LOADING

4.1 Processes to Identify, Assess, Priorities and Monitor Risks

SLT identifies sustainability and climate-related risks across our ERM – including operational resilience, supply management, health and safety and environment. SLT identifies these risks through bottom-up and top-down discussions in our units – and across the whole group. SLT work out the impact quantitatively and qualitatively using financial, operational and customer, legal and compliance, reputational and health and safety impacts. This helps us decide the relative weight of each risk.

4.2 Inputs and Parameters Used for Identifying Sustainability and Climate-Related Risks

The identification of sustainability and climate related risks is based on internal information on operations, network activities, financial performance, transition planning, and is supplemented by relevant external data sources.

Climate-related physical risks primarily arise from physical threats to the SLT’s network infrastructure caused by extreme weather events. The assessment of this risk draws on internal records, including historical data on adverse weather impacts affecting Regional Offices, records of physical damage incidents at regional and provincial levels, and estimates of business losses attributable to weather-related service disruptions. In addition, information on the geographic location of Regional Offices situated in flood prone areas is considered. These internal inputs are supplemented with external public sources such as flood maps issued by the Irrigation Department of Sri Lanka, situation reports published by the Disaster Management Centre, and hazard and climate risk assessments from Think Hazard and the World Bank.

Climate-related transition risks include exposure to carbon pricing mechanisms, transition to lower emission energy sources, potential asset stranding, and evolving stakeholder expectations around sustainability. Carbon pricing risk is assessed using external public sources such as regulatory requirements, together with internal records including greenhouse gas (GHG) emissions calculations. The transition to lower emission energy sources is evaluated based on applicable regulatory requirements sourced externally, alongside internal information on solar power deployment initiatives. Asset stranding risk similarly considers regulatory requirements from external public sources in conjunction with internal GHG emissions data to assess potential impacts on existing assets. Evolving stakeholder expectations around sustainability are assessed primarily with reference to sustainability related regulatory requirements obtained from external public sources.

Sustainability-related risks encompass operational, environmental, and social dimensions of the SLT’s activities. The risk associated with high energy consumption in network infrastructure and dependence on fossil fuel based grid electricity is assessed using internal records on grid electricity consumption. The risk arising from a lack of circularity in equipment and devices is evaluated using internal data on e waste management practices. Risks related to breaches of customer privacy, misuse of personal data, or unauthorised disclosure of information are assessed based on internal records tracking the number and nature of customer privacy breaches. In addition, the risk of low adoption and usage of services due to the digital divide is assessed using internal information on capital deployment in rural and underserved areas.

4.3 Climate-Related Scenario Analysis

SLT acknowledges the role of climate related scenario analysis in enhancing forward looking risk management and strategic resilience. At present, climate related scenario analysis is at a formative stage and has not yet been integrated into governance processes. SLT is progressively strengthening internal capabilities and intends to incorporate climate related scenario analysis into its Financial Planning processes from 2027 onwards. SLT has elected to apply the two-year relief period provided under the transitional reliefs outlined in Section 1.8 Transitional Relief (c) above in relation to climate-related scenario analysis.

4.4 Risk Assessment

SLT assesses sustainability and climate-related risks within its Enterprise Risk Management (ERM) framework, which is applied consistently across the telecommunications value chain, including network infrastructure, data centres, energy consumption, supply chain dependencies, regulatory compliance, and service continuity. Operational and Business Units identify climate and sustainability related- risks, which are subjected to structured risk analysis to evaluate the inherent and residual risk profiles, considering likelihood of occurrence and magnitude of impact on network availability, capital expenditure, operating costs, regulatory exposure, and reputation. Risk assessments of sustainability and climate-related risk incorporate both short-term operational impacts and medium-to-long-term strategic and financial effects which also align with internal financial materiality thresholds.

