Corporate Governance Standards for Insurers

‘Approved’ Central Bank of the Republic of Azerbaijan Decision № 09/2 21 February 2024 Corporate Governance Standards for Insurers

1. General provisions 1.1. These Standards have been developed in accordance with Articles 25.3 and 35.3 of the Law of the Republic of Azerbaijan ‘on Insurance Activity’ (hereinafter – the Law), as well as international corporate governance practice and establish corporate governance standards and the maintenance of internal audit for insurers. 1.2. These Standards aim to establish a reliable and transparent governance and reporting system in insurers and ensure the effectiveness of internal control and risk management in line with corporate governance requirements specified by the legislation. 1.3. The requirements of these Standards do not apply to joint insurers.
2. Definitions 2.1. The definitions used herein bear the following meanings: 2.1.1. corporate governance – a management method, which ensures setting of strategic objectives and targets based upon insurer’s strategic view, tools, and processes in place to achieve them, clear segregation of authorities across all management levels, as well as introduction of an effective internal control system to provide efficient risk management and transparent performance. 2.1.2. defense lines – the following lines of defense that incorporate the risk management system within an insurer: 2.1.2.1. Defense line 1: includes structural units responsible for identification, evaluation, management, reporting and monitoring of risks that pose direct risks to the insurer and risks on products, services, activities, processes, and systems at an initial phase, including insurer’s branches and divisions. 2.1.2.2. Defense line 2: includes structural units engaged in at least risk management, compliance and actuary functions directly involved in internal control in the insurer. 2.1.2.3. Defense line 3: includes the structural unit engaged in the internal audit function authorized to assess Defense lines 1 and 2. 2.1.3. control function – functions provided by Defense lines 2 and 3. 2.1.4. control function’s responsible person – a person exercising the oversight of the control function. 2.1.5. Chief Risk Officer (CRO) – Management Board member, who controls activities of insurer’s structural units in connection with the risk management function. 2.1.6. Chief Financial Officer (CFO) – Management Board member, who is directly in charge of insurer’s financial management units. 2.1.7. compliance risk – the risk of corrective measures and sanctions, financial losses, or loss of reputation that the insurer may face because of non-compliance with the legislation

and the requirements of legal acts regulating financial markets and insurer’s internal rules (procedures). 2.1.8. Chief Compliance Officer (CCO) – Management Board member, who controls activities of insurer’s structural units associated with the compliance function. 2.1.9. the actuary function – an assessment of the sufficiency, adequacy and quality of actuarial calculations and methods and assumptions used in these calculations. 2.1.10. Corporate secretary – an insurer employee who supports effective functioning of the General Meeting of Shareholders, the Board of Directors, Chair of the Board of Directors, and committees of the Board of Directors and the Management Board and meet the requirements specified in Item 8.3 herein. 2.1.11. business model – the configuration of the insurer's activity, consisting of its customer segments, insurance products, sales channels, internal processes, resources used and other aspects. 2.1.12. strategic vision – long-term performance program targeting the insurer’s stronger market position and higher value. 2.1.13. mission statement – summary of key principles of the strategic vision. 2.1.14. strategic plan – a periodic plan, which links the insurer’s strategic vision to clearly defined measurable goals, systematic and consistent measures. 2.1.15. risk management – the process, which addresses identification, evaluation, management, monitoring and reporting of risks, inherent to insurer’s performance. 2.1.16. risk management system – the system comprising of at least the risk management elements specified herein. 2.1.17. internal control system – a system covering the management and organizational structure that provides control and monitoring of insurer's activities, including risk management, compliance, actuary, and internal audit functions. 2.1.18. prudential - a deliberate behavior, management and control method based on norms, rules, requirements, and instructions aimed at ensuring insurer’s sustainable activity. 2.1.19. data users – existing and potential shareholders, insurance market players and other stakeholders, who are interested in obtaining data related to insurer’s performance. 2.1.20. risk-taking capacity – the maximum amount of risk that the insurer can take without violating the prudential requirements determined by legislation. 2.1.21. risk appetite – the amount of risk, the insurer is willing to take within its risk￾taking capacity to achieve strategic goals. 2.1.22. risk appetite statement – a document that reflects total risk limits that the insurer will assume to achieve its business goals. 2.1.23. risk culture – the insurer's set of perceptions, approaches and behaviors on risk identification, acceptance, and management, as well as risk decision-making. 2.1.24. risk limit – maximum limit of the assumed risk per type of insurer’s activity. 2.1.25. risk profile - the aggregated level and structure of risks the insurer is exposed to. 2.1.26. special category employees - the following employees who perform functions that have a considerable influence on the insurer's risk profile: 2.1.26.1. Management Board members. 2.1.26.2. control functions’ responsible persons (risk management, actuary, compliance, and internal audit functions) and heads of structural units engaged in control functions. 2.1.26.3. an employee whose annual reward received from the insurer during the past year is equal to at least six times the average monthly salary and who is engaged in a

structural unit that has a significant impact on the insurer’s risk profile, as defined in the insurer's remuneration policy. 2.1.27. reward – payments made by the insurer in the form of money, shares and other financial instruments in exchange for the professional activity of employees. There are two types of rewards – fixed or variable. One-time rewards-gifts not provided for by the salary system and paid to insurer's employees based on the decision of the insurer's management bodies do not qualify to this definition. 2.1.28. fixed reward – a type of compensation whose conditions and amount are predetermined without considering any criteria related to the insurer's performance. 2.1.29. variable reward – the type of compensation based on insurer's performance results and determined in accordance with key performance indicators (KPI) of insurer’s employees or other indicators determined by the insurer's management bodies. 2.1.30. reporting date – the day on which the relevant quarter or calendar year ends. 2.1.31. reporting period – 12 (twelve) months preceding the reporting date. 2.1.32. financial indicators – relative quantitative indicators determined by the insurer, used to assess the insurer’s performance, and calculated based on financial statements, including at least return on equity and return on assets. 2.1.33. key types of insurance – types of insurance that, during the reporting period, have the highest weight in the insurance portfolio relative to insurance premiums and, in total, represent more than 80% of the entire insurance portfolio. 2.1.34. key classes of insurance – classes of insurance that, during the reporting period, have the highest weight in the insurance portfolio relative to insurance premiums and, in total, represent more than 80% of the entire insurance portfolio. 2.1.35. capital buffer – the difference between the insurer's total regulatory and required capital. 2.1-1. For the purposes of Annex 3 to these Standards, ‘material information,’ ‘material differences,’ and ‘material changes’ refer to information, errors, or deficiencies that influence decision￾making by users of the report, including the Central Bank of the Republic of Azerbaijan (hereinafter – the Central Bank). 2.2. Other definitions used in these Standards bear the meanings specified in the Law. 2.3. The definition of 'insurer' used in this Regulation also encompasses reinsurers, as per Article 1.2 of the Law. 3. Main corporate governance principles 3.1. The Board of Directors ensures the application of corporate governance standards in the insurer. The Management Board should ensure the effective implementation of the strategic plan and policies approved by the Board of Directors. 3.2. An insurer should have a management and organizational structure based on main activity directions, segregation of authorities, effective risk management, an adequate internal control system, including accounting procedures, effective information systems and an effective remuneration policy. The organizational structure is approved by the general meeting of shareholders or by the Board of Directors, if authorized. The organizational structure should be revised regularly and updated by the insurer, as necessary. 3.3. The management and organizational structure, as well as the segregation of authorities should be commensurate with the nature, size, and complexity of insurer’s operations, avoid a conflict of interests and be communicated to the insurer’s staff.

3.4. Every insurer’s Board of Directors establishes its strategic vision and develops a mission statement for the strategic planning period on its basis. The Board of Directors approves the strategic vision and the mission statement upon coordination with the general meeting of shareholders. 3.5. A strategic plan should be elaborated based upon the strategic vision and mission statement. The Board of Directors approves the strategic plan, which covers at least a three￾year period. The plan is revised based on results of the previous year after the end of each year and in case of a change to the insurer’s business model, as well as in case of any events and threats in the external environment affecting insurer’s activities, relevant changes are made to the strategic plan. The strategic plan and changes made therein are submitted to the general meeting of shareholders and the Central Bank (hereinafter – the Central Bank) within 30 (thirty) days upon the date of approval. The plan addresses the insurer’s strategic vision, mission statement, risk analysis, development priorities and types of activities to be provided, strategic targets and actions plan on them, the organizational structure required for the implementation of the strategic plan and financial forecasts. 3.6. To ensure long-term sustainability the insurer should consider environmental (climate changes, environmental degradation, disturbances in the ecosystem, etc.), social (demographic, including gender issues, inclusion, labor relations, investment in human resources, etc.) and governance (organizational structure, remuneration, employee relations, diversity, and equality, etc.) factors (hereinafter - ESG factors) which have or may have a significant impact on its activities. 3.7. The Board of Directors and the Management Board should cooperate directly or through committees. At the same time, they should maintain communication with individuals responsible for control functions. The Board of Directors and the Management Board should understand the insurer's objectives, operational targets, internal risks, as well as events and threats in the external environment that could impact insurer's operations. 3.8. The insurer should establish and monitor compliance with internal rules to mitigate risks and conflicts of interests that may arise from members of the Board of Directors holding positions in other legal entities, in accordance with legal requirements. 3.9. The information derived from the risk management system should be considered in the decision-making by the Board of Directors and the Management Board. It should be reflected clearly in the relevant documentation process that the information derived from the risk management system is effectively integrated into the decision-making process. 3.10. The Board of Directors should define the scope and frequency of internal audits (review) of the corporate governance system as a whole or its constituent areas, considering the nature, volume, and complexity of insurer's activities. 3.11. The insurer should have a reporting system that effectively communicates its operations, financial condition, risks faced and circumstances affecting the insurer's business processes to the Board of Directors and the Management Board. 3.12. The insurer should take appropriate actions to enhance the knowledge, skills, and professionalism of members of its management bodies. 4. The Board of Directors 4.1. The Board of Directors exercises overall management and controls operations.

