Risk management is an integral component of prudential management and good corporate governance. It represents a modern approach to business management under a competitive market environment in which businesses and technology are constantly evolving. This dynamism creates risks which may hinder the company in achieving its business objectives.
Muang Thai Life Assurance PCL. (MTL) recognizes the importance of an effective risk management system. The company has established a well-defined governance structure to manage the risk of the company in accordance with international practices to best protect the interest of all stakeholders. The risk management activities aim to promote risk awareness throughout the organization and to enhance our capabilities to manage risk effectively; allowing the company to achieve its objectives in line with its mission and vision.
MTL has set the guideline for managing risks as follows:
1) Risk Governance Structure: MTL has established the governance structure that support effective risk management. Risk management function is independent from other work functions. MTL has clearly specified roles and responsibilities includes reporting process that support risk culture in the organization.
2) Risk Identification: MTL has a process of identifying the risks that the company is exposed to. The Risk Appetite and Risk Tolerance is determined by its ability to manage these risks.
3) Risk Assessment: MTL has used and developed several tools to measure and evaluate the risks faced by the company.
4) Risk Response: MTL has established guidelines and procedures to respond to the risks. As part of risk response, MTL may consider avoiding certain risks that we feel we cannot manage effectively. On the other hand, MTL may consider using risk management tools or strategies to mitigate or transfer the risks. The guidelines and procedures to respond to the risks must be consistent with the nature of the business and the availability of personnel and information systems of the company.
5) Monitoring and Report: MTL has structured the risk reporting system to facilitate consistent and accurate risk information flow from risk monitoring persons to senior management and the Board of Director.
6) Risk Management of Core Activities: MTL has established the risk management process for the core activities defined by Office of Insurance Commission that is consistent with the risks and complexity of the company. The process should be able to reflect the underlying risk, measure the risk appropriately, efficiently manage the risks, and monitor and control the risks from these core activities.
7) Establish a governance structure for enterprise risk management that enables the integration of risks across the business group, consolidates financial position and performance reporting, and incorporates risk management reports from subsidiaries within the group. Separate roles, responsibilities, and risk oversight functions to ensure the effectiveness of enterprise risk management.
1) To ensure that various risks related to business operations of the company will be managed systematically and within the risk appetite and risk tolerance set by the company.
2) To encourage the risk awareness throughout the organization
3) To develop knowledge and skills, and to continually increase the effectiveness of the risk management process
MTL values sustainable growth and therefore places much important on company’s risk management. MTL has linked risk management to as many activities as possible to ensure that MTL has prudent operation and appropriate risk management in place with consideration of both current risks and future risks according to company’s strategy, objectives and business plan, in order to prepare proper risk management plan .
MTL realizes that challenging goals come with risks. MTL consequently takes into account possible risks while developing business plan, in addition to determining business trends and directions, company’s target, and projects to fulfill the goals. Those risks not only affect the successfulness of the goals, but also the capital adequacy ratio required by the OIC. Therefore, business plan, such as, growing sales, product development, product pricing, underwriting process, customer service, investment, and other activities must be related to the target capital adequacy ratio. In addition, MTL studies impact from business operation and conducts stress testing to evaluate possible impact to capital adequacy under different circumstances.
It is important that all relevant persons and business units understand well on their duties and realize that there are risks involved in their activities. To perform any business project, the business unit should consider the availability of the system, expertise of personnel, as well as stability and liquidity of the company, and diversification of the risks. Therefore, they must be able to identify the risks they are facing or will face in the future. The risks should then be quantified and prioritized in order to determine the level of response required for each risk and plan for the risk treatments. The risks must be regularly reviewed and monitored to ensure that the risks company is facing or is possible to face in the future are managed properly and in a timely manner. Risk and Control Self-Assessment (RCSA), Key Risk Indicators (KRIs), and Loss Event Data (LED) are the major tools used in the risk management process of 6 core activities. Duration, sensitivity analysis, stress test, and cash flow monitoring are important tools for asset-liability management.
MTL has continually developed risk management tools to improve risk management process of the company.
The risks of unexpected series of events occurring recently and during the past years have put an emphasis on an important of business continuity management (BCM). BCM is considered an integral part of MTL’s risk management to ensure that MTL is able to operate during an emergency period. This will lead to the trust of customers which is the important factor contributing to the sustainable growth of the company.
Risk appetite defined as the aggregate level and types of risk the company is willing to assume within its risk capacity to achieve its strategic objectives and business plan.
