Covid-19 Management Report Template for consideration April 2020 This

Covid-19 Management Report Template for consideration April 2020 This template was made available by KPMG.

Dear Sir, Madam, It is with great pleasure that we provide you with this standard template aimed to support you in the design and creation of a dedicated management report on the impacts of covid-19. Driven by our trusted advisor motto, we hope that you will find the hereby proposed layout and guidance relevant and suited to your governance arrangements and forums. Based on observed market practices, official guidelines and KPMG thought leadership, we have endeavored to propose a format that helps you convey the right messages and that make sense of the crisis from a business angle. For your consideration, and to leverage on or take inspiration from, you will find: 1. A mapping of commonly observed impacts or risks related to Covid-19 on UCITS ManCo or AIFM operations. 2. Additional assessment criteria and matters for consideration related to each potential impact intended to guide you in your assessment. 3. Scorecards to reflect the potential crystallization of the impacts as of now, their magnitude, the actions taken and the potential residual risk remaining. Similarly, we suggest that you might perform this exercise for those risks that are likely to materialize in the near future but this time with a focus on any preventive measures that can be taken now to mitigate their effects. The scorecards also reflect potential strategic shifts in risk appetite or tolerance level to accommodate the current environment where operational/legal/investment and other risks might be intrinsically exacerbated. 4. An activity report section whereby, collegiately, the management committee can give a holistic assessment of the identified impacts of Covid-19 to date, provide an overview of any measures taken to ensure business continuity in light of the latter impacts, as well as give an overall candid assessment of the integrity of the Company’s operations. 5. A vulnerability assessment section whereby the owner of a key business feature (i.e. responsible conducting officer as per CSSF 18/698) prone to high or moderate risk as per scorecard can provide more detailed color on the nature of the risk and related action plan that is intended to be exercised. 6. In the same vein as the vulnerability assessment, the report features a synthetic action plan table that allows for a consolidated view of sources of material risk (high or medium), actionable item to be clearly allocated, tracked and followed-up on. 7. We also offer a brief insight into existing official guidelines and thought leadership produced by KPMG on the topic. We sincerely hope this document will bring value to you, either in its current shape or in inspiring you to come up with a more tailored report. Ravi Beegun Head of Asset Management KPMG Luxembourg David Capocci Head of Alternative Investments KPMG Luxembourg This template was made available by KPMG. Alan Picone Partner, Risk Advisory & Regulatory Transformation KPMG Luxembourg 2

Content 1. Taxonomy of Covid-19 impacts 4 2. Official guidelines 5 3. Mapping of Covid-19 impacts 6 4. Assessment guidelines 7 5. Scorecards 8 6. Activity report 10 7. Vulnerability assessments 11 8. Action plan table 15 9. KPMG thought leadership 16 This template was made available by KPMG. 3

Taxonomy of Covid-19 impacts and risks Covid-19 related impacts or risks can be assessed across 3 dimensions: 1. Operational resilience: the sustainability of the operating and business model in the current context 2. Regulatory continuity: ongoing compliance with regulatory requirements associated with the permitted activities of the Company as per its license 3. Product-based assessment (UCITS vs. AIF): risks that are related to funds under management 3rd-party risk Key people risk CSSF communication Reg watch Int. control framework Cybersecurity & IT AML and fraud Business continuity management COVID-19 Report Management information systems / Risk management (market, liquidity, counterparty risk) Valuation risk Deal sourcing & opportunities Valuation risk Product design This template was made available by KPMG. Portfolio monitoring & crisis management 4

Official guidelines CSSF Covid-19 FAQ published on April 2nd 2020 Extension of some regulatory reporting deadlines providing notification to the CSSF CSSF FAQ – Swing Pricing Mechanism published on March 20th 2020 Provides the conditions for a temporary increase of the applied swing factor beyond the maximum swing factor disclosed in the fund prospectus ESMA Risk Dashboard published on April 2nd 2020 ESMA Risk assessment of the impacts of Covid-19 on the EU economy and financial markets This template was made available by KPMG. 5

