lanka (SEC) also approves new Board appointments, since the Bank functions as a market intermediary.

Appointments during 2024

Mr Jehaan Ismail
Independent Non Executive Director
07.02.2024
Mr Jayamin Pelpola
Independent Non Executive Director
22.02.2024
Mr Kavinda M L de Zoysa
Chairman/ Independent Non Executive Director 04.11.2024

APPOINTMENT (CONTD.)

Dr. Kapila Senanayake
Non Executive
Non Independent
Ex-officio Director 14.11.2024
Dr. Amal Illesinghe
Independent Non Executive Director 06.12.2024
Mr R M P Rathnayake
Independent Non Executive Director 20.12.2024

RETIREMENT/ RESIGNATION

Any resignations or removals of Directors are also brought to the attention of the same Minister, while the CBSL, Securities and Exchange Commission of Sri Lanka (SEC) and Colombo Stock Exchange (CSE) are kept informed of any changes to the Board.

Resignations during 2024

Major General (Rtd.) G A Chandrasiri VSV
Independent Non Executive Director
07.01.2024
Mr Ronald C Perera PC
Chairman/ Independent Non Executive Director
13.03.2024
Mr Kavan Ratnayaka
Chairman/ Independent Non Executive Director
22.09.2024
Mr R M P Rathnayake
Non Executive
Non Independent Ex-officio Director 06.11.2024
Mr Naresh Abeyesekera
Independent Non Executive Director 13.11.2024
Prof. Kithsiri M Liyanage
Independent Non Executive Director 28.11.2024

CONFLICT OF INTERESTS

GRI 2-15

The Bank's Conflicts of Interest Policy establishes clear rules, controls and guidance regarding the management of actual, potential or perceived conflicts of interest. Directors are expected to avoid any action, position or interest that conflicts or appears to conflict with an interest of BOC. As a practice at every Board meeting, Directors are required to declare any interest in contracts/ new appointments to any other Board or Institution. Directors abstain from accessing information, participating in the discussions, voicing their opinion or approving in situations where there is a conflict of interest.

MEETINGS AND ATTENDANCE

Board meetings are an essential part of corporate governance at BOC. They are the main way for the Board to have oversight of the Bank's strategy and performance and allow the Board to set expectations of management. Recurring agenda items include business performance, strategy execution and development, capital management, risk management, financial reporting, people and culture, regulatory and other stakeholder engagement and ESG matters. Unstructured time is also factored into Board meetings and there is flexibility for ad hoc matters to be raised.

Frequency

At the start of each year, the calendar is set for Board meetings and subcommittee meetings and notice is given to directors.

Agenda and Board papers

The secretary to the Board sets the agenda under the authority delegated by the Chairman.
Directors are free to submit proposals to the agenda for discussion at Board meetings.
Matters arising from internal/ external developments may be added to the agenda.

Notice

Board papers are prepared and electronically circulated to Directors through a secure portal ensuring sufficient time is given to review matters which are to be discussed and seek additional clarifications if required.

Meetings

Discussion of performance updates, governance matters and recommendations from subcommittees including risk reports.
Members of the management team are invited for Board meetings to provide additional clarifications if required.

Post meeting

The Secretary to the Board prepares the minutes and circulates among Directors through a secure e-solution within 10 days of the meeting.
Draft minutes are circulated to the Senior Management Team the day following the meeting.
Minutes are adopted at the subsequent Board meeting.
Follow up action is taken on outstanding matters.

BOARD AND SUBCOMMITTEE MEETING ATTENDANCE DURING 2024

Details of director attendance at Board and committee meetings in 2024 are set out below.

