8.

ENTERPRISE RISK
MANAGEMENT (ERM)

8.1 ERM General Framework

8.2 ERM Management and Control

8.3 ERM Improvement in 2023

8.4 ERM Future Plan 2024

8.1 ERM General Framework
PTI maintains the goal of the Risk
Management that is to ensure Corporate Governance
operations are efficient and achieve the
company's business target. BOD and Exco
Operation Principles: Risk Appetite Framework, policies and processes
• Standardize the whole of
operating processes of the Risk Culture
system.
• Every processes and
Operation
operations follows the same Risk Identification Risk assessment Measurement Process controlling
model:
Make - Check - Validate
Monitoring
Control activities are conducted
simultaneously: ERM Internal audit Fincon
 Pre-check: at the risk owners
 Post-check: 3 levels Reassure
(ERM/internal audit & Fincon) Risk management Internalstakeholder
control system Compliance management

2
8.1 ERM General Framework Risk Appetite

Risk Appetite Statement

PTI is consistent with this Risk Appetite as followings:
 Focus on bottom line
Reserving complies with regulation and benchmarks against international reserving standard to
Insurance risk ensure adequacy.
 Processes and operating conditions for retail products are completed and consolidated
 Short-tail business, low and moderate exposure and Catastrophe risk is protected at 1-250 level

Investment risk  Pursue safety and liquidity

 Follow solvency regulation of MOF

Credit risk  Maintain strict requirement on counterparty’s credit quality

 Digital transformation for governance and business operations

Operation risk  “Zero tolerance” for violation of guidelines and processes.
 Comply with regulations to avoid reputational risks.

3
8.1 ERM General Framework Risk monitor and report

MONITORING & REPORTING

Monitoring risk indicators through 3 levels and reporting risk profiles according to the risk appetite and warning thresholds

Reports Schedule
MOF • ERM annual report Yearly

• Evaluate effectiveness of risk management process and address shortcomings Quarterly

• Monitor the dashboard and risk tolerance thresholds
Level 3 Board of Directors • Approve internal risk management regulation Ad hoc

Weekly
EXCO & BOM • BOM meeting to report on operations and address identified issues Quarterly
• Review and report the outcome and status of risk management process, provide guidance for pending
issues Periodically
CEO • Monitor the compliance of risk management activities to applicable guidelines and regulation Monthly or ad hoc
Level 2

Ad hoc
ERM • Make the draft of risk management regulation d hoc
division • Conduct analysis on incidents and emerging risks Quarterly
• Review the regulation/process of each division and revise them to enhance risk management Quarterly/monthly
• Report the outcome and status of risk management process
Weekly
• Management meeting to appropriately address the risk treatments according to arising issues
Daily
• Division meeting to systematically track the identified risks
Level 1 Business divisions

4
8.1 ERM General Framework Key risks

• Company-wide risk identification and evaluation is conducted at least once a year.

• Findings are reported to the Risk Management Committee.
• Risk controls are amended accordingly to enhance management of material risks.

Risk ID Category Risk name

KRIs
R1 Operation Risk Brand and Reputation Risk

R2 Operation Risk IT System Disruption Risk

R3 Operation Risk Personnel Risk R15

R3
R4 Legal & Compliance Risk Compliance Risk

R5 Financial Risk Market Share

Risk level
High Risk
R6 Financial Risk Combined Ratio R5
R11
Medium Risk
R7 Financial Risk ROE Low Risk
R6
R8 Financial Risk Solvency

R9 Financial Risk Net Retention Limit

R2
R8 R13
R10 Financial Risk ROI
R7 R9
R11 Credit Risks Counter Party Credit Risk R1 R4 R12 R14

