Standards re Enterprise Risk Management for Solvency Purposes for Insurance Companies

1 CBUAE Classification: Public Standards re Enterprise Risk Management for Solvency Purposes for Insurance Companies

2 CBUAE Classification: Public Table of contents Topic Page Introduction 3 Scope 4 Objective 4 Definitions 4 The ERM framework 8 Roles and Responsibilities 9 Risk Identification and Assessment 12 Group Considerations 13 Policies and Processes 14 ORSA 15 Enforcement 17

3 CBUAE Classification: Public Introduction The Central Bank of the UAE has issued the Risk Management and Internal Controls Regulation and Standards for Insurance Companies (Circular No. 25/2022), the Corporate Governance Regulation and Standards for Insurance Companies (Circular No. 24/2022) the Recovery Planning Regulation (Circular 4/2023), the Insurance Group Supervision Regulation (Circular 4/2025), Decision No. (25) of 2014 Pertinent to Financial Regulations for Companies and Decision No. (26) of 2014 Pertinent to Financial Regulations for Takaful Companies collectively referred to in these Standards as the “Relevant Regulations”. These “Relevant Regulations” introduced a comprehensive regulatory approach to Risk Management, including a requirement that Companies must have robust systems to identify, assess, measure, monitor, control and mitigate material sources of risk on a timely basis. Moreover, the “Relevant Regulations” require Companies to submit their Own Risk and Solvency Assessment (ORSA) at least annually in order to: • assess the adequacy of their Risk Management and their current and prospective solvency positions; • enable them to make judgement about current and future risks that could materialise into capital needs; and • anticipate potential business challenges, capital needs and to take proactive steps to reduce risks. The “Relevant Regulations” also require Companies to have a forward-looking Stress Testing programme as part of its comprehensive approach to Risk Management, and the results of the Stress Testing program must be reflected on an on-going basis in the Company’s Risk Management. Companies must also develop recovery plans to enhance their resilience to periods of severe financial stress and set out actions to stabilize their operations, restore their financial position and preserve their overall viability. The Central Bank notes the importance of Enterprise Risk Management for Solvency Purposes (ERM) as the coordination of Risk Management, strategic planning, Capital Adequacy and financial efficiency, which should result in enhanced insight into an insurer’s Risk Profile and solvency position. To this end, these Standards set out how Companies must identify and manage interdependencies between key risks, and how these are translated into management actions related to strategic, capital and liquidity planning matters. These Standards are issued pursuant to, and supplement, the Risk Management and Internal Controls Regulation and Standards for Insurance Companies (Circular No. 25/2022). These Standards are mandatory and enforceable in the

4 CBUAE Classification: Public same manner as the Risk Management and Internal Controls Regulation and Standards for Insurance Companies. The Central Bank will apply the principle of proportionality in the enforcement of these Standards, whereby smaller Companies may demonstrate to the Central Bank that the objectives are met without necessarily addressing all of the specifics cited therein. The Central Bank will decide on the extent to which a Company is expected to meet the requirements. Scope These Standards apply to all Companies. Companies established in the UAE with Group relationships including Subsidiaries, Affiliates, or international branches, must comply with these Standards on a solo and Group-wide basis to conduct ORSA, which constitutes an important element of their Enterprise Risk Management framework ERM. Branches of foreign Companies must adapt these Standards to develop an ERM framework that is tailored to their local operations. Objective In issuing these Standards the Central Bank is seeking to establish requirements for Companies to implement an Enterprise Risk Management (ERM) framework for solvency purposes with the objective to:

1. identify, measure, report and control risks in an integrated and ongoing manner;
2. assess the adequacy of Risk Management and capital relative to the Company’s Risk Profile;
3. promote sound risk governance and strong Risk Culture across all levels of the Company;
4. support strategic decision-making, including underwriting, investment, and capital planning; and
5. facilitate the Company’s Own Risk and Solvency Assessment (ORSA).
6. Definitions The following terms shall have the meaning assigned to them for the purpose of interpreting these Standards: 1.1 Affiliate: An entity that, directly or indirectly, controls, is controlled by, or is under common control with another entity. The term “control” as used herein shall mean the holding, directly or indirectly, of voting rights in another entity, or of the power to direct or cause the direction of the management of another entity. 1.2 Asset-Liability Management (ALM): A Company’s coordination of decisions and actions taken with respect to assets and liabilities through the ongoing process

