1.1 Purpose
The Company performs systematic risk management across the organization in accordance with international standards, covering all core activities and risks in all aspects. The risk management encompasses the identification of risk factors and causes, followed by the evaluation, analysis, and prioritization of those risks, as well as the management, monitoring, and assessment of risk management outcomes. This is to ensure that the Company's operations meet their objectives and goals while remaining within their respective risk appetites.
1.2 Scope
The policy must be communicated across all functions. Executives and employees must acknowledge its importance and contribute to risk management in strict compliance with the policy.
1.3 Effective Date
This policy shall be effective from the date of approval by the Board of Directors.
1.4 Review Frequency and Revision
This policy must be reviewed annually, or when a significant change arises.
Any significant revisions, review, or renewal of this policy are subject to approval by the Board of Directors. Meanwhile, any insignificant revisions are subject to approval by the Management Committee (MC) and/or relevant subcommittees before being submitted to the Board of Directors for acknowledgement.
1.5 Responsible Function
The Risk Management Department is the responsible function of this policy.
2.1 Definition
2.2 General Principle
This policy is designed to ensure that the Company's operations comply with the established objectives, laws, and regulations.
2.3 Role, Duty, and Responsibility
In addition, the policy owner is responsible for ensuring that relevant departments and/or divisions establish procedures to comply with the policy, and the procedure owners are also responsible for developing manuals that are consistent with the respective procedures.
2.4 Requirement
The Company has established a risk management governance structure that meets internationally accepted standards for financial institutions. This structure ensures that appropriate risk management and internal controls are in place, along with governance and support to promote efficient and effective risk management and independent auditing and evaluation. The governance structure consists of the following components:
The Company has communicated the policy across all functions and assigned executives and employees at all levels to acknowledge its importance and contribute to risk management in strict compliance with the policy. Corporate and operational key performance indicators (KPIs) are established as tools to measure and evaluate performance in key aspects, including the management of climate and environmental risks, to reflect the efficiency and effectiveness at the corporate and functional levels. The heads of responsible functions are required to report their performance results to senior executives on a monthly basis. Risk factors and risks according to the Key Risk Indicators (KRIs) that may affect the performance and KPIs are managed in alignment with the Company's business plans and strategies to ensure competitiveness, profitability, and appropriate capital adequacy. The policy, guidelines, operational measures, internal controls and/or plans related to risk management are appropriately established, covering all core activities, to ensure financial stability and provide assurance to policyholders that policy benefits will be paid in full and on time. This will result not only in a positive image for the Company, but also a favorable reputation and image for the insurance business as a whole.
In addition to the risk management governance structure, which defines the roles and responsibilities of stakeholders at all levels within the organization, the Company also recognizes the importance of having an effective internal control system. Therefore, internal control has been established as an integral part of work processes, embedded in the operations of executives and personnel at all levels. The Company also has various measures to ensure that internal control is efficient and effective in accordance with the Company's risk management framework and risk appetites.
2.5 Penalty
Employees who violate this policy will be subject to disciplinary penalty in accordance with the Company's regulations and may be subject to other penalty imposed by applicable laws, rules, regulations, or requirements.