4.2. The number of general and independent members of the Board of Directors should be determined in accordance with the nature, volume, and complexity of the insurer's activities, considering the requirements of the Law and these Standards 4.3. The Board of Directors should rely on at least one of the following reports and information to exercise effective oversight of the insurer's management and operations: 4.3.1. reports of control functions’ responsible persons. 4.3.2. the report submitted by the Management Board on the effectiveness of the insurer's management system specified in Annex No. 1 to these Standards. 4.3.3. meeting minutes of the committees of the Board of Directors and the Management Board. 4.4. The Board of Directors should ensure the proper and timely implementation of the methods and internal procedures defined in the accounting policy. Additionally, they should determine and monitor compliance with the policy on reporting to the Central Bank. 4.5. In relation to the risk management system the Board of Directors should at least: 4.5.1. determine the insurer's risk appetite and main risk limits related to its activities. 4.5.2. approve the insurer’s risk management policies. 4.5.3. decide on strategic risks and continuously monitor the insurer's risk profile. 4.6. The Board of Directors should monitor the compliance of the insurer's organizational and governance structure with corporate governance standards, the implementation of changes in the corporate governance legislation, the elimination of obvious inconsistencies related to and improvement of corporate governance. 4.7. The Board of Directors should approve the insurer’s remuneration policy, which includes the principles specified in Part 17 of these Standards, oversee the remuneration process, and at least once a year, considering the opinion of the Risk Management Committee (RMC), including the implementation of the KPIs for special category employees assess the effectiveness of the remuneration system. 4.8. The Board of Directors should assess the effectiveness of the Management Board's provision of the insurer's corporate governance system at least once a year. 4.9. The Board of Directors assesses the effectiveness of control functions’ responsible persons and the activity of structural units engaged in control functions at least once a year. For this purpose, the information and reports provided by control functions’ responsible persons and structural units engaged in control functions, findings of the audit conducted by the independent auditor regarding the compliance of activities of structural units engaged in control functions with the requirements of the legislation, the report on the effectiveness of the corporate governance system prepared by the Board of Directors are taken as the basis. 4.10. The Board of Directors should monitor the determination and implementation of the range of measures to be taken based on conclusions and recommendations of control functions’ responsible persons. 4.11. The Board of Directors should establish a corporate code or rules of conduct covering insurer's strategic goals and business values, as well as the conduct of its activities based on the principle of integrity and within the framework of interactions with stakeholders. Corporate code or rules of conduct should encompass requirements and principles regarding the prevention of corruption, actions aimed at obtaining or offering benefits (voluntary payment of expenses in cases not considered to be an insured event), setting restrictions on accepting or giving gifts, avoiding personal interests in operations between the staff and the insurer and prevention of any unethical or illegal behavior within

internal and external activities of the insurer. The insurer should take necessary measures to monitor compliance of its employees with the requirements and principles set forth in the corporate code or rule of conduct. 4.12. In addition to the requirements of the Civil Code of the Republic of Azerbaijan (hereinafter - the Civil Code) and the Law, the following should also be taken into account when determining the procedure for convening meetings of the Board of Directors: 4.12.1. The Board of Directors may hold regular and extraordinary meetings. The probable place and time of the next meeting is determined at the current meeting of the Board of Directors. Members of the Board of Directors of the insurer, as well as relevant structural units should be notified in advance in case of changes to the place and time of the meeting, as well as any changes related to the convening of the meeting. 4.12.2. The procedure and timeline for sending written (electronic or paper) notification of the meeting agenda to each member of the Board of Directors should be established. 4.12.3. Comprehensive and fully disclosed written materials with the issues to be discussed at the meeting should be added to the meeting agenda. Each member of the Board of Directors should be provided with the agenda of the next meeting, as well as information and reports to be presented on a periodic basis determined by internal rules of the insurer. 4.12.4. the meeting agenda should be drawn up taking into account proposals made by members of the Board of Directors, the Audit Committee, and the Management Board, as well as shareholders with qualifying holding. Topics on the agenda are discussed at the meeting. The discussion of urgent and unexpected issues not included in the agenda and relevant decision-making should be allowed if all members of the Board of Directors are present at that meeting and there is agreement by a simple majority vote. 4.12.5. When the issue related to the interest of one of the members of the Board of Directors participating in the meeting is brought up for discussion, he/she should inform about his/her interest before the discussion begins, should not participate in the discussion and decision-making, his/her participation should not be taken into account when determining the quorum, and related information should be included in meeting minutes. 4.13. Members of the Board of Directors may participate in meetings in person or by means of telecommunications (video, telephone, or special communication software (application), as well as by e-mail. Meeting minutes should specify whether the member participated by telecommunication or e-mail, video, or audio recording of that meeting, or other confirming documents regarding the participation should be kept by the insurer for at least 5 (five) years in durable media. Each member of the Board of Directors should state his/her attitude to the topic on the agenda clearly and unconditionally (for or against), and personally sign meeting minutes or submit a written document about his/her attitude to the topic with his/her signature approved in accordance with the law. If the chair of the Board of Directors is unable to attend the meeting, he/she can be replaced by his/her deputy, and if the deputy is not present, another member of the Board of Directors appointed based on the voting at the meeting of the Board of Directors can replace him/her. If any member of the Board of Directors does not personally attend three meetings in a row, the chair of the Board of Directors or his/her substitute should submit related written information to the Central Bank no later than 5 (five) working days after the date of the last meeting. 4.14. Monthly breakdown of the total number and content of decisions made at meetings of the Board of Directors, including the number of members participating in making those decisions, their votes (for, against, abstention, etc.), if proposals by the

executive body and units in the organizational structure are not taken or taken in a different manner, the information on the number and reason for those decisions is submitted to the Central Bank quarterly no later than the end of the following month. 5. Committees of the Board of Directors 5.1. The Board of Directors establishes committees of the Board of Directors (hereinafter

• the committee) to increase the effectiveness of management and strengthen risk control at the insurer. The composition, functions and powers of the committees, the procedure for decision-making is determined by their statutes approved by the Board of Directors, taking into account the requirements of these Standards. Committees are independent of the Management and report to the Board of Directors. 5.2. Every insurer establishes Audit and Risk Management Committees. 5.3. Taking into account Item 5.2 of these Standards, to increase the effectiveness of the insurer's activity, the Board of Directors may establish the Compliance Committee, the Corporate Governance Committee and/or other committees, considering the systemic importance, risk profile, as well as the complexity and nature of the insurer's activity. If a Compliance Committee is not established, the RMC should discharge the function of ensuring the compliance of activities with requirements of the legislation and internal rules. 5.4. Taking into account the requirements set out in parts 6 and 7 of these Standards, the following requirements for the composition of the committees should be met: 5.4.1. committees should have at least three individual members. 5.4.2. committees are formed from members of the Board of Directors (except the Board members who are shareholders of the insurer). Committees may include independent external members. An independent external member is defined as the persons who: 5.4.2.1. are not members of the insurer’s Board of Directors. 5.4.2.2. meet the requirements for managers of the insurer specified in Articles 37.2.6, 37.2.7 and 37.2.10 of the Law. 5.4.2.3. did not hold a position in that insurer during 2 (two) years prior to the date of his/her appointment and while he/she is a member of the committee, he/she does not hold a position in another insurer operating in the Republic of Azerbaijan (This requirement does not apply in cases where an insurance company has significant control or a qualifying holding in another insurance company, or where 50% (fifty percent) or more of the shares of each insurance company belong to the same shareholders. In such cases, an independent external member of relevant committees of an insurance company operating in the life insurance sector may only be an independent external member of the relevant committee of one of the insurance companies operating in the non-life insurance sector, and vice versa). 5.4.2.4. do not have kinship, specified in Article 49-1.1.3 of the Civil Code, with members of the insurer’s managing body and with heads of structural units, in the last 2 (two) years. 5.4.3. the Board of Directors appoints chairs and members of committees. 5.4.4. chairs of committees are appointed from among the members of the Board of Directors. 5.4.5. the knowledge, skills, and experience of committee members should align with committee's activities. The Board of Directors should consider the suitability when appointing committee members.

5.5. Committees are competent when more than half of their members are present at meetings. 5.6. Committee decisions are made by a simple majority voting of the members present at the meeting. 5.7. Committee members may not abstain during voting. In case of a tie, the vote of the committee chair is considered decisive. 5.8. Committee members can participate in meetings in person or by means of telecommunications (video, telephone connection or special communication software (application)), as well as by e-mail. Meeting minutes should specify whether the member participated by telecommunication or e-mail, the video or audio recording of that meeting, or other confirming documents regarding the participation should be kept by the insurer for at least 5 (five) years in durable media. Each committee member should articulate his/her attitude to the issue on the meeting agenda clearly and unconditionally (for or against) and personally sign the meeting minutes or submit a written document about his/her attitude to the issue with his/her signature approved in accordance with the law. 6. The Audit Committee 6.1. In addition to the requirements specified in Item 5.4 of these Standards, the Audit Committee chair may not be the chair of other committees, at least one Audit Committee member should be an independent person who meets the requirements established by law. 6.2. In addition to the powers specified in the Law and the Law of the Republic of Azerbaijan ‘on Internal Audit’ the Audit Committee: 6.2.1. controls the improvement of the insurer's accounting policy. 6.2.2. controls the transparency and completeness of insurer's financial statements, the compliance of its activities with the legislation, the requirements of the Standards, as well as the internal rules of the insurer. 6.2.3. reviews recommendations of the independent auditor and other third parties on the effectiveness of the insurer's internal control and risk management systems. 6.2.4. submits internal audit plans to the Central Bank within 10 (ten) working days after approval. 6.2.5. submits a report on internal audit reviews conducted at the insurer during the year to the Central Bank after the end of each calendar year until the end of the next quarter, as well as ensures that information on individual internal audit reviews is submitted upon request of the Central Bank. 6.2.6. makes a proposal to the Board of Directors about the stature of the internal audit service and its maintenance costs. 6.2.7. makes proposals to the Board of Directors of the insurer on salary amounts, promotion, dismissal, or release, as well as remuneration of internal auditors. 6.2.8. ensures timely and complete submission of all important information on activities of the insurer and its subsidiaries, its documents to the independent auditor in connection with the independent audit. 6.3. Audit Committee meetings are held no less than once in 3 (three) months, at least 5 (five) working days before the next meeting of the Board of Directors.

