Establish sound systems for risk management and internal control
1. Summary of the risk assessment process, policies, and requirements of the risk unit
The Group has an independent department for risk management as per the Group’s organizational structure. The Group’s risk management primarily works to measure, monitor, and mitigate various types of risks facing the Group such as financial and operational risks in the following manner (for example, but not limited to):
- Establish effective systems and procedures to manage the Group’s risks, so that the Group can perform its core functions of measuring and monitoring all types of risks to which it is exposed. This process must be carried out on an ongoing basis, reviewed periodically, and the systems and procedures modified when necessary.
- Developing periodic reporting systems, as they are an important tool in monitoring risks and mitigating their occurrence.
Risk managers enjoy independence through their direct reporting to the Risk Management Committee of the Group’s Board of Directors. They are also empowered with a significant degree of authority to carry out their duties to the best of their ability, without being granted financial powers or authority.
The Risk Management Department also has qualified human resources with professional competencies and specialized technical capabilities in the field of insurance.
1.1 Brief on the formation of the Group’s risk management department
| # | Name | Job Title | Date of Appointment | Academic Qualification | Work Experience | Alternate Employee |
|---|---|---|---|---|---|---|
| 1. | Sherif Abd El Moamen | Senior Manager | 10/12/2008 |
|
| Gayatri Lanka |
| 2. | Gayatri Lanka | Deputy Manager | 01/02/2023 |
|
| Sneha Abraham |
| 3. | Sneha Abraham | Junior Risk Analyst | 02/01/2025 |
|
| Gayatri Lanka |
1.2 Summary of the reports submitted to the Board Risk Committee
The Risk Management Department submits a comprehensive risk report to the Board Risk Committee quarterly, and from time‑to‑time other risk assessments as needed by management and/or the Board. Quarterly reports were presented during the Board Risk Committee meetings in the year, contents of which are summarized below, but are not limited to:
- Analysis of key risk indicators for the Group and its subsidiaries (operating performance, financial position, investments, liquidity, leverage, currency risk, and regulatory and rating capital adequacies).
- Updates on action items pertaining to technical risks, operational risks, IT and cybersecurity risks, group‑wide top risks and subsidiaries initiatives, risk management department activities and internal audit alignments, etc.
- Actuarial report presenting updates on the Group’s actuarial projects, technical reserves status, and the Data Science Unit.
1.3 Number and dates of meetings with the Risk Committee during the year
- During the year 2025, (4) meetings were held with the Risk Committee.
- Details of these meetings are stated in item 5.2.1.
1.4 Brief report on the company’s actual, emerging, and potential risks, including but not limited to:
- Risks of revocation of Afya contract
- Financial risks
- Geopolitical risks and regional instability
- Risks emerging from US Trade Policy and other macroeconomic factors
- Risks of cyberattacks
- Operational risks across the group
- Plus other related risks
2. Brief on the formation of the Group’s Compliance and Corporate Governance Department
| # | Name | Job Title | Date of Appointment | Academic Qualification | Work Experience | Alternate Employee |
|---|---|---|---|---|---|---|
| 1. | Manaf Al Mutairi | Deputy Manager | 14/02/2021 |
| +10 years in the private sector (banking and insurance sector) | Yousef Al Naqi |
| 3. | Hamza Mikdad | Deputy Manager | 14/03/2022 |
| +10 years in the private sector (consulting, investment, familyowned companies, and the insurance sector) | Yousef Al Naqi |
| 2. | Yousef Al Naqi | Supervisor | 14/03/2021 |
| +10 years in the private sector (banking and insurance companies) | Hamza Mikdad |
2.1 Brief description of the work and requirements of the Compliance Unit
The Compliance, Corporate Governance, and Anti‑Financial Crimes Department is the function responsible for ensuring compliance with internal and external regulations, including applicable laws and regulations, internal policies, and ethical standards governing the Group’s operations, in accordance with the requirements of the relevant regulatory authorities.
2.2 Reports submitted to the Audit Committee/Board of Directors
During 2025, several reports were issued to the Audit Committee, which were conducted in accordance with the company’s compliance risk assessment and included 4 reports. These reports included, but were not limited to, the following:
- Evaluating the performance of various departments of the company.
- A presentation of the latest regulatory developments from all relevant authorities and the company’s compliance with these developments.
- Anti‑money laundering and counter‑terrorism financing (AML/CTF) reports.
2.3 Number and dates of meetings with the Audit Committee during the year
- During 2025, (4) meetings were held with the Audit Committee.
- Details of these meetings are stated in point 5.1.1.
2.4 Brief report on the Company’s work in implementing internal policies and the extent of its compliance with relevant external laws
The Compliance and Corporate Governance Department confirms that the level of compliance with the recommendations issued by the Compliance function and the Audit Committee is considered very good. The Department conducts continuous follow‑up and holds periodic meetings with executive management to ensure the implementation of such recommendations and to maintain compliance with all relevant regulatory developments.
