Corporate Risk Management Policy

Bangkok Life Assurance Public Company Limited

Introduction

     In unpredictable, constantly changing business conditions, effective risk management is paramount. Therefore, the Company has implemented integrated enterprise risk management based on the principles that align with the international enterprise risk management (ERM) standard. It serves as a guideline to mitigate the impact of fluctuating risk factors on the Company, while ensuring efficient resource utilization and the attainment of Company's goals.

Purpose

     The Company has implemented organization-wide systematic risk management in alignment with international standard frameworks, covering main activities and risks in every aspect. Risk management entails identifying risk factors and causes, conducting risk assessment, analysis, and prioritization. Additionally, it involves managing, monitoring, and evaluating the outcomes of risk management efforts. Its purpose is to enable the Company to achieve its objectives and goals while staying within its risk appetite.

Scope

     The Company requires that this policy be communicated to all functions for their acknowledgment; and that executives and employees at all levels be aware, participate in risk management, and strictly adhere to it.

Risk Management Governance Structure

     The Company has established a risk management governance structure that is recognized and accepted by international financial institutions. This structure ensures that the Company has appropriate risk management and internal control, necessary supervision and support to achieve efficient and effective risk management, along with independent auditing and evaluation. The structure comprises the following components:

• Risk owners and business lines, including the Board of Directors, Management Committee, Investment Committee, the President, heads of divisions, heads of departments, heads of sections, and working groups set up by the Company;
• Risk oversight and risk functions, including Risk Management Committee, Risk Management Department, and Compliance Office;
• Risk assurance and audit, including Audit Committee and Internal Audit Department.

Risk Management Guidelines

     The Company requires that this policy be communicated to all functions for their acknowledgment; and that executives and employees at all levels be aware, participate in risk management, and strictly adhere to it. Corporate and Operational Key Performance Indicators (Corporate and Operational KPIs) have been established as tools for measuring and evaluating the Company’s performance across key areas, reflecting efficiency and effectiveness at both organizational and functional levels. Furthermore, responsible executives have been tasked to report their operating results to their supervisors on a monthly basis. To ensure alignment with the Company’s business plan and strategies, competitiveness, and profitability; risk factors and risks are considered based on the Key Risk Indicators (KRIs), which are elements that could affect the Company’s operating results and KPIs. Additionally, it is crucial to maintain capital adequacy at an appropriate level by establishing appropriate policies, guidelines, measures, internal controls, and/or risk management plans to ensure financial security and provide insureds with confidence that the Company is able to pay benefits under insurance policies in full and in a timely manner. This not only enhances the Company’s positive image but also upholds the reputation and positive image of the insurance industry.

Internal Controls as per Risk Management Guidelines

     Apart from the risk management governance structure that defines the roles and responsibilities of relevant individuals at all levels in the organization, the Company also realizes the importance of having an effective internal control system. Therefore, internal controls have been incorporated into the operating processes and embedded in the performance of duties of executives and personnel at all levels. In addition, the Company has various measures in place to ensure that the internal controls are efficient, effective, and in line with the Company’s risk management framework and risk appetite.

​Policy Review

     The Company shall review this policy at least once a year or when there are material changes to the risk factors.