1. PREAMBLE 1.1 Section 134(3) of the Companies Act, 2013 requires a statement to be included in the report of the Board of Directors (“Board”) of Datta Finance And Trading Private Limited (the “Company”), indicating development and implementation of a Risk Management Policy for the Company, including identification therein of elements of risk, if any, which, in the opinion of the Board, may threaten the existence of the Company. 1.2 Accordingly, the Board of Directors of our Company adopted this policy at its meeting held on 23rd June, 2025, which can be amended from time to time and shall come into effect from the date of listing of the Equity Shares of the Company. 2. OBJECTIVE This Policy is made with an objective: a) To ensure that all the current and future material risk exposures of the Company are identified, assessed, quantified, appropriately mitigated, minimized and managed i.e. to ensure adequate systems for risk management. b) To establish a framework for the Company’s risk management process and to ensure its implementation. c) To enable compliance with appropriate regulations, wherever applicable, by adoption of best practices. d) To assure business growth with financial stability. 3. POLICY Our Risk Management approach consists of following: A. Risk Identification B. Risk Analysis C. Risk Assessment and Control A. RISK IDENTIFICATION Risk Identification means identifying the source or origin of risk. The functional head shall be responsible for identifying risk associated with their department. They shall identify the risk on regular basis and document all the risk that can negatively affect their department and company overall objective and performance. The Risk Management committee shall, on periodic basis, oversee and review the Risk Identification Process adopted by the functional head. B. RISK ANALYSIS A risk analysis is a process in which you determine the defining characteristics of each risk and assign each a score based on your findings. The risk identified by the functional head shall be analysed by identifying the possible threats that the Company may face and estimating the likelihood that these threats will materialize. C. RISK ASSESSMENT AND CONTROL The identified external and internal risk factors are assessed by the responsible functional head. All the assessed risk shall be reported to Risk Management Committee and appropriate action shall be taken to deal with those risk either by avoidance, reduction, retention or transfer. Risk Control Policy shall be made to deal with those risks that neither avoided nor transfer. An effective internal control system should be exercised through policies and systems to ensure timely availability of information that facilitate pro-active risk management. 4. RISK MANAGEMENT COMMITTEE The Company has a Committee of the Board, namely, the Risk Management Committee, which was constituted with the overall responsibility of overseeing and reviewing risk management across the Company. The terms of reference of the Risk Management Committee are as follows: a) review of strategic risks arising out of adverse business decisions and lack of responsiveness to changes; b) review of operational risks; c) review of financial and reporting risks; d) review of compliance risks; e) review or discuss the Company’s risk philosophy and the quantum of risk, on a broad level that the Company, as an organization, is willing to accept in pursuit of stakeholder value; f) review the extent to which management has established effective enterprise risk management at the Company; g) inquiring about existing risk management processes and review the effectiveness of those processes in identifying, assessing and managing the Company’s most significant enterprise-wide risk exposures; h) review the Company’s portfolio of risk and consider it against its risk appetite by reviewing integration of strategy and operational initiatives with enterprise-wide risk exposures to ensure risk exposures are consistent with overall appetite for risk; and i) review periodically key risk indicators and management response thereto. 5. REVIEW AND AMENDMENT TO THE POLICY The Risk Management Committee shall periodically review this Policy and may recommend amendments to this Policy from time to time as it deems appropriate. The Board shall also review the policy at least once every three years and amend it, if required.")) !!}