6.4. The chair and other members of the Board of Directors, independent auditor, managers of internal audit, compliance, actuary, risk management, financial management and other functions of the insurer may be invited to Audit Committee meetings. 6.5. The internal audit review, not provided for in the approved internal audit plan, is conducted by the decision of the General Meeting of Shareholders or the Board of Directors, as well as the request of the shareholders who own more than 10 (ten) percent of insurer's shares or the proposal of the Board of Directors. In this regard, the Audit Committee takes necessary measures. 7. The Risk Management Committee 7.1. In addition to the requirements specified in Item 5.4 of these Standards for the composition of the Risk Management Committee, the following should also be ensured: 7.1.1. The chair of the RMC may not be the chair of the Board of Directors and/or other committees. 7.1.2. At least one member of the RMC should be an independent member of the Board of Directors. Neither the member nor their family members should have worked for the insurer or its related parties (except for structural units within Defense lines 2 and 3, the Audit Committee and RMC) within the two years preceding their appointment to the committee. Additionally, they should not have held positions in companies that provided the insurer with advisory, support, assessment, rating, or independent audit services. 7.1.3. Members of the RMC should not be close relatives of any person with whom the insurer has a commercial relationship or of employees of the managing bodies of the legal entity. Additionally, they should not be engaged in civil-legal, or labor relations related to the provision of insurance or other services during their tenure. 7.1.4. Members of the RMC should have the knowledge, skills, and experience necessary to individually evaluate the strategic plan and the level of risk limits and make judgments. At least 1 (one) member of the RMC should have at least 5 (five) years of work experience in risk management, and other members at least 5 (five) years of work experience in insurance activity, actuarial, internal control, economy, finance, IT, audit, or law. 7.2. The RMC: 7.2.1. reviews and submits for approval to the Board of Directors the risk appetite statement, risk management policies and rules, risk limits, and changes made to them. 7.2.2. monitors availability of procedures that ensure compliance of the insurer's activity with risk management policies, as well as the application of the risk appetite statement by the Management Board. 7.2.3. reports to the Board of Directors on the status of risk culture of the insurer. 7.2.4. makes proposals to the Board of Directors on the current and future risk appetite of the insurer for aggregate and individual risk types. 7.2.5. issues recommendations to the Board of Directors to ensure that strategic decisions regarding policies approved by the Board of Directors take into account strategic risks, as well as risks that may arise from the insurance products offered to customers. 7.2.6. determines the nature, scope, form, and periodicity of risk reports to be submitted to the committee. 7.2.7. among other relevant issues, monitors the compliance of the total amount allocated for remuneration and KPIs reflected in the remuneration policy with the insurer's

risk profile (and if the insurer has one, cooperate with the Corporate Governance Committee in this regard). 7.2.8. receives a report from the CRO and relevant structural units on the current risk profile of the insurer, the status of risk culture, risk appetite and the use of risk limits, cases of violations of risk limits and risk reduction measures. 7.2.9. cooperates and conducts discussions with the CRO, oversees his/her activities, advises the Board of Directors on the organization of the risk management function. 7.3. Meetings of the RMC are held no less than once in 3 (three) months, and results of the meeting are reported to the Board of Directors. The CRO, and in his/her absence, the head of the structural unit engaged in the risk management function, participates in RMC meetings. The chair and members of the Management Board, as well as managers of the insurer's structural units may be invited to RMC’s meetings. 7.4. Activities of the RMC should allow the Board of Directors to assess the status of implementation of the risk management system by the Management Board. 7.5. There should be effective communication and coordination between the RMC and the Audit Committee for prompt information sharing and efficient management of all risks. 8. Supporting activities of insurer's management bodies and committees 8.1. Each insurer creates a Corporate Secretary function. All members of insurer's managing bodies and committees have access to his/her advice and services. 8.2. The Board of Directors decides to appoint or dismiss the corporate secretary. An insurer’s related party may not be a corporate secretary. 8.3. The corporate secretary should at least: 8.3.1. have 3 (three) years of experience in finance or law. 8.3.2. have higher education in law, economics, or management. 8.4. To ensure the effective operation of the corporate secretary, the Office of the Corporate Secretary may be established by the decision of the Board of Directors of the insurer. When the Office of the Corporate Secretary is established, the number, composition and duties of the office staff are determined in the insurer's internal rules. 8.5. The remuneration of the corporate secretary is determined by the Board of Directors (and, if applicable, the Corporate Governance Committee). 8.6. The corporate secretary at least: 8.6.1. cooperates with all members of insurer's managing bodies and committees, provides them with impartial advice and acts in accordance with insurer's objectives. 8.6.2. provides advice to the chair of the Board of Directors on corporate governance, periodically reviews the compliance of the corporate governance with its goals together with him/her and determines necessary actions to strengthen the corporate governance structure. 8.6.3. The Board of Directors provides its members with necessary resources to increase their knowledge and skills, including training and supports their professional development. 8.6.4. convenes, conducts, and prepares agenda of meetings of managing bodies and committees, provides them with updated information and other necessary resources before the meeting. 8.6.5. supports the development of policies and procedures necessary for the effective operation of insurer's managing bodies and committees.

8.6.6. ensures effective communication between the Board of Directors, its committees, the Management Board, and shareholders. 8.6.7. provides access to the information to be disclosed by the insurer to shareholders and other investors. 9. The Management Board 9.1. The Management Board should ensure the effective and efficient management of activities, the compliance of the financial control system with financial management and accountability requirements, the efficient use of the insurer's budget, submission of reports to public authorities (institutions) in accordance with the requirements of the legislation and their accuracy. 9.2. The Management Board: 9.2.1. develops draft strategic vision and mission statement of the insurer. 9.2.2. develops a strategic plan based on the strategic vision and mission statement. 9.2.3. ensures the effective implementation of the approved strategic plan and uses available resources effectively and efficiently. 9.2.4. analyzes the implementation of the strategic plan at least once every six months and reports the results to the Board of Directors. 9.2.5. reviews the strategic plan every year after its completion based on previous year's results and makes proposals to the Board of Directors to make changes if required. 9.2.6. develops an internal reporting system to ensure integrity of financial information and prudential reporting, ensures timely disclosure of annual financial statements to data users. 9.2.7. provides relevant information and documents to the Board of Directors or to any of the committees, if authorized, to enable them to monitor insurer’s activities. 9.2.8. implements the policy determined by the Board of Directors on accountability to the Central Bank and submits reports on insurer’s activities to the Central Bank. 9.2.9. creates a financial planning system and analyzes the status of execution of an annual budget. 9.2.10. approves the annual budget developed under the leadership of the CFO and submits it to the General Meeting of Shareholders for approval before the budget year start. 9.2.11. develops the risk appetite statement and internal risk management policies and procedures, as well as execution procedures, and ensures their effective implementation. 9.2.12. forms an adequate organizational and operational structure that serves to achieve strategic goals and corresponds to the risk appetite statement, determines powers and duties of each structural unit, procedures, and reports that they should follow. 9.2.13. takes necessary measures to adequately identify, assess, manage, monitor the risks the insurer is exposed to, based on reports of control functions’ responsible persons and heads of structural units, and submits reports to the RMC. 9.2.14. creates appropriate conditions for the effective implementation of activities by structural units engaged in control functions, provides them with necessary human and other resources, and assesses the effectiveness and efficiency of those resources in relation to the risk management, internal control, and corporate governance, based on reports and the results of the work conducted by these units. 9.2.15. ensures cooperation of insurer’s other structural units with the structural units engaged in control functions and takes measures to prevent interference in their activities.

9.2.16. participates in the development and implementation of a new insurance product, organizes the establishment of business processes related to its development, and makes decisions regarding the product's introduction. 9.2.17. reviews the contingency plan together with the RMC and submits to the Board of Directors. 9.2.18. implements the recommendations provided by the Board of Directors on matters within its authority. 9.2.19. approves insurer’s internal rules if authorized by the Board of Directors, except for the cases specified in regulations of the Central Bank. 9.3. Management Board decisions should be formalized with related meeting minutes. 9.4. The number composition of the Management Board should be determined in accordance with the nature, volume, and complexity of the insurer's activity, taking into account the requirements of the Law and these Standards. 9.5. Powers and duties should be distributed among members of the Management Board in a balanced manner, avoiding situations that could lead to conflicts of interest. Members of the Management Board responsible for control functions should not have the authority or duty to conduct investment or business transactions. 9.6. The chief financial officer: 9.6.1. prepares an accounting policy that covers financial management and reporting methods, internal procedures, including reports submitted to management and financial control mechanisms. 9.6.2. ensures proper organization of the work of the insurer's structural units engaged in treasury, asset and liability management, accounting, reporting and financial operations. 10. The risk management system 10.1. The insurer should develop and implement a risk management system that is appropriate to the nature, scope, and complexity of its activities to identify, assess, manage, monitor, and ensure accountability for the risks to which the insurer is or may be exposed. 10.2. The risk appetite statement, risk management organizational structure and policies, risk limits, risk management for new products and services, data summarization, risk reporting and contingency plan are key elements of a risk management system. 10.3. The risk appetite statement should cover material risks and be consistent with the insurer's strategic plan. The statement defines tolerance zones for both quantitative and qualitative indicators of risk appetite, covering the risks to which the insurer is exposed and the actions the insurer will take in case of deviations. The statement is reviewed before the preparation of the budget plan for the following calendar year, and if necessary, appropriate changes are made based on the results of the previous year. Compliance with the risk appetite statement's indicators and tolerance zones is monitored monthly. 10.4. Taking into account the risk appetite, risk limits for each insurer are set at a general level according to the insurer's size, risk profile, and areas of activity. Within the risk limits approved by the Board of Directors, the Management Board establishes sub-limits for individual structural units and employees. Risk limits are monitored constantly and adjusted to align with current market conditions and the insurer's strategic plan. 10.5. The general risk management policy approved by the Board of Directors should address, at a minimum: risk categories; risk identification and assessment methods; the