Market Concentration Risk

R12 Investment Risks
in Investment
R13 Underwriting Risks Pricing Risk

R14 Underwriting Risks Claim Reserve Risk

R15 Underwriting Risks Nat Cat Risk

5
8.1 ERM General Framework Key risks

Top Risks:
The most recent company-wide risk identification and evaluation found the following top risks:
• Nat Cat (Underwriting Risk, R15)
• Personnel (Operation Risk, R3)
• Market Share (Financial Risk, R5)
• Counter Party Credit (Credit Risk, R11)
• Combined Ratio (Financial Risks, R6)
For each of the Top 5 risks identified, plans are in place to better manage them:
• Nat Cat Risk: Monitor and control risk accumulation by location and event limit terms. XOL protection at 1-250. Stress test
at 1-250
• Market Share: Rebalance product revenue proportion and identify strategic products. In addition, consolidate major sales
channels as well as corporate customers to have appropriate policies.
• Personnel Risk: Complete the organizational structure and job roles, build a personnel development roadmap for each
position to stabilize system operations. Focus on appropriate and attractive salary as well as benefit policies to stabilize
personnel.
• Counter Party Credit Risk: Following criteria to carefully select counterparties of reinsurance and investment. Actively
monitor change of reinsurers’ profile. In addition, rigorous customer KYC to filter out customers with bad histories
• Combined Ratio: Monitor and control high insurance risks. Ensure surveying and claim handling processes are fully
complied.

6
8.1 ERM General Framework Key Risk Indicator

 Risk tolerance criteria are being reviewed and approved by Board of Directors and closely monitored within ERM
framework in line with available equity, annual plan.
 In 2023, combined ratio slightly exceeded the warning threshold due to high loss ratio of healthcare product

Key Risk Indicators (KRIs)

No Criteria Tolerance 2021 2022 2023F 2024F 2025F

1 Combined ratio <= 100% 96.5% 108.6% 100.6% 97.2% 97.1%

Overall profitability -- Return

2 >= 6% 12.5% -17.2% 6.8% 11.7% 10.5% 
on Equity (ROE)

Capitalization --Regulatory
3 >=120%* 168% 117% 161% 174% 183% 
solvency

Internally Internally Internally Internally Internally

4 Net retention limits No deviation Audited Audited Audited & Audited & Audited & 
& Controlled & Controlled Controlled Controlled Controlled

5 ROI >=6% 6.7% 5.5% 7.8% 7.0% 6.5% 

Minimum at A- for leading treaty and

Review Review Review Review Review
6 Rating for oversea reinsurers min B++ for facultative reinsurance for 
Annually Annually Annually Annually Annually
maximum share of 10% of a risk.

• According law, regulatory solvency must be greater than 100%

7
8.2 ERM Management and Control Risk Management & Risk Profile

PTI's operations and management are organized vertically and horizontally, which are working in a proper way to manage
their own risks.
Additionally, all the risks are strictly managed by the ERM Division & the Corporate Governance system as a whole.

PTI's operations and management are organized vertically and horizontally

• The vertical approach:
- Function map: managing based on organization structure
- Clear definition of authority, responsibility and levels of management

• The horizontal approach:

- Client map: Customer management
- Product map: Product management
- Governance map: Corporate governance
- Ensuring thorough management of product life cycle and customer journey

8
8.2 ERM Management and Control Risk Management & Risk Profile

PTI's operations and management are organized vertically and horizontally, which are working in a proper way to manage their own risks.
Additionally, all the risks are strictly managed by the ERM Division & the Corporate Governance system as a whole.
PTI's operations and management are organized vertically and horizontally.

Vertical Approach Horizontal Approach

Clear definition
of authority, Client Client Product Product Governan Corporate
responsibility and Map Management Map Management ce Map Governance
levels of
management

Ensuring thorough management of product life cycle

Management based on organization structure
and customer journey

9
8.2 ERM Management and Control Risk Management & Risk Profile

1
Pricing Risk • Standardization of data and actuarial pricing methods
 Collect adequate data to validate the reasonableness of the underlying
assumptions used for deriving the base rate of the product.
 Ensure that premium is calculated based on product expenses, distribution
expenses and operating expenses.
 The premium and compensation structure for intermediaries are consistent
between products of similar features/duration and distribution channels so as
to minimize possible lapse and re-entry or churning, and channel conflicts.
2
Underwriting Risk • Issue clear underwriting management rules and ensure strict compliance
 Build a standard and informative proposal form set.
 UW guideline & authorization schedule for each line of business.
 Diversify Product with various regions and distribution channels.
 Site survey are compulsory in deploying commercial lines products.
 All products must have a set of warning indicators and be evaluated for
product quality and effectiveness to make timely adjustments.
 Monitor accumulation.
3
Reserving Risk • Adequate reserving risk management
 Regularly conduct retrospective review of the reserve’s adequacy by external
auditors
 The booked reserves are benchmarking with international standards by
actuary team annually.
10
8.2 ERM Management and Control Risk Management & Risk Profile

Pricing Distribution

Collect adequate data for validating Review literature

underlying assumptions used to derive
the base rate of products related to your topic.

