THIS IS GOLD FIELDS Risk management

Risk management and materiality

The overriding purpose of our Enterprise Risk Management (ERM) process is to assist Gold Fields to achieve its strategic and operational objectives and help the company to become as resilient as possible in the prevailing global business environment.

Gold Fields uses a set of four well-defined processes to assess its risks, opportunities and material issues:

The outputs from these four processes have informed the identification of the risks, opportunities and material issues listed on this page.

Gold Fields' approach to enterprise risk management is based on the requirements of King IV, the South African Corporate Governance Code of Conduct and ISO 31000, the international guideline on risk management. The Group also subscribes to the risk management requirements of the ICMM's 10 Principles.

Gold Fields' ERM process comprises the following three pillars, which are deployed intuitively and form part of our day-to-day operations:

Strategic risk management: Developing and integrating sound, sustainable business controls that reduce the Company's exposure to material risks to an acceptable level, ensuring business and strategic objectives are achieved

Operational risk management: Continuously identifying, quantifying and mitigating operational risks to create a safe, healthy and efficient business environment and reduce business disruptions to achieve operational targets

Catastrophic risk management: Identifying potential disastrous events that may cause loss of life, extensive damage to infrastructure and prolonged production losses; implementing mitigating actions, strategies and policies to prevent or reduce the risk effect by strengthening resilience to absorb or reduce losses

We also regularly examine emerging global trends as a multinational company like Gold Fields is shaped by external social, economic and political dynamics in the regions in which it operates.

The Group and regional risk heat maps, the top catastrophic risks and key emerging global trends can be found in our Integrated Annual Report 2023
Risk management review process and reporting structure

Risk management processes are integrated from the foundation of the process described below, through all the various levels of risk management to the top, where the Risk Committee and Board are informed of all the significant risks facing Gold Fields. This includes a clear understanding of the external risk environment and the potential impacts or opportunities it may have on the Company. The global risk landscape and macro risk trends are analysed and integrated with our executive management strategic review process.

MATERIALITY ASSESSMENT

Our materiality analysis identifies the significant economic and ESG factors that could substantively influence our capital providers’ and other stakeholders’ decisions about Gold Fields’ ability to deliver on its strategic objectives and create value over the short, medium and long term. This informs the Group’s business plans and strategies, as well as our sustainability reporting approach.

We review and update our GRI-aligned materiality analysis annually, which informs and is informed by:

We concluded a three-year materiality analysis cycle in 2021 and planned to initiate a new 2022-and-beyond cycle this year. This was suspended when we announced our intention to acquire Yamana Gold, a transaction we ultimately terminated. Instead, we extended our existing cycle by a year and reviewed and updated our materiality analysis and related material topics for 2022. We, therefore, did not undertake a materialityrelated stakeholder engagement process in 2022.

Our 2022 materiality analysis involved:

To support our revised materiality analysis and disclosure, we started revising our public disclosures on the management of material issues, supported by our suite of sustainability reporting. Given the changes to the sustainability reporting landscape – as well as emerging or proposed ESGrelated reporting standards, guidelines and frameworks – we will include an inclusive, double-materiality analysis in our next assessment cycle. This means we will not only report the impact our operations have on stakeholders, but also their impact on Gold Fields and its operations.

We categorise our material matters as environmental, social or economic and governance matters for this materiality analysis cycle. While our 2022 material matters have not changed significantly, some have become increasingly important or been updated to reflect our evolving management approach:

The graphic below outlines our materiality analysis as at end-2022.

2022 GRAPHIC MATERIALITY ANALYSIS
RISK APPETITE AND TOLERANCE

Gold Fields’ approach to enterprise risk management (ERM) is based on the requirements of King IV Report on Corporate Governance for South Africa 2016 (King IVTM) 1, the South African Corporate Governance Code of Conduct and ISO 31000, the international guideline on risk management. The Group also subscribes to the risk management requirements of the ICMM’s 10 Principles.

Gold Fields’ ERM process comprises the following three pillars, which are deployed intuitively and form part of our day-to-day operations:

Strategic risk management: Developing and integrating sound, sustainable business controls that reduce the Company’s exposure to material risks to an acceptable level, ensuring business and strategic objectives are achieved


Operational risk management: Continuously identifying, quantifying and mitigating operational risks to create a safe, healthy and efficient business environment and reduce business disruptions to achieve operational targets


Catastrophic risk management: Identifying potential disastrous events that may cause loss of life, extensive damage to infrastructure and prolonged production losses; implementing mitigating actions, strategies and policies to prevent or reduce the risk effect by strengthening resilience to absorb or reduce losses

Risk management is integrated into all our business processes. Leadership teams at corporate, regional and mine level conduct formal quarterly risk management reviews, assessing risks to the business and tracking and monitoring progress against mitigating actions. These reviews are then presented to the Board’s Risk Committee twice a year for verification.

As a global company, we continue to be shaped by the external dynamics of the regions where we operate. We discuss the impact of longer-term, emerging global trends in general and on Gold Fields on p15.

RISK APPETITE AND TOLERANCE

Understanding the relationship between our strategy and our approach to evaluating risks as a basis for setting Risk Appetite and Tolerance (RA&T) is crucial. Firstly, RA&T does not relate to the risk itself, but rather the consequences of such a risk – this distinction is important to establish a practical set of RA&T positions.

We use our strategic objectives as a starting point, the achievement of which is critical for setting our RA&T levels. It follows that the consequences of the risks we are exposed to can create a variance from where we aim to be in terms of our strategic objectives. The level of variance we are willing to accept without making significant changes to the strategic objective sets the variance point for our risk appetite, while the level of variance we can accept in each of our top strategic risks before we need to review our risk treatment plans determines our tolerance position.

To support the achievement of strategic objectives and business plans, and to monitor tolerance positions, Gold Fields has a comprehensive monthly and quarterly business review process in place. Performance is monitored and shortcomings are addressed swiftly and effectively. A colour-coding system is used during presentations to alert executives if targets are being achieved, and enables discussions around remediation measures.

Shortly after the quarterly business reviews are concluded, the Board conducts quarterly governance and oversight meetings, as part of its annual Board cycle, during which significant aspects of the business are comprehensively questioned and reviewed. Any misalignment with Company objectives or good corporate governance is discussed and remedial action requested. This is in line with our formal Approval Framework, which strictly defines decision parameters and risk tolerance.

1 Copyright and trademarks are owned by the Institute of Directors in South Africa NPC and all of its rights are reserved