Risk appetite plays a key role in maximizing return on capital invested by the shareholders as it acts as a driver for allocation of capital to identified risks. Among other things, risk appetite plays an important part in supporting risk assessment, monitoring and control activities. It does this by helping staff to aware of risks they are associated with, understand the relative significance of the risks faced by the organization and thereby better prioritizes risk monitoring and control activities.
Specifically, risk appetite plays two roles in supporting the business objectives and risk management activities of an organization:
1) It is a decision making and resource allocation tool. Risk appetite helps determine the degree of control that needs to be applied to a particular risk.
2) It establishes a benchmark for an organization to monitor a particular risk.
MTL’s risk appetite statement has been approved and regularly reviewed by the Board of Director. There are both quantitative and qualitative statements for the key risks.
In addition, risk tolerance has been defined as acceptable level of variation which cascade down from risk appetite in order to be a boundary of risk for operational level which is defined within context of risk appetite, core activities, and company’s objective. As the capital management is highly associated with the risk management, the capital adequacy is therefore considered as a part of the company's risk appetite and risk tolerance.
The management of risk is the management of resources and various processes to ensure that the amount of risk taken during business operation is in line with the defined risk appetite set out by the company.
An effective risk management system must be able to identify, assess, respond and monitor the risks faced by the business. It is most important that this system be aligned with the objectives of the company. MTL manage the top 10 risks.
Risk management has been established at MTL, including the risk management in the core activities defined by Office of Insurance Commission:
MTL applies the following process for risk management.
1 Risk Identification
Risk identification sets out to identify an organization’s exposure to uncertainty, both financial and non-financial exposure, as well as the sources of the exposure.
Risk identification should be approached in a methodical manner to ensure that all significant activities within the organization have been identified. Identified risks must be reviewed on a regular basis or when there are material changes of the risk factors.
MTL uses the risk taxonomy as follows;
1.1 Investment Risk
Investment risk comprises of credit risk, market risk, and liquidity risk.
- Credit Risk
Credit risk is the risk of financial loss resulting from default or movement in the credit quality of issuers of securities, debtors arising from lending, car hire purchase, aval or an issue of contract of guarantee to any project, counterparties, or intermediaries, to whom the company has an exposure. Credit risk includes;
- Counterparty default risk: risk that a company will not receive, or receives delayed, or partially, the cash flows or assets to which it is entitled because a party with which the company has a bilateral contract defaults on one or more obligations.
- Concentration risk: risk of increased exposure to losses due to concentration in a geographical area, economic sector, counterparty, or connected parties.
- Market Risk
Market risk means the risk of loss or of adverse change in the financial situation resulting, directly or indirectly, from fluctuations in the level and in the volatility of market prices of assets, liabilities and financial instruments.
The following risks are considered the major causes of market risk.
- Interest rate risk: risk of losses resulting from movements in interest rates. To the extent that future cash flows from assets and liabilities are not well matched, movements in interest rates can have an adverse impact on a company.
- Equity, commodity, and real estate risks: risk of losses resulting from movements of market values of equities, commodities, and real estate. To the extent a company makes capital investments, including stocks, commodity, and real estate, a company has probabilities to expose to sustained declines in market values
- Currency risk: risk of losses resulting from movements in exchange rates. To the extent that cash flows, assets and liabilities are denominated in different currencies, currency movements can have an adverse impact on a company.
- Related credit risk: Market risk and credit risk are correlated. In the case of change in issuer’s credit rating or change in market perception of issuer’s credit risk, credit spread might be adjusted and cause changes in present value of asset.
- Liquidity Risk
Liquidity risk is the risk that the Company is unable to meet its financial obligations as they fall due at a reasonable cost. Liquidity risk can be classified into two types: market liquidity risk and funding liquidity risk.
- Market liquidity risk: liquidity risk arising from the inability to convert assets into cash at a reasonable price in a timely manner.
- Funding liquidity risk: liquidity risk arising from the inability to raise funds at a reasonable cost in sufficient amounts to meet demand.
1.2 Insurance Risk
Insurance risk is the risk from fluctuation of claim frequency, claim severity or time of claim occurrence that deviate from the pricing and reserving assumptions.
Key assumptions include mortality rate, lapse rate, expenses and interest rate.
- Life and Health Risk
- Pricing Risk: The risk that the prices charged by the company for insurance contracts will be ultimately inadequate to support the future obligations arising from those contracts. This risk is applicable for newly launch products.