Ensure the

11
8.2 ERM Management and Control Risk Management & Risk Profile

4
Claim handling risk • Digitalize Claim management tools

 Apply technology in claims procedure to reduce frauds.

 Enhance supervision of moral hazard and conducting site survey/scene inspection.
 Add approval and validation steps in the claim settlement and assessment processes.
 Implement centralized claim processing for retail and commercial lines products

• Compliance culture: PTI is confident that operational risk management is adequate for risk
5
Operational Risk
profile.
 Set up corporate governance policies/ process for whole system
 Strong compliance is required in all business units / lines.
 The IT division has data back-up and recovery plan to prevent loss from system failure.
 Implement data standardization and process digitization.
 PTI uses internal & external auditing to control operational risk, proactively identifies and
responds to change of macro-environment to mitigate strategic risk.
 Law & National Regulations – impact to PTI is neutral to positive. We closely monitor regulatory
change and respond quickly.

12
8.2 ERM Management and Control Risk Management & Risk Profile

6 Credit Risk & • Following criteria to carefully select counterparties of client, reinsurance and investment.
Market Risk
 Classify customers and partners to establish a filter, avoiding risk from customers with histories of
bad losses and debts.
 Reinsurers panel are with good settlement rating and good track record of claim and comply with
the regulations and criteria for reinsurers when engaging in PTI’s contract.
 The Investment Council approves the list of banks and maximum deposits according to their rating
as well as standards

• Investment Guideline is appropriate for managing investment portfolio

 Board of Directors approves the maximum investment proportion for limited activities under MoF
regulations and the target of Solvency ratio and BCAR.
 The Investment Council approves all investment limits and activities.
 Investment internal regulation stipulates diversification, criteria of the collaterals of the corporate
bonds and revised by the Investment Council when needed.
 Authorization schedule and risk limits are in place and well followed.

• Reinsurance risk management is adequate for reinsurance risk profile.

 Perform stress testing to assess impact by the worse scenario. At 1-250 period, the capital loss is
below 1%.
 Design suitable reinsurance programs for business operations
 Diversify the market and avoid ceding large share to one or two reinsurers.
 Follow both MOF minimum rating requirements on reinsurers and own-built strict reinsurance
selection criteria: Minimum at A- for leading treaty and min B++ for facultative insurance with max
13 share of 10% of risk but not more than max limit capacity for each type of risk (Cat).
8.2 ERM Management and Control Stress Tests

 PTI regularly perform Stress Tests to evaluate Capital Adequacy in worst scenarios.

• 1-250 year loss – Stress Test

• Pandemic Loss – Stress Test

• Largest Actual Claims – Stress Test

• Credit Risk Loss - Stress Test

Details are showed in Capital Management Section

14
8.3 ERM Improvement in 2023
According to Circular 70 of the MOF on risk management at enterprises, PTI's risk management model has fully met the
requirements and is gradually becoming more standardized.
Risk Management Objectives
Business Continuity Plan
Change from Solvency I to Risk Based Capital (RBC)
ERM Culture
Standardize organizational structure and expertise
Mark Highlights
 We have developed business contingency plans (BCP) for emergency
situations. This plan is being submitted to the Board of Directors and
the Board of Members for approval.
 We have provided data and contributed opinions to the Insurance
Association of Vietnam and the MOF to build the RBC for Vietnam
Insurance Market
 Expected to take effect in 2028
 Coordinate with the legal department to revise and promulgate
compliance frameworks and internal regulations
 Quarterly, we broadcast a news program on risk management and have
exam tutoring lessons for PTI officials
 Separate the Finance and Accounting Division into the Payments
Supervision Center and Fincon – Accounting Control Center to ensure
clear a M-C-V process
 Standardize job roles and management methods from HO to branches.
Clearly define system operation and business management positions
and each employee leads their own span of accountability

