Credit Suisse : Asset Management Limited

MIFIDPRU Disclosures 2023

Credit Suisse Asset Management Limited

1

Credit Suisse Asset Management Limited

MIFIDPRU 8 Disclosures 2023

Contents

2

Credit Suisse Asset Management Limited

MIFIDPRU 8 Disclosures 2023

Introduction

This document comprises the Markets in Financial Instruments Directive ('MIFIDPRU') disclosures for Credit Suisse Asset Management Limited ('CSAML' or 'the Firm') as at 31 December 2023. It should be read in conjunction with CSAML 2023 Annual Report, which will be available from Companies House.

CSAML is a private company limited by shares that is domiciled and registered in the United Kingdom ('UK'). CSAML is an asset management entity that forms a part of the Global Asset Management group within Credit Suisse AG ('CS AG') and its subsidiaries (collectively referred to as the 'CS group'). CSAML is authorised and regulated by the Financial Conduct Authority ('FCA') under firm reference number 114627.

On 12 June 2023, UBS Group AG ('UBS group') acquired Credit Suisse Group AG (the former parent company of CS AG), succeeding by operation of Swiss law to all assets and liabilities of Credit Suisse Group AG, and became the direct or indirect shareholder of all of the former direct and indirect subsidiaries of Credit Suisse Group AG ('Transaction'). Details on CSAML strategy and operating environment can be found in CSAML's 2023 Annual Report. The ultimate parent of the Firm is UBS group which is incorporated in Switzerland and prepares the financial statements under International Financial Reporting Standards ('IFRS'). The financial statements and CSAML MIFIDPRU disclosures are publicly available and can be found at https://www.ubs.com/global/en/investor-relations.html.

CSAML's principal activities are management and advisory services via its investment capabilities. CSAML also has Product, Distribution and Chief Operating Officer ('COO') & Business Risk Management teams that provide support to Credit Suisse Asset Management globally. The investment capability within CSAML is the Credit Investments Group ('CIG').

CSAML is subject to the prudential requirements of the Investment Funds Prudential Regime ('IFPR') and contained in the MIFIDPRU Prudential sourcebook for MiFID Investment Firms of the FCA Handbook. The disclosures are prepared to meet the requirements outlined in Chapter 8 of MIFIDPRU ('MIFIDPRU 8 disclosures') and covering risk management, governance arrangements, own funds, own funds requirements, remuneration, and investment policy.

Basis and Frequency of Disclosures

CSAML, as a solo FCA regulated firm, is required to make disclosure on an individual basis in the manner set out under MIFIDPRU 8. CSAML is classified as a non-small and non-interconnected ('non- SNI') MIFIDPRU investment firm under the IFPR's firm categorisation thresholds. The disclosed information is proportionate to CSAML's size and organisation, and to the nature, scope and complexity of its activities. Where disclosures have been withheld, as permitted, on the basis of confidentiality, materiality, or being proprietary in nature, this is indicated. MIFIDPRU 8 disclosures are published annually and concurrently with the annual report. The annual report is prepared under International Financial Reporting Standards ('IFRS'), and accordingly, certain information in the MIFIDPRU 8 disclosures may not be directly comparable.

This MIFIDPRU 8 disclosures document has been verified and approved in line with internal disclosure policy. It has not been audited by CSAML's external auditors.

3

Credit Suisse Asset Management Limited

MIFIDPRU 8 Disclosures 2023

Remuneration Disclosures

The remuneration disclosures for CSAML can be found in a separate disclosure on the website at: www.ubs.com.

Subsequent Events

Information on any subsequent events can be found in CSAML 2023 Annual Report.

4

Credit Suisse Asset Management Limited

MIFIDPRU 8 Disclosures 2023

Risk Management Objectives & Policies (MIFIDPRU 8.2)

CSAML's risk management framework is based on transparency, management accountability and independent oversight. Risk management plays an important role in CSAML's business planning process and is strongly supported by its senior management and the Board of Directors. The primary objectives of risk management are to protect CSAML's financial strength and reputation, while ensuring that capital and liquidity is well deployed to support business activities and grow shareholder value.

Risk Management Policies and Governance

The corporate governance policies and procedures in respect of the organisation and management of CSAML are aligned with the CS AG policies. Other relevant corporate governance documents include the Articles of Association, the Organisational Guidelines and Regulations, the Terms of Reference of the Board and of each of its sub-committees, and the CS AG Code of Conduct.

More information on the Board and management governance can be found in the Governance Arrangements section.