process for managing each existing risk category and potential risk groups; the division of responsibilities for risk management; the insurer's solvency; capital requirements as determined by legislation; and a description of the relationship between risk limits and the risk limits for all risk categories relevant to the insurer's risk appetite. 10.6. The insurer should develop specific risk management policies and procedures commensurate with the risks it is exposed to along with the general risk management policy. Policies should include basic principles to be followed in insurer's activities. Principles should be specified based on relevant implementation procedures. Each policy should outline the objectives, tasks to be executed, and their responsible executors, the process of risk management across insurer's activities, business processes, and information systems, as well as the insurer's risk-based approach to the implementation of new activities and systems, the communication, procedures, and processes to be applied, and the requirement that the structural units performing the control functions are adequately informed by other relevant structural units about all necessary situations for the proper execution of their duties. The insurer should establish and ensure that at least the following specific policies containing relevant information on risk management are developed in writing: 10.6.1. underwriting terms and rates and the risk management policy arising from the formation of insurance reserves covering: 10.6.1.1. insurance risks assumed by the insurer and their features. 10.6.1.2. adequacy of insurance premiums to cover expected insurance claims and other costs. 10.6.1.3. actions to be taken by the insurer for the assessment and management of risks arising from losses and negative changes in the amount of insurance liabilities due to the formation of inadequate insurance premiums and reserves. 10.6.1.4. a method for considering existing restrictions on the insurer's investment activity, as well as reinsurance and other risk minimization methods, in the process of developing a new insurance product and calculating insurance premiums. 10.6.1.5. adequacy and quality of information to be considered in underwriting and insurance reserve calculation processes. 10.6.1.6. adequacy of insurance payment adjustment procedure. 10.6.2. policy on reinsurance and other risk minimization methods covering: 10.6.2.1. measures to determine the level of risk transfer corresponding to the insurer's established risk limits and identify types of reinsurance agreements most suitable for the insurer's risk profile. 10.6.2.2. principles of selection of reinsurers adequate to the insurer's risk appetite, financial stability of reinsurers and procedures for evaluating and monitoring their diversification. 10.6.2.3. liquidity management to eliminate any time gap between the date of insurance payment and the date of receipt of payment from the reinsurer for the relevant insured event 10.6.3. the asset and liability management policy covering: 10.6.3.1. the procedure for identifying and evaluating various forms of mismatches (asymmetries) between assets and liabilities for the remaining period (duration) until maturity, expressed in currencies. 10.6.3.2. a description of the methods to be used to minimize asset and liability management risks and the expected effect of these methods.

10.6.3.3. the level of mismatches between the structure of assets and the structure of liabilities acceptable for the insurer. 10.6.4. the investment risk management policy covering: 10.6.4.1. the level of security, quality, liquidity, profitability, diversity, and availability targeted for assets; methods used to achieve this targeted level; and quantitative limits set by the insurer for assets and the level of risk exposure needed to maintain this level. 10.6.4.2. analysis of the current situation in financial markets. 10.6.4.3. conditions under which insurer's assets are given as securitization or debt. 10.6.4.4. relationship between market risk and other risks under adverse scenarios. 10.6.4.5. a procedure for adequately evaluating and verifying the assets to be invested. 10.6.4.6. assessment of the credit risk of legal entities invested by the insurer. 10.6.4.7. procedures for monitoring investment returns. 10.6.5. the liquidity risk management policy covering: 10.6.5.1. the procedure for determining the level of asymmetry between assets and liabilities, taking into account expected cash inflows and outflows under insurance and reinsurance agreements. 10.6.5.2. a review of overall liquidity needs for the short and medium term, including an appropriate liquidity buffer to guard against shortages of liquid assets. 10.6.5.3. review and monitoring of the level of liquid assets, as well as calculation of potential financial losses and costs resulting from the forced sale of liquid assets 10.6.5.4. identification of alternative financing instruments and associated costs. 10.6.5.5. review of the impact of planned new activities on the liquidity position. 10.6.6. the concentration risk management policy covering: 10.6.6.1. methods of determining sources of the concentration risk. 10.6.6.2. measures taken to maintain the concentration risk within specified limits. 10.6.6.3. measures taken by the insurer to analyze potential infection risks between concentration sources. 10.6.7. the operational risk management policy covering: 10.6.7.1. availability of procedures for the identification, assessment, management, monitoring and reporting of operational risks that the insurer is or may be exposed to, as well as the division of responsibilities and evaluation of ways to reduce these risks. 10.6.7.2. activities and internal processes defined for operational risk management, including the electronic information system used to support those activities and internal processes, and the information security system that ensures the protection of this system. 10.6.7.3. insurer’s risk tolerance limits for areas exposed to the main operational risk. 10.6.7.4. a procedure for recording and monitoring incidents that pose operational risk. 11. The internal control system 11.1. The internal control system should ensure long-term profitability of the insurer's activity, the organization of a reliable and transparent accountability system, compliance of the insurance activity with legislative requirements and internal rules, and business continuity in emergency situations. 11.2. The insurer should implement appropriate internal control measures to ensure that all staff are aware of their roles within the internal control system.

11.3. Monitoring and accountability mechanisms should be formed that provide the Board of Directors and the Management Board with all the information necessary for decision-making as part of the internal control system. 11.4. The internal control system includes structural units that perform the functions of Defense lines 2 and 3. The following should be provided for the internal control system: 11.4.1. dedicated structural units should be created for each control function separately, without subordinating one to another. 11.4.2. actuarial calculations related to insurance reserves should be conducted by the relevant structural unit(s) subordinated to the CFO; the structural unit(s) involved in the actuarial function should evaluate the availability, adequacy, and quality of these calculations, as well as the methods and assumptions used. 11.4.3. a statute should be established to define the position, independence, rights, duties, privileges, accountability obligations, and resource provisions for the structural units performing control functions within the insurer's organizational structure. 11.4.4. they should be provided with resources (staff, IT infrastructure, knowledge, and experience) that enable them to perform their duties honestly and independently. 11.4.5. methodologies and procedures that align with the nature, scope, and complexity of the risks associated with insurer's activities should be developed and adhered to during the execution of control functions. 11.4.6. In the positioning of the structural units performing control functions within the insurer's organizational structure, in the opportunities provided to them, and in the remuneration policy, factors that could undermine their independence should be avoided. To ensure this, control functions’ responsible persons should have the opportunity for direct and unimpeded communication with the Board of Directors, either directly or through the Audit Committee and/or the RMC. 11.5. Control functions’ responsible persons and heads of structural units engaged in control functions are appointed and dismissed by the Board of Directors on the recommendation of the RMC (the Audit Committee for the internal audit function, and the Compliance Committee, if any, for the compliance function). The insurer should submit information regarding the appointment or dismissal of individuals responsible for control functions (including the reasons for dismissal and details of the new appointee, if applicable) to the Central Bank within 5 (five) working days following the decision dates. 11.6. The persons responsible for control functions should submit a report to the Board of Directors and inform the Management Board at least once a year (taking into account the requirements of Item 14.8 of these Standards on the actuarial function and the requirements of the Law) on the performance of their duties. This report should cover at least the work done during the specific reporting period, clearly indicating identified deficiencies and recommendations for their elimination. The report can be submitted through separate committees (the Audit Committee for the audit function, the RMC or the Audit Committee for the risk management, actuarial and compliance functions). 11.7. The report specified in Item 11.6 of these Standards should be submitted to the Central Bank by the end of the next quarter after the end of each calendar year, covering the annual activity of each structural unit engaged in the control function of the insurer. 11.8. The person responsible for the compliance function should periodically inform the Board of Directors and the Management Board about the legal compliance of insurer's activities and issue recommendations.

11.9. The persons responsible for control functions inform the Board of Directors and the Management Board about the risks that may affect the insurer’s activity and reputation. 11.10. The head of the internal audit function provides information and recommendations on the quality of internal control to the Board of Directors and the Management Board. The Board of Directors decides on actions to be taken based on the information and recommendations provided and monitors their implementation. 12. The risk management function 12.1. The Board of Directors provides the establishment of a risk management system, approves risk management policies, internal rules, organizational structure, as well as the risk appetite statement, risk limits, and contingency plans, controls the Management Board's risk management efforts, and assesses the risk management system effectiveness at least once a year. Relevant structural units included in Defense line 1 of the insurer's risk management system should manage risks within their authority concerning insurer's daily activities and ensure compliance with relevant risk limits. 12.2. Heads of structural unit(s) engaged in the risk management function should have at least 4 (four) years of work experience in risk, actuarial activity, audit, or financial management. Employees of that structural unit should have access to any database, internal operating systems, and an opportunity to get acquainted with reports of the internal audit. 12.3. The CRO directly controls the structural unit(s) engaged in the risk management. 12.4. In relation to the risk management system the structural unit(s) engaged in the risk management function at least: 12.4.1. provide/s necessary assistance to the Board of Directors, the Management Board and other structural units engaged in control functions for effective functioning of the risk management system. 12.4.2. monitor/s the insurer’s overall risk profile and the risk management system. 12.4.3. detail/s and advise/s the Board of Directors and the Management Board on risk exposures, as well as strategic issues related to risk management, including strategic planning, insurer restructuring, large-scale projects and investments. 12.4.4. develop/s the risk appetite statement, risk management policies and procedures. 12.4.5. participate/s in the process of design, selection, implementation, and initial approval of risk measurement models, regularly review/s relevant models and make/s necessary changes. 12.4.6. conduct/s analyses and prepare/s periodical reports on the calculation results obtained from the risk measurement models used by the insurer. 12.4.7. maintain/s risks within established limits and control/s the process. 12.4.8. analyze/s insurer’s financial resilience. 12.4.9. create/s and use/s early warning systems that monitor risks and take timely actions. 12.4.10. group/s risk limits that may arise for each structural unit and monitor/s their compliance with defined limits for the insurer. 12.4.11. monitor/s the risks arising from the determination of incentive awards. 12.5. Each insurer has a contingency plan that includes actions to take to prevent risks arising in emergency situations and ensures business continuity. The plan should address the classification of emergency situations, powers of responsible persons, measures against