Pricing risk may occur where setting pricing assumptions are not appropriate, or the company do not acknowledge the profit signature of the product, or having risk that the contracts expose it to risks that were not anticipated in the design of pricing of those contracts, or selecting pricing model is not appropriate. These mention risks may expose the company to the risk of financial loss.
- On-going Profitability Risk: The risk that the current profit of each product deviates from the expected profit. This risk is applicable for existing products.
On-going profitability risk can result from deviation of either assumptions or policyholder risk profile such as age, sex, sum assured etc.
- Reinsurance Risk: The risk resulted from the insurance company purchase reinsurance from reinsurers are credit risk, concentration risk, and liquidity risk arising from reinsurers.
- Catastrophic Risk
Catastrophic risk is the risk of large-scale or continuous events leading to actual claims significantly exceeding expectations.
1.3 Asset-Liability Management
Asset-liability management (ALM) is a practice of managing a business so that decisions and actions taken with respect to assets and liabilities are coordinated. ALM can be defined as the ongoing process of formulating, implementing, monitoring and revising strategies related to assets and liabilities to achieve the company’s overall financial objectives, given its risk tolerances and other constraints.
ALM looks at risks requiring coordination of the assets and liabilities. Under MTL’s risk taxonomy, Investment risk and insurance risk are defined as risks related to ALM.
Insurers typically face with asset-liability mismatch caused by an unconformity of term of obligations to the policyholders comparing to the maturity of their investment assets.
1.4 Strategic Risk
Strategic Risk is the risk that arises from (1) the consequent of choosing to execute a particular strategy, and (2) the failure associated with the strategy implementation. According to MTL Risk Taxonomy, strategic risks can be classified into corporate planning risk, and strategic implementation risk.
- Corporate Planning Risk
Corporate planning risk is the risk that arises from strategy selection, failure to conform with standardized policy, and invalid initial assumptions and misinterpretation of data due to limited access to information. Corporate planning risk is unavoidable even though the planning process is fully equipped with thorough research, analysis, and full evaluation process because the uncertainty arises from changes in both the market competition and the operating environment which diminishes the strategy’s effectiveness.
- Strategic Implementation Risk
Strategic implementation risk is another component of strategic risk. The risk is caused by inability to implement the defined strategy and failure to deliver expected outcomes including agreed quality, timeline and budget of the business plan.
1.5 Operational Risk
Operational Risk is the risk of loss resulting from failed, inadequate or inappropriate internal processes, people, systems and/or external events which impact to company operation or financial statement including regulatory and legal risk. This definition excludes strategic and reputational risk.
In addition, “operational risk” also includes (1) information technology risk that may arise from use of IT in business which may have an impact on the Company’s systems or operations, which include risks arising from cyber threats and data risk and (2) Artificial Intelligence Risk (AI Risk) refers to risks arising throughout the AI lifecycle, from data preparation and model development to testing, evaluation, and deployment. The use of AI introduces emerging risks that may impact the Company’s operations, policyholders, the public, and other stakeholders. These include risks related to ethics, privacy violations, the reliability of AI outputs, legal compliance, information technology, and cyber threats.
Though well-planned control system has been implemented in organization, there are still many unpreventable risks such as accidents, natural disasters, fire, flood, acts of terrorism and epidemics. Business Continuity Management (BCM) is the vital tool used to reduce the severity of such events. BCM will ensure that if any disruption to the Critical Business Functions occurs, MTL can continue to operate or can recover the operations within an appropriate timeframe which may help mitigate the negative impacts to the business, the legal standing or the good corporate image.
Sources of operational risk can be classified into 4 categories as follows:
- People are the operational risk from the failure, inadequate or inappropriate of people in organization including capability and morals that have negative impact to company such as incapable employees, internal frauds and inadequate staff in operation.
- Processes are the operational risk from failure, inadequate or inappropriate process and internal control that convey to financial and non-financial loss.
- Systems are the operational risk from information technology system & network failure, inappropriate, and inefficiency that interrupt the operation of business as a result of could not provide service to customer such as inability to recover system timely including improper data security, resulting in data theft and data leakage.
- External factors are the operational risk from outside company such as claim fraud, external fraud, regulatory change, natural disaster and politics unrest.
1.6 Reputational Risk
Reputational Risk means the risk arising from damage to the Company due to reputational harm caused by customers, suppliers, shareholders, regulators, and/or Stakeholders holding a negative perception of the Company.
Stakeholder means individuals who are affected, either benefiting or suffering losses, by the Company’s business operations. Stakeholders are classified into six groups: customers, regulators, the Board of Directors and staff, business partners and suppliers, investors and rating agencies, and the public/media/influencers.
