Corporate governance Throughout FY2025, CSL’s governance arrangements were consistent with the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations (4th edition). This year CSL was unable to fully comply with the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendation 1.5 due to new legal and contractual requirements introduced in the United States. Instead, CSL has provided a summary of its approach to inclusion and belonging in the FY2025 Corporate Governance Statement. CSL’s FY2025 Corporate Governance Statement has been approved by the Board and is available on CSL.com. + READ MORE AT CSL.COM/WE-ARE-CSL/ CORPORATE-GOVERNANCE The Board continually reviews governance at CSL so that the governance framework remains appropriate in light of changing expectations and general developments in good corporate governance. Risk management CSL has adopted and follows a detailed and structured Enterprise Risk Management Framework (ERMF) to identify, evaluate, monitor and manage risks. This ERMF sets out the risk management processes, internal compliance and monitoring requirements, governance processes and structures including roles and responsibilities for different levels of management, the matrix of risk impact and likelihood for assessing risk, the three lines of accountability for risk and risk management reporting requirements. The ERMF has been established to provide reasonable assurance that: • any material exposure to risk can be identified and adequately monitored and managed; and • significant strategic, emerging, financial, managerial and operating risk‑related information is accurate, relevant, timely and reliable. Further details of CSL’s risk management framework are contained in CSL’s Corporate Governance Statement. A description of CSL’s material risks and key risk management activities for each risk can be found in the ‘Material Risks’ section on page 24 of this report. Tax transparency While CSL’s roots are proudly Australian, CSL is a truly global company, with more than 90% of revenue derived outside Australia. CSL separately reports on its global tax footprint, as part of CSL’s tax transparency reporting. CSL is subject to the different tax regimes that apply in each of the countries where it operates, including the OECD Country‑by‑Country reporting measures. CSL’s approach to tax is underpinned by its Value of Integrity. This is consistent with CSL’s commitment to complying with all tax laws in the countries in which it operates. CSL has a low appetite for tax risk and does not engage in aggressive tax planning. CSL supports efforts to improve tax transparency to support a fairer economy and provide confidence in the robustness of country tax regimes. CSL supports the work undertaken by the OECD in relation to Pillar One and Pillar Two requirements and the position that income earned in a country should be reflective of the economic activity undertaken in that country. CSL encourages governments to continue to work together to adopt a globally consistent approach to these requirements in order to balance the compliance complexity for companies operating across a number of territories. Operating with transparency forms a core part of CSL’s tax management philosophy and as such CSL’s annual tax transparency reports can be found on CSL.com (Sustainability). Data protection and cyber security CSL collects and stores personal information about its employees and key stakeholders, including plasma donors, healthcare professionals, and patients. Unauthorised access to or misuse of this information poses a risk to CSL’s operations and its reputation as a leader in the biotherapies market. Data protection CSL’s cybersecurity program is a core component of its broader enterprise risk management strategy. Governance and oversight are provided by CSL’s Global Leadership Group (GLG) and Board of Directors (through the Audit and Risk Management Committee), who support the program so that cybersecurity risks are effectively managed and that CSL remains compliant with applicable laws and regulations across all regions in which CSL operates. CSL’s Chief Information Security Officer (CISO) provides quarterly updates to the Audit & Risk Committee of the Board of Directors, ensuring strategic alignment and top-level visibility into the evolving threat landscape. CSL takes a risk‑based approach to data protection, structuring its cybersecurity program around industry-recognised frameworks that promote resilience against a constantly evolving threat landscape. The program encompasses cybersecurity policies, standards, processes and practices embedded across CSL’s operations designed to detect, prevent, contain and respond to cybersecurity threats and incidents promptly and effectively. The overarching goals are to minimise business disruption and safeguard the confidentiality of personal information. The program also includes ongoing monitoring, identification, assessment and management of cybersecurity risks, supported by clear communication and escalation protocols that keep the Global Leadership Group informed of emerging threats. Key components of CSL’s cybersecurity program include: • perimeter and system safeguards • incident response capabilities • awareness and training initiatives • threat intelligence integration • risk assessments and security testing • identity governance • vulnerability analysis and management. Governance 50 Governance
RkJQdWJsaXNoZXIy MjE2NDg3