Risk Appetite

CSAML bases its business operations on conscious and disciplined risk-taking. The Firm believes that independent risk management, compliance and audit processes with proper management accountability are critical to the interests and concerns of its stakeholders. CSAML's risk culture is supported by the following principles:

• Establish a clear risk appetite that sets out the types and levels of risk the Firm is prepared to take;
• Risk management and compliance policies set out authorities and responsibilities for taking and managing risks;
• Actively monitoring risks and take mitigating actions where they fall outside accepted levels;
• Breaches of risk limits are identified, analysed and escalated, and large, repeated or unauthorised exceptions may lead to terminations, adverse adjustments to compensation or other disciplinary action; and
• Seek to establish resilient risk constraints that promote multiple perspectives on risk and reduce the reliance on single risk measures.

CSAML actively promotes a strong risk culture where employees are encouraged to take accountability for identifying and escalating risks and for challenging inappropriate actions. The businesses are held accountable for managing all of the risks they generate, including those relating to employee behaviour and conduct, in line with our risk appetite. Expectations on risk culture are regularly communicated by senior management, reinforced through policies and training, and considered in the performance assessment and compensation processes and, with respect to employee conduct, assessed by formal disciplinary review committees.

The Firm's risk appetite framework is governed by an overarching global policy that encompasses the suite of specific policies, processes and systems with which the risk constraints are calibrated and the risk profile is managed. The framework is guided by the following strategic risk objectives:

5

Credit Suisse Asset Management Limited

MIFIDPRU 8 Disclosures 2023

• Maintaining capital adequacy above self-assessed minimums and regulatory requirements;
• Promoting stability of earnings to support performance in line with financial objectives;
• Ensuring sound management of liquidity and funding risk in normal and stressed conditions;
• Proactively controlling concentration risks;
• Managing operational and compliance risk within the Non-Financial Risk Framework to ensure sustainable performance;
• Minimising reputational risk; and
• Managing and mitigating conduct risk.

The risk appetite is determined in partnership with the financial and capital planning process on an annual basis, based on bottom-up forecasts that reflect planned risk usage by the businesses and top- down, Board-driven strategic risk objectives and risk appetite. Stressing of financial and capital plans is an essential element in the risk appetite calibration process as a key means through which CSAML's strategic risk objectives, financial resources and business plans are aligned. The risk appetite is approved through a number of internal governance forums and subsequently, by the Board.

The Risk Appetite Statement ('RAS') is the formal plan, approved by the Board, for CSAML's risk appetite. The top-down and bottom-up risk appetite calibration process includes the following key steps:

Top-down

• Strategic objectives are agreed by the Board in line with CSAML's financial and capital objectives.
• Top-downrisk capacities and risk appetites are determined with reference to available resources and key thresholds, such as minimum regulatory requirements.
• A RAS is determined and approved annually by the Board, and is based on the strategic objectives, the comprehensive stress testing of CSAML's forecasted financial results and capital requirements, and its economic capital framework. The RAS comprises quantitative and qualitative risk measures necessary for adequate control of the risk appetite across the organisation.

Bottom-up

• Planned business levels and related requirements are provided by front office business experts in conjunction with financial and capital plans in order to ensure consistency with the risk strategy. Plans are reviewed by the relevant risk management committees such as Risk Committee, ORCC and FCRC.
• The effectiveness of risk appetite in support of business strategy execution and delivery against financial objectives is assessed and coordinated by CRO. This framework assists senior management and the Board in ensuring that appropriate levels of risk appetite are set and that the subsequent risk constraints are appropriately calibrated.
• Risk, financial and capital plans are reviewed and approved by the Board.

Risk Assessment

The effectiveness of CSAML's risk management processes are driven by reviewing each of the components that are used in the development of the risk management framework. Examples are included below:

• The effectiveness of the annual RAS setting is determined by how the business performed in relation to the risk thresholds set across multiple risk parameters. Where there were close

6

Credit Suisse Asset Management Limited

MIFIDPRU 8 Disclosures 2023

breaches and/or actual breaches, CSAML investigates the reason and seeks to bring exposures back within risk thresholds. Annually, the RAS is re-calibrated in line with the CSAML business strategy to ensure the RAS is capturing the necessary risks effectively, including adequate risk threshold settings.

