Composition

The Audit Committee of the Board of Directors presently consists of three Independent Non-Executive Directors. H A J De S Wijeyeratne is the Chairman. He has extensive experience in the fields of general management, financial management and auditing and is an Associate Member of The Institute of Chartered Accountants of Sri Lanka and a Fellow Member of the Chartered Institute of Management Accountants (UK). The Committee was reconstituted with effect from 18 December 2025 with J Durairatnam joining the Committee as a Member. L K A H Fernando is the other member. W R H Fernando, an Independent Non-Executive Director, functioned as a member until resignation on 17 December 2025.

There were no other changes in the membership of the Committee during the year.

Brief profiles of the members are given on pages 34 to 39.

Mandate and Role

The Terms of Reference of the Committee, which is subject to review periodically by the Board of Directors, clearly defines the mandate and role of the Committee. The Committee is responsible to the Board of Directors and reports on its activities regularly. The Committee assists the Board of Directors in fulfilling its general oversight of financial reporting, internal controls, internal and external audits. The Terms of Reference of the Committee was last reviewed and approved by the Board in November 2025.

The functions of the Committee are structured and regulated in line with the Rule No. 6.2 of the Corporate Governance Direction No. 5 of 2024, issued by the Central Bank of Sri Lanka, the Rules on Corporate Governance as per Section 9 of Listing Rules issued by the Colombo Stock Exchange and the Code of Best Practice on Corporate Governance issued by The Institute of Chartered Accountants of Sri Lanka (CA Sri Lanka). Where appropriate, more details are provided under separate headings in this Report.

Meetings

The Head of Group Internal Audit functioned as the Secretary to the Committee for the year ended 31 December 2025. During the year, 10 Audit Committee meetings were held and proceedings of the Audit Committee meetings were reported regularly to the Board.

The meetings during the year were regularly attended and the attendance by the Committee members at the meetings is given in the table on page 215 of this Annual Report.

The Chief Executive Officer, Deputy Chief Executive Officer, Chief Financial Officer, Chief Operating Officer and Chief Information Officer attend meetings by invitation. Senior Management also attends the meetings on invitation in order to brief the Audit Committee on specific matters. The Committee held three meetings with the External Auditor; KPMG independently, without the presence of the Executive Management, to discuss the progress and conclusion of the audits.

Principal Activities Conducted During 2025

Review of Financial Reporting

The Committee reviewed the effectiveness of the Financial Reporting System in place, to ensure reliability of information provided to the stakeholders. The Committee reviewed that to the best of its knowledge and belief, the Financial Statements issued for external purposes by DFCC Bank PLC (the Bank), complied with generally accepted principles of accounting as enunciated in Sri Lanka Accounting Standards, and complies with the statutory provisions of the Companies Act No. 07 of 2007 and Banking Act No. 30 of 1988 and subsequent amendments thereto.

The Committee assisted the Board of Directors to discharge their responsibility for the preparation of true and fair Financial Statements in accordance with the books of accounts and Sri Lanka Accounting Standards. In carrying out the overseeing responsibilities, the Committee reviewed:

• The adequacy and effectiveness of the internal control system and procedures to provide reasonable assurance that all transactions are accurately and completely recorded in the books of accounts.
• All critical accounting policies, practices, related changes thereto, alternative accounting treatments, major judgement areas, material audit adjustments, compliance with accounting standards, going concern assumptions, financial reporting controls and compliance with applicable laws and regulations that could impact the Bank’s Financial Statements, its Annual Report and its Quarterly Financial Statements prepared for publication in conjunction with the Management, Internal Auditors and where relevant, External Auditors. Special attention was made to discuss and decide on the changes in accounting treatments necessitated from the Circulars issued by the Regulator and Accounting Profession from time to time. The Committee reviewed the revised impairment policy document on adoption of the Sri Lanka accounting Standard – SLFRS 9 on Financial Instruments with subsequent improvements made and provided recommendations for further improvements and implementation.