1.7 Other Risks
Group Risk means the risk that the Company may be negatively impacted by events (both financial and non-financial) occurring within the business group. This also includes risks to the financial stability of the entire group or its member companies resulting from events within a specific business entity, whether triggered by internal factors within the group or external events affecting the group.
Emerging Risk means the risk that newly developing risks or losses that may not have occurred or been experienced before. These risks are difficult to estimate in terms of both probability and severity due to uncertainty and shifting environmental factors, such as politics, law, society, technology, the physical environment, and natural changes.
2 Risk Assessment
Risk assessment involves comparing the level of risk found during the analysis process with previously established risk criteria, and deciding whether these risks require treatment. The result of risk assessment is a prioritized list of risk that requires further action. Therefore, this step determines the level of response required for each risk. The tools using for risk assessment are depends on type of that risk.
3 Risk Response
Risk response is the process of dealing with risk. Company respond to risk based on cost and benefit consideration. The alternative of risk response can be risk avoidance, risk reduction, risk transfer and risk acceptance. It is often either not possible or cost-effective to implement all treatment strategies. MTL aims to choose and prioritize risks, and implement the most appropriate combination of the available options to treat the risks (Detailed information is provided in Section 6: Risk Management Tools and Techniques). The result of the risk assessment is a prioritized list of risk that requires further action. Therefore, this step determines the level of response required for each risk.
4 Risk Monitoring and Review
The company consistently monitors and reviews the risks to ensure that they do not exceed the risk appetite set up by the Board and the risks are within the pre-defined limits. The monitoring and review phase provides management through reporting mechanisms and the assurance that the policies and the related controls are applied properly including the use of such information to support reporting to regulators and relevant external agencies.
The following tools and techniques are example of those which have been used in MTL’s risk management process of the core activities;
1) Risk and Control Self-Assessment (RCSA)
RCSA is a tool used to extract risk information from risk owners to identify and assessment the impact of risk. The main purposes of RCSA are to allow systematic reviewing of the root causes of risks and to effectively direct remedial action. RCSA enables the systematic identification of risks that may occur.
2) Key Risk Indicator (KRIs)
KRIs are early warning indicators that provide capability to indicate severity of a specific risk during a specific period of time. KRIs not only reflect risks incurred in the past (Lagging Indicators), but also indicate possible loss in the future (Leading Indicators) resulting from severity of each risk factor. Good risk indicators can help the company to manage the risks and prevent those risks from occurring.
3) Loss Event Data (LED)
Loss Event Data gives detail of losses in the past. Efficient loss data collection enables the company to analyze and monitor risks more efficiently. Loss data collection consists of information on event of loss incidents, event types, causes and loss amount, severity, responsible business unit and risk control/ mitigation actions.
4) Profit Test
Insurance Profit Testing is an approach to actuarial calculations carried out using cash flow techniques; typically, profit tests generate expected profit signatures of particular tranches of business on the basis of premium rates assumptions with the goal to keep the profitability in acceptable bounds.
5) Experience Analysis
Experience Analysis is an analysis technique that uses company's historical data such as mortality, lapse and expenses to predict future expected value of the company.
6) Stress Test
Stress tests are a necessary tool for insurance management. Such tests should be a fundamental element of an insurer’s overall risk management framework and capital adequacy determination. Stress tests are appropriate tools for insurers to use in assessing the risks to which they are subject and in ascertaining their own limits on the risks that they are prepared to take. They should help the insurer in making decisions as to whether, and what, action is needed to ensure that it is not taking undue risks.
The company has considered key risk factors, which may impact to business operating or capital adequacy, for stress test.
The stress tests are conducted and reported to related committees on a regular basis. Related committees may require IRM to conduct stress tests based on specified scenarios and to report the results as well.
7) Sensitivity Analysis
A sensitivity analysis is a technique used to determine how different values of an independent variable will impact a particular dependent variable under a given set of assumptions.
8) Credit Rating
Credit ratings from the rating agencies such as S&P, Moody’s, or Fitch Ratings are crucial determinant for credit risk assessment, and can be used in estimating the probability of default. Credit ratings should be taken into account when company's activities expose it to credit risk.
9) Cash Flow Monitoring
MTL monitors the cash flows to ensure that there are the sufficient of funds to meet its contractual and regulatory obligations at all times.