risks, the source of capital funds to be attracted, the policy of protection against reputational risk, the classification of insurer's operations and types of activities according to the degree of importance. The plan is revised at least once a year and appropriate changes are made if necessary. To assess the adequacy of the measures provided for in the contingency plan by comparing probable results of risk events with the actual results at the insurer, checks (trial tests) should be conducted with the frequency set in internal rules. 13. The chief risk officer 13.1. The chief risk officer: 13.1.1. develops risk management policies, obtains feedback from the Board of Directors, and submits those policies to the Risk Management Committee. 13.1.2. coordinates risk management efforts of the Management Board and structural units. 13.1.3. submits to the Management Board risk limit monitoring results, and a monthly report on the risk profile; immediately informs the Board of Directors and the RMC of deviations in risk appetite indicators specifying the reasons; submits actions plan on risk reduction or adjusting risk limits to market conditions, along with monitoring results of the next month at the latest, to the Board of Directors and the RMC in case of any violations. 13.1.4. ensures reliable, transparent, comprehensive, and timely preparation of periodic reports indicating the types and size of risks related to the insurer's activity. 13.1.5. submits proposals for improving the risk management system to the Board of Directors and the RMC. The Board of Directors and the RMC may seek feedback from the Management Board on these proposals if deemed necessary. 13.1.6. ensures that the risks the insurer is exposed to align with its risk-taking capacity. 13.1.7. takes measures to increase the knowledge and skills of employees of structural units engaged in the risk management function. 13.1.8. participates in the Board of Directors meetings in reviewing the risk appetite statement, as well as discussing issues related to risk management. 13.2. The CRO may meet with the Board of Directors, the RMC, or an independent member of the Board of Directors without the presence of the Management Board. 13.3. The CRO may veto the Management Board's decisions on underwriting and investments. In such cases, the Management Board may, within seven (7) working days, submit the matter with the CRO's written justification to the RMC and then to the Board of Directors, or directly to the Board of Directors. The Board of Directors will decide on the matter within the next fifteen (15) working days. During this period, the implementation of the Management Board's and internal committees' decisions on the issues vetoed by the CRO is suspended. 13.4. The CRO may not hold the position of chair of the Management Board or hold any other position in the insurer at the same time. 13.5. The RMC annually reviews and evaluates activities of the CRO. 14. The actuary function 14.1. Structural unit(s) engaged in the actuarial function are responsible for providing feedback to the Management Board and the Board of Directors on the quality of actuarial

calculations and methods and assumptions used in these calculations, and on the policy for determining underwriting terms and rates and the policy on reinsurance operations. 14.2. Regarding the calculation of insurance reserves, the structural unit engaged in the actuarial function at least: 14.2.1. assesses adequacy of insurance reserves, applies related methods and procedures. 14.2.2. evaluates the adequacy of assumptions used calculations. 14.2.3. assesses whether the data obtained from financial markets, as well as the data available at the insurer on underwriting risks, are fully taken into account in the calculation. 14.2.4. compares calculation results of insurance reserves as of the reporting date with previous quarters and analyzes the change of insurance reserves by indicating significant differences. 14.2.5. analyzes the adequacy of conditions, limits, and guarantees included in insurance and reinsurance agreements. 14.2.6. verifies the compatibility of the calculation method of insurance reserves and the assumptions used with the types of insurance offered by the insurer and activities related to the development of insurance products. 14.2.7. identifies inconsistencies in calculations related to insurance reserves and, if necessary, proposes adjustments. 14.2.8. justifies changes in data, methodologies, or assumptions between different reporting dates. 14.2.9. checks whether IT systems used to calculate insurance reserves enable the effective execution of actuarial and statistical analysis processes, at the same time evaluates the quality of internal and external data used in the calculation and recommends changes to insurer's internal procedures to improve the data quality. 14.2.10. compares insurance reserves as of the reporting date with insurance payments, analyzes differences and their causes, as well as uses analysis results to improve existing calculations (including changing the calculation method or assumptions). 14.3. In relation to giving an opinion on the policy of determining underwriting terms and rates the structural unit engaged in the actuarial function at least: 14.3.1. checks the adequacy of insurance premiums to cover costs of insurance payments and insurance products. 14.3.2. analyzes the impact of inflation, credit, market, legal, operational, liquidity loss and other key risks on the insurer's portfolio. 14.3.3. analyzes the harmfulness of the insurance portfolio, including presence of highly harmful risks, and assesses effectiveness of procedures implemented in this regard. 14.3.4. analyzes the impact of introducing new insurance products or changing conditions of existing insurance products on the insurer's income, as well as gives feedback on the tariff, insurance reserves and reinsurance of these products. 14.3.5. analyzes current underwriting restrictions on insurance products. 14.3.6. provides final advice and recommendations on assumed insurance and reinsurance risks, including the compatibility between the insurer's underwriting policy and risk profile and risk appetite, the adequacy of insurance tariffs for insurance products, the analysis of the main risks affecting the profitability of the insurer's activity. 14.4. In relation to giving feedback on the policy on reinsurance operations the structural unit engaged in the actuarial function at least:

14.4.1. analyzes the insurer’s risk profile and underwriting policy. 14.4.2. monitors the analysis of financial resilience of reinsurers. 14.4.3. analyzes the maximum reinsurance coverage amounts to be received under reinsurance agreements in accordance with the underwriting policy during crisis scenarios. 14.4.4. analyzes the calculation of reinsurers' share of insurance reserves in relation to reinsurance agreements. 14.4.5. provides final advice and recommendations on transferred insurance and reinsurance risks, including analyses of the compatibility between the insurer's reinsurance policy and the risk profile and risk appetite, the adequacy of reinsurance coverage, the reinsurer's share of insurance payments. 14.5. The person directly overseeing the relevant structural unit engaged in the actuarial function is the responsible actuary of the insurer, who should meet the requirements established by legislation for responsible actuaries. Overall control can be exercised by the CRO, while direct oversight of the actuarial unit(s) remains with the responsible actuary. Employees of this unit should possess specialized knowledge and skills in actuarial mathematics, appropriate to the nature, volume, and complexity of the risks associated with the insurer’s activities from a quantitative perspective. 14.6. In addition to the tasks established by the legislation, the responsible actuary ensures the fulfillment of the tasks specified in Items 14.2-14.4 of these Standards. 14.7. The responsible actuary or the structural units overseen by him/her should immediately inform the Board of Directors, the RMC, and the Management Board in all cases where changes related to relevant risks may have a negative impact on the activity of the insurer and on its reputation. 14.8. The responsible actuary should submit the actuarial opinion to the Board of Directors and the Central Bank, taking into account the requirements of the Law, and inform the Management Board accordingly. 15. The compliance function 15.1. The structural unit(s) engaged in the compliance function should ensure that the insurer complies with the legislation governing its activities, as well as internal rules governing its activities. 15.2. The insurer should establish a structural unit that performs the compliance function with specialized personnel and technological resources adequate to the nature, volume, and complexity of its activities. 15.3. The structural unit(s) engaged in the compliance function at least: 15.3.1. submit/s periodic or extraordinary reports to the Board of Directors in case of significant compliance risks related to violations of legislation and internal rules in insurer's activities. 15.3.2. determine/s internal procedures and methods for identifying, assessing, managing, and monitoring the insurer's compliance risk, as well as measures to take. 15.3.3. conduct an inventory of all policies and regulations required by law and check that the information required in these policies and regulations is addressed properly. 15.3.4. inform/s the Central Bank, if requested, about compliance risks that have been identified likely to have an adverse impact on insurer's financial stability indicators, as well as the measures taken and/or to be taken to eliminate them.

15.3.5. prepare/s a compliance risk-related training program for insurer's employees and ensure/s the implementation of the program together with the relevant structural units. 15.3.6. participate/s in the preparation of insurer’s internal risk management rules in coordination with the structural unit engaged in the risk management function, as well as in the monitoring of compliance with the risk appetite statement and risk management policies. 15.3.7. provide/s continuous support for activities of structural units included in Defense line 1, including the Management Board for compliance risk management. 15.3.8. participate/s in the development and launch of new insurance products and services, evaluate/s the compliance of the activity related to the formation of new products and services with the legislation and the related insurance policy, as well as with insurance practice, and check/s the receipt of feedback from the insurer’s legal service and structural units included in Defense line 2 before the launch of the products and services. 15.3.9. ensure/s internal communication regarding new requirements covering compliance risks. 15.3.10. identify/ies and periodically assess/es the conflict of interests in the decision￾making for the insurer's activity. 15.3.11. monitor/s citizen appeals related to the insurer’s activities. 15.3.12. oversee/s the implementation of sanctions imposed on the insurer and insurer's officials, the requirements stipulated by court acts adopted against the insurer, binding instructions issued from the Central Bank, as well as submit/s reports to the Compliance Committee, and in the absence of such a committee, to the RMC on the effect of relevant supervisory measures on the insured. 15.4. To effectively ensure the operation of the compliance function, adequate information sharing with the internal audit unit should be ensured and conditions should be created for the evaluation of the function’s effectiveness by the internal audit service at least once a year. 15.5. The head(s) of the compliance function is/are required to have at least 4 (four) years of work experience and fit and proper qualities in the financial sector in the functions related to law and the internal control system specified in sub-item 2.1.17 of these Standards. 15.6. The Chief Compliance Officer (CCO) exercises direct control over the relevant structural unit(s) engaged in the compliance function. While the CCO retains direct control over the activities of these units, overall oversight may be exercised by the CRO. 16. The internal audit function 16.1. The internal audit function provides an independent support service to the Board of Directors and the Management Board regarding the quality and effectiveness of the insurer's internal control and risk management system to protect the sustainability of insurer's operations and its reputation. 16.2. All activities of the insurer (including outsourced activities) are included in the scope of the audit function. 16.3. The insurer should ensure that the structural unit(s) responsible for the internal audit function remain/s independent of other structural units, including other control functions. To avoid conflicts of interest, internal auditors should not audit activities in which they were previously involved during the period or area covered by the audit.

