CORPORATE GOVERNANCE This document has been prepared in terms of the JSE Listings Requirements and sets out Distell Group Limited’s application of the principles contained in King III.

Chapter 1. Ethical leadership and corporate citizenship 1.1 The board should provide effective The Distell Board Charter stipulates that leadership based on an ethical foundation. the board shall ensure that the company’s ethics are managed effectively and is responsible for approving the company’s Code of Conduct. 1.2. The board should ensure that the The company has adopted the GRI company is and is seen to be a responsible principles to guide it in its corporate corporate citizen. responsibility. The social and ethics committee, which reports to the board, is responsible for monitoring the company’s social and economic development, good corporate citizenship and labour relations measured against various indicators. 1.3. The board should ensure that the The Group has a Code of Ethics, which company’s ethics are managed effectively. enforces ethical business practices. All employees of the company are obliged to adhere to the Code of Ethics.

x

x

x

Board has approved a structured approach on how the company responds and manages the risk of unethical behaviour. Chapter 2. Boards and directors 2.1. The board should act as the focal point for and custodian of corporate governance.

2.2. The board should appreciate that strategy, risk, performance and sustainability are inseparable.

As stated in the Board Charter, the board acts as the focal point for corporate governance. The board manages its relationship with management, the shareholders and other stakeholders along sound corporate governance principles. The Board Charter states that the board appreciates that strategy, risk, performance and sustainability are inseparable and give effect to this by: - providing strategic direction by

x

x

None

Partial

Comments

Full

The recommendations of King III as obtained from the executive summary of the full report, are set out below, with DISTELL management’s opinion of whether or not DISTELL is in compliance with the Code.

2.3. The board should provide effective leadership based on an ethical foundation. 2.4. The board should ensure that the company is and is seen to be a responsible corporate citizen. 2.5. The board should ensure that the company’s ethics are managed effectively. 2.6. The board should ensure that the company has an effective and independent audit committee. 2.7. The board should be responsible for the governance of risk. 2.8. The board should be responsible for information technology (IT) governance. 2.9. The board should ensure that the company complies with applicable laws and considers adherence to non-binding rules, codes and standards. 2.10. The board should ensure that there is an effective risk-based internal audit. 2.11. The board should appreciate that stakeholders’ perceptions affect the company’s reputation. 2.12. The board should ensure the integrity of the company’s integrated report. 2.13. The board should report on the effectiveness of the company’s system of internal controls. 2.14. The board and its directors should act in the best interests of the company.

assessing and authorising strategies submitted by senior management; - empowers management to implement such strategies and to provide timely feedback on progress; and - establish sub-committees to assist in discharging its duties and responsibilities. Refer to 1.1

x

Refer to 1.2. x Refer to 1.3. The Board has established sub-committees to assist it in discharging its duties and responsibilities, which includes an Audit and Risk Committee. Refer to Chapter 4. Refer to Chapter 5.

x

x

x x

Refer to Chapter 6. x Refer to Chapter 7.

x

Refer to Chapter 8. x Refer to Chapter 9. The board reports on the effectiveness of the group’s systems of internal control in the integrated report. The board acts in the best interests of the group by: • each individual director strive to adhere to the provisions of the Companies Act and King III; • all directors have the appropriate expertise to fulfil their duties and enjoy significant influence at meetings. This

x x

x

2.15. The board should consider business rescue proceedings or other turnaround mechanisms as soon as the company is financially distressed as defined in the Act. 2.16. The board should elect a chairman of the board who is an independent nonexecutive director. The CEO of the company should not also fulfil the role of chairman of the board. 2.17. The board should appoint the chief executive officer and establish a framework for the delegation of authority.

2.18. The board should comprise a balance of power, with a majority of non-executive directors. The majority of non-executive directors should be independent.

ensures a balance of authority and precludes any one director from exercising excessive power in terms of decisionmaking; • disclose real or perceived conflicts of interest to the board; • strictly adhering to the restrictions placed by the JSE on trading of publicly listed shares. This has not been required to date. The board considers the Group’s going concern position annually.