10) Liquidity ratios
Liquidity ratios are essential tools for assessing liquidity risk. These ratios compare the scale of liquidity sources against liquidity needs. Currently, the Company utilizes two types of liquidity ratios: the Base Liquidity Ratio and the Stress Liquidity Ratio.
11) Duration and Duration Gap
Duration is a factor sensitivity indicating a fixed income portfolio's first order (linear) sensitivity to the parallel shifts in the spot yield curve. In other words, duration is a measure of change in the value of portfolio due to change in interest rates.
Duration gap is used to monitor and assess risk resulting from asset and liability mismatch. It is the difference between duration of asset and liability.
12) Value at Risk (VaR)
VaR is a widely used risk measure of the risk of loss on a specific portfolio of financial assets. VaR is measured and monitored by risk types, such as interest rate risk, equity risk, credit risk, as well as at the aggregate level. VaR is the worst expected loss over a target horizon such that there is a low, pre-specified probability that the actual loss will be larger. Therefore, VaR involves two quantitative factors, the time horizon and the confidence level.
13) Feedback Loop
The feedback loop is a process for evaluating the impact of changes in risk exposure, leading to the review of risk management policies and mitigation measures within the framework of Enterprise Risk Management (ERM). This ensures that decisions made by the Board of Directors and executives are monitored and reported in a timely manner, enabling the company to achieve its strategic objectives while maintaining risk levels within acceptable limits. This framework should include mechanisms for aggregating risks and gathering new, essential information at least once per quarter. Additionally, it should incorporate a system for identifying and monitoring breaches or potential breaches of the company’s risk limits.
MTL has formed a risk governance structure, supported by identifying roles, responsibilities and authority hierarchy, which will foster the risk culture throughout the company. The followings describe the roles and responsibilities under MTL risk governance structure.
1) Board of Directors (BOD)
The Board of Directors as leaders of the company plays an important role in its founding the organization to success by placing the appropriate policies and strategies to enhance the competitiveness of the company. This means the growth of the organization, the added value in the long term to the shareholders, and the responsibility for policy holders. The BOD must have the vision, and is responsible for discussions of business strategies and oversees the company’s operations to be aligned within the laws and regulations governing the business.
The MTL Board of Directors determines the governance structure of the Company. In order to operate efficiently and to give appropriate attention and consideration to matters, the BOD may delegate authority to its Committees to carry out tasks. The BOD and Committees are supplied in a timely manner with information in a form and of a quality appropriate to enable them to discharge their duties.
The BOD appoints the Risk Management Committee to be its advisory body on risk governance and risk management issues. However, the BOD is ultimately responsible for ensuring that sound and comprehensive risk management, which adheres to applicable regulation, is developed within the company and for ensuring compliance with the policy. The BOD is responsible for approving and reviewing the Business Plan, Risk Management Framework, Risk Management Policy and other risk-related policies, such as the Policy of Investment in Other Businesses, and Risk appetite. The BOD is also responsible for monitoring the risk management process and ensuring that the process adheres to all applicable regulations. BOD shall operate the Company to have efficient internal control and audit system.
The BOD is also responsible for alignment between business strategies, risk management framework and the Company’s capital adequacy and financial stability.
Meetings of the BOD shall be held with the minimum frequency of once per three months.
2) Risk Management Committee (RMC)
The MTL Risk Management Committee is appointed by the Board of Director. The Risk Management Committee oversees the overall risks of the company and make sure that the company possesses efficient and effective risk management and that the risk management process is at appropriate level. The Risk Management Committee has the duty to advise the Board of Directors on risk management issues and is responsible to ensure identifying, assessing, response, monitoring and reporting risk levels for the attention of the Board of Directors. Moreover, The Risk Management Committee is responsible for ensuring that the Company has appropriate risk mitigation plans in place and for carrying out all activities defined in Charter of Risk Management Committee.
The Risk Management Committee shall hold meeting at least every three months.
3) Audit Committee (AC)
The MTL Audit Committee is appointed by the Board of Director. The Audit Committee is authorized to review and evaluate the company’s internal control and to ensure that the company has set up internal control, internal audit, and risk management systems that are suitable, effective and in accordance with the international framework.
The Audit Committee shall hold meetings at least every three months
4) Investment Committee (IC)
The MTL Investment and Credit Committee is appointed by the Board of Directors. The IC is responsible for determining policies, guidelines and procedures related to investment, credit services and real estate business for approval by the Risk Management Committee (RMC) and the Board of Directors (BOD).