16.4. To ensure the effectiveness of the internal audit function, the Board of Directors should ensure full and unconditional access of the structural unit(s) responsible for the internal audit function to all databases, including internal information systems and the property of the insurer, as well as timely and effective actions by the Management Board on the recommendations of the audit function. 16.5. The responsible person of the internal audit function is the head of the internal audit service of the insurer, and he/she should meet the requirements established by the legislation for this position. Internal auditors, when performing their duties, should comply with the relevant legislation, internal audit service rules, professional standards, principles, guidelines, and regulations set forth by the Institute of Internal Auditors. 16.6. Internal audit service staff should have high relevant knowledge and experience. 16.7. To prevent potential loss of objectivity from continuous performance of similar tasks, employees within the internal audit function are rotated periodically without compromising the quality of the audit work. The internal audit policy specifies the rotation process. 16.8. The head of the internal audit service is responsible for preparing the annual audit plan. This plan should consider the needs of the Board of Directors and the Management Board in relation to improving control. The internal audit service, in implementing the plan, may conduct reviews in any area of the insurer's activities, in addition to those specified in the audit plan, while adhering to the requirements of Item 6.5 of these Standards. Reviews should be conducted in each structural unit, branch, and representative office of the insurer at least once a year, with the frequency and timing specified in the audit plan, based on the risk level of each unit. The audit plan should include detailed work programs for each audited structural unit, branch, or representative office. The audit objectives should be clearly and precisely described, and the procedures for checking specific transactions should be outlined according to the scope of the audit. 16.9. The Audit Committee approves the internal audit plan. Resources allocated for internal audit should be sufficient to ensure the effective performance of the internal audit function and should be adjustable to potential changes in the insurer's risk profile. 16.10. The internal audit assessment framework includes the following: 16.10.1. analysis of insurance, market, liquidity, credit, operational, legal, reputational, and other key risks. 16.10.2. effectiveness and efficiency of internal control and risk management systems. 16.10.3. the quality and adequacy of resources (e.g., staff, software) for risk management, compliance, and actuarial functions. 16.10.4. relevance, accuracy, integrity, accessibility, confidentiality, and comprehensiveness of data used for internal and external reporting. 16.10.5. effectiveness and integrity of the internal information system. 16.10.6. compliance of the insurer's activity with legislation and internal rules. 16.10.7. protection and security of assets. 16.10.8. effectiveness and efficiency of the insurer's IT, cyber and information security. 16.10.9. legality of activity of insurance agents and control of possible risks related to such activity. 16.11. To increase the effectiveness of internal audit activities, the Management Board should keep the internal audit function informed about initiatives and projects, improvements, product, and operational changes implemented within the insurer.

16.12. An internal audit report is prepared within 20 (twenty) working days following the conclusion of the internal audit, based on the findings from the review. The report should clearly state the audit’s objectives and scope, factual audit findings, responsible persons or structural units, necessary measures to address the findings, deadlines for implementing these measures, and relevant recommendations. The audit report is signed by the auditor and the head of the internal audit service (if the internal audit service consists of only one auditor, then only that auditor) and submitted to the Board of Directors and the Audit Committee, with a copy provided to the Management Board. 16.13. The internal audit service monitors the results of the actions taken by the Management Board regarding the audit report and reports to the Audit Committee and the Board of Directors on the status of implementation of recommendations at least twice a year. 16.14. The Audit Committee evaluates the effectiveness of the internal audit function at least once a year and an independent auditor at least once every two years. This evaluation may be conducted less frequently, but no less than once every five years if the results of the last three independent audit evaluations have been satisfactory. 16.15. The insurer submits the results of the evaluation of the internal audit function by an independent auditor, along with the action plan for addressing identified deficiencies, within 10 (ten) working days after obtaining review results and the report on the implementation of the internal audit plan on a semi-annual basis, within 10 (ten) working days after the end of each half-year, to the Central Bank. 17. The remuneration policy 17.1. Each insurer determines its remuneration policy in line with its risk management requirements, which should: 17.1.1. aim at achieving the insurer’s strategic goals. 17.1.2. be based on results and profitability of the insurer's long-term activity. 17.1.3. be adequate to the risk profile and risk appetite and limit excess risk taking. 17.1.4. serve sound and effective risk management and discourage exceeding risk limits. 17.1.5. discourage the insurer to earn short-term income due to taking long-term risks. 17.1.6. avoid conflicts of interests. 17.1.7. play a role as a mitigating factor in the calculation of the risk exposure premium for current and future periods, considering the insurer’s risk profile and required capital. 17.1.8. all employees of the insurer should be familiar with the remuneration policy. 17.2. To create an effective risk management system, the insurer should define the group of individuals to whom the remuneration policy will apply, based on the nature, volume, and complexity of the risks associated with its activities. When determining the group of employees classified under a special category in the remuneration policy, the main criteria should specifically address those employees in structural units that have a significant impact on the insurer’s risk profile. The remuneration policy should address separately he conditions for awarding bonuses to the insurer's following employees: 17.2.1. insurer’s special category employees. 17.2.2. staff of structural units engaged in control functions (employees of structural units engaged in risk management, actuarial, compliance and internal audit functions). 17.2.3. insurer’s other employees not specified in sub-items 17.2.1-17.2.2 herein.

17.3. The amount of variable reward given to an employee should be determined based on quantitative and qualitative indicators set by the insurer for that employee, as well as the level of achievement of KPIs. When determining the variable reward, it should reflect performance results of both the employee and the structural unit to which he/she belongs, as well as insurer’s overall results. Both financial and non-financial criteria should be used in individual rewards, which should be applied in a balanced manner by the insurer. 17.4. The size of the reward to be paid to insurer’s employees engaged in control functions should not be influenced by the performance of the areas and structural units they oversee; at the same time, the indicators used to determine their rewards should not include any components that could compromise their independence. 17.5. Remuneration for the insurer's employees and members of managing bodies (excluding Board of Directors members who are paid a percentage of insurer’s retained earnings) should not consist solely of rewards, without a fixed salary component. 17.6. At least the following requirements should be considered when determining and paying variable remuneration for special category employees in the remuneration policy: 17.6.1. a decision regarding the payment of variable reward is made once a year. At that, the insurer should have earned net profit for the financial year (except in cases where the General Meeting of Shareholders approves decisions regarding variable rewards despite operating at a loss due to changes in the business model, expansion of activities, financial restructuring, etc.). Additionally, the insurer's required and total capital should comply with the prudential norms established by the Central Bank, based on both financial year's results and the date the reward decision is made, and should not jeopardize insurer’s financial stability. 17.6.2. variable reward may be deferred in terms of amount and duration as specified by the insurer in the remuneration policy. 17.6.3. the deferred portion of the variable reward is not accepted as collateral for obligations due to the insurer. 17.7. The General Meeting of Shareholders decides on remuneration of members of the Board of Directors and independent external members of committees of the Board of Directors. 17.8. All conditions for rewards paid to insurer’s officials should be included to the decision of the competent governing body on remuneration. 17.9. The Board of Directors decides on the remuneration of special category and other category employees. When deciding on the remuneration of other category employees, the insurer must have earned net profit for the financial year as approved by an independent auditor (except in cases specified in sub-item 17.6.1 of these Standards). Additionally, the insurer’s required capital and total regulatory capital must comply with the prudential norms established by the Central Bank, based on the financial year’s results and as of the date the reward decision is made. 17.10. The remuneration policy, as well as the changes therein, are submitted to the Central Bank within 30 (thirty) days from the date of approval. 17.11. The report specified in Annex No. 2 to these Standards on the amount of rewards paid by the insurer to members of the Board of Directors and special category employees during the year and according to annual results (indicating amount of compensation per person) is submitted to the Central Bank by July 10 of each following year.

18. Assessment of the corporate governance system effectiveness 18.1. At least once a year, the Board of Directors should assess the compliance of the corporate governance system with the requirements of the legislation and these Standards and its effectiveness. A special methodology should be developed for the assessment and a report should be drawn up on an annual basis. The report should be submitted to the Board of Directors and the Central Bank within 3 (three) months after the end of the calendar year. 18.2. Part 1 of the report should include at least a self-assessment of the governance system as a whole and across individual components by the Management Board as per the table provided in Annex No. 1 of these Standards, taking into account the following: 18.2.1. If compliance with the requirements of the legislation and these Standards for each component of the self-assessment management system is evaluated positively, the report may conclude with a note to that effect. If deficiencies were identified in a specific area during the previous calendar year and measures were taken to address them in the current calendar year, the Board of Directors should clearly explain these deficiencies and the actions taken to correct them to justify a positive assessment of the self-assessment. 18.2.2. If the self-assessment on certain components is evaluated negatively, the report should indicate the information on the circumstances and deficiencies that led to this. 18.3. Part 2 of the report should contain a list of measures taken or to be taken to eliminate the deficiencies identified by the Management Board. 18-1. Information disclosure 18-1.1. The information used in insurer’s decision-making, as well as data disclosed to the public, should be adequate, comprehensive, reliable, up-to-date, accessible, and consistent. Relevant information should comply with the principles of credibility, clarity, timeliness, materiality, relevance, and comparability, when disclosed, a balance should be maintained between transparency and commercial interests, and any information classified as confidential by law should be protected. Data disclosed to the public should not contradict the data submitted by the insurer to the Central Bank. 18-1.2. An activity report (hereinafter – the Activity Report), which includes general information about the insurer’s operations as well as information on solvency, financial condition, and market conduct (disclosure of market conduct information does not apply to reinsurers), is prepared annually as per Annex 3 to these Standards. The Activity Report is published within 5 (five) months after the end of each calendar year in a clearly visible, accessible, and structured section of the insurer’s official website, grouped by years and in a ‘PDF’ or other exportable format. 18-1.3. The insurer also prepares the tables specified in Annexes 4–17 to these Standards quarterly and publishes them within 15 (fifteen) business days after the end of each quarter in a clearly visible, accessible, and structured section of its official website, grouped by years and in ‘Excel’ or other exportable formats. 18-1.4. The insurer may include additional information in the tables specified in Annexes 4–17 to these Standards. 18-1.5. If there are significant changes to the data in the Activity Report referred to in Item 18- 1.2 of these Standards, the insurer, without delay, publishes the updated Activity Report on its official website as of the date of the changes. 18-1.6. Publicly disclosed information should be retained on the insurer’s official website for at least 5 (five) years from the date of its publication. The publication date and the contact details (first

and last names, phone number, email address) of the person responsible for responding to inquiries related to the disclosed information should be indicated. Additionally, such information may be published and/or broadcast through media outlets. 18-1.7. Publicly disclosed data are signed by the Chairperson of the Management Board and the Chief Financial Officer of the insurer. 19. Final provisions 19.1. Within 18 (eighteen) months from the date of entry into force of these Standards, insurers should establish an RMC and structural units engaged in control functions in accordance with the requirements of these Standards, appoint members of the committee, including persons responsible for control functions, heads of structural units, and ensure the full operation of these structural units. 19.2. Systemically important insurers should ensure the implementation of the issues specified in Item 19.1 herein within 12 (twelve) months, even if the original time limit allowed for 18 (eighteen) months. 19.3. The reports specified in Items 17.11 and 18.1 of these Standards should be submitted by insurers starting from reporting on the results of 2024. 19.4. The strategic plan valid for the current period approved by insurers should be submitted to the Central Bank by 30 June 2024. 19.5. From the date of entry into force of these Standards, the insurer is required to evaluate the compliance of the corporate governance with these Standards every three months and submit the results to the Central Bank within 15 (fifteen) working days after the evaluation is completed. 19.6. The Activity Report referred to in Item 18-1.2 of these Standards is disclosed by insurers based on the results of the year 2025, and the quarterly information referred to in Item 18-1.3 of these Standards is disclosed starting from the reporting period of the third quarter of 2025.