3. An overview of the formation of the Group’s Actuarial Unit
| Employee Name | Job Title | Hiring Date | Years of Experience | Academic Qualifications | Replacement Employee |
|---|---|---|---|---|---|
| Ahmed Ragab | Chief Actuarial Officer | 18/12/2011 | 18 |
|
|
| Dina Afnan | Supervisor | 15/01/2020 | 6 |
|
|
| Omar Al Sadi | Actuarial Analyst | 28/04/2024 | 2 |
| |
| Bilal Sharif | Deputy Manager | 01/09/2024 | 9.5 |
|
|
| Ryad Chaabi | Supervisor | 13/03/2025 | 8 |
|
|
| Tumulamye Yoweri | Actuarial Analyst | 24/06/2024 | 2 |
|
3.1 Brief overview of the work and requirements of the Actuarial Unit
GIG’s mission to become a regional market leader over the past years has been supported by in-house Actuarial Functions in each GIG company, a critical department in the insurance operation. In line with international guidelines, GIG’s Actuarial Function acts as a measure of quality assurance. GIG maintains the following view to safeguarding: that certain important decisions should be undertaken based on expert technical actuarial advice and a strong understanding of the uncertain nature of insurance business, risks, and models. The following are examples of the key roles and responsibilities of the various divisions (but not limited to):
- Establish robust and effective internal actuarial functions across the Group
- Adhere to all applicable laws, regulations and statutory requirements
- Reduce our reliance on external actuarial consultancy
- Support the senior management and all technical lines’ managers in the decision-making processes
- Spread the actuarial knowledge across the Group, considering the corporate social responsibility of the countries in which the Group operates
- Monitor the insurance portfolio, developments, and the associated risks and opportunities
- Improve the data quality, consistency, validation and reconciliations
- Strengthen internal reporting and analytics
- Create a competitive edge and values for all stakeholders
- Set reserving policies, monitor developments and evaluate adequacies (or deficiencies)
- Review and validate the best estimate calculations across the group
- Manage IFRS 17 technical systems, modeling, calculations, reporting, and movement and financial analyses
- Evaluate reinsurance optimizations strategies across the group, define optimal retention levels, CAT Modeling, economic capital modeling, stress-testing, risk accumulations, concentration risks, credit risks, and appropriate coverage of reinsurance agreements, etc.
- Data integration, central data hubs, identify business opportunities and apply predictive analytics
3.2 Summary of reports submitted to the Board of Directors
In line with the regulatory and business requirements, the Group Actuarial department prepares various actuarial reports for multiple objectives and stakeholders. The following are examples of the key reports (but not limited to):
- Annual Actuarial Report (for the Insurance Regulatory Unit)
- The report covers the insurance business of GIG Parent including all Underwriting activities, Claims management, Reinsurance agreements, Actuarial reserves, Investment portfolio, Solvency Margin, and IFRS 17 assumptions and calculations.
- Quarterly Actuarial Report (for the Risk Committee of the Group’s Board of Directors and the Executive Management)
- The summary report covers a brief status update on the key strategic objectives and their progresses, actuarial KPIs and their progresses, top risk assessments, key highlights on the quarterly group technical reserves, a summary of the appointed actuary quarterly results, movement analysis of the technical reserves by company, movement analysis of the risk adjustment by company, discounting analysis by company, loss reserve movements, and the adequacy of best estimate reserves.
- Ad‑hoc Requirements (to various stakeholders)
- In addition to the above regular reports, the department fulfills the needs of the management ad‑hoc requests, shareholders’ requirements, external auditors’ requirements and reviews, system testing reports, vendor assessments, and validation of deliverables.
- The department is also playing a key role in supervising the group companies’ submissions and local reserve calculations in addition to the independent reviews of potential acquisitions. Regular peer reviews are performed on a quarterly basis.
3.3 The decision to appoint the actuary is signed by the Chairman of the Board of Directors
The appointment of the actuarial expert for Gulf Insurance Group was approved during the year 2025:
| GIG’s Approved Appointed Actuary: | Ahmed Ragab |
| License No.: | ACC20220001 |
| License validity: | 6/11/2028 |
| Department: | Group Actuarial Department |
3.4 Actuarial Report according to Article (50) of Resolution (58) of 2023 and its amendments regarding the Company
The Group’s Approved Appointed Actuary prepares the Group’s annual report in accordance with the provisions set out in the Executive Regulations of the Insurance Regulation Unit and Decision No. (58) of 2023. The Group submits a copy of this report, including the examination results, to the Insurance Regulation Unit on an annual basis.
