APC Group, Inc. adopts an Enterprise Risk Management (ERM) policy that establishes a culture of disclosing, evaluating and managing risks, from the Board and throughout the organization toward achieving its goals and objectives, which include, among others, the protection and preservation its employees’ and clients’ safety and welfare, the value and condition of its properties and assets, and its local and global reputation. The Company aligns its risk appetite with its long-term strategic objectives.

The Board of Directors, through the Risk Oversight Committee (ROC), oversees the implementation and effectiveness of the Company’s ERM policy. The ROC conducts an annual review of the Company’s risk profile and risk management processes to ensure that significant risks are properly identified, evaluated, monitored and managed.

To assess risks, the Company utilizes a Risk Assessment Matrix that evaluates the likelihood of occurrence and potential impact of identified risks. Based on the resulting risk score, risks are categorized according to their priority level—ranging from Very Low to Very High—to facilitate appropriate management attention, resource allocation, and mitigation actions.

Through this structured approach, the Company seeks to enhance decision-making, strengthen governance, and safeguard its investments and stakeholders’ interests.

The Company’s key risk areas include:

Regulatory and Compliance Risks

The Company is subject to laws, regulations, and reporting requirements imposed by various government agencies. Changes in regulations, delays in approvals, or non-compliance may affect business operations and project development. The Company mitigates these risks through continuous monitoring of regulatory developments, regular compliance reviews, and active engagement with regulatory agencies and local government units.

Project Development Risks

The Company’s investments, including the Kalinga Geothermal Project, are in the exploration, evaluation, or development stages and are subject to risks related to permitting, financing, technical assessments, and project viability. Management continuously evaluates project developments and implements measures to manage costs and preserve investment value.

Financial Risks

The Company is exposed to risks related to liquidity, funding requirements, interest rate movements, and access to capital. To mitigate these risks, Management regularly monitors cash flows, evaluates financing options, and adopts prudent financial controls to support the Company’s investment and project development activities.

Information Security and Data Privacy Risks

The Company faces risks related to cybersecurity threats, unauthorized access to information, and disclosure of confidential or personal data. To mitigate these risks, the Company implements data privacy protocols, information security controls, and regular reviews of its information technology infrastructure.

Governance and Reporting Risks

The Company is exposed to risks arising from non-compliance with corporate governance requirements, disclosure obligations, and internal policies. Regular reviews of governance processes, reporting requirements, and internal controls are conducted to promote transparency and accountability.

Stakeholder and Reputational Risks

Misinformation, adverse publicity, and stakeholder concerns may affect the Company’s reputation and relationships with investors, regulators, host communities, and other stakeholders. The Company addresses these risks through proactive stakeholder engagement, timely disclosures, and established communication protocols.

Human Capital and Workplace Compliance Risks

The Company monitors compliance with labor regulations, occupational safety and health standards, and outsourced service arrangements. Regular reviews and coordination with relevant departments help ensure compliance with applicable labor and workplace requirements.

Catastrophic and Business Continuity Risks

Natural disasters, unforeseen events, and other catastrophic incidents may disrupt operations and project activities. The Company maintains appropriate insurance coverage and periodically reviews its business continuity and risk mitigation measures.

The Company continuously reviews and enhances its ERM policy to ensure that significant risks are effectively managed and aligned with its strategic objectives and long-term growth plans.