The chairman of the Group is Mr DM Nurek, an independent non-executive director. The MD of the company is not the chairman of the board.

x

x

Mr RM Rushton is the MD. A delegation of authority has been approved by the board and is reviewed from time to time. The authority of the executive directors is set out in the MOI and this includes the MD. The approval framework also relates to the annual budget process that summarises all the strategic goals of the company. The board is appropriately constituted. Of the 14 directors, 12 are non-executive. 9 of the 12 non-executive directors are independent. The CEO and Finance Director are appointed to the board.

Non-executive directors are appointed at the AGM. The size and diversity of the board allows for the board to conduct its business effectively. 2.19 Directors should be appointed through The board is responsible for appointing a formal process. new directors. Procedures for appointments to the board are formal and transparent and a matter for the full board’s consideration. The board is always mindful of the need to maintain an infusion of fresh thinking and a relevant mix of skills and experience.

x

x

x

Non-executive directors are appointed for their skills, knowledge and experience of other businesses and sectors and is expected to contribute effective and independent viewpoints to decision making and formulation of policy. The Board annually reviews and assesses the mix of skills and experience offered by Board members as well as its composition in the light of the country’s demographics to ensure it is adequately equipped to achieve the company’s objectives and create shareholder value. 2.20. The induction of and on-going training It is the role of the Group Company and development of directors should be Secretary to ensure the board remains conducted through formal processes. cognisant of its duties and responsibilities. He oversees the induction programme for new members of the board and key committees, including subsidiary company directors. The induction programme include information on the Group’s strategy and operations as well as their responsibilities as directors.

2.21 The board should be assisted by a competent, suitably qualified and experienced company secretary.

x

Directors receive ongoing training and are kept abreast of relevant changes in legislation and governance best practice. All directors may seek the advice and services of the Group Company Secretary or any relevant outside advisors when required. Ms L Malan is the company secretary and is deemed suitably qualified and experienced. She is a Chartered Accountant and was appointed company secretary in 2014. The company secretary assists the board with director induction, on-going training and provides guidance to the board as necessary. She prepares and circulates minutes of board and sub-committee meetings and is responsible to ensure the board remains cognisant of its duties and responsibilities.

x

2.22 The evaluation of the board, its committees and the individual directors should be performed every year.

As stated in the Board Charter, the members of the board have formally documented their role and responsibilities collectively and individually, while performance standards have been set for each director whether executive or nonexecutive. By following the process stipulated in the charter, a performance assessment is done annually against the said standards. The collective and individual performance of Board members (including the chairperson and MD) is conducted through a formal assessment process. The results of the assessments are given to board members to consider necessary actions needed.

2.23. The board should delegate certain functions to well-structured committees but without abdicating its own responsibilities.

The board of directors consider and satisfy itself, on an annual basis, on the competence, qualifications and experience of the company secretary. The board has established sub-committees to assist in discharging its duties and responsibilities without abdicating its own responsibilities. The sub-committees acts within agreed written terms of reference in the respective charters. The charters are reviewed annually. The sub-committees are all appropriately constituted and their compositions are disclosed in the integrated report. All committees are chaired by independent non-executive directors.

2.24. A governance framework should be agreed between the group and its subsidiary boards. 2.25. Companies should remunerate directors and executives fairly and responsibly.

x

x

The committee chairpersons report back to the board. Refer to 2.17. x The board charter sets out the Group’s remuneration policy that guides the salaries of all directors and senior management.

x

In line with these objectives, the Remuneration Committee annually reviews the performance of each director and member of senior management, and determines their annual salary adjustments. For this purpose reference is also made to salary surveys compiled by independent organisations.

