COMPOSITION AND MEETINGS
The Committee comprised of the following Directors during the year and as at 31 December 2024.
| Name | Category | Meeting Attendance |
|---|---|---|
| Mr. O G V J Senanayake (Chairman) |
Independent Non-Executive Director |
4/4 |
| Mr. H M Hennayake Bandara (resigned w.e.f. 31.12.2024) |
Independent Non-Executive Director |
4/4 |
| Ms. R J Moraes | Independent Non-Executive Director |
4/4 |
The Company Secretary acts as the secretary to the Board Risk Management Committee. The Chief Risk Officer attends meetings by invitation. Ms. A K Seneviratne acts as a consultant to the Committee since 27th July 2023.
PURPOSE OF THE COMMITTEE
The Committee was established for the purpose of assisting the Board in fulfilling its responsibilities towards overseeing the adequacy and effectiveness of the Enterprise Risk Management (ERM) Framework and activities of the Company, including the review of major risk exposures and the steps taken to monitor and manage those exposures with the risk appetite.
TERMS OF REFERENCE
The Terms of Reference of the Board Risk Management Committee outlines the composition, roles and responsibilities of the Committee. It also specifies the manner in which meetings are conducted. The Committee works closely with the Chief Risk Officer, Corporate Management, Heads of Divisions, Consultants and Senior Managers supervising broad risk categories such as business, financial, regulatory, ICT, insurance and demographic and operational risks. The matters discussed in the Committee are informed to the Board of Directors on a regular basis.
KEY RESPONSIBILITIES
▶ Setting the tone and developing a corporate culture that embraces risk management practices while supporting the Company’s strategic objectives.
▶ Ensuring that the executive team has identified and assessed all key risks including ESG risks and has established a sound risk management framework capable of addressing those risks.
▶ Monitoring risk management capabilities within the Company, including communication lines established to escalate risks, preparedness to face crisis and recovery plans.
▶ Overseeing the division of risk related responsibilities to each Board Sub-Committee as clearly as possible to ensure that all risks are addressed.
▶ Review and oversee the risk profile of the Company including ESG risks within the context of the Board determined risk parameters.
▶ Make recommendations to the Board concerning the Company’s risk appetite and any risk or compliance management practices.
▶ Oversee and review the implementation of risk management and regulatory compliance throughout the Company.
ACTIVITIES DURING THE YEAR 2024
▶ Reviewed the Management’s assessment of key risk exposures and emerging trends that have reasonable potential to exceed the Company’s stated risk appetite and risk tolerance limits, and where appropriate, recommended action plans.
▶ Reviewed applicable legislative changes, including the Personal Data Protection Act No. 9 of 2022, and their impact to the Company.
▶ Reviewed the proceedings of Enterprise Risk Management [ERM] Executive Committee meetings.
▶ Regularly reviewed the IT disaster recovery operations, servers and equipment required and the DR tests conducted.
▶ Followed up on the escrow agreements entered into with various vendors of key IT systems used by the Company.
▶ Established a Policy on Risk Management and Internal Control and reviewed the Risk Management Framework, Risk Appetite Statement and Terms of Reference of the Committee.
▶ Reviewed the Implementation of data classification in MS Office 365 and data encryption.
▶ Reviewed whether the IT systems and infrastructure of the Company are up to date.
▶ Discussed the proposed implementation of a Network Operations Centre and Risks associated with ‘Bring Your Own Device’.
▶ Discussed Risk classification, risk heatmap and the identified high risks as well as reclassification of ‘Reinvestment Risk’ from high to extreme.
▶ Discussed the Personal Data Protection Project, appointment of Data Protection Officer and the way forward with the regulations.
▶ Discussed the gap analysis based on the Terms of Reference of the Committee and the matters discussed at the meetings to identify the effectiveness of the Committee.
▶ Reviewed the action plans of the management to ensure preparedness against fire.
▶ Discussed verification of authenticity of e-documents in underwriting and claim process.
▶ Conducted a self-assessment of the Committee
PROFESSIONAL ADVICE
The Committee is authorized to obtain legal or other professional advice internally and/ or externally as and when it deems necessary, at the Company’s expense.
The Committee may also seek the views of other Board Sub-Committees as and when required and may inform them of any relevant developments that maybe of relevance to their mandates.
CONCLUSION
A self-assessment of the Committee was carried out and the Committee was deemed to be operating effectively. Areas identified for improvement were addressed during the year.
O. G. V. J. Senanayake
Chairman – Board Risk Management Committee
20th February 2025