15
8.3 ERM Improvement in 2023
PTI has invested in developing technologies for data analysis, data governance, product development and pricing models
to standardize business operations
Risk Management Objectives
Data and reports governance
Improve pricing capabilities for motor
insurance products
Product management system - PMS
Knowledge management system - KMS
16
Mark Highlights
 Finished building the codebook and management tool
 Currently building a data analysis system with BI reports;
 Chuẩn hóa lại nguồn dữ liệu khách hàng
 PTI is in cooperation with Munich Re and is in the process of completing the
project with the following objectives:
• Data analytics, Product management;
• Building dashboards for BI reports;
• New Motor pricing methodology
 PTI has completed building PMS software for product design and management,
including:
• Specify sets of fee and commission adjustment parameters,
• Set monitoring, review or stop thresholds for each product
• Each product must comply with correct design principles and go through
all M-C-V steps
 Completing the KMS website for company officials to access and obtain
information such as:
• Product information
• Product policy
• Register for courses
This helps the sales team understand the product structure and operating policies
while also being aware of the training roadmap for each position to plan individual
training participation.
8.3 ERM Improvement in 2023
PTI has enhanced risk management capabilities based on the ERM plan
In respect of Underwriting Risk, PTI has taken measures and concentrated on managing the arising of credit & compliance risks.
Risk Management Objectives
Avoid fraud risks
Minimize errors in policy issuance
administration
Control process-level risks by Digital
Transformation.
17
Mark Highlights
 Reviewed all contracts with associated garages nationwide, accordingly including
anti-bribery clauses in the contract with PTI;
 Currently rebuilding motor spare parts cost database;
 Implemented an improved application for collecting documents to increase
customer experience in parallel with document management including:
• Authenticate with face ID
• Documents are scanned directly instead of using attachments to avoid digital
editing
 Reorganized the organization model for the plan to build centralized claim centers
for commercial products in the North and the South
 Issue product management principles: which clearly stipulate the principles for
qualifying insurance subjects and the set of criteria for qualifying sales teams
(eligible to sell according to product classification from simple to complex)
 Ceased the distribution of products that pose high legal risks (e.g. Vung Tam An, Bao
An Tin Dung…)
 Motor Insurance: deploying an automatic vehicle valuation tool for cars with less
than 9 seats and using AI in risk assessment when issuing insurance certificate
 Personal Accident and Healthcare Insurance: Comprehensive digitalization of sales
and post-sales processes
 Added validation and qualifying tools for high risks.
8.4 ERM future plan 2024 Enhance the capability for risk management

Focus on managing risks arising from claim processes

• Establishing a centralized compensation center.
• Complete and promulgate regulations on client governance and transaction governance
• Re- organize the nationwide insurance surveyor network to meet the HO standards
• Managing each tasks of processes claim with digital application (Added validation and qualifying tools for each step)
• Promote verification and inspection to detect insurance fraud as well as the proper handling of such cases

Risk management in determining compensation costs

Motor:
• Building & researching the use of Ai in surveying work & Upgrade Insurance Surveyor App
• Completing motor spare parts price database to serve claim processing
PA & Healthcare product:
• Medical facility price management: Start building a price database by collecting medical facility prices.
During the process of claim processing and guaranteeing hospital fees, claim officers can compare and appraise prices directly.
• Build a Community Health Care Board, including a health care and medical service consulting center to guide and nurture
customer attitudes in improving health care and using medical services when necessary and appropriate.

18
8.4 ERM future plan 2024 Enhance the capability for risk management

Build risk governance indicators to control risks in Product programs

• Standardize retail product programs installed into PMS, including full set of monitor, review or stop thresholds for each
Product
• Complete the Power BI reports and dashboards for operations and set up automatic warning indicators

Other

• Strengthen the risk management culture, set of professional ethical standards.

• PTI will support more staffs to have more internal actuary, it can enhance to manage the risk from reserve and new product
• Re-authenticate all customer information, issue customer classification criteria and principles for attaching care-by to
customers to ensure product management and product service activities are not disrupted and risks are controlled.
• Focus on appropriate and attractive salary as well as benefit policies to stabilize personnel

19
ERM Section Recap

• PTI continuously promotes risk management activities to strengthen control management and
minimize risks and ensure common standards including:
• Product governance
• Client governance
• PTI ensure business operations comply with the standard framework, a comprehensive risk
appetite and KRIs.
• PTI prioritizes the development of technology applications and digital transformation in
business and management activities
• Learn & Grow:
• PTI continue developing projects to strengthen pricing capabilities and tools.
• Cultivate a risk culture across the organization