• The effectiveness of self-identified risks, and corresponding additional own funds presented in the Internal Capital and Risk Assessment ('ICARA'), is reviewed annually using methodologies to best reflect possible risks the entity may face over a 12-month period. The additional owns fund amounts are reviewed against actual harms to firm, market and client on an annual basis to ensure sufficient capital is available to mitigate possible losses. Methodologies are also reviewed annually to ensure effective calibration of risk identification and measurement.
• Effectiveness of risk processes relating to people, processes, systems and external events are analysed through CSAML's bottom-up Risk Control Self Assessment ('RCSA') process, with remediation plans in place for high and very high residual risks. As part of the RCSA, controls are tested independently on a frequent basis based on the initial inherent risk rating.
• Periodically, Internal Audit independently reviews aspects of the risk management processes and escalates concerns to the required governance committees, based on their findings.

Three Lines of Defence Framework

To further demonstrate risk process effectiveness, CSAML follows the 'Three Lines of Defence' model within the governance and policy framework. The Three Lines of Defence model is designed to provide multiple opportunities to address risks before they become issues or incidents. Although each line is defined separately and has its own responsibilities, in practice they are required to work in co-operation to ensure that risks are addressed at the correct level.

First Line of Defence ('1LoD'): Embedded Business Level Controls

CSAML's dedicated team of Relationship Managers ('RMs'), Portfolio Managers and Distribution Team are the intermediaries between our clients and the firm, and are integral to the first line of defence.

In addition, CS group conduct and culture initiatives further reinforce the RM's role in establishing a strong risk and control environment through principled behaviour and decision-making.

The businesses are supported by Business Risk Management ('BRM') which helps 1LoD in embedding and maintaining a robust culture as the basis for a sustainable and compliant business. BRM maintains an effective risk governance and control framework in compliance with the Firm policies and standards. The Head of BRM partners with other teams and functions in CSAML to implement and manage the non-financial risk framework in the business day to day.

7

Credit Suisse Asset Management Limited

MIFIDPRU 8 Disclosures 2023

Core BRM activities include:

• Risk identification - work with other groups and co-ordinate reviews to identify business and non-financial risks
• Manage the RCSA process to identify risks and evaluate controls in place to mitigate those risks
• Perform ad-hoc special risk reviews of any aspect of the business
• Review control incidents and errors and identify solutions to prevent recurrence
• Work closely with the General Counsel and CCRO departments in relation to any client related issues
• Risk Monitoring - establish a process for monitoring reporting operational metrics and management information ('MI') including Key Risk Indicators ('KRIs') and Key Control Indicators ('KCIs')
• Risk solutions - provide proactive advice and solutions to manage risk
• Responsible for ensuring that solutions to enhance existing processes, controls and procedures are implemented
• Working with Credit Suisse's New Business team to identify the risks of any new business initiatives and new products
• Risk reporting - ensure appropriate visibility of issues to senior management
• Prepare KRI report for the ORCC and other stakeholders
• Act as the focal and liaison point for Internal Audit

Second Line of Defence ('2LoD'): Independent Risk and Compliance Functions

The 2LoD consists of independent risk management, compliance and control functions which are responsible for establishing risk management framework and associated control standards, and providing independent challenge over the activities, processes and controls carried out by the first line. It is important to note that the reference to independent risk management in the 2LoD does not mean that it includes only activities carried out by the Risk and Compliance functions. Instead, it comprises all relevant standard setting and independent review and challenge activities over processes and controls carried out by the first line in relation to the risks faced. For example, policy setting and independent validation activities relating to people risks carried out by Human Resources fall within the second line. Second line of defence independent risk oversight responsibilities are aligned with the Non-Financial Risk Taxonomy.

Governance Responsibilities:

• Establish a strong tone from the top that reinforces the Firm's desired risk culture
• Establish enterprise-wide governance arrangements to ensure appropriate senior management oversight and effective challenge over risk-taking activities
• Define, in consultation with the first line, a risk management and control activities framework that provides an integrated approach to risk management and control activities across the Firm
• Provide a risk-based viewpoint where appropriate and enable decision-making for Senior Management and the Board in their risk management responsibilities

Risk Appetite Responsibilities:

• Establish an enterprise-wide risk appetite framework that covers all financial and non-financial risks
• Translate the Board's overall risk appetite into a series of appropriate limits and constraints

8

Credit Suisse Asset Management Limited

MIFIDPRU 8 Disclosures 2023

• Provide independent review and challenge of business strategies in light of the Board's risk appetite
• Monitor compliance with risk limits, challenge remediation activities, and escalate instances of non-compliance to appropriate governance bodies

Risk & Control Responsibilities:

• Establish a comprehensive risk taxonomy to ensure risks are categorised in a consistent fashion under the Group Risk Taxonomy
• Provide executive management and the Board with an independent view of risks on an enterprise-wide basis
• Provide independent review and challenge of risk management activities undertaken by the first line, including undertaking deep dives where appropriate
• Design, operate and ensure performance and effectiveness of independent controls over first line activities where the Firm believes that these are necessary
• Remediate deficiencies in second line controls identified through assessment activities

Policy Framework:

• Introduce comprehensive policies that set out required risk management standards for all of the Firm's financial and non-financial risks Introduce comprehensive policies that set out required standards relating to controls
• Provide independent review and challenge of the first line assessment of compliance with policy requirements
• Understand policy requirements which apply to their activities periodically assess compliance with current policy requirements that apply to second line functions

Third Line of Defence ('3LoD'): Group Internal Audit Function

The 3LoD for the entire UBS group is provided by Group Internal Audit ('GIA'). GIA is an independent and objective function that supports the business in achieving its defined strategic, operational, and financial and compliance objectives, and the Board of Directors and its committees, namely the Risk Committee and the Audit Committee in discharging their governance responsibilities by systematically assessing:

• The effectiveness of processes to define strategy and risk appetite, as well as the overall adherence to the approved strategy
• The effectiveness of governance processes
• The effectiveness of risk management, including whether risks are appropriately identified and managed
• The effectiveness of internal controls, and whether they are commensurate with the risks taken
• The soundness of the risk and control culture
• The effectiveness and sustainability of remediation activities
• The reliability and integrity of financial and operational information, i.e. whether activities are properly, accurately and completely recorded, and the quality of underlying data and models
• The effectiveness of processes to comply with legal, regulatory and statutory requirements, internal policies and contracts

Further, GIA assesses the adherence to approved strategy as well as the processes for strategy development, setting risk appetite and business planning. All reports with key issues are provided to the UBS group CEO, the Group Executive Board ('GEB') members responsible for the business divisions and other responsible management, including relevant legal entity management. In addition, the Chair

9

Credit Suisse Asset Management Limited

MIFIDPRU 8 Disclosures 2023

of the Board of Directors, the Risk Committee and the Audit Committee are regularly informed about relevant findings in reports issued that apply to CSAML. GIA closely cooperates with internal and external legal advisors and risk control units on investigations into major control issues.

Effective risk management, control and governance processes are the responsibility of the respective management and control functions. GIA independently assess design and operating effectiveness of governance at group, divisional and regional levels. It also evaluates the independence of risk control functions.

Remediating issues is the responsibility of management. GIA ensures that management has sustainably addressed relevant issues raised from all sources (i.e. issues rated 3 as moderate and above from GIA, external audit, regulators, or self-identified by management). The existence of internal audit does not relieve management of its responsibility regarding the risk management and control process.

GIA are permanent guests at the CSAML Audit Committee and present the findings from audits where they are relevant to the CSAML legal entity. The audit plan will also be presented to the CSAML Audit Committee on an annual basis.

Own Funds Requirements

CSAML closely monitors its capital position on a continuing basis to ensure ongoing stability and support of its business activities. This monitoring also takes account of the requirements of the current regulatory regime and any forthcoming changes. On a monthly basis, the firm assesses the adequacy of its capital against the own funds requirements and the ICARA assessment. The Chief Financial Officer ('CFO') organisation actively manages the firm's capital, funding, liquidity and expenses to ensure it is well-capitalised and has a strong enough balance sheet to withstand adversity and uncertainty.

MIFIDPRU 7.4.7 requires CSAML, at all times to hold own funds and liquid assets which are adequate, both as to their amount and their quality, to ensure that:

• CSAML is able to remain financially viable throughout the economic cycle, with the ability to address any material potential harm that may result from its ongoing activities; and
• CSAML's business can be wound down in an orderly manner, minimising harm to consumers or to other market participants.

CSAML's own funds comprise Common Equity Tier 1 ('CET1') capital and is adequate to cover the own funds requirements under MIFIDPRU 4.3. Additional details on the Firm's own funds and own funds requirements are disclosed separately in this document.

Concentration risk

Concentration risk is managed by an array of CS group policies, including the CS AG Concentration Risk Framework (GP-00106), to which CSAML adheres to when taking exposure to counterparties.

Concentration risk for CSAML is mainly driven by:

• Credit risk to the underlying risk retention positions taken when issuing a Collateralised Loan Obligation ('CLO'), via its Credit Investments Group ('CIG') business.
• Credit risk concentration taken when CSAML places its cash balances with financial institutions, including CS group entities.

10