Name of the Director	Board Meeting	(AC)	(HR&RC)	(N&CGC)	(IRMC)	(ICTC)	(BCC) Formed w.e.f. 03.04.2024 – cancelled w.e.f. 27.11.2024	(RPTRC)
Mr Ronald C Perera ¹ Chairman	5/5	-	-	-	1/1	-	-	-
Mr Kavan Rathnayake ² Chairman	16/16	-	-	6/6	-	-	-	-
Mr Kavinda M L de Zoysa ³ Chairman	5/5	-	0/0*	-	-	1/1	-	1/1
Dr. Kapila Senanayake ⁴ Ex-officio Director	4/4	-	0/0*	0/0*	-	1/1	-	1/1
Mr R M P Rathnayake ⁵ Ex-officio Director/ Non-Executive Director	23/23	9/11	5/6	5/5	6/6	9/9	5/8	-
Mr Naresh Abeyesekera ⁶ Non-Executive Director	20/22	11/12	-	-	5/6	9/9	1/8	-
Prof. Kithsiri M Liyanage ⁷ Non-Executive Director	22/23	11/11	6/6	5/5	-	9/9	5/8	0/0*
Mr Jehaan Ismail ⁸ Non-Executive Director	22/23	8/8	5/5	5/6	5/5	-	8/8	1/1
Mr Jayamin Pelpola ⁹ Non-Executive Director	21/22	-	4/4	6/7	5/5	6/6	8/8	0/0*
Dr. Amal Illesinghe ¹⁰ Non-Executive Director	3/3	-	-	-	-	1/1	-	-

Audit Committee Meeting (AC)
Human Resources and Remuneration Committee Meeting (HR&RC)
Nomination and Corporate Governance Committee Meeting (N&CGC)
Integrated Risk Management Committee Meeting (IRMC)
Information and Communication Technology Committee Meeting (ICTC)
Board Credit Committee Meeting (BCC)
Related Party Transaction Review Committee (RPTRC)
*No meetings were held.

¹ Resigned from the Board w.e.f. 13.03.2024.
Resigned from IRMC w.e.f. 13.03.2024.

² Appointed to the Board w.e.f. 14.03.2024 and Resigned w.e.f. 22.09.2024.
Appointed to N&CGC w.e.f. 03.04.2024 and Resigned w.e.f. 22.09.2024.

³ Appointed to the Board w.e.f. 04.11.2024.
Appointed to ICTC w.e.f. 18.12.2024.
Appointed to RPTRC w.e.f. 03.12.2024.
Appointed to N&CGC w.e.f. 05.11.2024.
Appointed to HR&RC w.e.f. 03.12.2024.

⁵ Resigned from the Board w.e.f. 06.11.2024 and Reappointed w.e.f. 20.12.2024.
Appointed to BCC w.e.f. 03.04.2024.
Resigned from AC w.e.f. 06.11.2024.
Resigned from BCC w.e.f. 06.11.2024.
Resigned from HR&RC w.e.f 06.11.2024.
Resigned from ICTC w.e.f. 06.11.2024.
Resigned from IRMC w.e.f. 06.11.2024.
Resigned from N&CGC w.e.f. 03.04.2024.

⁷ Resigned from the Board w.e.f. 28.11.2024.
Appointed to AC w.e.f. 05.02.2024 and Resigned w.e.f. 28.11.2024.
Appointed to BCC w.e.f. 03.04.2024
Resigned from HR&RC w.e.f. 28.11.2024.
Resigned from ICTC w.e.f. 28.11.2024.
Resigned from N&CGC w.e.f. 03.04.2024.
Appointed to RPTRC w.e.f. 05.11.2024 and Resigned w.e.f. 28.11.2024.

⁹ Appointed to the Board w.e.f. 22.02.2024.
Appointed to HR&RC w.e.f. 03.04.2024 and Resigned w.e.f. 03.12.2024.
Appointed to ICTC w.e.f. 03.04.2024 and Resigned w.e.f. 18.12.2024.
Appointed to IRMC w.e.f. 03.04.2024.
Appointed to N&CGC w.e.f. 22.02.2024 and Resigned w.e.f. 03.12.2024.
Appointed to BCC w.e.f. 03.04.2024
Appointed to RPTRC w.e.f. 05.11.2024 and Resigned w.e.f. 03.12.2024.

⁴ Appointed to the Board w.e.f 14.11.2024.
Appointed to ICTC w.e.f. 18.12.2024.
Appointed to RPTRC w.e.f. 03.12.2024.
Appointed to IRMC w.e.f. 18.12.2024.
Appointed to N&CGC w.e.f. 03.12.2024.
Appointed to HR&RC w.e.f. 03.12.2024.

⁶ Resigned from the Board w.e.f. 13.11.2024.
Appointed to BCC w.e.f. 03.04.2024.
Resigned from AC w.e.f. 13.11.2024.
Resigned from BCC w.e.f. 13.11.2024.
Resigned from ICTC w.e.f. 13.11.2024.
Resigned from IRMC w.e.f. 13.11.2024.