2.26. Companies should disclose the remuneration of each individual director and certain senior executives.

2.27. Shareholders should approve the company’s remuneration policy.

Chapter 3. Audit committees 3.1. The board should ensure that the company has an effective and independent audit committee. 3.2. Audit committee members should be suitably skilled and experienced independent non-executive directors. 3.3. The audit committee should be chaired

The remuneration committee annually review and approve the remuneration packages of the most senior executives, including incentive pay and increases. The remuneration committee also review the remuneration of the non-executive directors of the board and its committees and make proposals to the board for final approval by shareholders at the annual general meeting. We have disclosed the directors’ compensation in total as well as the detail of the 2 executive directors’ remuneration in the annual financial statements and not the salaries of the three most highly-paid employees as required by King III, because of the following reasons:  we consider it to our competitive advantage; and  some of the employees are being paid in foreign currency and therefore the salaries are not necessarily comparable. The remuneration committee determines and approve the Group’s general remuneration policy which is tabled at each annual general meeting for approval by shareholders. The board has established an audit and risk committee comprising of three independent non-executive directors. All members of the audit and risk committee are independent non-executive directors who are financially literate and have business and financial acumen. The committee is chaired by an

x

x

x

x x

by an independent non-executive director.

independent, non-executive director. The present incumbent is Catharina SevillanoBarredo. 3.4. The audit committee should oversee The audit and risk committee reviews and integrated reporting. approves the integrated annual report, to be finally approved by the board. 3.5. The audit committee should ensure The audit and risk committee ensures that that a combined assurance model is applied a combined assurance model is applied to to provide a coordinated approach to all provide a coordinated approach on all assurance activities. assurance activities, while monitoring the relationship between internal and external auditors and other assurance providers (internal and external). 3.6. The audit committee should satisfy The audit and risk committee considers the itself of the expertise, resources and experience and expertise of the financial experience of the company’s finance director on an annual basis as well as the function. composition, experience and skills set of the finance function to meet the Group’s requirements. 3.7. The audit committee should be Refer to 7.4. responsible for overseeing of internal audit. 3.8. The audit committee should be an The audit and risk committee charter sets integral component of the risk out its responsibilities towards risk management process. management.

3.9. The audit committee is responsible for recommending the appointment of the external auditor and overseeing the external audit process.

3.10. The audit committee should report to the board and shareholders on how it has discharged its duties.

The audit and risk committee reviews the adequacy and effectiveness of the financial reporting process, the system of internal control, management of fraud and IT risks and the management of financial and operating risks as well as the company’s process for monitoring compliance with laws and regulations. The audit committee recommends to the board and to the shareholders the appointment of the external auditors and oversees the audit process, approves the external auditor’s terms of engagement, audit and non-audit fees and reviews their independence and the effectiveness of the audit process annually. The audit committee formally reports to the board quarterly and to the shareholders in the integrated report on how it has fulfilled its duties in terms of the Companies Act during the financial year.

x

x

x

x

x

x

x

Chapter 4. The governance of risk 4.1. The board should be responsible for the governance of risk.

The board charter stipulates that the board is responsible for the process of risk management. The board has delegated its responsibility for the management of financial and operating risks to the audit and risk committee, who report thereon to the board.

4.2. The board should determine the levels of risk tolerance.

The audit and risk committee reviews risk management processes and plans. Risk registers of significant risks facing the Group are discussed, as are management’s plans to control and mitigate these risks within board-approved ranges of tolerance. The committee reports to the board on the key risks facing the Group and management-associated, riskmitigated responses. This requirement states that the board should understand the risk levels to enable it to have the ability to tolerate risk versus the risk that it is willing to take (risk appetite). To comply, the company Risk Register is updated and communicated annually. The top risks are communicated to the audit and risk committee on an annual basis and the complete Risk Register is included in the board report for the month after the specific audit and risk committee meeting.

4.3. The risk committee or audit committee should assist the board in carrying out its risk responsibilities. 4.4. The board should delegate to management the responsibility to design, implement and monitor the risk management plan.

x

x

Additionally, an Audit Committee Matrix is in place that sets out types of risks and monetary parameters to trigger who should be informed if a specific risk should occur and when. Refer to 4.1. x The board, through the audit and risk committee, is ultimately responsible for the governance of risk.

x

4.5. The board should ensure that risk assessments are performed on a continual basis.

4.6. The board should ensure that frameworks and methodologies are implemented to increase the probability of anticipating unpredictable risks.