The IC is responsible for approval of the plan, control and monitoring of investment, credit services and real estate business of the Company to make them comply with relevant laws and related investment and risk management policy. Also, to determine investment target and return on investment as a part of corporate budget to be approved by BOD, and evaluate and report investment performance to the BOD regularly.
The IC is also in charge of good corporate governance, transparency, and precaution against conflict of interest regarding investment, credit services and real estate business of the Company, while ensuring adequate work systems, human resources, and data.
5) Product Governance Committee (PGC)
The MTL Product Governance Committee (PGC) is appointed by the Board of Director. The PGC is responsible for ensuring suitable price and product development process.
The PGC is responsible for developing new products in term of competitiveness according to the market condition.
The PGC is also responsible for controlling the new product process aligns with the company strategy and regulatory requirement from Office of Insurance Commissioner (OIC).
The meeting of the PGC shall be held at least once per a month.
6) Executive Committee (EXCOM)
The Executive Committee is appointed under the recommendation of the President and the approval of the BOD. The Executive Committee shall hold a position as if they are the BOD among the Management.
Besides the assignments from the BOD, Executive Committee shall be granted from the BOD the authorities to cooperate with the Management regarding all aspects of the Company’s business as usual, to cooperate with the Management to implement according to the business plan and budget, to consider the matters designated by the BOD, to consider matters which are business as usual of the Company that the Management refers to Executive Committee, and to consider other matters that are not business as usual of the Company and/or outside the business plan and budget that has been approved in advance, where such matter must have material impact on the financial status and profitability or reputation of the Company.
Meetings of the Executive Committee shall be held no less frequency than once every 2 weeks.
7) Asset-Liability Committee (ALCO)
ALCO has been formally established as a committee of the CEO. The members of the committee are to be appointed by the CEO.
The ALCO ensures that the assets and the liabilities are managed in a consistent and complementary manner. The committee has the duty to advise the CEO on the management of company’s asset and liability given the associated risks. The committee helps foster closer communication and coordination between the Investment Division and Actuarial Division and ensures a clear delineation of lines of authority and responsibilities for managing ALM risks.
The meeting of the ALCO shall be held at least every three months or more frequently as deemed necessary.
8) Operational Risk Management Committee (ORMC)
ORMC has the duty to monitor and review operational risk management policy to develop and to support risk management to mitigate loss from failure or inadequate of process, people, system or external events, to improve efficiency of operation. ORMC has the duty to review business continuity management policy and well prepare of business continuity. ORMC has the duty to provide consultant, recommendation, approve and follow up risk guideline and the improvement of operational risk management system throughout the organization. ORMC can establish sub-committee or working team upon consideration.
The meeting of the Operational Risk Management Committee will be held once every3 months.
9) Enterprise Risk Management Division
Enterprise Risk Management Division is responsible for identifying, analyzing, assessing, managing, and monitoring corporate risks, and submitting reports to the Risk Management Committee and other related committees including of related rules and regulations.
The Enterprise Risk Management Division is accountable for coordinating with the Risk Management Committee, the Operational Risk Management Committee, and the Asset-Liability Committee. The Enterprise Risk Management Division may participate in other meetings when it sees appropriate and provide consultations to other committees or departments on request or when it sees necessary to ensure the appropriate risk management of the company.
10) Head of Enterprise Risk Management
The Head of Enterprise Risk Management is responsible for overseeing the holistic risk management process and the Own Risk and Solvency Assessment (ORSA), including the appropriate development of related reports. This role involves supervising departmental operations to ensure compliance with regulations and standards by leveraging specialized insurance risk expertise. Additionally, the role maintains full access to relevant data to analyze, assess, and report risk status to various committees while providing guidance to relevant departments to ensure effective organization-wide risk management.
11) Managements and all employees
All employees have responsibilities to operate business in alignment with company’s strategy, risk management framework, and risk appetite. All employees shall comply risk management process and report risk management performance as specified in risk management policy and related regulations.
The managements shall ensure that employees understand risk management process and able to apply in their works.
The Company recognizes the importance of creating a culture of risk management within the organization, as well as across the business group. The risk management direction is set in accordance with the risk management framework, risk management policy, and other business control policies. The policies are communicated to relevant staffs in order to build awareness and value of risk management.
The Company provides training for staffs and those of companies within the business group to ensure that they have proper knowledge, be careful, and well recognizes the risks associated with their responsibilities, the organization, and/or the person involved. The Company also promote the exchange of information within the organization.
The Company integrated risk management into business decision making processes including corporate governance and internal control.
Other Policies