Good Corporate Governance
Therefore, the Board of Directors has established corporate governance policies and business ethics based on the principles of good corporate governance for listed companies (CG Code), the guidelines for corporate governance of Thai listed companies (CGR), and other standard guidelines. These policies are reviewed, updated, and developed annually to align with changing laws, economic conditions, and social and environmental contexts.
Board Structure and Responsibilities
The Board of Directors consists of a number of directors appropriate to the company’s size and business strategy. Each director must possess the necessary knowledge, expertise, and experience relevant to the company’s operations. Additionally, they must have a clear understanding of their roles, duties, and responsibilities toward shareholders, ensuring decision-making that benefits the company, shareholders, and all stakeholders. Furthermore, the company believes that a diverse board structure, free from discrimination based on nationality, religion, culture, age, or gender, encourages independent and diverse perspectives, fostering well-rounded and effective corporate governance.
To support the operations of the Board of Directors, the company has established subcommittees to oversee and monitor various aspects of the business in accordance with good corporate governance principles. These subcommittees include:
- Audit, Risk, and Corporate Governance Committee
- Nomination and Remuneration Committee
- Business Strategy and Innovation Committee
- Sustainability Committee
Enterprise Risk Management
Thai Wah is committed to systematic and transparent risk management, integrating risk management policies as a core component of its corporate strategy. This approach supports strategic decision-making, sustainable operations, and stakeholder trust. The company has established a comprehensive risk management framework to ensure robust and effective risk mitigation. Thai Wah's risk management system aligns with the Enterprise Risk Management (ERM) framework under internationally recognized COSO standards. Additionally, the company continuously enhances internal control systems to adapt to evolving business environments and regulatory requirements. Thai Wah's risk management approach covers risk assessment, mitigation, and reporting, with the primary objective of preventing potential losses and creating long-term growth opportunities.
Risk Management Enhancement
The Company continuously enhances its Enterprise Risk Management (ERM) framework to strengthen organizational resilience, support strategic decision-making, and address evolving business and ESG-related risks and opportunities. Key initiatives include:
- Impact & Likelihood Criteria
The Company has established standardized criteria for assessing risk impact and likelihood, covering both downside risks and strategic opportunities. The assessment framework supports the identification, prioritization, and management of risks and opportunities that may affect business objectives, long-term value creation, and stakeholder confidence. - Continuous Improvement
Risk assessment criteria and methodologies are regularly reviewed and updated to align with changing business conditions, emerging risks, and evolving economic, social, technological, environmental, and regulatory factors. The Company continuously incorporates ESG-related risks and opportunities into its risk management process. - Monitoring & Reporting
The Internal Audit and Risk Management functions jointly monitor, assess, and report key risks, mitigation actions, and risk management effectiveness to the Audit Committee, Risk Management Committee, and the Board of Directors on a regular basis to ensure appropriate oversight and alignment with the Company’s risk appetite and strategic priorities. - Risk informed Decision Making
Risk management insights are integrated into strategic planning and decision-making processes, including investment decisions, business expansion, project prioritization, and the development of preventive and mitigation measures to enhance long-term business resilience and sustainable growth.
ESG and Climate-related Risk Integration into Enterprise Risk Management (ERM)
Internal Carbon Pricing
Thai Wah Public Company Limited has introduced an Internal Shadow Carbon Pricing approach to support the Company’s climate-related decision-making processes and strengthen the integration of climate-related considerations into investment planning and evaluation. The approach covers the assessment and prioritization of selected capital expenditure (CAPEX) projects with significant climate-related impacts, including energy efficiency, renewable energy, and greenhouse gas reduction initiatives, while encouraging the consideration of climate-related risks and opportunities in investment decisions.
The Company has established an initial internal shadow carbon price of USD 20 per tCO2e to support the integration of climate-related risks and considerations into investment evaluation processes and long-term low-carbon transition planning.
This approach may be progressively refined over time in response to external developments, including Thailand’s evolving Emissions Trading System (ETS), international carbon market mechanisms, the European Union Carbon Border Adjustment Mechanism (CBAM), energy market conditions, and stakeholder expectations.
The Company will periodically review this approach through its governance processes to ensure continued relevance and alignment with evolving climate-related risks, as well as ongoing regulatory developments.
Anti-Corruption
Thai Wah places great importance on conducting business with honesty, transparency, and accountability under the principles of good governance. The company has implemented strict anti-corruption policies across the organization to promote business sustainability. Thai Wah has been a member of the Thai Private Sector Collective Action against Corruption (CAC) since February 21, 2017, and has continuously renewed its certification. In 2024, the company applied for its second renewal to maintain CAC standards.