⁸ Appointed to the Board w.e.f. 07.02.2024.
Appointed to AC w.e.f. 03.04.2024.
Appointed to HR&RC w.e.f. 19.02.2024.
Appointed to IRMC w.e.f. 19.02.2024.
Appointed to N&CGC w.e.f 03.04.2024.
Appointed to RPTRC w.e.f. 05.11.2024.
Appointed to BCC w.e.f. 03.04.2024.

¹⁰ Appointed to the Board w.e.f. 06.12.2024.
Appointed to ICTC w.e.f. 18.12.2024.

BOARD INDUCTION AND DIRECTOR TRAINING

GRI 2-17

Providing directors with opportunities to enhance their skills and knowledge is essential for them to perform their role effectively. Our induction programme is tailored to prepare new Board members for their role with BOC, recognising the importance of supporting directors in meeting their statutory duties, understanding the strategy of the Bank, and engaging them with the decision makers and leaders of the Bank's day-to-day operations.

Induction packs

Include an overview of the Bank, details on the governance framework, regulatory frameworks, and details of the corporate management team and Board support framework, among others.

Presentations

A presentation by the General Manager details the Bank's history, business model, organisational structure, business verticals, and support functions.

Meetings

One-on-one meetings and departmental visits are scheduled as necessary or on request.

Beyond the initial induction, directors are encouraged to attend targeted trainings on various topics including changes to applicable laws and regulations, changes to standards and codes and emerging trends in the operating landscape, which allows them to obtain the knowledge required to effectively discharge their responsibilities. During the year the directors participated in a training on Anti-Money Laundering/ Countering the Financing of Terrorism (AML/ CFT).

The Policy for Directors' Access to Independent Professional Advice also provides an opportunity for external expert input at the Bank's expense.

PROCESSES – ESTABLISHING EFFECTIVE CONTROLS

GRI 2-23, 24

Policy Framework

BOC continually strives to improve its governance, accountability and risk management practices to meet the needs of its business and stakeholders. The Bank's Policy Framework is based on accountability, delegation and oversight to support sound and prudent decision-making and encompasses various areas of operations, including risk management, people management, IT governance and sustainability management. The framework is regularly reviewed and updated to ensure alignment with changing internal and external factors.

Policies are documented in a clear manner, ensuring that all employees and other relevant parties can easily refer to the policies whenever needed and effective channels of communication are used to introduce and explain policy commitments.

The following is an overview of key policies that form the foundation of our operations.

Environmental

ESMS Policy
E-Waste Management Policy

Social

Customer Complaint Handling Policy and Procedures
Human Resource Policy
Training and Development Policy
Scheme of Recruitment
WFH Policy
Exit-interview Policy
Anti-bribery and Corruption Policy

Governance

Governance Policy
Communication Policy
Credit Risk Management Policy
Country Risk Management Policy
Stress Testing Policy
Risk Management Policy
ICAAP Policy (Internal Capital Adequacy Assessment Process)
Operational Risk Management Policy
Fraud Risk Management Policy
Information Security Policy
Sustainability Policy