5 CBUAE Classification: Public of formulating, implementing, monitoring and revising strategies related to assets and liabilities to achieve the insurer’s financial objectives, given the Risk Appetite and other constraints. 1.3 Beneficiary: a Person who initially acquired the rights of an Insurance Policy or to whom such rights are legally transferred. 1.4 Board: The Company’s board of directors. 1.5 Capital Adequacy: The adequacy of capital resources relative to regulatory capital requirements. 1.6 Central Bank: The Central Bank of the United Arab Emirates. 1.7 Central Bank Law: Federal Decree-Law No. (6) of 2025 Regarding the Central Bank, Regulation of Financial Institutions and Activities, and Insurance Business. 1.8 Company: An Insurance Company or a Reinsurance Company, including Takaful Insurance Companies. 1.9 Enterprise Risk Management (ERM): The strategies, policies and processes of identifying, assessing, measuring, monitoring, controlling, reporting and mitigating risks in respect of the Company’s enterprise as a whole. 1.10 Group: A group of entities which includes an entity (the ‘first entity’) and: a. any Parent of the first entity; b. any Subsidiary of the first entity or of any Parent of the first entity; and c. any Affiliate. 1.11 Insurance Company: Any juridical person, licensed in accordance with the provisions of the Central Bank Law and the regulations issued in implementation thereof to carry on insurance business and activities in the State 1.12 Insured: A Person that enters into an Insurance Policy with an Insurance Company for their benefit, the benefit of the named Insured, or for the benefit of the Beneficiary. 1.13 Model: A quantitative method, system, or approach that applies statistical, economic, financial, or mathematical theories, techniques, and assumptions to process input data into quantitative estimates. 1.14 Own Risk and Solvency Assessment (ORSA): an internal process undertaken by a Company/ Group to assess the adequacy of its Risk Management and current and prospective solvency positions under normal and severe stress scenarios. It

6 CBUAE Classification: Public requires a Company to analyze all reasonably foreseeable and relevant material risks. It covers current and future risks and requires Company-specific judgment about Risk Management and the adequacy of their capital position that could have an impact on its ability to meet both its business objectives as well as its policyholder obligations. This encourages management to anticipate potential business challenges, capital needs and to take proactive steps to reduce risks. ORSA is not a one-off exercise. It is a continuously evolving process and must be a component of a Company’s ERM framework. Whilst there is not one specific way of conducting an ORSA, the output is expected to be a set of documents that demonstrate the results of management's proactive approach to its own self￾assessment. 1.15 Parent: An entity (the 'first entity') which: a. holds a majority of the voting rights in another entity (the 'second entity'); b. is a shareholder of the second entity and has the right to appoint or remove a majority of the Board or managers of the second entity; or c. is a shareholder of the second entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the second entity; Or d. if the second entity is a subsidiary of another entity which is itself a subsidiary of the first entity. 1.16 Participant: An individual that holds a Participation Membership Policy and a Takaful Insurance Policy, who undertakes to regularly pay the Contribution, and who, or his/her legal heirs or assignees, where assignment is allowable, shall have the right to receive compensations or benefits provided by the Participants’ Account. 1.17 Reinsurance Company: Any juridical person licensed in accordance with the provisions of the Central Bank Law and the regulations issued in implementation thereof to carry on reinsurance business and activities. 1.18 Relevant Regulations: The Risk Management and Internal Controls Regulation and Standards for Insurance Companies (Circular No. 25/2022), the Corporate Governance Regulation and Standards for Insurance Companies (Circular No. 24/2022) the Recovery Planning Regulation (Circular 4/2023), the Insurance Group Supervision Regulation (Circular 4/2025), Decision No. (25) of 2014 Pertinent to Financial Regulations for Companies and Decision No. (26) of 2014 Pertinent to Financial Regulations for Takaful Companies. 1.19 Risk Appetite: The aggregate level and types of risk a Company is willing to assume, within its risk capacity, to achieve its strategic objectives and business plan.

