China Innovationpay : Terms of Reference of the Risk Management Committee

Central China Real Estate Limited

China Innovationpay Group Limited

中國創新支付集團有限公司

(incorporated in Bermuda with limited liability (Stock Code: 08083)

Terms of Reference of the Risk Management Committee

Adopted by the Board on 30 May 2016 Definition

"Company"	means China Innovationpay Group Limited 中國創新支付集團 有限公司
"Group"	means the Company and its subsidiaries
"Board"	means the board of Directors of the Company
"Risk Management Committee"	means the Risk Management Committee of the Board of the Company
"Director(s)"	means director(s) of the Company
"Independent Non- Executive Directors"	means the independent non-executive Directors of the Company as defined in the Listing Rules
"Stock Exchange"	means The Stock Exchange of Hong Kong Limited
"Listing Rules"	means the Rules Governing the Listing of Securities on the Growth Enterprise Market of the Stock Exchange
"Senior Management"	means the staff regarded as senior management under the Listing Rules

Purpose of the Risk Management Committee

The purpose of the Risk Management Committee is to assist the Board in (i) deciding the risk level and risk appetite of the Group; (ii) considering the Group's risk management strategies; and

(iii) ensuring the soundness and effectiveness of the Group's internal control system and giving guidelines where appropriate.

Constitution

1. The Risk Management Committee is established by a resolution passed in the Board meeting.

2. The members of the Risk Management Committee shall be appointed by the Board and shall consist of a minimum of three members.

3. The Board shall appoint the Chairman of the Risk Management Committee who is to lead the Risk Management Committee and ensures that the Risk Management Committee operates and discharges its duties efficiently. In the case of equality of votes, the Chairman of the Risk Management Committee shall have a second or casting vote.

4. If any member of the Risk Management Committee is incapable of performing his/her duty for any reason, the Board of the Directors shall promptly appoint appropriate member(s) to the Risk Management Committee to ensure the number of the members of the Risk Management Committee meets the quorum.

5. The secretary of the Risk Management Committee shall be the company secretary of the Company. In the absence of the secretary of the Risk Management Committee, the Risk

   Management Committee members present at the meeting shall select another person as the secretary.

   Declaration of Interest

6. Each member in the Risk Management Committee shall declare to the Risk Management Committee any of his/her personal financial interest in connection with any matter to be resolved by the Risk Management Committee and any potential conflict of interest in connection with such matter. Any member with such interest or relates to such potential conflict of interest shall be abstained from voting in the Risk Management Committee's resolution and discussion in respect of the related matters. The interested member shall resign if requested by the Board.

   Meeting Proceedings

7. Notice of meeting:

8. Unless otherwise agreed by all members of the Risk Management Committee, at least seven days' prior notice must be given to all members before meeting;

9. Any member may convene a meeting by notifying the secretary of the Risk Management Committee in writing, and then the secretary of the Risk Management Committee shall notify the other members in writing or by other ways, or alternatively any member of the Risk Management Committee may notify the other members directly in writing or orally. The secretary of the Risk Management Committee may also convene a meeting by notice in writing. The aforesaid "notice in writing" includes notice by facsimile transmission;

10. For any meeting convened by an oral notice, the secretary of the Risk Management Committee shall issue a written confirmation as soon as practicable and before the meeting; and

11. Any written and oral notice shall state the purpose, time, place, date and agenda of the meeting and shall be accompanied by the relevant documents which may be required to be considered by the members and the secretary of the Risk Management Committee. Documents should be provided together with meeting agenda which shall be sent together with meeting notice (or written confirmation of an oral notice).

12. The quorum of the meeting of the Risk Management Committee shall be two members, who may attend meetings in person or through telephone conference or other communication facilities by means of which all attendees of the meeting are capable of hearing each other.

13. The meeting of the Risk Management Committee shall be held not less than twice a year.

14. Only members of the Risk Management Committee have the right to attend meetings of the Risk Management Committee. Other persons including but not limited to any Director,

    senior management, external advisors or consultants may be invited by the Risk Management Committee to attend fall or part of any meeting as and when appropriate.

15. Resolutions shall be passed by a majority of votes of the members of the Risk Management Committee present at the meeting. Each member of the Risk Management Committee shall have one vote. In case of any equality of votes, the Chairman of the meeting shall have an additional or casting vote.

16. A resolution in writing signed by all members of the Risk Management Committee shall be as valid and effectual as if it had been passed at a meeting of the Risk Management Committee. Any such resolution may be contained in a single document or may consist of several documents in like form each signed by one or more of the members of the Risk Management Committee.

    Authority and Duties

17. The Risk Management Committee is authorized by the Board to:

18. investigate any activity within its terms of reference and make any recommendations to the Board which it deems appropriate on any area within its remit where action or improvement is needed. It is authorized to seek any information it requires from the management and any employee of the Company. Management of the Company and all employees are directed to cooperate with any request made by the Risk Management Committee; and

19. obtain any independent professional advice, at the Company's expense, from any person if it considers it necessary to perform its duties. If necessary, the Risk Management Committee may invite external advisers with relevant experience to attend meetings of the Risk Management Committee and delegate any of its duties as is appropriate to such person or persons as it thinks fit.

20. Duties and functions of the Risk Management Committee

    The duties and functions of the Risk Management Committee shall include:

21. to review the Company's risk management policies and standard, as well the fundamental concepts and scope of compliance management;

22. to provide guidelines to the management on risk management and set up procedures to identify, assess and management material risk factors; and ensure the management discharges its responsibility in establishing an effective risk management system;

23. to supervise and monitor the Company's exposure to legal sanction risks and implementation of the related internal control policies and procedures adopted by the Company;

24. to review, evaluate and update from time to time the internal control policies and measures in respect of the control procedures of risks, including risk management and the communication and cooperation with the operating units;

25. to review the compliance reports and risk assessment reports that need to be reviewed by the Board, and to make recommendations on improvement of the Company's compliance and risk management;

26. to evaluate and advise on the risks involved in major decisions that need to be reviewed by the Board and solutions to the major risks;

27. to evaluate the risks of major investment and funding projects and issues concerning the operation of capital, and to advise the Board on the decision making;

28. to review and report annually to the Board the effectiveness of the risk management system; and

29. other matters as authorised by the Board.

    Other Matters

30. The Risk Management Committee shall report to the Board. At the next meeting of the Board following a meeting of the Risk Management Committee, the chairman of the Risk Management Committee shall report its findings and recommendations to the Board.

31. The work of the Risk Management Committee during each financial year shall be summarised and included in the corporate governance report which constitutes part of the annual report.

32. The Risk Management Committee should within its terms of reference, take necessary or appropriate actions on matters that the Risk Management Committee or the Board and consider other matters as the Risk Management Committee and the Board considers necessary or appropriate.

33. The Chairman of the Risk Management Committee or in his absence, another member of the Risk Management Committee or failing this, his duly appointed delegate, shall attend the annual general meeting of the Company to respond to the questions raised by the shareholders of the Company on the work of the Risk Management Committee.

34. Minutes of the Risk Management Committee meetings should be prepared and kept by the secretary of the Risk Management Committee and such minutes should be made available for inspection by the Directors at any reasonable time by reasonable notice. Draft and final versions of minutes of the Risk Management Committee meetings should be circulated to all members of the Risk Management Committee for their comment and records respectively, in both cases by the secretary of the Risk Management Committee within a reasonable time after the meeting.