FINANCIAL INTERNAL CONTROL POLICY

1. Purpose

The purpose of the Financial Internal Control Policy is to establish standards and guidelines to ensure the integrity, accuracy, reliability, and confidentiality of the organization’s financial information. The policy aims to safeguard the Company’s assets from loss due to fraud, error, or misuse, ensure effective and efficient financial operations, and secure compliance with applicable laws, regulations, and accounting standards.

This policy is aligned with the COSO Internal Control – Integrated Framework, encompassing the five components: Control Environment, Risk Assessment, Control Activities, Information & Communication, and Monitoring Activities.

2. Scope

This policy covers Arnarlax ehf (hereinafter referred to as “the Company”) and applies to all related companies, including subsidiaries and other entities over which the Company exercises control. It applies to all employees, officers, and directors.

The policy covers all aspects of financial management, including but not limited to accounting, auditing, financial reporting, treasury, asset management, biological assets, and financial systems.

3. Control Environment (COSO)

The Company promotes a strong control environment through ethical values, competence, accountability, and governance oversight. Management is responsible for setting the tone at the top and ensuring that internal control responsibilities are understood and respected throughout the organization.

Key elements include:

• Integrity and ethical behavior
• Clear organizational structure and defined responsibilities
• Competence requirements for finance-related roles
• Oversight by the Board of Directors and Audit Committee

4. Risk Assessment (COSO)

The Company applies a risk-based approach to internal control. Financial risks shall be identified, analyzed, and assessed on a regular basis to determine their potential impact on financial reporting and operations.

Risk assessment includes, but is not limited to:

• Revenue recognition and pricing
• Inventory and biological assets valuation
• Liquidity, treasury, and foreign exchange exposure
• Credit risk related to customers
• IT and financial system risks
• Fraud and compliance risks

Management shall ensure that identified risks are documented and that appropriate mitigating controls are designed and implemented.

5. Control Activities (COSO)

The Company follows the following principles of internal control:

Segregation of Duties

Duties are divided among different individuals to reduce the risk of error or inappropriate actions. No single individual should control all key aspects of a transaction or financial event where avoidable. Where segregation is not possible, compensating controls such as documented secondary review and approval must be implemented.

Authorization and Approval

All financial transactions must be authorized and approved by designated personnel in accordance with the Company’s authorization matrix.

Accuracy and Completeness

All financial transactions must be recorded accurately, completely, and in a timely manner. Financial statements shall be prepared in accordance with International Financial Reporting Standards (IFRS) or other applicable recognized accounting standards (ISGAAP).

Asset Safeguarding

Assets must be protected from loss, damage, or misuse through physical safeguards, system access controls, and periodic inventories and counts.

Fraud Prevention and Detection

The Company maintains controls to prevent, detect, and respond to fraud, including:

• Fraud risk assessments
• Monitoring of unusual or high-risk transactions
• Conflict-of-interest disclosures
• Mandatory secondary review of key judgments and estimates

6. Information and Communication (COSO)

Financial information must be relevant, reliable, and communicated in a timely manner to internal and external stakeholders.

Information Security

Financial information must be kept confidential and protected from unauthorized access. Access to financial systems and data is limited to authorized personnel only.

Financial Reporting

Clear processes shall be maintained for monthly, quarterly, and annual financial close and reporting. Roles and responsibilities for preparation, review, and approval of financial reports must be defined and documented.

Employees must be informed of internal control procedures relevant to their roles and have access to up-to-date documentation.

7. Monitoring Activities (COSO)

The Company performs ongoing and periodic evaluations of internal controls to ensure their continued effectiveness.

Monitoring activities include:

• Regular management reviews and reconciliations
• Periodic internal control assessments
• Follow-up on identified deficiencies
• Reporting of significant control issues to management and the Audit Committee

8. Responsibilities

The Company applies the following hierarchy of responsibilities:

Board of Directors and Audit Committee

• Oversight of the financial reporting process
• Monitoring the effectiveness of internal controls
• Maintaining dialogue with external auditors
• Following up on audit findings and control deficiencies

Management

Responsible for establishing, implementing, and maintaining an effective system of internal controls.

CFO and/or Financial Controller

• Oversees the internal control framework
• Performs control reviews and monitoring activities
• Ensures compliance with accounting standards and regulations
• Reports significant issues to management and the Audit Committee

Finance Department

Responsible for day-to-day financial operations, accurate bookkeeping, reconciliations, and timely financial reporting in accordance with internal controls.

Employees

Required to comply with internal control procedures and report suspected irregularities or control breaches.

9. Procedures

The Company maintains documented procedures supporting this policy, including but not limited to:

Authorization Matrix

Defines approval authority and limits. The CFO is responsible for maintaining the matrix, while the Finance Department ensures compliance.

Reconciliations

Regular reconciliations of all balance sheet accounts, including assets, liabilities, equity, bank accounts, customers, vendors, and biological assets, must be performed and documented. Reconciliations are the responsibility of the Accounting Manager and Financial Controller and monitored by the CFO.

Access Security to Financial Systems

Access to financial systems must be approved by the Accounting Manager or CFO. User access shall be reviewed periodically and adjusted as necessary.

Change Management

All changes to accounting policies, financial systems, master data, and chart of accounts must be documented, approved, and tested prior to implementation.

Business Continuity and Backup

Financial data must be backed up regularly. Procedures shall be in place to ensure continuity of critical financial operations in the event of system failure or disruption.

Whistleblower Program

The Company maintains a whistleblower program allowing employees to report financial irregularities confidentially, particularly where reporting through normal management channels may pose a risk to the employee.

Training

Employees are encouraged to undertake relevant education and training aligned with their roles. Changes to internal controls must be communicated to affected employees in a timely manner.

10. Documentation and Record Retention

The Company shall maintain proper documentation of all internal controls, procedures, approvals, and reviews. Documentation must be retained in accordance with legal, regulatory, and internal requirements.

The CFO and/or Financial Controller is responsible for ensuring documentation is complete, reviewed, and archived appropriately.

11. Compliance and Breaches

Failure to comply with this policy may result in disciplinary action in accordance with Company policies and applicable law. Significant breaches or control deficiencies must be escalated to senior management and the Audit Committee without delay.

12. Policy Review and Modification

This policy shall be reviewed annually and updated as necessary to ensure continued effectiveness and compliance with applicable laws, regulations, and best practices. The review is the responsibility of the CFO and/or Financial Controller and requires approval by the CEO.