Mapping of Covid-19 impacts OPERATIONAL RESILIENCE BUILDING BLOCKS KEY BUSINESS FEATURES Vendor monitoring / 3rd party risk Necessity to have regular and ongoing exchanges with the service provider in order to understand how they are coping with the crisis (staffing & scaling capacity) / ensure continuation of service Business continuity management Ensuring ability of staff and operations to continue functioning remotely (e.g. (update) of business continuity plan, IT hardware, (secured) remote connectivity, devices for staff) Cybersecurity & IT Exposure of staff working remotely to phishing attacks, malware or phone-based scams. Necessary upgrade of authentication features, remote administration of devices and accesses Key people risk Business risk REGULATORY CONTINUITY PRODUCT LIFECYCLE (UCITS) Necessity to put in place back-up solutions for the continued execution of key functions in light of persistent health risk Necessity to consider changes in operating model (e.g. review of delegation arrangement, operating expenses, substance requirements in time of crisis, software & licenses) Legal risk Necessity to review contractual terms to allow for special conditions to operate under Covid-19 (e.g. cloud systems, remote accesses) / addition of necessary disclaimers (e.g. valuation memos, RICS guidelines) AML and fraud Necessity for the company to remain alert to malicious or fraudulent transactions / insider trading / fraud / disruption in legal and notary services CSSF communication PRODUCT LIFECYCLE (AIF ILLIQUID) DEFINITION OF IMPACT Regulatory watch Necessary notification or approval request to be made to the CSSF (e.g. NAV suspension, extension of reporting deadline) / ability to address any CSSF queries in a timely manner Ability of the company to cope with the continued regulatory agenda and the subsequent implementation of regulatory requirements when needed Internal control framework of the IFM Necessary updates to the compliance monitoring plan and internal audit plan to reflect the impacts of Covid-19 and ensure overall compliance of the operations Prudential reporting Ability of the company to effectively produce and submit the various necessary reports to the CSSF (e.g. UCITS risk report, Annex IV, RMP, Annual report of the control functions etc.) in a timely manner Management information systems Ability of the company to maintain and document existing governance arrangements and decisionmaking processes (committee meetings, sign-offs, internal reporting & escalation, minute-taking, record keeping) Conduct & culture Adherence of staff working remotely from home to conduct rules aimed at protecting investor (e.g. GDPR) and firm data, intellectual property, and culture change around communication practices (cf. confidentiality & privacy rules) Risk management (market, liquidity, counterparty risk) VaR breaches, investment compliance breaches, application of liquidity contingency measures (swing pricing, dilution levy, NAV gating, NAV suspension), abnormal transaction costs, expensive hedging, increased margining due to perceived higher counterparty risk Valuation risk Delisting, stall or aged pricing, collateral pricing to review and reconcile (valuation risk), OTC Markto-model Product design Review of fund range (asset class, sector, geographies), target markets (review of marketing strategy), target investors Portfolio risk Review of cash flow balances, stress testing, capital injection, capital calls, relaxing of covenants, review of contingency measures of target companies (supply chain disruption, level of indebtness, people risk), cut on non core expenses etc. Valuation risk Impossibility of performing valuation (e.g. no secondary market), valuation risk related to the idiosyncratic nature of the strategy Deal sourcing & opportunities New opportunities for acquiring target investments at reduced price or acquiring distressed competitors This template was made available by KPMG. 6

