Alibaba is built on a foundation of public trust. We recognize that transparent, professional governance is essential to earning and maintaining stakeholder confidence. To this end, we continuously evolve our governance system by streamlining our governance structure, bolstering ESG initiatives, heightening risk management, and increasing operational transparency.
Board diversity
We promote diversity on the Board of Directors across gender, culture, and professional expertise to align with our diverse business portfolio. The director nomination process takes into account various factors, including age, gender, cultural backgrounds, and collaboration skills.
Board independence
As of March 31, 2025, the Board of Directors comprised 10 members, 60% of whom were independent directors.
Risk management structure
Compliance and Risk Committee
At the group level, we have established a three-layer risk management structure. This committee is directly chaired by an independent director and tasked with overseeing the Group's overall efforts in compliance and risk management. That entails monitoring the effectiveness of our risk management and internal control system.
Risk Management Committee
This committee is primarily responsible for: (1) identifying major Group-level risks and formulating a risk governance strategy accordingly; (2) enhancing the risk management system; and (3) establishing an oversight and evaluation mechanism for risk management. It reports quarterly to the Board's Compliance and Risk Committee.
Risk Management Working Group
The Risk Management Working Group comprises the heads of comprehensive risk management from all businesses and the heads of other functional departments. It is responsible for implementing specific tasks in risk management.
Risk management process
We have established a dynamically updated risk inventory and a risk assessment system to monitor, analyze, and classify internal and external risks.
We formulate management measures to prevent, avoid, or mitigate risks. For significant risks, we launch dedicated governance initiatives to achieve targeted improvements.
We have established an internal risk communication and reporting mechanism to ensure timeliness, accuracy, and completeness in the transmission of risk information. The Compliance and Risk Management Committee is regularly briefed on major risks.
Emergency management process
The Alibaba Group Specifications for Handling Emergency Service Unit (ESU) Incidents defines standards for classifying and grading risk incidents as well as procedural workflows for: (1) pre-incident readiness and prevention; (2) incident response and handling; (3) post-incident review, remediation and accountability.
Supervision, evaluation and inspection
In FY2025, under the guidance of the Risk Management Committee, a working group of Alibaba inspected governance outcomes for significant risks and post-incident improvements across our operations. The committee then cascaded its findings and remediation requirements to the comprehensive risk management head of each business for implementation.
Culture and training
Training on risk management
In FY2025, we organized nearly 2,000 awareness and training sessions to promote a compliance and risk culture. Risk management is incorporated into the Alibaba Group Code of Business Conduct exam, which is mandatory for all employees.
Compliance Day
Our fourth Compliance Day featured immersive activities, from risk-themed mini-lectures to interactive games, empowering employees with essential compliance knowledge across various domains.
In 2021, we established a three-layer ESG governance framework involving the Board of Directors, the management, and working groups to ensure the effective implementation of our ESG initiatives. Under the guidance of the Sustainability Committee, we continuously strengthen our ESG management system in a Plan-Do-Check-Act (PDCA) cycle.