Policy	Description	Implementation
Policy on matters relating to Board of Directors (Board Charter).	Outlines the roles and responsibilities of the Board of Directors in overseeing strategy and governance of the Bank.	Board meets bi-weekly, performance reviewed annually, compliance with rules and regulations ensured.
Policy on Board Committees.	Defines the roles and responsibilities of various Board committees to ensure effective governance and regulatory compliance.	Committees meet as per respective Charters of the committees, report to the Board, and ensure adherence to rules and regulations.
Policy on Corporate Governance, Nomination, and Election (Corporate Governance Policy).	All governance related policies are incorporated into this, and it includes a policy on Appointment of Directors.	Ensures adherence to the corporate governance rules and regulations. Election process managed according to Government guidelines.
Policy on Remuneration for Directors and Policy on Remuneration for Key Management Persons.	Sets guidelines for the remuneration of Directors and Key Management Persons in alignment with government policies.	Remuneration of Directors are based on the Government guidelines. Remuneration of KMPs are reviewed once in three years by the HR and Remuneration Committee and recommended to the Board.
Policy on Internal Code of Business Conduct and Ethics	Two separate policies; one for Directors and the other for employees. Establishes standards for ethical conduct and integrity for all Directors and employees.	Directors do an annual certification on compliance. Regular training for employees, compliance monitored by the Internal Audit team.
Policy on Integrated Risk Management.	Details the framework for identifying and managing risks.	Risk assessments conducted monthly as well as quarterly.
Policy on Relations with Shareholders and Investors (Communication Policy).	Defines the process for engaging with the government, the sole shareholder, and other stakeholders.	Annual reports issued, and manage stakeholder engagements.
Policy on Environmental, Social, and Governance (ESG) Sustainability	Focuses on the Bank's commitment to sustainability and ESG practices.	ESG initiatives overseen by the Sustainability Committee, with reports on progress.
Policies on Control and Management of Company Assets.	Governs the control and management of assets and investments.	Asset management reviewed annually; investment decisions aligned with strategic objectives.
Policy on Corporate Disclosures.	Ensures accurate and timely disclosures to the stakeholders and regulatory bodies.	Disclosures are made as per the policy.
Policy on Whistle-blowing.	Encourages reporting of unethical behaviour anonymously.	Whistle-blower hotline available, reports submitted by CIA and reviewed by Audit Committee.
Policy on Anti-Bribery and Corruption.	Emphasises zero tolerance for bribery and corruption in all business dealings.	Anti-bribery training regular audits, and compliance monitoring.

RISK OVERSIGHT

The Bank has an ongoing process in place to identify, evaluate and manage the risks that it faces. The directors continuously review this process and the Integrated Risk Management Committee (IRMC) and Audit Committee assist the Board in fulfilling its risk management and internal control obligations. Key areas addressed during the year are discussed in detail in the Risks and Growth report (pages 143 to 166), Report of the Audit Committee (pages 131 to 132) and IRMC Report (pages 133 to 135).

Risk related functions

Approval of the Bank's risk appetite
Regularly assess the principal risks facing the Bank
Review of risk appetite dashboards and performance against defined parameters at the IRMC meetings
Ensure that mitigating tools are in place to effectively address these risks

IT GOVERNANCE

The Bank's IT governing practices incorporate the interests and inputs of a wide range of stakeholders while bearing in mind the impact on external parties connected to its systems and devices.

Objective

Improve operations via IT integration, management and development.

Board involvement

The Board is committed to safeguarding the Bank's information assets and operational systems and invests extensively in cybersecurity and management systems.

IT policies

A Board approved Information Security Policy is in place which provides the management with direction and support to ensure protection of the Bank's information assets.
All IT security policies, standards, procedures and guidelines are published on the Bank's intranet and users have been requested to read and comply with them.

By implementing robust IT governance processes and controls, BOC aims to optimise the value of its IT investments and achieve its strategic objectives in an increasingly digital and competitive environment. The Bank has also appointed a Chief Information Security Officer, in order to implement the Cybersecurity Risk Management Policy.

IT Division approach to implement IT Governance Framework

IT governance consists of the leadership, organisational structures and processes that ensure the enterprise's IT sustains and extends the organisation's strategies and objectives.

Bank of Ceylon has felt the need for proliferation of IT industry best practices and International Standards into its processes. Towards achieving this objective, Bank has taken steps to introducing "Enterprise IT Governance Framework" (COBIT 2019), which will cover, ISO Standards and Best practices.

COMPLIANCE

GRI 2-27

BOC has a statutory obligation in terms of the Banking Act and CSE Listing Requirements to comply with regulations and proactively monitor and assess regulatory developments to determine their applicability and impact on the group. The Board stays informed about changes in laws, regulations, and industry standards that may impact the Bank's operations and monitors regulatory developments to assess any potential impact on the Bank's compliance obligations and risk exposure. The Board receives regular reports from the Chief Compliance Officer and management on the Bank's status of compliance, including any regulatory violations, enforcement actions, or emerging compliance issues.

We are dedicated to enhancing our governance framework and planning ahead for the future. This year, our focus has been on CSE listing rules and IFRS S1 and S2.