7 CBUAE Classification: Public 1.20 Risk Culture: The set of norms, values, attitudes and behaviours of a Company that characterizes the way in which it conducts its activities related to risk awareness, risk taking and Risk Management and controls. 1.21 Risk Limits: Quantitative measure based on a Company’s Risk Appetite, which gives clear guidance on the level of risk to which the Company is prepared to be exposed and is set and applied in aggregate or individual units such as risk categories or business lines. 1.22 Risk Profile: Point in time assessment of the Company’s gross and, as appropriate, net risk exposures aggregated within and across each relevant risk category based on forward looking assumptions. 1.23 Risk Management: The process through which risks are managed allowing all risks of a Company to be identified, assessed, monitored, mitigated (as needed) and reported on a timely and comprehensive basis. 1.24 Scenario Analysis: A method of assessment that considers the impact of a combination of circumstances to reflect historical or other scenarios which are analysed in light of current conditions. Such analysis may be conducted deterministically or stochastically. 1.25 Stress Testing: A method of assessment that measures the financial impact of stressing one or more factors which could severely affect the Company, based on several but plausible scenarios. 1.26 Senior Management: The individuals or body responsible for managing the Company on a day-to-day basis in accordance with strategies, policies and procedures set out by the Board, generally including, but not limited to, the chief executive officer, chief financial officer, chief risk officer, and heads of the compliance and internal audit functions. 1.27 State: The United Arab Emirates. 1.28 Subsidiary: An entity (the 'first entity') is a subsidiary of another entity (the 'second entity') if the second entity: a. holds a majority of the voting rights in the first entity; b. is a shareholder of the first entity and has the right to appoint or remove a majority of the Board of directors or managers of the first entity; or c. is a shareholder of the first entity and controls alone, pursuant to an agreement with other shareholders, a majority of the voting rights in the first entity; Or d. if the first entity is a subsidiary of another entity which is itself a subsidiary of the second entity.

8 CBUAE Classification: Public 1.29 Takaful Insurance: A scheme intended to achieve solidarity and cooperation among a group of Participants to address certain risks, whereas each Participant makes a contribution to the Takaful Insurance Fund, based on the concept of ‘Tabaru’. Such fund bears the responsibility of paying compensation to those entitled to it in the event that specific risks materialize. 1.30 Takaful Insurance Company: An Insurance Company that carries on insurance business and activities in accordance with the rules and principles of Islamic Shariah, and the Central Bank Law and the regulations issued in implementation thereof. 1.31 Takaful Insurance Fund: A Fund that is established by a (Re)Takaful Insurance Company or an Insurance Company licensed to carry on Takaful insurance business and activities in accordance with the rules and principles of Islamic Shariah, and the Central Bank Law and the regulations issued in implementation thereof. 2. The ERM Framework 2.1 The ERM framework must set out how the Company identifies and manages interdependencies between key risks and how these risks are translated into management actions related to strategic, capital and liquidity planning. It involves the self-assessment of all reasonably foreseeable and relevant material risks that the Company faces and their inter-relationships, and establishing a link between on￾going operational management of risk and long-term business goals and strategies. Through ERM a Company must form a prospective and holistic view of its Risk Profile as well as capital and liquidity needs, to coordinate its business strategy, Risk Management and capital allocations for the purpose of achieving maximum financial efficiency and adequate protection to the Insureds and Beneficiaries. 2.2 The components of the ERM framework include: a. risk identification (including Group risk and interdependencies between risks); b. quantitative techniques to measure risk; c. inter-relationship of Risk Appetite, Risk Limits and Capital Adequacy; d. Risk Appetite statement; e. ALM, investment, underwriting, and liquidity risk management policies; f. ORSA; and g. recovery planning.

9 CBUAE Classification: Public The ERM framework must ensure consistency between ORSA outcomes, Stress Tests and recovery planning. The ORSA must be used as a key input in the Company’s Recovery Plan to ensure alignment between risk assessment and contingency planning. 2.3 A Company must integrate its ERM framework into its systems of Risk Management. It must ensure that the Board, Senior Management and relevant employees understands material risk types, their characteristics, interdependencies and the sources of these risks, as well as their potential aggregated financial impact on the business for a holistic view of risk at the enterprise level. 2.4 A Company is required to manage its risks within a framework that includes self￾imposed limits. For this purpose, the Company must establish a Risk Limits structure to set guardrails on its Risk Profile without endangering its ability to meet its commitments to policyholders. 2.5 Risk Limits must be established after considering the strategic objectives, business plans and circumstances. The Company must also consider its solvency position and its Risk Appetite, and must take into account the projected outcomes of scenarios run using a range of plausible future business assumptions which reflect plausible but severe stress events. 2.6 With regard to Takaful Insurance: a. A Company must be evaluated both at the consolidated level and individually across its key components including the Takaful Insurance Fund, the Participants investment account, and the shareholders’ account. b. The ERM framework must account for the distinct risks inherent in the Takaful Insurance business, including the critical risk of Shariah non￾compliance. Any failure to adhere to Shariah principles may give rise to significant operational, reputational and/or legal risks, which must be proactively identified and managed by the Company. 3. Roles and Responsibilities The “Relevant Regulations” require Companies to have policies and procedures that describe the governance of Risk Management across the business including roles and responsibilities, reporting lines, methodologies, controls, systems and reviews in relation to Risk Management. This Article focuses on roles and responsibilities related to establishing and facilitating efficient and comprehensive ERM, which must be considered within a broader context of various roles and responsibilities set out in the “Relevant Regulations”.