Covid-19 impacts – Assessment guideline OPERATIONAL RESILIENCE BUILDING BLOCKS KEY BUSINESS FEATURES REGULATORY CONTINUITY IMPACTED FUNCTION Vendor monitoring / 3rd party risk Have you reviewed your delegation risk matrix in light of empirical experience? The actionability of your KPIs ? The enforceability of the SLA? Dispute resolution mechanisms? Gauged your outsourcing exposure? Business continuity management Have you gauged the effectiveness of your BCP? Did you have one before the crisis? Have you reviewed the BCP of delegates? Do you have good communication channels with your delegates? Do you measure time spent and contribution of people while working remotely? Cybersecurity & IT Have you mapped out your IT vulnerabilities? Identified any consequences of the new operating model on the IT risk map? Raised staff awareness of cyber threats? Considered regular IT security testing? Key people risk Have you updated your key people risk matrix? Are viable back ups in place in case of illness? Have you notified staff of their rights (e.g. cross-border tax)? Do you apply full transparency towards staff? Can you assess the performance of people working remotely? Business risk Have you produced a business risk mapping over short- and long-term horizons? What are the key conditions in order to operate? Any necessary change in risk tolerance level? Have you updated your business risk matrix/scenarios to identify key risks in case of a second wave? Have you considered the impact of Covid-19 on transfer pricing arrangements? Have you reviewed your contractual agreements to include Covid-19 clauses? Protection of your data? Need for disclaimers or new provisions? What is your policy around communication with investors? AML and fraud How do you monitor suspicious transactions (e.g. false positive issues, changes in human behavior, new types of frauds)? Have you reviewed whether your AML value chain remains operational? Have you reduced your risk tolerance on fraud? Have you adapted your AML controls? CSSF communication Have you considered sharing your Covid-19 analysis in order to justify mitigation actions of key risks? Have you assessed communications to be sent to the CSSF? Have you sufficiently documented your requests (rationale)? Regulatory watch Have you reviewed your regulatory timeline/calendar to incorporate new Covid-19 impacts? Have you identified any weakness/gap in your regulatory risk program? Can you still operate it? Internal control framework of the IFM Have you considered updating your compliance monitoring plan to reflect new sources of regulatory risk from Covid-19? Similarly have you updated your internal audit plan to ensure the integrity of your operations? Are there issues in the execution of the latter? How do you plan to overcome them? Have you considered producing a reporting schedule updated with Covid-19 provisions? Have you ensured the reporting mechanisms remain operational? Do you have access to raw data if needed? Management information systems Do you have the right level of information to conduct Covid-19.related assessments? Do you feel that as a CO your decision making process is undermined due to data quality issues? Have you considered producing a specific Covid-19 report? Have you undertaken to analyze the efficiency of your MIS in this context? Conduct & culture Have you raised awareness on data confidentiality and recommended practices when working remotely? Do you apply the “need to know/least privilege” principle? How do you ensure professional ethics are respected? Risk management Have you reviewed the risk matrix of your funds in light of Covid-19? What are the vulnerabilities? Have you simulated new scenarios? Level of model risk? Any necessary CSSF communication? Valuation risk Have you reviewed fair valuation mechanisms (marking-to-model), Pricing policy & pricing committee meetings? Product design To what extent are you able to keep “operating” the fund given market conditions and fund rules? Should you review your fund range? Your marketing approach? Should you amend your prospectus? Portfolio risk Have you done a portfolio risk assessment along the following lines: supply/demand, cash-flows, people risk, liquidity dependency/level of indebtedness, secondary market monitoring etc. Are you in dialogue with the PM function? What is the risk contribution of each asset to the overall portfolio? Valuation risk Have you assessed the effects of Covid-19 on valuation and documented it? How do you make sure your valuation policy is consistent in light of events (impairments, default)? How do you address any disruption in your value chain (lack of data ,inability of valuation agents to provide reliable valuations)? Legal risk PRODUCT-BASED ASSESSMENT PRODUCT-BASED ASSESSMENT (AIF ILLIQUID) (UCITS) MATTERS FOR CONSIDERATION Prudential reporting Any change in capital deployment anticipated in your portfolios? Any tactical opportunities (market Deal sourcing & change in cash flow mechanics (capital calls, distribution, investment This templatedislocation was madestrategies)? available byAny KPMG. opportunities process)? Function owner 7

LEVEL OF RESIDUAL RISK SHIFT OF RISK TOLERANCE R/A/G R/A/G UP/DWN Y/N R/A/G R/A/G UP/DWN Cybersecurity & IT Y/N R/A/G R/A/G UP/DWN Key people risk Y/N R/A/G R/A/G UP/DWN Business risk Y/N R/A/G R/A/G UP/DWN Legal risk Y/N R/A/G R/A/G UP/DWN AML and fraud Y/N R/A/G R/A/G UP/DWN CSSF communication Y/N R/A/G R/A/G UP/DWN Regulatory watch Y/N R/A/G R/A/G UP/DWN Internal control framework of the IFM Y/N R/A/G R/A/G UP/DWN Prudential reporting Y/N R/A/G R/A/G UP/DWN Management information systems Y/N R/A/G R/A/G UP/DWN Conduct & culture Y/N R/A/G R/A/G UP/DWN PRODUCT-BASED ASSESSMENT (UCITS) Risk management Y/N R/A/G R/A/G UP/DWN Valuation risk Y/N R/A/G R/A/G UP/DWN Product design Y/N R/A/G R/A/G UP/DWN PRODUCT-BASED ASSESSMENT (AIF ILLIQUID) Scorecard – Current risks Portfolio risk Y/N R/A/G R/A/G UP/DWN Valuation risk Y/N R/A/G R/A/G UP/DWN Deal sourcing & opportunities Y/N R/A/G R/A/G UP/DWN REGULATORY CONTINUITY OPERATIONAL RESILIENCE BUILDING BLOCKS KEY BUSINESS FEATURES MATERIALIZATION OF IMPACT SEVERITY OF IMPACT Vendor monitoring / 3rd party risk Y/N Business continuity management This template was made available by KPMG. MITIGATION ACTIONS TAKEN This where you are able to detail the nature of the mitigation actions taken to counter the effects of Covid-19 e.g. communication to the CSSF, disclosure to investors, IT risk mapping, portfolio assessment etc. 8

