Allianz Lanka's risk administration, policies, and procedures are comprehensive and robust,

designed to manage risks effectively across all operational facets. The company's risk
management framework is built on strong governance principles and a detailed risk capital
framework that supports capital management and regulatory compliance. The framework is
aligned with both local regulations and the Allianz Group guidelines, particularly those
stemming from the European Solvency II Governance regime. This alignment ensures that
Allianz Lanka operates with high standards, particularly in areas like personal data and privacy
protection.

The core of Allianz Lanka’s risk management framework consists of several key components:

1. Risk Underwriting and Identification: This involves a thorough framework for risk
assessments, risk standards, valuation methods, and underwriting standards. It ensures
that risk-taking decisions are well-founded, whether in individual transactions, new
product approvals, or asset allocations.

2. Risk Reporting and Monitoring: Allianz Lanka has a robust qualitative and quantitative
risk reporting system that provides transparency and real-time risk indicators to senior
management. This helps in maintaining risk profiles within delegated limits.

3. Risk Strategy and Appetite: The company's risk strategy defines its risk appetite and
ensures that the rewards are appropriate for the risks taken. This strategy integrates risk
considerations into business decisions, aligning risk management with business
objectives.

4. Communication and Transparency: A transparent risk disclosure policy ensures that the
company's risk strategy is communicated effectively to both internal and external
stakeholders, positively impacting valuation and financing.

Allianz Lanka employs a three-lines-of-defense model to manage risk:

1. First Line of Defense: Business managers handle day-to-day risk management, ensuring
that operational risks are managed at the ground level.
 2. Second Line of Defense: This line provides independent oversight through key functions
like Risk Management, Compliance, and Legal. These functions ensure that the first
line’s risk-taking activities are within acceptable limits.

3. Third Line of Defense: The Internal Audit function provides independent assurance on
the effectiveness of the overall risk management framework, evaluating the first and
second lines of defense and reporting directly to the Board of Directors.

Allianz Lanka’s governance and control policies are extensive, including various specific
policies like the Risk Policy, Capital Management Policy, Compliance Policy, Anti-Corruption
Policy, Anti-Fraud Policy, Data Privacy Policy, and others. These policies provide a structured
approach to managing different types of risks, ensuring that the company adheres to both local
and international standards.

To support this framework, Allianz Lanka has established several committees, including the Risk
Committee, which oversees risk management policies, strategies, and exposures, and the
Governance & Control Committee, which ensures compliance with regulatory and internal
governance standards. These committees meet regularly to review and update risk management
practices, ensuring that the company remains resilient against potential risks.

Overall, Allianz Lanka's approach to risk management is thorough and integrated into every
aspect of its operations, reflecting a commitment to maintaining high standards of governance,
compliance, and risk mitigation. This comprehensive risk management framework helps the
company safeguard its capital, ensure business continuity, and achieve its financial objectives
while managing potential risks effectively.

Risk administration, policies, and procedures are integral to the operational framework of
Allianz. This system ensures that all potential risks are identified, analyzed, managed, and
reported effectively to safeguard the company’s financial health and uphold its reputation.

The risk management framework at Allianz is built on four primary components. Firstly, risk
underwriting and identification form the foundation for adequate risk-taking and management
decisions. This includes individual transaction approvals, new product approvals, and strategic or
tactical asset allocations. The framework is underpinned by comprehensive risk assessments,
standards, valuation methods, and clear minimum standards for underwriting.

Secondly, risk reporting and monitoring are vital for maintaining transparency. This
comprehensive framework provides qualitative and quantitative risk indicators to senior
management, ensuring that the overall risk profile remains within delegated limits and
authorities. Regular updates and mitigation plans are reviewed and reported to the regional team,
ensuring that any deviations from the predetermined risk tolerance levels are detected early and
managed proactively.

Thirdly, the risk strategy and appetite clearly define the company's approach to risk. This
strategy ensures that the rewards are appropriate for the risks taken, aligning the delegated
authorities with the company’s overall risk-bearing capacity. Integrating risk considerations and
capital needs into decision-making processes improves the risk-return profile, making business
objectives and risk strategy consistent and allowing the company to utilize opportunities within
its risk tolerance effectively.

Finally, communication and transparency are essential for risk management. A transparent and
robust risk disclosure provides a basis for communicating the risk strategy to internal and
external stakeholders, ensuring a sustainable positive impact on valuation and financing.

Allianz has established a Risk Management Committee (RiCo) and a Risk Management Team,
whose members are proposed by the company’s CEO. These entities are crucial for promoting
the Allianz risk culture, developing risk management talent, pre-approving the company's risk
management policies, and ensuring alignment with local regulatory and Allianz Group
requirements. The committee's responsibilities also include monitoring approved risk tolerance,
exposures to individual risks, and determining management actions for non-compliance with risk
policies.

Operational risk management is another critical area. This involves managing the risk of direct or
indirect loss arising from the company's processes, personnel, technology, and infrastructure.
Operational risks could result in misleading financial information, loss of returns, financial
penalties from regulators, or damage to the company's reputation. Therefore, the company has
implemented a rigorous control framework to monitor and respond to potential operational risks
actively. This includes appropriate segregation of duties, reconciliation and monitoring of
transactions, compliance with legal and regulatory requirements, and periodic assessments of
operational risks and control procedures.

Allianz’s approach to risk management ensures a robust system that aligns with the company’s
strategic objectives, regulatory requirements, and best practices in the industry, thereby
maintaining trust and confidence among all stakeholders