• During the year the Audit Committee placed additional focus on the assessment of adequacy of provision for Expected Credit Loss (ECL) recognised in the Financial Statements based on the internal models, management overlay computed based on stress testing the exposures to risk elevated sectors, to address the ongoing implications from the adverse weather condition and resulted moratorium schemes, and also the impacts resulting from the political and economic changes in the country.
• All quarterly Unaudited Interim Financial Statements and Financial Statements for the year ended 31 December 2025, together with supporting information that included significant assumptions and judgements made in the preparation of Financial Statements.
• Internal Audit Reports, Management Letter issued by the External Auditor and the assurance statements received from the Chief Financial Officer and Chief Executive Officer that the financial records have been properly maintained and the Financial Statements give a true and fair view of the Entity’s operations and finances.
• The operations, future prospects, and sustainability indicators of the Bank and discussed with the Management regularly to ensure that all relevant matters have been taken into account in the preparation of the Financial Statements and that the Financial Statements of 2025 are reliable and presents a true and fair view of the state of affairs of the Bank.

Review of Internal Control System and Risk Management

The Audit Committee assessed the effectiveness of internal controls over financial reporting as at 31 December 2025 as required to comply with Section 9.2 (b) of the Banking Act Direction No. 5 of 2024 on Corporate Governance for Licensed Commercial Banks, issued by the Central Bank of Sri Lanka. This process assesses the adequacy and effectiveness of the internal controls and the processes for controlling business risks to ensure compliance with laws and regulations. Further the Committee monitored the progress on implementation of the recommendation made in the Statutory Examination Reports of the Central Bank of Sri Lanka (CBSL) through regular follow up reports tabled during the year 2025. The Committee ensures that appropriate action is taken by the Management on the recommendations of the Internal Auditors, External Auditors and in Statutory Examinations conducted by the Central Bank of Sri Lanka (CBSL) to improve the effectiveness of the internal control system of the Bank. The Board of Directors performs its responsibilities on the basis of the internal control framework, which enables the Board to pursue its functions and take necessary measures. The Board’s statement on effectiveness of the Bank’s internal control mechanism is published on pages 288 to 290.

Group Internal Audit

The Audit Committee ensures that the internal audit function is independent of the activities it audits and that it is performed with impartiality, proficiency, and due professional care. The Audit Charter authorises and guides the Head of Group Internal Audit (HGIA) in carrying out independent audit functions of the Bank and its subsidiaries. The HGIA enjoys operational independence in conducting duties and has the authority to initiate, carry out, and report on any action, which is considered necessary. For the performance of duties, the HGIA and audit staff shall have unrestricted, unlimited, direct and prompt access to all records of the Bank and its subsidiaries, officials or personnel holding any contractual status of the Bank and its subsidiaries, and to all the premises of the Bank and its subsidiaries. The Committee had necessary interactions with the Head of Internal Audit throughout the year. The Audit Committee monitored and reviewed the scope, resources, extent, and effectiveness of the activities of the Bank’s Internal Audit Department.

The Group Audit function is governed by the Group Audit Charter which defines the internal audit’s purpose, authority, independence, reporting, responsibility and access in order to assist Group Audit to discharge its function independently. The Group Audit Charter and Audit Manual were revised and approved in October 2025 by the Board Audit Committee.

The Committee reviewed the progress of the risk-based audits carried out in accordance with the Internal Audit Plan approved by the Committee for the year 2025. During the year, the Internal Audit Department has reviewed business lines, critical operational processes, risk and compliance functions, branches, and subsidiary operations. Further, the Department has conducted the audits focusing on particular audit objectives across the audited units/branches. Process Audits were conducted on specific business processes to review the adequacy, efficiency and effectiveness of the procedures, processes, related controls and further to ensure that the intended objectives and benefits are derived from the related processes of the Bank. The Information System (IS) audit unit undertakes IS audit assignments covering the IT risk sphere in a risk based approach in addition to providing assurance on the ISO standards 27001:2022 and 22301:2019. The Potential Fraud Monitoring Unit under Internal Audit carried out testing and data analytics related to potential fraud risk areas on a continuous basis while undertaking special reviews and investigations as required from the management and also resulting from feedback received as whistle-blowing and incident reporting from time to time.

Beginning from 2025, the scope of these audits was further strengthened with the introduction of “Potential Fraud Monitoring Visits,” where branch banking audit team visited selected branches to verify high-risk areas identified through whistle-blower reports and data analytics.