Annex 1 to the ‘Corporate governance standards in insurers’ Report on assessment of corporate governance system effectiveness

1. Corporate governance structure, remuneration and shareholders 1.1. The corporate governance structure: a) the Board of Directors (composition, duties, activities). b) the Management Board (composition, duties, activities). c) special committees subordinated to the Board of Directors (composition, duties, activities). 1.2. the Remuneration policy: a) Policy description b) Description of implementation processes 1.3. Shareholders, description of the process of tracking changes in their composition.
2. Fit and proper qualities, positions in other legal entities and related party transactions 2.1. Fit and proper qualities: a) description of fit and proper requirements b) Description of implementation processes 2.2. Internal rules on members of the Board of Directors holding positions in other legal entities: a) description of internal rules b) Description of implementation processes 2.3. Description of operations and monitoring processes for providing loans or guarantees for the benefit of related parties
3. The risk management system 3.1. The risk management system: a) Risk appetite and risk limits framework b) Description of risk management policies c) Description of the risk identification, evaluation, management and monitoring system d) Description of the risk reporting system e) Description of implementation processes 3.2. Description of the contingency plan
4. The internal control system 4.1. The risk management function (position in the organizational structure, independence, composition, duties, activities) 4.2. The compliance function (position in the organizational structure, independence, composition, duties, activities).

4.3. The actuary function (position in the organizational structure, independence, composition, duties, activities. 4.4. The internal audit function (position in the organizational structure, independence, composition, duties, activities). 5. Other governance aspects 5.1. Information on the insurer’s peer group (if the insurer is a part of the group beyond the Central Bank’s supervision) 5.2. Other matters deemed necessary by the insurer for the governance system assessment.

Annex 2 to the ‘Corporate governance standards for insurers’ Report on the amount of compensation paid to members of the Board of Directors and special category employees in manats No 1st, last, middle names Position (a member of the Board of Directors, a member of the Management Board, a responsible person of the control function, other special category employees) Annual salary Annual reward (in the form of money) Annual reward (non￾monetary) Additional information on annual compensation Deferred portion of annual reward in percentage (in the form of money) Deferred portion of annual reward in percentage (non￾monetary) 1 2 3 4 5 6 7 8 9 10

Annex 3 to the ‘Corporate Governance Standards for Insurers’ Activity Report Form Summary of the report A. Institutional activities of the insurer and results of its business operations A.1. Information on the institutional activities of the insurer A.2. Information on results of business operations A.3. Information on investment activities A.4. Key financial indicators A.5. Other significant income and expense information not related to insurance activities A.6. Other significant information B. Corporate governance framework B.1. Information on the corporate governance framework B.2. Information on the internal control system B.3. Information on the internal audit function B.4. Information on the actuarial function B.5. Information on the risk management system B.6. Information on outsourcing B.7. Other significant information C. Classification of assets and liabilities C.1. Assets C.2. Liabilities C.3. Insurance reserves C.4. Other significant information D. Capital management D.1. Balance capital D.2. Total regulatory capital, required capital, required solvency level D.3. Other significant information E. Market conduct of the insurer E.1. Information on the market conduct of the insurer E.2. Other significant information F. Additional information

Activity Report Content

1. Summary of the report 1.1. The report should include a summary that briefly covers the key points mentioned in its content and is presented in a clear and understandable manner. The summary of the report should provide information that helps create a clear understanding of the following sections: 1.1.1. Institutional activities of the insurer and results of its business operations 1.1.2. Corporate governance framework 1.1.3. Classification of assets and liabilities 1.1.4. Capital management 1.1.5. Market conduct of the insurer 1.2. The summary of the report should highlight any significant changes made during the reporting period in the sections listed in Para 1.1 of this Annex
2. Institutional activities of the insurer and results of its business operations 2.1. The report should include the following information on insurer’s institutional activities: 2.1.1. the insurer’s name, organizational-legal form, TIN, legal and actual address, and information on the license number and date permitting the insurer to carry out insurance and, if applicable, reinsurance activities. 2.1.2. if the insurer is part of a group of companies (holding) operating in various sectors, the name and contact details of the group (holding). 2.1.3. main insurance classes in which the insurer operates. 2.1.4. information on insurer’s local and foreign branches and representative offices, as well as subsidiaries. 2.1.5. names and contact details of insurer’s local and foreign independent auditors, and information on the scope of audits conducted. 2.1.6. information on shareholders who hold a corresponding participation share in the insurer's charter capital, in accordance with the requirements of the legislation on the securities market, and their respective shareholdings. 2.1.7. if the insurer is part of a group of companies (holding) operating in various sectors, information on the insurer’s position within the organizational structure of the group (holding). 2.1.8. information on the insurer’s development policy (strategic vision, mission statement, strategic goals) 2.1.9. if applicable, information on the ratings assigned to the insurer (name of the rating agency, date the rating was assigned, the insurer’s current and previous ratings, etc.). 2.1.10. if applicable, any other information reflecting significant changes in the insurer’s activities during the reporting period. 2.2. The report should present the following information on results of the insurer’s business operations in a comparative manner with the reporting date of the previous year: 2.2.1. overall results of insurer’s business operations – as per Annex 4 to these Standards. 2.2.2. results of business operations by main insurance classes – separately indicated and as per Annexes 5 and 6 to these Standards. 2.3. The report should present the following information on insurer’s investment activities in a comparative manner year-over-year: 2.3.1. information on key investment assets – as per Annex 7 to these Standards.

2.3.2. information on income derived from investments and expenses related to investment management – as per Annex 8 to these Standards. 2.4. Insurer’s key financial indicators should be presented in the report in a comparative manner year-over-year. 2.5. Information on other significant income and expenses not related to the insurer’s insurance activity should be presented in the report in a comparative manner year-over-year. 2.6. Any other significant information related to the insurer’s institutional activity and results of business operations, if applicable, should be presented in a separate section of the report. 3. Corporate governance framework 3.1. The report should include the following information regarding the insurer’s corporate governance framework: 3.1.1. the organizational structure. 3.1.2. a brief description of main responsibilities of the Board of Directors, Management Board, as well as structural units performing functions under Defense lines 2 and 3. 3.1.3. information on committees, their main responsibilities, and composition. 3.1.4. if applicable, any significant changes in the insurer’s corporate governance during the reporting period. 3.2. The report should include the following information on the insurer’s internal control system: 3.2.1. a description of internal control system. 3.2.2. a general description of the implementation of the compliance function. 3.3. The report should include the following information on the insurer’s internal audit function: 3.3.1. a general description of the implementation of the internal audit function. 3.3.2. a general description of how the independence and objectivity of the internal audit function are ensured. 3.4. The report should include a general description of the implementation of the insurer’s actuarial function. 3.5. The report should include the following information regarding the insurer’s risk management system: 3.5.1. a general description of the types of risks faced, the risk management process, the risk control mechanisms, and the implementation of the risk management function. 3.5.2. a general description of how the risk management system is integrated into the insurer’s organizational structure and decision-making processes. 3.6. If applicable, the report should include the insurer’s outsourcing policy, a description of the justification for outsourcing, and a list of outsourced entities. 3.7. Any other significant information related to the insurer’s corporate governance, if applicable, should be presented in a separate section of the report. 4. Classification of assets and liabilities 4.1. The report should present the amount of assets in a comparative manner year-over-year, as per Annex 9 to these Standards. Alongside the table, explanations of significant differences for each asset group, as well as a general description of the principles, methods, and key assumptions used for valuation purposes should be provided.

4.2. The report should present the amount of liabilities in a comparative manner year-over-year, as per Annex 10 to these Standards. Alongside the table, explanations of significant differences for each liability group, as well as a general description of the principles, methods, and key assumptions used for valuation purposes should be provided. 4.3. The report should present the amount of insurance reserves in a comparative manner year￾over-year, both in aggregate and separately by main insurance classes, as per Annexes 11 and 12 to these Standards. Alongside the table, explanations of significant differences for each group of insurance reserves, as well as a general description of the principles, methods, and key assumptions used for valuation purposes should be provided. 4.4. Any other significant information regarding the insurer’s assets and liabilities, if applicable, should be presented in a separate section of the report. 5. Capital management 5.1. The report should present the amount of the insurer's balance capital in a comparative format year-over-year, as prescribed in Annex 13 to these Standards. 5.2. The report should specify the insurer’s total regulatory capital, required capital — including solvency capital requirement and the minimum amount of required capital — as well as the capital buffer amount in a comparative format year-over year, as per Annex 14 to these Standards. 5.3. The report should include a separate section describing any instance(s) during the reporting period where the insurer's total regulatory capital failed to meet the required capital, indicating the duration and maximum amount of such non-compliance, the reasons causing the discrepancy, the measures taken to eliminate the non-compliance, and the effects of those measures. 5.4. Any other significant information related to the management of the insurer’s capital, if applicable, should be presented in a separate section in the report. 6. Market conduct of the insurer 6.1. The report should include the following information on the insurer's market conduct: 6.1.1. a general description of the insurer’s strategic vision concerning fair treatment of customers, protection of personal information confidentiality, and timely and fair assessment of claims 6.1.2. statistics on insurance claims and complaints received by the insurer for major insurance types, prepared as per Annexes 15 and 16 to these Standards, respectively 6.1.3. information on insurance agreements for major insurance types, prepared as per Annex 17 to these Standards 6.1.4. general description of the process for lodging and managing complaints 6.1.5. a general description of the dispute resolution mechanisms. 6.2. Any other significant information regarding the insurer’s market conduct, if applicable, should be presented in a separate section in the report. 7. Additional information The insurer may disclose to the public any information not specified in Sections 1–6 of this Annex and not required by legislation to be disclosed to the public, provided that such disclosure does not contradict the information submitted to the Central Bank

Annex 4 to the ‘Corporate Governance Standards for Insurers’ General results of insurer’s business operations (in manats) Reporting date (dd/mm/yy) Year-over-year (dd/mm/yy) Difference Income, including: Main operating income Investment income Change in net insurance reserves Other income Expenses, including: Main operating expenses Maintenance cost Other expenses Financial profit/loss Profit tax Net profit/loss

Annex 5 to the ‘Corporate Governance Standards for Insurers’ Results of business operations – non-life insurance (in manats) Insurance classes Reporting date (dd/mm/yy) Year-over-year (dd/mm/yy) Difference Insurance premiums calculated Insurance payments Loss ratio Insurance premiums calculated Insurance payments Loss ratio Insurance premiums calculated Insurance payments Loss ratio Key insurance classes related to personal insurance, including: Key insurance classes related to property insurance, including:

Key insurance classes related to civil liability insurance, including:

Other insurance classes Total Note: The loss ratio is calculated as specified in the ‘Regulation on formation of life insurance and non-life insurance reserves.’