Amendment to Rule 7.10 and Section 9 of the Listing Rules of the Colombo Stock Exchange (CSE)

Corporate Governance rules applicable for listed entities provided under Rule 7.10 and Section 9 of the Listing Rules of the Colombo Stock Exchange (CSE) have been revised by CSE and the revised Corporate Governance requirements including the rules governing the Related Party Transactions have been consolidated and incorporated as Section 9 of the CSE Listing Rules.

Implementation of IFRS S1 and S2

The Bank has engaged with the external consultant to obtain the relevant expertise and knowledge in strengthening the ESG framework of the Bank. Under this engagement the implementation of the new sustainability standards IFRS S1 and S2 is also considered. Identification of reporting boundaries, enhancing data capturing process, capacity building through knowledge sharing etc are in place to ensure the relevant reporting requirements are complied in the year 2025.

Disclosures required by the Banking Act Direction No.11 of 2007 and the Listing Rules of the Colombo Stock Exchange can be viewed on page 357-381.

COMMUNICATION OF CRITICAL CONCERNS

GRI 2-16, 25

A number of mechanisms have been established to facilitate communication of critical concerns to the Board as follows.

Meetings of the Board and subcommittees: Critical concerns may be raised through the relevant subcommittees to the Board.
Secretary to the Board: As a conduit between the management and the Board.
Direct reports by the General Manager.
Special requests by the Directors.
Whistle-blower: Through the Chief Internal Auditor or Chairman, Audit Committee.

PURPOSE – DRIVING ACCOUNTABILITY, TRANSPARENCY AND INTEGRITY

VALUES BASED CULTURE

GRI 2-25

BOC is a state-owned enterprise, and the sole shareholder is the Government of Sri Lanka. As a state-owned Bank our corporate culture reflects a blend of traditional values, public accountability, and a forward-thinking approach to adapt to an evolving business landscape.

Key aspects of our culture

Prioritise serving national interests and contributing to economic development while ensuring the financial inclusion of underserved communities.

Foster a customer-centric approach by providing personalised services and building long-term relationships.

Strong emphasis placed on good governance, regulatory compliance, and risk management to protect depositors' money and maintain public trust.

Focus on sustainable growth while addressing challenges such as liquidity issues, economic crises, and evolving customer needs.

Innovate and modernise our products, services, and operations, integrating technology and digital transformation to remain competitive in a dynamic environment.

Aligning the goals and targets of Key Management Personnel (KMP) and line management with organisational goals.

Focus on talent development and capacity building to strengthen our human resources and maintain operational excellence.

Protecting customers while complying with regulatory directives.

The Board of directors, the corporate management team, and all employees are obligated to unwaveringly adhere to their respective the Codes of Conduct and Ethics in all circumstances, while engaged in official duties, whether at the office, external events, or public settings, representing the Bank and during personal business activities, recognising that individual actions can have an impact on the Bank's reputation.

BOC's core values are communicated to all employees through various channels, including corporate meetings, internal communications, and training sessions. The Bank's policy frameworks facilitate the propagation of a values based culture acting as a blueprint for responsible and ethical behaviour expected from employees.

Code of Conduct and Ethics

Directors' Code of Ethics

The Board is bound by the Code of Business Conduct and Ethics and is required to submit an annual confirmation on their compliance with the provisions of the code. The code aims to propagate a strong culture of integrity, transparency and anti-corruption while encouraging Directors to act in the best interests of the Bank.

Employee Code of Ethics

This is applicable to all employees and clearly sets out the Bank's expectations in dealing with internal and external stakeholders, behaviour, bribery and corruption.

WHISTLE-BLOWING POLICY

Purpose

A Board approved Whistle-blowing Policy encourages internal and external stakeholders to report complaints pertaining to suspected theft, fraud, corruption, misuse of the Bank's assets, or any other actions that are considered unethical or illegal, whilst providing reassurance on confidentiality.

Communication

Any stakeholder can voice their concerns/ complaints via in person, via post, email, phone, fax, website, call centre or Facebook chat. Complaints are directed to, and overseen by the Chief Internal Auditor, while complaints made against employees of the DGM grade or above are submitted to the Chairman of the Audit Committee.

Investigation

The relevant authority undertakes an initial review of the complaint received based on the information provided by the complainant and requests for any additional information if required.
After the initial assessment work is carried out to resolve the concern as early as possible and if further investigation is required the complainant is notified.
The complaint should be resolved within 21 calendar days.