In addition, the Group Internal Audit performed many certifications during the year as required by the regulator and Authorities. They included Annual Self Assessment Report on Credit Card Operational Guidelines No. 01 of 2010 to CBSL and quarterly based certifications provided for interest subsidy claims to the Department of Development Finance since same was required.

In 2025, the Board Audit Committee reviewed all the significant audit findings along with the management responses and rectification action plans related to the audit reports of branches and departments, Information System Audits, Thematic Audits, Process Audits, and Special Investigations of the Bank. The Committee reviewed the Internal Audit Reports of the Bank’s subsidiaries as well.

The Board Audit Committee advised Corporate Management to take precautionary measures on significant audit findings and obtained required assurances through affirmative confirmations from business units on the remedial action in respect of the identified risks to maintain the effectiveness of the internal control system. The follow up audit process was further strengthened, while having continuous follow up audit meetings to rectify and conclude all audit issues carried forward from previous years.

Independence of External Audit

The Committee reviewed and monitored the External Auditors’ independence and objectivity and the effectiveness of the audit process, taking into consideration relevant professional and regulatory requirements and obtained a statement confirming the independence in accordance with the terms of all relevant professional and regulatory requirements. The Committee approved the policy in place as reviewed on non-audit services provided by the External Auditors in October 2025.

The Committee reviewed the details and related fees of all audit and non-audit services obtained from the External Auditor to ensure that the non-audit related fees do not exceed the combined fees and expenses payable for audit and audit related services of the year 2025.

As per the Banking Act Direction No. 5 of 2024 on Corporate Governance for Licensed Commercial Banks in Sri Lanka, the External Auditor requires to be changed in every six years and audit engagement partner to be changed in every three years. The Committee will ensure the compliance with these requirements and accordingly, the External Auditor rotation is scheduled in 2026.

The Committee discussed with the Auditors their audit plan, scope and the methodology they propose to adopt in conducting the annual audit prior to its commencement. The Auditors were also provided with the opportunities to meet the Audit Committee separately, without the presence of Executive Management, to ensure that the Auditors had the independence to discuss and express their opinions on any matter. Further, additional meetings were held with the External Auditors from time to time to discuss the Bank’s interim audit findings and financial reporting improvements and changes required as a result of the evolving regulatory and macroeconomic environment.

There was no limitation of scope and the Management has fully provided all information and explanations requested by the Auditors. The Committee also met the Auditors to review the Management Letter with the responses from the Management.

Evaluation and appointment of the External Auditor

The Committee performed an evaluation of the Bank’s External Auditor Messrs KPMG based on certain key areas. Further, as per the requirement of the Banking Act Direction No. 5 of 2024, it was recommended to the Board of Directors that, Ernst & Young (E&Y) Chartered Accountants, be appointed for the financial year 2026 subject to the approval of shareholders at the next Annual General Meeting.

Good Governance and Whistle-blowing Policy

The Committee continuously emphasised on sustaining ethical conduct amongst staff members. In this regard, the existing Whistle-blowing Policy of the Bank and its subsidiaries was reviewed during the year 2025 and all members of staff were educated and encouraged to practice whistle-blowing if they suspect any wrong doing while further strengthening the policy as a communication channel to raise any genuine concerns. The Policy is subject to annual review in order to further improve its effectiveness and the Policy was last reviewed and approved by the Board in November 2025.

All appropriate procedures and techniques are in place to conduct independent investigations into incidents reported through whistle-blowing or identified through other channels. The Whistle-blowing Policy guarantees the maintenance of strict confidentiality of the identity of the whistle-blowers.

Further in alignment with DFCC Bank’s unwavering dedication to combat fraud, the Internal Audit Department together with the operational units conducted knowledge sharing programmes throughout the year to actively disseminate anti-fraud awareness among the DFCC Group employees and other stakeholders.

Training and Development of Committee Members

Members of the Committee attended presentations made by consultants and Key Management Personnel. Members also attended seminars, conferences and workshops as part of their continuous professional development.

Evaluation of the Committee

The effectiveness of the Committee is self-evaluated annually by its members. An independent evaluation of the effectiveness of the Committee was carried out by the other members of the Board and the Committee has been found to be effective.

H A J de S Wijeyeratne
Chairman – Audit Committee

24 February 2026