GTJAI Statement on Recent Audit on its Ethical Standards

To evaluate the internal control effectiveness over the Company’s ethics, relevant audit programs on anti-corruption, anti-bribery, anti-money laundering, and handling conflicts of interest are covered in each business unit and support function audit to examine the operations and activities, detect misconduct, and ensure compliance with the Company’s ethics-related requirements. A risk-based audit approach has been adopted.Each business unit and support function is audited on a three-year audit cycle while high-risk functions are subject to annual audit. The internal audit team submits its next annual audit plan to the Audit Committee for approval every year.

Audit on business and support functions have covered the following areas:

• Governance structure, internal control measures, and the reporting line

• Adequacy of the Group’s policies and procedures includes high-level guidelines regarding ethics and compliance risk areas, implementation, and compliance of these policies and procedures

• Advantages received from (including referral fee and rebate) or offered to (including cash, gifts, or entertainment) clients and third parties controls

• Staff personal dealing and outside appointments controls

• Best execution and restricted information flow controls

• Quotations for procurement from different suppliers or service providers and proper approval before engagement

Besides, these thematic audits have also been conducted:

• On top of the regular audits on business units and support functions, the Group conducted anti-money laundering audit and procurement audit in last three years

• An external professional firm was engaged to conduct annual audit on cybersecurity (including information security system and data security) to assess the controls regarding respective threats and vulnerabilities the Group exposed to