Anti-corruption

GRI 205-2

The Bank adopts a zero-tolerance approach to bribery and corruption and is committed to acting professionally, fairly and with integrity in all its business dealings and relationships wherever the Bank operates and implementing and enforcing effective systems to counter bribery. The Bank's policy with regard to anti-corruption and bribery is clearly communicated to all employees during the induction programmes and reinforced through regular training and awareness sessions.

During the year under review, there were no monetary losses arising as a result of legal proceedings associated with fraud, insider trading, anti-trust, anti-competitive behaviour, market manipulation, malpractice, or other related financial industry laws or regulations.

RESPONSIBLE CORPORATE CITIZENSHIP

GRI 2-14

The Board is responsible for approving the Bank's strategic direction and ensuring that it aligns with principles of responsible corporate citizenship. This includes considering the environmental, social, and governance (ESG) implications of strategic decisions and balancing the interests of various stakeholders.

Supported by a sustainability committee chaired by the GM/ CEO, the Board continuously identifies and addresses ESG related risks and opportunities that impact BOC's value creation in the short, medium and long term.

The responsibilities of the Sustainability Committee include the following.

Policy and Program Development: Guide the formulation and implementation of policies, procedures, and initiatives related to sustainable finance, ESG reporting, sustainable business models, waste management, supplier relations, and Corporate Social Responsibility (CSR) to achieve internationally recognised ESG standards.

ESG Performance Measurement: Advise on developing and prioritising ESG Key Performance Indicators (KPIs), setting targets, and establishing frameworks for measuring and reporting progress.
Regulatory Compliance: Ensure adherence to emerging regulations, guidelines, and roadmaps related to sustainable finance and ESG requirements issued by regulatory authorities.
Internal Sustainability Culture: Promote sustainability values internally through targeted training, employee voluntarism, and engagement in CSR activities.
External Sustainability Advocacy: Facilitate external awareness and advocacy programs to promote sustainability values among stakeholders and the broader community.
Financial Inclusion and Literacy: Provide strategic guidance to enhance financial inclusion through financial literacy initiatives and community outreach programs targeting underserved populations.
Alignment with National SDGs: Direct CSR initiatives to contribute to national Sustainable Development Goals, supporting the achievement of the United Nations Sustainable Development Goals (SDGs).
Advisory Support for Business Units: Assist business unit managers in developing business cases to secure resources and expertise for implementing sustainability initiatives.

E&S Compliance for High-Risk Projects: Recommend Environmental and Social (E&S) compliance for Category A (High Risk) projects as per the Environmental and Social Management System (ESMS) Policy for review by the Credit Committee.
Workplace Sustainability Initiatives: Coordinate workplace sustainability activities, including waste recycling, energy management, and sustainable procurement practices.
ESG Agenda Coordination: Guide the Sustainable Banking Unit in coordinating with relevant departments to implement the Sustainability Committee's decisions and advance the Bank's ESG agenda.
Oversight of ESDD Approval Subcommittee: Oversee the subcommittee responsible for expediting the approval of Environment and Social Due Diligence (ESDD) memorandums, with authority to approve ESDD for facilities up to LKR 500 million categorised under Risk – A.

Actions taken to support ESG oversight in 2024

Establishment of Sustainability Subcommittee

A dedicated subcommittee is established and the relevant TOR is developed under the authority of the Chairman of the Sustainability Committee. The primary mandate of this subcommittee is to review the Environment and Social Due Diligence (ESDD) reports associated with credit proposals submitted to the Bank.

The subcommittee is responsible for:

Conducting a comprehensive review of ESDD reports to assess the potential environmental and social impacts of proposed business activities.
Providing informed feedback on credit proposals, ensuring that all perceived environmental and social risks are duly considered.
Utilising the bank's Environmental and Social Management System (ESMS) as the framework for evaluating and managing these risks.

This governance and review mechanism is designed to:

Ensure that credit proposals are consistent with the organisation's sustainability objectives.
Mitigate potential environmental and social risks associated with business activities, thereby safeguarding the Bank's reputation and promoting long-term economic sustainability.
Uphold the organisation's commitment to responsible corporate citizenship by ensuring environmental stewardship and social responsibility.