The audit and risk committee reviews risk management processes and plans. Risk registers of significant risks facing the Group are discussed, as are management’s plans to control and mitigate these risks within board-approved ranges of tolerance. Risk assessments are performed on a regular basis and the outcomes thereof are reported to audit and risk committee on an annual basis, which in turn report to the board. Emerging risks are continuously monitored and research. The risk register are updated accordingly and presented to the audit and risk committee. Senior management’s responses to mitigate these risks are documented in each business function’s business plan. Refer to 4.6.

4.7. The board should ensure that management considers and implements appropriate risk responses. 4.8. The board should ensure continual risk Refer to 4.5. monitoring by management. 4.9. The board should receive assurance Refer to 4.6. regarding the effectiveness of the risk management process. 4.10. The board should ensure that there Processes are in place to ensure that are processes in place enabling complete, relevant disclosure requirements are made timely, relevant, accurate and accessible when appropriate. Refer 4.2 - Audit risk disclosure to stakeholders. Committee Matrix. Chapter 5. The governance of information technology 5.1. The board should be responsible for Information Technology risks are governed information technology (IT) governance. by adopting the COBIT governance framework, as approved by the audit and risk committee. The controls and procedures are identified and detailed in policy manuals. Compliance is measured through reporting against these standards and is tested by specialised independent service providers and internal audit. Management reports the progress of internal risk responses to the audit and risk committee. 5.2. IT should be aligned with the By adopting the COBIT governance performance and sustainability objectives framework, IT strategy is appropriately of the company. integrated with the objectives of the

x

x

x x x

x

x

x

5.3. The board should delegate to management the responsibility for the implementation of an IT governance framework.

Group. The audit and risk committee is responsible for IT governance. The head of IT reports twice per year to the audit and risk committee on management’s implementation of structures and processes to execute the IT Governance Framework.

The head of IT also reports to the CFO. 5.4. The board should monitor and evaluate The board evaluates and monitor significant IT investments and expenditure. significant IT investments and expenditure through a Capital Committee which approves all capital expenditure and through the approval of the budgeting process annually which details all planned capital expenditure relating to IT. 5.5. IT should form an integral part of the IT forms an integral part of the company’s company’s risk management. risk management process. Management reports the progress of internal risk responses to the audit and risk committee. Status updates regarding IT disaster recovery issues are also reported to the audit and risk committee on an annual basis. 5.6. The board should ensure that The Audit and Risk Committee assures the information assets are managed effectively. board that management safeguards the Group’s IT assets and that it is effectively deployed and that the Group has a business continuity plan in place. 5.7. A risk committee and audit committee The Audit and Risk Committee assist the should assist the board in carrying out its board in carrying out its IT responsibilities. IT responsibilities. Internal audit provides assurance over parts of IT governance. Chapter 6. Compliance with laws, rules, codes and standards 6.1. The board should ensure that the The company strives to comply with all company complies with applicable laws and applicable laws to the best of its ability. considers adherence to nonbinding rules, codes and standards. The Group Company Secretary and Group Legal Counsel are responsible for guiding the board in discharging its regulatory responsibilities. A legal report is included in the monthly board reporting packs and details regarding current disputes, etc. are

x

x

x

x

x

x

discussed.

6.2. The board and each individual director should have a working understanding of the effect of the applicable laws, rules, codes and standards on the company and its business.

6.3. Compliance risk should form an integral part of the company’s risk management process.

6.4. The board should delegate to management the implementation of an effective compliance framework and processes.

The Social and Ethics Committee are also responsible to compliance with relevant legislation. As part of the induction, processes are in place to ensure that the board is informed of relevant laws, codes and standards. We make use of external specialists where necessary and we conduct compliancespecific training and education to reinforce ethical behaviour across the Group. Management then accepts the responsibility to implement the suggested controls designed to ensure compliance with both our company’s values and the legal environment. Training updates on changes are provided when necessary. Appropriate forums continuously monitor and reporting on risk management. The compliance team assist the board and management in complying with applicable laws, codes and standards (refer 6.1 and 6.2). The Group Company Secretary and Group Legal Counsel are responsible for guiding the board in discharging its regulatory responsibilities. Distell’s code of ethics and conduct is designed around a set of values and also covers areas such as compliance with laws and regulations as well as principles for ethical conduct.