Thai Wah has a clear stance on transparent operations, strictly prohibiting any actions that violate ethics or legal standards. Under the Whistleblowing Policy, the company provides channels for employees and external parties to report inappropriate actions or violations of laws and regulations. Whistleblowers are assured that they will not face punishment, discrimination, or any inappropriate actions. This policy creates a safe space for everyone to r eport issues confidently, such as fraud, corruption, and legal or regulatory violations.
Complaint and Whistleblowing Management Process
The company has established a systematic process for handling complaints and whistleblowing, with transparent and verifiable steps. This process covers the receipt of complaints, investigation, resolution, and prevention of recurrence. Additionally, the company reports the results of these processes to the Audit Committee and the Board of Directors on a quarterly basis.
Complaint Management in 2025
| Complaint Category | Number of Cases | Investigation Result | Root Cause | Corrective Action | Preventive Action | Status |
| Serious Disciplinary Misconduct | 2 | Misconduct was confirmed and had an impact on trust and responsibility in the assigned duties. | Human / Conduct | The highest level of disciplinary action was taken, including termination of employment in accordance with labor laws and company regulations, with the incident documented and reported to the relevant committee. | Review employee governance practices and the Code of Conduct. | Completed in accordance with the established procedures. |
| Process Gap | 1 | No personnel misconduct was found. The issue was caused by weaknesses in the process. | Process / System | Improved work procedures, documentation, and operational manuals. | Strengthened internal control and monitoring processes, and conducted regular process reviews. | Completed in accordance with the established procedures. |
| Unsubstantiated Complaint | 1 | No evidence or circumstances indicating misconduct were found. | External / Unfounded | The case was closed according to the established procedures, with clarification provided to the complainant. | Reviewed complaint handling channels to improve clarity. | Completed in accordance with the established procedures. |
Cybersecurity
The Company has established cybersecurity and personal data protection guidelines to serve as a standardized operational framework across the organization. Emphasis is placed on regular risk assessment and identification to minimize vulnerabilities that may lead to cyber threats. In this regard, the Company has implemented Vulnerability Assessment and Penetration Testing (VAPT) measures in collaboration with external specialists at least 1–2 times per year to strengthen the security and effectiveness of its digital infrastructure and information systems.
In addition, the Company continuously implements cybersecurity measures, including the adoption of Multi-Factor Authentication (MFA) covering nearly 100% of all user accounts, as well as regular risk assessments and system testing conducted together with external experts. As a result, the Company has been able to manage and mitigate more than 90% of critical- and high-level risks. The Company has also progressively upgraded and reduced reliance on legacy systems to minimize long-term cybersecurity risks.
In 2025, the Company did not experience any personal data breaches or significant complaints. The Company also continues to promote Cybersecurity Awareness initiatives to foster a strong digital security culture throughout the organization.
Furthermore, the Company monitors and measures the effectiveness of its digital security enhancement efforts through international benchmarks provided by Microsoft 365, as well as Cybersecurity Simulation exercises. These initiatives reflect the Company’s continuous progress in information security management and strengthen its readiness to address increasingly sophisticated cyber threats in the future. Details are as follows:
| Key Metrics | 2021 | 2022 | 2023 | 2024 | 2025 | Target 2026 |
| Microsoft Secure Score (Overview) | 18.42% | 67.78% | 66.02% | 69.50% | 71.15% | 72%** |
| Identity Secure Score | N/A | 84.34% | 76.48%* | 82.08% | 86.26% | 80%*** |
Remark:
* The Identity score in 2023 was adjusted due to the integration of the HRIS system for daily employees with Azure AD, resulting in a significant increase in the number of user accounts.
** The key benchmark for the Microsoft Secure Score ranges between 60%–80%, which is considered a good and stable level of security.
*** To further strengthen personal data protection, the recommended target score should be at least 75%–80% or higher.
Tax Governance Framework
Thai Wah Public Company Limited is dedicated to achieving sustainable and competitive tax management while driving long-term value and growth for both the economy and society. We strictly adhere to both the spirit and the letter of tax laws in all countries where we operate, while firmly rejecting aggressive tax planning (Aggressive Tax Planning) and the creation of tax structures primarily aimed at tax avoidance without appropriate commercial rationale. Supported by efficient internal control processes and meticulous risk management, our tax practices are firmly rooted in genuine economic substance to foster investment and local employment. Furthermore, all intercompany transactions are conducted in strict compliance with the Arm’s Length Principle and OECD transfer pricing guidelines. The Company explicitly prohibits shifting economic value or profits to low-tax jurisdictions. In maintaining transparent relations, we cooperate fully with relevant tax authorities and provide secure whistleblowing channels to uphold ethical tax conduct. To foster stakeholder trust, we continuously enhance our tax transparency by aligning our public reporting with international standards, such as GRI 207, ensuring true corporate accountability across all operations.