Q

Menu
X

Good Corporate Governance

Focusing on the working process that is based on Good Corporate Governance, Tugu Insurance is committed to optimizing performance for the sake of the company’s long-term contribution.

Risk Management Policy

Tugu Insurance implements a Risk Management to ensure business sustainability, protection against potential risks, and value creation for all stakeholders. This Risk Management Policy is applied enterprise-wide across all business activities, including the Sharia unit.

In conducting its business activities, Tugu Insurance faces various risks that must be managed in a planned, systematic, and structured manner to minimize potential losses and optimize opportunities in achieving the Company’s objectives.

Risk Management Implementation is an integral part of Good Corporate Governance (GCG). The implementation of Risk Management at Tugu Insurance covers all business activities and interests, including the Sharia business unit, and refers to the Indonesian Financial Services Authority (Otoritas Jasa Keuangan/OJK) Regulation No. 28 of 2025 on the Implementation of Risk Management for Insurance Companies, Guarantee Institutions, and Pension Funds.

Types of Risks

In accordance with the provisions of the Financial Services Authority Regulation Number 28 of 2025 concerning the Implementation of Risk Management for Insurance Companies, Guarantee Institutions, and Pension Funds, Tugu Insurance carries out risk management for the following nine (9) types of risks:

  1. Strategic Risk, which is the risk arising from inadequacies in the formulation and/or implementation of strategic decisions, as well as errors in responding to changes in the business environment.
  1. Operational Risk, which is the risk arising from inadequacies and/or failure of internal processes, human error, system failures, and/or the occurrence of external events that affect the Company’s operations.
  1. Insurance Risk, which is the risk of failure of insurance companies, reinsurance companies, sharia insurance companies, and sharia reinsurance companies to fulfill their obligations to policyholders, insured parties, or participants, due to inadequate risk selection (underwriting), premium pricing or contributions, reinsurance arrangements, and/or claim settlement processes.
  1. Credit Risk, which is the risk arising from the failure of other parties to fulfill their obligations to the Company.
  1. Market Risk, which is the risk arising from the positions of assets, liabilities, equity, and/or administrative accounts including derivative transactions due to overall changes in market conditions.
  1. Liquidity Risk, which is the risk arising from the Company’s inability to meet liabilities falling due from funding sources, cash flows, and/or liquid assets that can be easily converted into cash, without disrupting the Company’s activities and financial condition.
  1. Legal Risk, which is the risk arising from lawsuits or legal claims and/or weaknesses in legal aspects.
  2. Compliance Risk, which is the risk arising when the Company does not comply with and/or fails to implement prevailing laws and regulations applicable to the Company.
  3. Reputation Risk, which is the risk arising from the decline in the level of trust of stakeholders due to negative perceptions toward the Company.

Risk Management Process

The Risk Management Process is the application of frameworks, policies, and risk management procedures that are carried out systematically for each type of activity, which inherently possesses different risk characteristics. The implementation of the Risk Management Process begins with communication and consultation, followed by establishing context, risk assessment, risk treatment, and concludes with monitoring and review of the risk management process. The stages of the Risk Management Process are as follows:

  1. Communication and Consultation,

This is an ongoing and effective process between the Company and relevant stakeholders to provide, share, and obtain information as well as conduct dialogue related to risk management.

  1. Scope, Context and Criteria

This stage is used as a reference in determining and considering internal and external factors that are important and relevant, and that may influence the achievement of the Company’s objectives.

Internal factors include organizational structure, business processes, and Company strategies. External factors include social and cultural aspects, political and legal regulations, business environment, technology, as well as national and global economic conditions.

  1. Risk Assessment

It is the process of identifying potential risks that may occur, followed by conducting analysis (measurement) and assigning attributes (criteria) based on the results of the analysis, so that an evaluation can be carried out regarding the priority level of risk treatment for those risks.

  1. Risk Identification

This is the process of identifying, recognizing, and determining the characteristics of risks inherent in each activity, event, or business transaction of the Company.

Risk identification must include risk sources and risk agents, as well as the causes of risks, both controllable and uncontrollable.Risk Analysis

  1. Risk Analysis

This is the process of examining risk characteristics, both qualitatively and quantitatively, through an understanding of the likelihood (probability) and impact resulting from the occurrence of such risks.

Risk analysis is carried out for all risks, including inherent risks, whether internal or external, to obtain comprehensive and relevant results that assist the Company in determining appropriate risk treatment actions and making decisions.

Risk analysis includes an assessment of the causes of risk and the availability of controls and/or risk mitigation measures.

  1. Risk Evaluation

This is the process of assessing the level of risk based on the results of risk analysis to determine priority risks that must be managed effectively and efficiently, in order to ensure the most optimal decisions for the Company.

  1. Risk Treatment

This is the process of selecting and implementing risk treatment measures based on risk analysis and evaluation through the determination of Company strategies and actions to minimize risk likelihood and/or impact (cost of risk), to achieve an optimal level of risk for the Company.

  1. Monitoring and Review

This is the process of monitoring risks on a regular basis, as well as evaluating the design and effectiveness of risk management processes.

Monitoring and review are conducted to ensure the continuous adequacy, accuracy, and effectiveness of the Company’s Risk Management implementation.

  1. Recording and Reporting

This is the process of recording and reporting risk management information, including risk identification, measurement, monitoring, and evaluation, as part of the Company’s work processes.

Implementation of Risk Management

  1. Active Supervision by the Board of Directors, Board of Commissioners, and Sharia Supervisory Board.

These governing bodies are responsible for ensuring the effectiveness of Risk Management implementation within the Company. Therefore, the Board of Directors, Board of Commissioners, and the Sharia Supervisory Board are required to:

  1. Understand the types of risks and the level of risks inherent in the Company’s business activities.
  2. Provide clear direction on the implementation of Risk Management.
  3. Conduct active supervision and mitigation of risks.
  4. Develop and strengthen the Company’s risk culture.
  5. Ensuring an adequate organizational structure along with duties and responsibilities to support effective implementation of Risk Management; and
  6. Ensuring the adequacy of the quantity and quality of human resources to support effective Risk Management implementation.
  1. Adequacy of Policies, Procedures, and Risk Limit Setting.

Effective Risk Management implementation must be supported by policies and procedures as well as risk limits that are aligned with the Company’s vision, mission, and business strategy. These policies are developed by considering the characteristics and complexity of business activities, risk levels, risk tolerances, as well as applicable regulatory requirements.

  1. Adequacy of Risk Identification, Measurement, Control, and Monitoring Processes and the Risk Management Information System.

The implementation of Risk Management in the Company refers to the SNI ISO 31000:2018 standard. The process includes risk identification, risk measurement, risk control, and risk monitoring, which are carried out periodically.

  1. Comprehensive Internal Control System.

An effective internal control system is the responsibility of all operational and supporting units.