Establish sound systems for risk management and internal control

1. Summary of the risk assessment process, policies, and requirements of the risk unit.

The Group has an independent department for risk management as per the Group’s organizational structure. The Group’s risk management primarily works to measure, monitor, and reduce all types of risks facing the Group, as follows (for example, but not limited to):

  • Establishing effective systems and procedures to manage the Group’s risks, so that the Group can perform its core functions of measuring and monitoring all types of risks to which it is exposed. This process must be carried out on an ongoing basis, reviewed periodically, and the systems and procedures modified when necessary.
  • Developing periodic reporting systems, as they are an important tool in monitoring risks and mitigating their occurrence.

Risk managers enjoy independence through their direct reporting to the Risk Management Committee of the Group’s Board of Directors. They are also empowered with a significant degree of authority to carry out their duties to the best of their ability, without being granted financial powers or authority.

The Risk Management Department also has qualified human resources with professional competencies and specialized technical capabilities in the field of insurance.

1.1 Brief on the formation of the Group’s risk management department

# Name Job Title Date of Appointment Academic Qualification Work Experience Alternate Employee
1 Sharif Abdul Momen Senior Manager 10/12/2008
  • Bachelor of Accounting
  • Mergers and Acquisitions
  • Accounting and Reporting
  • Gayatri Lanka
2 Gayatri Lanka Deputy Manager 01/02/2023
  • Postgraduate studies in insurance and risk management
  • Postgraduate studies in administration, finance and trade
Risk Analysis and Risk Management in Insurance and Reinsurance
  • Sneha Abraham
3 Sneha Abraham Risk Analyst 02/01/2025
  • Graduate in Statistics (minor in Actuarial Science)
Fresh graduate
  • Gayatri Lanka

1.2 Summary of the reports submitted to the Board Risk Committee:

The Risk Management Department submits a comprehensive risk report to the Board Risk Committee quarterly, and other risk assessments as needed by management and/or the Board. Four reports were submitted to the Board Risk Committee thisyear, the contents of which are summarized below, but are not limited to:

  • Analysis of key risk indicators for the Group and its subsidiaries (operating performance, financial position, investments, liquidity, leverage, currency risk, and capital adequacy).
  • Updates on the Identity Threat Detection and Response Project and Business Continuity Plan.
  • Actuarial report presenting updates on the Group’s actuarial projects, technical reserves, and the Data Science Unit.
  • Updates on technical risk management and development of risk management guidelines for Gulf Insurance Group.

1.3 Number and dates of meetings with the Risk Committee during the year.

  • During the year 2024, (4) meetings were held with the Risk Committee.
  • Details of these meetings are stated in item 1‑2‑5.

1.4 A Brief report on the company’s actual, emerging, and potential risks, including but not limited to:

  • Risks of cancellation of Afya contract.
  • Geopolitical risks and regional instability.
  • Economic risks.
  • Risks of cyberattacks.
  • Operational risks.
  • And other related risks.