4.5 Managing and Reporting on Risks

Once SLT have identified and assessed risks we give them an owner, depending on their priority. The risk owner decides how to manage and report on these risks – through things like assigning controls, monitoring, and implementing action plans and contingencies. Risk owners regularly check their action plans by monitoring risk trends and tracking

relevant metrics. This helps risk owners understand future changes that might be needed – like taking new actions, escalating issues or updating processes.

SLT also has an ESG Strategic Committee. ESG Strategic Committee brings together employees from different teams in a forum to discuss developments and agree on actions on sustainability and climate-related matters. The ESG Strategic Committee discusses key sustainability and climate-related risks that might be less certain, longer- term or that span several parts of the business.

4.6 Prioritisation of Sustainability and Climate-Related Risks Relative to Other Risks

Sustainability and climate-related risks are prioritised using SLT’s standardised risk rating methodology, ensuring alignment with the treatment of strategic, operational, financial, and compliance risks. Risks assessed as high or emerging – such as energy price volatility, climate-related disruption to network assets, and regulatory changes relating to emissions and spectrum usage – are escalated to designated Risk Owners and reviewed by the Risk Management Steering Committee (RMSC). The prioritisation process ensures that material climate-related risks with potential impacts on service resilience, customer obligations, and long-term value creation receive appropriate management focus and governance oversight.

4.7 Monitoring of Sustainability and Climate-Related Risks

Sustainability and climate-related risks are monitored on an ongoing basis through formal ERM processes, including:

  • Periodic review and updating of the enterprise risk register, with specific identification of climate and sustainability risk drivers
  • Monitoring of mitigation effectiveness by Risk Owners, including controls related to network resilience, energy efficiency, and regulatory compliance
  • Consolidated reporting by the Enterprise Risk Management Team, with escalation of material risk developments to the Risk Management Steering Committee (RMSC) and Group Audit Committee
  • Management reporting on key risk indicators linked to climate exposure, energy intensity, infrastructure reliability, and compliance obligations

These monitoring activities support timely identification of changes in risk exposure and enable management to respond proactively.

4.8 Changes to Processes Compared with the Previous Reporting Period

During the reporting period, the entity enhanced its ERM processes to strengthen the identification, assessment, and monitoring of sustainability and climate-related risks specific to the telecommunications sector. Enhancements included clearer integration of climate risk considerations into operational risk assessments, strengthened accountability through formal assignment of Risk Owners, and improved escalation and reporting mechanisms to senior management and governance committees. These changes were designed to ensure that climate-related risks are assessed with the same level of rigour as other material enterprise risks.

4.9 Processes to Identify, Assess, Prioritise and Monitor Opportunities

SLT applies a structured process to identify, assess, prioritise, and monitor climate-related opportunities as part of its overall risk management and strategic planning framework. Climate-driven opportunities—such as cost savings from energy efficiency improvements, digital inclusion initiatives, and the development of low-carbon value propositions through green innovation—are identified through environmental scanning, stakeholder engagement, and internal operational reviews. These opportunities are then assessed based on financial viability, expected cost savings, carbon reduction potential, and alignment with long-term strategy. Subsequently, they are prioritised using impact-based criteria, including economic benefits, environmental outcomes, and resource availability, ensuring focus on high-value initiatives. Ongoing monitoring is carried out through defined key performance indicators, regular reporting, and performance reviews to ensure that expected benefits are realised and to support continuous improvement in climate-related performance and value creation.

4.10 Integration into Overall Risk Management Process

Sustainability and climate-related risks and opportunities are fully integrated into the entity’s overall ERM framework and governance structure. The processes for identifying, assessing, prioritising, and monitoring these risks and opportunities are aligned with those applied to all enterprise risks and directly inform strategic decision-making, capital allocation, and operational planning. Outputs from climate and sustainability related-risk assessments are considered by senior management and oversight committees, ensuring that climate-related considerations are embedded within the entity’s broader risk management, resilience planning, and long-term strategy as a telecommunications service provider.