Obtained Certified Sustainability Manager Position for the ESMS Officer of the Bank

ISO/IEC 17024:2012 Certification of Persons was awarded to the ESMS officer of the Bank by the National Cleaner Production Centre Sri Lanka.

CORPORATE REPORTING

The Board holds apex responsibility for ensuring the accuracy and integrity of all external reports including the Annual Integrated Report and Annual Financial Statements, which are approved by the Board prior to publication.

This Integrated Annual Report provides a balanced assessment of the Bank's financial and non-financial position, performance and prospects, in compliance with applicable laws and voluntarily adopted reporting standards, codes and frameworks set out on page 351-386. Assurance has been obtained by external auditors to enhance credibility.

Access to financial reports

Annual and quarterly reports are available on the Bank's website as well as the CSE website.

STAKEHOLDER RELATIONS

The Board understands the importance of effective engagement with its six key stakeholders including shareholder, employees, customers, suppliers, communities, and regulators, and is committed to open and constructive dialogue with them. The outcomes from such stakeholder engagement feed into Board discussions and decision making.

This approach allows the Board to better understand the impact of the Bank's actions on its stakeholders and respond to the challenges facing the Bank. The Bank's Communication Policy provides guidance on maintaining effective and relevant communication with internal and external stakeholders and is reviewed by the Nomination and Corporate Governance Committee.

Key engagement mechanisms and responses of the Bank to matters raised are provided in the 'Stakeholder needs and expectations' section on pages 46 to 49.

PERFORMANCE – CREATING VALUE THROUGH GOOD GOVERNANCE

Key areas of Board discussion during 2024

Strategy	Spotlight
Drive for card business growth. Insurance cover for the members of the Board. Strengthening the Business Revival and Rehabilitation Unit. Prudent risk assessment of international operations and business plans of overseas branches. Review and launch of the Strategic Plan and Corporate Budget.	Strengthening business growth and risk management for sustainable expansion. Key stakeholders Customers, Employees, Shareholder and Fund Providers, Business Partners Material themes M1 M2

Financial oversight	Spotlight
Monitoring the Bank's operating performance Focus on increasing the Net Interest Margin (NIM). Performance of subsidiaries and associates. Monthly, quarterly and annual financial performance reports.	Optimising performance and profitability for sustainable growth. Key stakeholders Customers, Employees, Regulators, Shareholder and Fund Providers Material themes M2 M4

Risk management	Spotlight
Revised/ revisited policies recommended by IRMC, amongst the following- Risk Management Policy. Information Security Policy. Vulnerability Management Policy. Internal Capital Adequacy Assessment Process (ICAAP) Policy 2024. Stress Testing Policy 2024. Treasury Policy 2023. Foreclosed Property Disposal Policy 2023. Review of policies relating to overseas branches. Elevating the position of Chief Information Security Officer.	Strengthening governance and risk management for a resilient future Key stakeholders Customers, Employees, Regulators Material themes M1 M2

Risk management

Spotlight

Revised/ revisited policies recommended by IRMC, amongst the following-
Risk Management Policy.
Information Security Policy.
Vulnerability Management Policy.
Internal Capital Adequacy Assessment Process (ICAAP) Policy 2024.
Stress Testing Policy 2024.
Treasury Policy 2023.
Foreclosed Property Disposal Policy 2023.
Review of policies relating to overseas branches.
Elevating the position of Chief Information Security Officer.

Strengthening governance and risk management for a resilient future

Key stakeholders
Customers, Employees, Regulators

Material themes
M1 M2

People and culture	Spotlight
Introduced the Chairman's award for innovation and digitalisation. Reviewed the Promotion Policy for the position of General Manager/ Chief Executive Officer. Revised the Code of Ethics of the employees. Reviewed the Retention Policy of the Bank. Reviewed the Mentoring Policy of the Bank. Reviewed the Employee handbook/ Human Resource Policy of Maldives for the year 2024. Reviewed the Human Resource Policy of Chennai Branch and Seychelles Branch for the year 2024. Reviewed the Exit Interview Policy and questionnaire. Performance evaluation of the KMPs for the year 2023. Amended the career advancement plan for the closed service staff of the internal audit division. Adoption of an annual plan for HR&RC. Modernising the designations of Deputy General Managers.	Fostering a high-performance culture through innovation, ethics, and talent development. Key stakeholder Employees Material themes M3

