The Group considers risk management to be a fundamental strategic tool, carried out by an independent risk management unit, based on best market practices, with the objective of ensuring that the risks to which the institution is exposed are managed according to the risk appetite, policies, and established procedures. Monitoring is conducted through daily reports delivered to the Executive Officers and key leadership, with performance comments and exposure statements in relation to the limits set institutionally, always prioritizing proactivity in managing these risks.

(a) Credit Risk: Refers to the possibility of losses resulting from the failure of the borrower, issuer, or counterparty to fulfill their respective financial obligations under the agreed terms. The risk management area conducts daily stress tests on the credit portfolio, measuring the impact of increased delinquency on the company’s results and other risk indicators.

(b) Market Risk: The possibility of losses resulting from fluctuations in the market values of positions held by a financial institution, as well as its financial margins, including risks from transactions subject to currency variation, interest rates, indexes, stock prices, and commodity prices. Market risk control is conducted through standardized procedures and in accordance with corporate policies. The allocation of available resources from the Bank and controlled companies are always made with the goal of mitigating exposure to market risk.

(c) Liquidity Risk: The possibility of imbalances between tradable assets and payable liabilities that could affect the institution's ability to meet its payment obligations, considering different currencies and settlement terms for its rights and obligations. Liquidity risk monitoring is performed daily based on established indicators, cash flow, and stress scenarios.

(d) Operational Risk: The possibility of losses resulting from failure, deficiency, or inadequacy of internal processes, people, and systems, or from external events. It includes legal risk associated with inadequacy or deficiencies in contracts signed by the institution, as well as sanctions for non-compliance with legal provisions and compensation for third-party damages arising from the institution's activities. The evaluation of operational risks is conducted to ensure the quality of the control of the environment, adhering to internal guidelines and current regulations. Matters related to operational risk are reported through monthly reports to senior management and specific reports to area managers.

(e) Credit risk management and allowance for expected credit losses

Credit risk management objectives and strategies:

Agibank’s credit risk exposures primarily originate from secured operations, particularly payroll products, where the primary risk relates to events such as death or suspension of social security benefits. For unsecured products, the risk stems from potential customer default, mitigated through policies that prioritize transactions with clients maintaining an active banking relationship, such as salary deposits with the institution.

The objective of credit risk management is to ensure portfolio quality and preserve financial soundness, maintaining delinquency levels within the risk appetite defined by the Executive Board in the Risk Appetite Statement (RAS). Policies and processes include credit analysis based on internal models, risk classification, establishment of limits by client and segment, continuous exposure monitoring, and provisioning practices in compliance with Central Bank regulations and IFRS 9.

Measurement methods encompass internal models for calculating Probability of Default (PD), Loss Given Default (LGD), and Exposure at Default (EAD), in addition to stress testing to assess portfolio resilience under adverse scenarios. Model monitoring is performed on an ongoing basis through periodic validation, backtesting, and performance analysis, ensuring that underlying assumptions remain aligned with observed data and that models maintain predictive capability amid changes in portfolio behavior and macroeconomic conditions. Key indicators monitored include the non-performing loan ratio (NPL), coverage ratio, sector concentration, internal ratings, and provisioning levels, which enable assessment of clients’ repayment capacity and adequacy of provisions relative to assumed risk.

During the current period, there were no material changes in credit risk management policies or processes compared to the prior year, maintaining the strategy of concentration in secured products and mitigation through banking relationship.

Credit risk governance is organized into multiple layers to ensure effective oversight and compliance, including:

• Credit Committee – responsible for defining strategies and lending policies.

• Risk Committee – overseeing regulatory indicators and adherence to the risk appetite.

• Credit Risk Management Department – an independent unit ensuring portfolio quality.

• Chief Risk Officer (CRO) – accountable for governance oversight and reporting to the Executive Board.

These governance structures ensure exposures are monitored, measured, and maintained within established limits, with processes regularly reviewed to ensure regulatory compliance and alignment with best market practices.