Scorecard – Anticipated future risks PRODUCT-BASED ASSESSMENT (AIF ILLIQUID) PRODUCT-BASED ASSESSMENT (UCITS) REGULATORY CONTINUITY OPERATIONAL RESILIENCE BUILDING BLOCKS KEY BUSINESS FEATURES LIKELIHOOD OF RISK MATERIALIZING ENVISAGED SEVERITY OF IMPACT Vendor monitoring / 3rd party risk R/A/G R/A/G UP/DWN Business continuity management R/A/G R/A/G UP/DWN Cybersecurity & IT R/A/G R/A/G UP/DWN Key people risk R/A/G R/A/G UP/DWN Business risk R/A/G R/A/G UP/DWN Legal risk R/A/G R/A/G UP/DWN AML and fraud R/A/G R/A/G UP/DWN CSSF communication R/A/G R/A/G UP/DWN Regulatory watch R/A/G R/A/G UP/DWN Internal control framework of the IFM R/A/G R/A/G UP/DWN Prudential reporting R/A/G R/A/G UP/DWN Management information systems R/A/G R/A/G Conduct & culture R/A/G R/A/G UP/DWN Risk management R/A/G R/A/G UP/DWN Valuation risk R/A/G R/A/G UP/DWN Product design R/A/G R/A/G UP/DWN Portfolio risk R/A/G R/A/G UP/DWN Valuation risk R/A/G R/A/G UP/DWN Deal sourcing & R/A/G R/A/G opportunities This template was made available by KPMG. UP/DWN PREVENTIVE MEASURES TO TAKE This where you are able to detail the nature of the mitigation actions you will take to counter the effects of Covid-19 e.g. communication to the CSSF, disclosure to investors, IT risk mapping, portfolio assessment etc. SHIFT OF RISK TOLERANCE UP/DWN 9

Activity report This section allows conducting officers to explain the various identified impacts of Covid-19 over the operations of the company and funds under management; to provide an overview of any measures taken to ensure business continuity in light of the latter impacts, as well as an overall candid assessment of the integrity of the company’s operations. Insert your text here This template was made available by KPMG. 10

Vulnerability assessment – Operational resilience With reference to the scorecard, the business owner can comment upon any business items presenting a high to moderate risk profile in the area below. OPERATIONAL RESILIENCE Business feature X 1. Detailed description and assessment of impact: Insert your text here 2. Business ownership (function of the ManCo/AIFM directly impacted and responsible for mitigation measures): Insert your text here 3. Action items (next steps to mitigate or prevent the risk) and timeline: Insert your text here This template was made available by KPMG. 11

Vulnerability assessment – Regulatory continuity With reference to the scorecard, the business owner can comment upon any business items presenting a high to moderate risk profile in the area below. REGULATORY CONTINUITY Business feature X 1. Detailed description and assessment of impact: Insert your text here 2. Business ownership (function of the ManCo/AIFM directly impacted and responsible for mitigation measures): Insert your text here 3. Action items (next steps to mitigate or prevent the risk) and timeline: Insert your text here This template was made available by KPMG. 12

Vulnerability assessment – Product based assessment - UCITS With reference to the scorecard, the business owner can comment upon any business items presenting a high to moderate risk profile in the area below. PRODUCT BASED ASSESSMENT - UCITS Business feature X 1. Detailed description and assessment of impact: Insert your text here 2. Business ownership (function of the ManCo/AIFM directly impacted and responsible for mitigation measures): Insert your text here 3. Action items (next steps to mitigate or prevent the risk) and timeline: Insert your text here This template was made available by KPMG. 13

Vulnerability assessment – Product based assessment - AIF With reference to the scorecard, the business owner can comment upon any business items presenting a high to moderate risk profile in the area below. PRODUCT BASED ASSESSMENT - AIF Business feature X 1. Detailed description and assessment of impact: Insert your text here 2. Business ownership (function of the ManCo/AIFM directly impacted and responsible for mitigation measures): Insert your text here 3. Action items (next steps to mitigate or prevent the risk) and timeline: Insert your text here This template was made available by KPMG. 14

Action plan The structured action plan below summarizes the action items identified and explained in the vulnerability assessments described above. It can be used to give a priority ranking, timeline and deadline for each identified action, as well as to clearly allocate responsibilities. PRIORITY ACTION ITEM CLUSTER TASK OWNER MITIGATION ACTION DEADLINE 1 Review whether all temporary exception rules for investment limit breaches are properly integrated in the ManCo’s systems Product lifecycle (UCITS) Portfolio management Ensure proper model calibration 15/04/2020 Open No 2 Ensure that all employees are aware and informed about temporary provisions in the context of Covid-19 Operational resilience Compliance Inform all employees via email and 1:1 discussion 03/04/2020 Open Yes This template was made available by KPMG. STATUS OVERDUE 15

KPMG thought leadership KPMG thought leadership KPMG Covid-19 portal and related blogs https://blog.kpmg.lu/ KPMG intelligent regulatory system report KPMG‘s regulatory watch report with macro-trends and projection of the impact of regulation by industry and strategy. This template was made available by KPMG. 16

kpmg.lu kpmg.lu/app The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. 2020 KPMG Luxembourg, Société coopérative, a Luxembourg entity and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.