10 CBUAE Classification: Public 3.1 The Board The Board must be in control of the Company and bears ultimate responsibility for ensuring that there are effective systems of Risk Management at the Company. To this end the Board must: a. establish and oversee an effective ERM framework that is supported by sufficient resources. The Board must consider current and emerging risks that could affect the Company’s ability to meet its liabilities towards policyholders; b. review the adequacy and effectiveness of the ERM framework, including the ORSA, and to challenge the results and assumptions used as part of its strategic and other business decisions making; c. ensure that there is a clear process to incorporate the results of the ERM framework, including ORSA, in the business planning process; d. direct Senior Management on how the ERM framework, including ORSA process, can be improved and how their results can be used in decision making; e. ensure that the Board-approved Risk Appetite statement and Risk Limits are clearly defined and communicated throughout the Company; f. ensure that all relevant and material risks are being identified, including emerging risks, such as climate￾related risks, AI and cybersecurity threats and pandemic risks; g. ensure that the Company’s Board-approved Risk Appetite statement is considered during the business planning process; and h. ensure that the Stress Testing program and its results provide a meaningful view of the Company’s Risk Profile. 3.2 The Risk Committee The risk committee must conduct the following:

11 CBUAE Classification: Public a. advise the Board on articulating and monitoring of the Company’s Risk Appetite as well as key Risk Management policies and procedures; b. review the identification, measurement, monitoring and management of material risks and any areas of non￾compliance with the ERM framework; c. regularly report to the Board on matters of Risk Management and escalate issues of importance when necessary; d. advise the Board in risk quantification that may include appropriately challenging or validating Models, stresses and scenarios used and its results. The Board may take into consideration the input of Control Functions in this regard; e. advise the Board in reviewing the adequacy and effectiveness of the ERM framework; and f. advise the Board on conduct and consumer protection risks, including but not limited to sales, claims, disclosure and product suitability. 3.3 Senior Management Senior Management must ensure the following: a. day-to-day activities are carried out in accordance with the approved policies and procedures of the ERM framework and in line with the Risk Appetite statement; b. there is regular risk monitoring and risk reporting to the Board and/or risk committee and that material issues and non-compliance with the ERM framework are quickly escalated; c. appropriate communication channels are established such that all relevant staff understand and adhere to the policies and procedures of the ERM; and d. there is regular risk monitoring and risk reporting to the Board and/or Risk Management committee in terms of conduct risk, product suitability and fair treatment of customers. e. handling complaints from Insureds and Beneficiaries in a timely and transparent manner, including having documented procedures for the receipt, acknowledgment,

12 CBUAE Classification: Public verification, and resolution of complaints within defined timeframes. Senior Management must ensure that all obligations towards Insureds and Beneficiaries are met by the Company in a manner that upholds the principles of fairness, integrity, and good faith. 3.4 Risk Management Function The Risk Management function must provide support to the Board, risk committee and Senior Management in establishing and implementing appropriate policies and procedures in relation to the ERM framework. The scope of support must include solvency, capital and liquidity planning, product management, business planning, reinsurance and risk transfer strategy/ re-takaful insurance and risk sharing strategy, ALM and investment strategies. 4. Risk Identification and Assessment 4.1 Risk Identification a. For ERM purposes a Company must identify and assess all reasonably foreseeable and relevant material risks and their interdependencies as detailed in the Risk Management and Internal Controls Regulation and Standards for Insurance Companies. b. For Takaful Insurance, a Company must take into consideration the unique risks related to its business model such as Shari’ah non-compliance risk, risks arising from the segregation of Takaful Insurance Fund and others, and risks relating to the use of conventional reinsurance. 4.2 Causes of Risk and Relationship Between Risks When assessing risk exposures, consideration must be given to correlations between risk events which could lead to extreme losses for a Company. Risks that exhibit limited dependence under normal economic conditions, such as market risks, could become more correlated in a stress scenario. For example, downgrades from rating agencies and other adverse events that affect the Company’s reputation can lead to a large number of policy terminations and consequently to severe liquidity issues. 4.3 Risk Measurement a. A Company must have policies and procedures related to risk quantification. It should assess the level of risks on a sufficiently regular basis, in terms of the potential impact and the probability of occurrence, using appropriate forward-looking techniques;