Chapter 7. Internal audit 7.1. The board should ensure that there is an effective risk based internal audit.

7.2. Internal audit should follow a risk based approach to its plan.

x

An effective risk based internal audit department is in place. The main function of the Internal Audit department is to perform an assessment of the effectiveness, reliability and efficiency of the internal control environment. The risk management process and internal audit planning is aligned.

x

x

x

x

7.3. Internal audit should provide a written assessment of the effectiveness of the company’s system of internal controls and risk management.

7.4. The audit committee should be responsible for overseeing internal audit.

7.5. Internal audit should be strategically positioned to achieve its objectives.

Internal Audit provides an annual written assessment of the effectiveness of the system of internal financial controls to the Audit and Risk Committee, who in turn report the state of internal financial controls to the board. The board reports on the effectiveness of the system of internal controls in the integrated report. The Audit and Risk Committee oversees the Internal Audit department and their responsibilities include:  approval for recommendation to the board the Internal Audit Charter, to be reviewed annually;  confirm the appointment or dismissal of the chief internal auditor and periodically review his/her performance;  ensure the internal audit function is subject to a periodic independent quality review;  evaluate the effectiveness of Group Internal Audit and approve the annual internal audit plan;  review internal audit and risk committee reports; and  evaluate the annual review of internal financial controls by Internal Audit (on behalf of the board) and ensure that material weaknesses are reported to the board and are disclosed in the integrated annual report. The Head of Audit (HoA) reports functionally to the chairman of the audit and risk committee and administratively to the company secretary. The HoA has a standing invitation to attend meetings of the executive committee or other committees made up of a majority of senior executives, but is not be a member of these committees in order to protect independence. The internal audit function is appropriately skilled resourced to address the complexity

x

x

x

and volume of risk and assurance needs. Chapter 8. Governing stakeholder relationships 8.1. The board should appreciate that The board is responsible for formulating stakeholders’ perceptions affect a the Group’s communication policy. The company’s reputation. Group manages communications with its key financial audiences, including institutional shareholders and financial analysts accordingly to ensure there is no gap between stakeholder’s perceptions and the Group’s performance. The goal is to timeous, relevant and accurate information to all stakeholders in accordance with the JSE Listings Requirements. 8.2. The board should delegate to Information sessions are conducted management to proactively deal with following the publication of interim and stakeholder relationships stakeholders and final results. Executive directors, as well as the outcomes of these dealings. representatives from management, attend these sessions. A broad range of public communication channels is also used to disseminate information. Adequate disclosure is made in the Sustainability Report. The Group chairperson encourages shareholders to attend the annual general meeting where participation is encouraged. 8.3. The board should strive to achieve the The company considers the interests and appropriate balance between its various expectations of stakeholders in its decision stakeholder groupings, in the best interests making, whilst balancing the best interests of the company. of the company. 8.4. Companies should ensure the All shareholders receive the same equitable treatment of shareholders. information at the same time. No differentiation is made between shareholders’ dividends and all have the same voting rights. All shareholders also have unlimited access to the company secretary. 8.5. Transparent and effective Refer 8.1 and 8.2. Additionally, the Group communication with stakeholders is provides timely and accessible information essential for building and maintaining their to stakeholders in SENS announcements, trust and confidence. interim report, annual report and its integrated report. Information are also available on the company website. 8.6. The board should ensure that disputes The board strive to resolve disputes as are resolved as effectively, efficiently and effectively, efficiently and expeditiously as expeditiously as possible. possible.

x

x

x

x

x

x

Dispute resolution clauses are included in contracts with external parties. Chapter 9. Integrated reporting and disclosure 9.1. The board should ensure the integrity The responsibility for the integrity of and of the company’s integrated report. the approval prior to publication of the integrated report lies with the board. The audit and risk committee reviews the report and recommend it to the board for approval. 9.2. Sustainability reporting and disclosure Sustainability reporting is integrated into should be integrated with the company’s the company’s financial reporting. financial reporting. 9.3. Sustainability reporting and disclosure Internal Audit provides limited assurance should be independently assured. with regard to the Sustainability Report.

x

x x