People and culture

Spotlight

Introduced the Chairman's award for innovation and digitalisation.
Reviewed the Promotion Policy for the position of General Manager/ Chief Executive Officer.
Revised the Code of Ethics of the employees.
Reviewed the Retention Policy of the Bank.
Reviewed the Mentoring Policy of the Bank.
Reviewed the Employee handbook/ Human Resource Policy of Maldives for the year 2024.
Reviewed the Human Resource Policy of Chennai Branch and Seychelles Branch for the year 2024.
Reviewed the Exit Interview Policy and questionnaire.
Performance evaluation of the KMPs for the year 2023.
Amended the career advancement plan for the closed service staff of the internal audit division.
Adoption of an annual plan for HR&RC.
Modernising the designations of Deputy General Managers.

Fostering a high-performance culture through innovation, ethics, and talent development.

Key stakeholder
Employees

Material themes
M3

External environment	Spotlight
Low interest loan schemes were introduced under "Green Investment". Reviewed the Integrated Environmental and Social Management System Policy. Conducted province-wise customer felicitation programmes for prime customers in the year 2024.	Sustainable growth and customer-centric engagement in a dynamic environment. Key stakeholders Customers, Community and Environment Material themes M2 M4

Governance	Spotlight
Implementation of the proposed IT organisation structure under COBIT 2019. Discussed the consultation paper on proposed revision to the Banking Act Direction on Corporate Governance of Licensed Commercial Banks (LCBs). Reviewed the Corporate Governance Policy of the Bank. Induction programme for newly appointed Directors.	Enhancing governance and digital transformation for stronger leadership Key stakeholders Customers, Employees, Regulators Material themes M2 M4

MONITORING BOARD PERFORMANCE

GRI 2-18

Performance evaluation of the Board and its subcommittees is essential to ensure that the Board and subcommittees operate efficiently, providing strategic guidance, and upholding high standards of corporate governance. The Bank has a structured process for assessing Board effectiveness through a self-appraisal mechanism. Each director is required to complete a performance evaluation form, subsequent to which responses are aggregated and presented to the Board. Subcommittees also carry out a similar evaluation.

The Board evaluates the performance of the General Manager (GM) and KMP annually, based on the financial and non-financial targets outlined in the Strategic Plan. The Human Resources and Remuneration subcommittee supports the Board in this endeavour. The criteria are agreed with the GM/ KMP at the beginning of the year, ensuring clarity in the Board's expectations. The appraisal takes into consideration dynamics in the operating landscape as well as feedback received from the appraisee.

BOARD REMUNERATION

GRI 2-19, 20

Remuneration Policy

The Bank's Remuneration Policy is a critical component of its human resource management and governance framework, which aims to ensure that the team has the resources to drive the Bank's strategic aspirations, and are duly recognised and rewarded for their contribution towards value creation. The policy takes into account various factors such as performance, market competitiveness, regulatory requirements, and alignment with the Bank's strategic objectives.

Remuneration Principles

Competitive.
Equitable.
Transparent.
Inclusive.

Remuneration Structure

Directors' remuneration is determined by the Directors' Remuneration Policy which reflects the particulars of the circulars and letters issued by the Government of Sri Lanka and the particulars of the Ordinance and its amendments. No director is involved in determining his/ her remuneration.

Remuneration for the General Manager and Key Management Personnel are based on the Board approved Remuneration Policy for KMP's. The Board HR and RC makes recommendations to the Board on the GM/ KMP remuneration, based on which the Board approves and provides feedback to the relevant Minister, who grants final approval in accordance with the provisions of the Ordinance and its amendments. The remuneration of the GM and KMP are reviewed every three years.

Key elements of the Bank's remuneration composition

Fixed pay

Base salary and other fixed components, determined on role and employee grade.

Variable pay

Incentive bonus.

Benefits and perquisites

Post-employment benefits.
Loans under special schemes.
Credit cards etc.

For details of Directors' remuneration, refer pages 218 and page 372 for details of remuneration of KMP. The report of the Human Resource and Remuneration Committee is on pages 136-137.