13 CBUAE Classification: Public b. Risk quantification must include several techniques, Models and scenarios for the effective risk and capital management. The most common and effective techniques for assessing risks and their impact include Stress Testing and Scenario Analysis. 4.4 Inter-relationship between Risk Appetite, Risk Limits and Capital Adequacy a. The ERM framework must reflect the following:

1. how the Company’s systems of Risk Management coordinates with strategic planning and management of capital in terms of level and quality; and
2. how the Company’s systems of Risk Management aligns with, supports and is integrated with its corporate objectives, strategy and current circumstances to maintain Capital Adequacy and solvency and to operate within the Risk Appetite and Risk Limits. b. The ERM framework must consider the Company’s reinsurance arrangements and how they:
3. reflect on the Company’s Risk Limits structure;
4. play a role in mitigating risk; and
5. impact the Company’s capital needs.
6. Group Considerations 5.1 a. A Company with Group relations may adopt the ERM framework of the Group, subject to the ERM framework fulfilling the requirements set out in the “Relevant Regulations” and to the Central Bank assessment that the Group ERM framework meets those requirements and is appropriate for the Company’s Risk Profile. b. The ERM framework of a Group should address the direct and indirect interrelationships between legal entities within the Group. c. A Company must appropriately address the risks that are generated from cross-border relationships within its ERM framework in a manner that ensures that obligations towards the Insureds and Beneficiaries are adequately met.

14 CBUAE Classification: Public 5.2 a. If a Company adopts the Group’s ERM framework, it must take into account the Company’s specific circumstances and requirements and adjust the framework accordingly. b. The Company must document how the Group ERM framework has been adapted to its specific circumstances and obtain Board approval for its adoption. The Central Bank may request documentation or conduct inspections to assess the adequacy of the adopted Group ERM framework and its implementation at the Company level. 6. Policies and Processes The ERM framework must contain, the following policies, process and arrangements, which must be documented and made subject to independent periodic review: 6.1 An ALM policy which specifies the nature, role and extent of ALM activities and their relationship with product development, pricing functions and investment management. The ALM policy must set out how: a. the investment and liability strategies allow for the interaction between assets and liabilities; b. the liability cash flows will be met by the cash inflows; and c. the economic valuation of assets and liabilities will change under a range of different scenarios. 6.2 An investment policy that addresses the following matters: a. outlines how investment risk is managed according to the Company’s Risk Appetite and Risk Limits structure; b. specifies the nature, role and extent of the Company’s investment activities and how the Company complies with regulatory investment requirements; and c. establishes explicit Risk Management procedures with for more complex and less transparent classes of assets and investments in markets or instruments that are subject to limited governance or regulation. 6.3 An underwriting policy that addresses the following matters: a. the Company’s underwriting risk according to the Company’s Risk Appetite and Risk Limits structure; b. the nature of risks to be underwritten, including any material relationship with macroeconomic conditions; and

15 CBUAE Classification: Public c. interaction of the underwriting strategy with the Company’s reinsurance strategy and pricing. 6.4 A Company must have in place strategies, policies and processes to address liquidity risk, in order to maintain adequate liquidity to meet the Company’s liabilities as they fall due in normal and stressed conditions. The liquidity risk management policies and processes must include the following: a. liquidity Stress Testing; b. maintenance of a portfolio of unencumbered liquid assets. The assets must satisfy all the following conditions, at a minimum:

1. the asset can be swiftly converted into cash;
2. the Company assessed the asset to be of low credit risk;
3. the Company can easily obtain a transparent valuation of the asset;
4. the asset shows low correlation with other risky assets;
5. the asset is tradable in consistently active markets;
6. the asset is reliable source of liquidity during stress. c. a contingency funding plan describing the strategies for addressing liquidity shortfalls in stress situation; d. taking into account data generated from handling Insureds’ and Beneficiaries’ complaints, for the purpose of ensuring that timely payments to the Insureds and Beneficiaries are made under all conditions; e. assessment of the impact of the ceding Company’s reinsurance programme on its liquidity management and making arrangements with their reinsurers aimed at mitigating the liquidity risk, e.g. including in reinsurance contracts clauses that trigger accelerated payment of amounts due from reinsurers in case of a large claim and/or the use of collateral or deposit accounts, giving the ceding Company access to funds as needed; and f. providing the Central Bank with a liquidity risk management report. The Central Bank shall determine how the report is going to be presented, the reporting dates and the content of such reports.
7. ORSA The ORSA report must be consistent with the requirements outlined in Article (3) of the Risk Management and Internal Control Regulations and Standards for Insurance Companies. It must address the following: 7.1 An assessment of the adequacy of the Company’s risk management and solvency positions (both current and future) under normal and stress scenarios. The aim of the ORSA is to ensure that the Company is adequately capitalized and has access to additional sources of capital if needed.

16 CBUAE Classification: Public 7.2 An assessment of the current, and likely future, financial soundness of the Company across a range of scenarios; and address reasonably foreseeable and relevant material risks. The ORSA report must include the Company’s year-end solvency position as well as the projected solvency positions for the subsequent (12) quarters (at least) following the year-end, indicating the solvency ratios and the Company’s ability to meet regulatory capital requirements. 7.3 An analysis of all reasonably foreseeable and relevant material risks, including at a minimum, underwriting, investment, credit, operational, and liquidity risks and any additional risks arising from the Company’s activities and operations. 7.4 Incorporate climate-related financial risks into the ORSA to take account of, and record, the impact on capital adequacy and solvency as per Article (5) of the Climate-related Financial Risk Management Regulation. 7.5 A detailed information on the actual outcomes of applying the ORSA over the period, relative to the planned outcomes in the previous ORSA report (including the analysis of the Company's actual capital position relative to the regulatory capital requirements and the Company's capital targets, and actual-versus-planned management actions). 7.6 Description of policies and procedures for the identification, measurement, monitoring, management, and reporting of risks (both short and long-term) and potential risks facing the Company. 7.7 A quantitative analysis of the solvency positions for the current period as well as future projections under normal and stress scenarios (which should be clearly explained). This analysis should be adequately explained through appropriate descriptions of the risks. 7.8 In cases where the Company has a solvency deficit or is expected to have a solvency deficit, the ORSA report should clearly outline the management action plans that are being implemented or that are expected to be implemented to remove the deficit. 7.9 In the event of actual or anticipated insolvency or solvency deficit, the Company must prioritize actions that enhance its ability to meet obligations to the Insureds and Beneficiaries, in line with the principle of consumer protection as set out in the Relevant Regulations. 7.10 A determination of a justified internal target capital requirement (in terms of capital ratio), consistent with the Company’s risk appetite, and above the minimum regulatory capital requirements. The Company should perform an assessment on the extent of compliance with its internal target capital ratio, with appropriate commentary to explain the solvency positions (relative to internal target capital ratio) and should include appropriate management action plans to improve the solvency positions in case there is a breach or expected breach in of solvency position relative to internal target capital ratio.

17 CBUAE Classification: Public 7.11 A disclaimer that the above-mentioned assessments in the ORSA report were performed by the Risk Management Function as required under Article (6) of the Risk Management and Internal Controls Regulations and Standards, while the Appointed Actuary and other functions within the Company were actively involved in the ORSA process to provide assurance on the effectiveness of the risk management systems and controls relating to their roles and responsibilities. 7.12 Insurance Groups are required to add a section in their ORSA report, encompassing Group Stress Testing and Scenario Analysis, Liquidity and Funding Risk Assessment, and the Group-wide ORSA. This section must reflect an integrated view of group-level exposures, risk interdependencies, and capital adequacy, in alignment with applicable regulatory requirements and supervisory expectations. 7.13 The ORSA report must be signed by Chief Executive Officer/General Manager, the Chief Risk Officer, and the Appointed Actuary and endorsed by the Board. 7.14 Companies must provide the Central Bank with the Board meeting minutes confirming the review and discussion of the ORSA report. 8. Enforcement Violation of any provision of these Standards may be subject to supervisory action and sanctions as deemed appropriate by the Central Bank.