3.5 Report on the Company’s work and the extent of its compliance with the actuary’s recommendations
From year to year, GIG takes further steps in enhancing and improving the in-house Actuarial Functions across all group companies, with more integration into the business activities as well as the strategic objectives. The following milestones were achieved during year 2025 based on a combination of regular recommendations as well as the main objective to streamline the actuarial processes across the group. Additionally, further developments are planned in the road ahead:
2025 – Actuarial Milestones and Values Added
- Strengthening actuarial capacity by expanding the team with experienced professionals who integrated seamlessly and enhanced our ability to support the groups growing business needs
- Established a comprehensive review framework to ensure consistent, high‑quality oversight of key actuarial processes
- Enhanced collaboration with subsidiary teams through in‑depth reserve reviews that incorporate business insights and market trends, enabling stronger management reporting and understanding of technical movements
- Improved support to subsidiaries by restructuring the group actuarial function to align resources with specific geographies and business requirements
- Streamlined periodic reporting by leveraging our robust data infrastructure to produce reports and summaries more efficiently and with greater accuracy
- Support other functions in leveraging actuarial data to meet business requirements such as business planning and loss ratio analysis
- Integrated several new functionalities in the Actuarial and Finance systems to meet evolving requirements
- Delivered several training sessions across all group companies, covering both technical subjects and soft skills topics tailored to the diverse needs of participants
- Actively contributed to Fairfax working groups, enabling knowledge sharing and learning from group‑wide expertise
- Efficiently managed and responded to all inquiries and requests from both local and regional regulators, shareholders, as well as auditors, ensuring comprehensive compliance with regulatory standards and maintaining a high level of transparency in all reporting processes.
2026 – The Road Ahead
- Establish a GIG Actuarial Working Group to deepen the collaboration across entities, harmonize methodologies, and enable sharing of insights, experience, and best practices
- Continue empowering the team to innovate and broaden their skillsets, with a focus on advanced analytics, technical capability, and actuarial excellence
- Further enhance actuarial and financial systems so they meet the latest standards set by local and regional regulators
- Leverage new skills to enhance our processes, including the development of dashboards, the wider use of coding and AI to improve efficiency, accuracy, and decision support
- Strengthen oversight across subsidiaries by developing a structured framework to assess actuarial processes, current capabilities, and pain points – ensuring targeted and meaningful support aligned to business needs
- Enhance actuarial capabilities in Pricing, Portfolio Management, and Reinsurance Optimizations through increased oversight and deeper analytical engagement.
4. An overview of the implementation of the requirements for forming an independent internal audit department in the group
The Group has an Internal Audit Department that enjoys full functional independence in accordance with the organizational structure, whereby it reports to the Audit Committee and, consequently, to the Board of Directors of the Group.
The Internal Audit Department prepares reports that include the review and evaluation of the internal control systems applied within the Group, which cover, without limitation, the following:
- Reviewing control and oversight procedures related to the efficiency and effectiveness of internal control systems necessary to safeguard the Group’s assets, ensure the accuracy of financial data, and enhance the efficiency of its operations across administrative, financial, and accounting aspects.
- Comparing the development of risk factors within the Group with existing systems to assess the effectiveness of the Group’s day‑to‑day operations and its ability to address unforeseen market changes.
- Evaluating the performance of executive management in the implementation of internal control systems.
4.1 An overview of the formation of the Group’s internal audit department
| # | Name | Job Title | Date of Appointment | Academic Qualification | Work Experience | Alternate Employee |
|---|---|---|---|---|---|---|
| 1. | Ahmad Isbahe | Manager of the Internal Audit Department | 05/03/2024 | Master’s degree in Business Administration | 22 years in the field of auditingHe has 22 years of professional experience, including recent experience over the past seven years within insurance companies in the fields of internal audit, consulting, and internal audit quality assurance for insurance companies. He holds several professional certifications, including CIA, CISA, ITIL, and COBIT. Furthermore, Mr. Ahmed Mousa Isbahe submitted his resignation from the Group on 30 July 2025, and KPMG was subsequently appointed to perform the internal audit services for the Group. | ‑ |
4.2 A summary of the work, policies, and requirements of the Internal Audit Unit
The Internal Audit Unit is governed by a number of policies within the framework of its operations and activities, including the Audit Committee Charter and related policies. In addition, the internal audit activities of the Company comply with the relevant regulatory requirements.
4.3 Summary of reports submitted to the Audit Committee/Board of Directors
During 2025, several reports were issued to the Audit Committee in accordance with the risk assessment and the Company’s approved organizational structure. A total of six (6) reports were issued, none of which included any material observations.
4.4 The number of meetings held with the external auditor, a summary of the most important observations regarding the meetings, the reports submitted, and a report on the Company’s work and the extent of its compliance with the external audit recommendations
- During 2025, four (4) meetings were held with the external auditor.
- The external auditor submitted four (4) quarterly reports during Audit Committee meetings, in which key observations were presented along with related recommendations, if any.
- Through these meetings, the Company’s issued financial statements were reviewed and any observations, if any, were discussed. The meetings concluded without any material observations or qualifications relating to the financial statements or the internal control systems.
- The Company obtained copies of the external auditor’s reports and complied with the recommendations contained therein, in coordination with executive management.
4.5 A report on the Company’s work and the extent of its compliance with internal audit recommendations
The Internal Audit function of the Company confirms the Company’s full compliance with the recommendations of Internal Audit and the Audit Committee, reflecting the effectiveness of continuous follow‑up and the holding of periodic meetings with the relevant parties.