Annex 6 to the ‘Corporate Governance Standards for Insurers’ Results of business operations – life insurance (in manats) Insurance classes Reporting date (dd/mm/yy) Year-over-year (dd/mm/yy) Difference Insurance premiums Insurance payments Insurance premiums Insurance payments Insurance premiums Insurance payments Key insurance classes Other insurance classes Total

Annex 7 to the ‘Corporate Governance Standards for Insurers’ Information on investment portfolio (in manats) Investments Reporting date (dd/mm/yy) Year-over-year (dd/mm/yy) Difference Bonds, including: government bonds non-government bonds Stocks Assets placed with investment funds Derivative financial instruments Real estate (not for own use) Deposits Other investments Total

Annex 8 to the ‘Corporate Governance Standards for Insurers’ Information on net investment income/loss (in manats) Bonds Stocks Deposits Real estate Other investments Total Reporting date (dd/mm/y y) Year-over￾year (dd/mm/y y) Reporting date (dd/mm/y y) Year-over￾year (dd/mm/y y) Reporting date (dd/mm/y y) Year-over￾year (dd/mm/y y) Reporting date (dd/mm/y y) Year-over￾year (dd/mm/y y) Reporting date (dd/mm/y y) Year-over￾year (dd/mm/y y) Reporting date (dd/mm/y y) Year-over￾year (dd/mm/y y) Interest / dividend income Realized gains/losse s Revaluatio n Investmen t expenses Net investme nt income/lo ss

Annex 9 to the ‘Corporate Governance Standards for Insurers’ Information on asset classification (in manats) Assets Reporting date (dd/mm/yy) Year-over￾year (dd/mm/yy) Difference Cash and cash equivalents, including: Funds in national currency accounts Funds in foreign currency accounts Other cash funds Investment assets, including: Bonds Investments accounted for using the equity method Stocks Assets placed with investment funds Derivative financial instruments Real estate (not for own use) Deposits Other investment assets Accounts receivable, including: Direct insurance Reinsurance Insurance intermediaries Other receivables Share of reinsurers in insurance reserves, including: Life insurance Non-life insurance Land, premises, equipment (for own use) Intangible assets Deferred tax assets Other assets Total

Annex 10 to the ‘Corporate Governance Standards for Insurers’ Information on classification of liabilities (in manats) Liabilities Reporting date (dd/mm/yy) Year-over￾year (dd/mm/yy) Difference Insurance reserves, including: Life insurance Non-life insurance Interest-bearing liabilities, including: Bank loans Securities Other interest-bearing liabilities Accounts payable, including: Direct insurance Reinsurance Insurance intermediation Other payables Liabilities arising from derivative financial instruments Other liabilities Total

Annex 11 to the ‘Corporate Governance Standards for Insurers’ Information on classification of general non-life insurance reserves (in manats) Insurance reserves Reporting date (dd/mm/yy) Year-over-year (dd/mm/yy) Difference Unearned premium reserves Loss reserves Other insurance reserves Total Information on classification of insurance reserves on non-life insurance classes (in manats) Insurance classes Reporting date (dd/mm/yy) Year-over-year (dd/mm/yy) Difference Insurance reserves Net insurance reserves (less the share of reinsurers) Insurance reserves Net insurance reserves (less the share of reinsurers) Insurance reserves Net insurance reserves (less the share of reinsurers) Key insurance classes related to personal insurance, including:

Key insurance classes related to property insurance, including: Key insurance classes related to civil liability insurance, including: Other insurance classes Total

Annex 12 to the ‘Corporate Governance Standards for Insurers’ Information on classification of general life insurance reserves (in manats) Insurance reserves Reporting date (dd/mm/yy) Year-over-year (dd/mm/yy) Difference Mathematical reserves Loss reserves Other insurance reserves Total Information on classification of insurance reserves on life insurance classes (in manats) Insurance classes Reporting date (dd/mm/yy) Year-over-year (dd/mm/yy) Difference Insurance reserves Net insurance reserves (less the share of reinsurers) Insurance reserves Net insurance reserves (less the share of reinsurers) Insurance reserves Net insurance reserves (less the share of reinsurers) Key insurance classes Other insurance classes Total

Annex 13 to the ‘Corporate Governance Standards for Insurers’ Information on classification of balance capital (in manats) Capital Reporting date (dd/mm/yy) Year-over-year (dd/mm/yy) Difference Paid-in share capital Share premium Treasury shares (stocks) Capital reserves, including: Revaluation reserves Other capital reserves Retained earnings (unpaid losses) Total

Annex 14 to the ‘Corporate Governance Standards for Insurers’ Information on capital requirements (in manats) Capital Reporting date (dd/mm/yy) Year-over-year (dd/mm/yy) Difference Total regulatory capital Required capital, including: Minimum amount of required capital Solvency capital requirement Capital buffer

Annex 15 to the ‘Corporate Governance Standards for Insurers’ Statistics of insured events Key insurance types Information on insured events Number of unsettled insurance claims at the beginning of the quarter (year) Number of insurance claims during the quarter (year) Number of settled insurance claims during the quarter (year) Number of unsettled insurance claims at the end of the quarter (year) Average time to settle insurance claims Claims adjustment ratio Claim denial ratio Ratio of insurance claims with ongoing legal proceedings during the quarter (year) Number of insurance claims for which payments have been made Number of insurance claims for which payment was denied Total I II III IV V=III+I V VI=(I+II)-V VII VIII = V/(I+II) IX=IV/V X Compulso ry: Volunteer: Note:

1. The ‘Key insurance types’ column includes the names of the voluntary insurance regulations on which the insurance products for compulsory and voluntary insurance types are based.

2. The ‘insurance claim with payment made’ is defined as the date of payment basis when the loss amount is paid in cash; the date the damaged property is handed over to the insured when the repair or restoration of the property is carried out; and the date the service is provided to the insured (policyholder or beneficiary) when services are rendered to eliminate the damage.

3. The indicator in Column VII is calculated as follows: HTM=HT/HS HTM - average time for settling insurance claims HT - the total number of days between the dates, insurance claims were reported to the insurer and the dates they were settled HS - the number of insurance claims settled during the quarter (year)

4. The indicator in Column VIII is calculated as follows: HTƏ=HS/(THS+BHS) HTƏ - insurance claim settlement ratio HS - the number of insurance claims settled within the quarter (or year) THS - number of unsettled insurance claims at the beginning of the quarter (year) BHS - number of insurance claims incurred during the quarter (year)

5. The indicator in Column IX is calculated as follows: IƏ=IHS/BHS IƏ - insurance claim denial ratio IHS – the number of insurance claim denials during the quarter (year) BHS - the number of insurance claims settled during the quarter (year)

6. The indicator in Column X is calculated as follows: SMƏ=SM/BHS SMƏ – ratio of insurance claims with ongoing legal proceedings during the quarter (year) SM - the number of insurance claims with ongoing court cases against the insurer during the quarter (year), excluding mutual subrogation claims between insurers BHS - the number of insurance claims that occurred in the last 1 year

Annex 16 to the ‘Corporate Governance Standards for Insurers’ Statistics of complaints Key insurance types Information on claims Number of unresolved complaints at the beginning of the quarter (year) Number of complaints received during the quarter (year) Number of complaints resolved during the quarter (year) Number of unresolved complaints at the end of the quarter (year) Number of complaints not addressed during the quarter (year) Average resolution time of the complaint Ratio of complaints resolved during the quarter (year) Proportion of unresolved complaints among the complaints resolved during the quarter (year) l II III IV=(I+II)-III V VI VII=III/(I+II) VIII=V/III Compulsory: Volunteer: Qeyd:

1. The ‘key insurance types’ column includes the names of compulsory and voluntary insurance rules on which the insurance product is based for voluntary insurance types.

2. Complaints cover both verbal and written complaints received by the insurer.

3. Complaints are considered resolved if the consumer has been provided with an explanation, if the complaint was not upheld, partially upheld, fully upheld, was forwarded to the relevant authority due to lack of jurisdiction.

4. Complaints under consideration are considered unresolved.

5. Complaints regarding loss assessment and cases of denial to pay insurance compensation are considered unresolved complaints.

6. The indicator in Column VI is calculated as follows: ŞM=ŞT/ŞS ŞM - average resolution time of the complaint ŞT - total of the day differences between the date the complaints were received and the date they were resolved ŞS - the number of complaints resolved during the quarter (year)

7. The indicator in Column VII is calculated as follows: ŞƏ=ŞS/(HŞS+RŞS) ŞƏ - resolution rate of complaints during the quarter (year) ŞS - number of complaints resolved during the quarter (year) HŞS - number of unresolved complaints at the beginning of the quarter (year) RŞS - number of complaints received during the quarter (year)

8. The indicator in Column VIII is calculated as follows: TŞP=TŞS/SŞ TŞP- proportion of complaints that were not upheld among those resolved during the quarter (year) TŞS- number of unresolved/rejected complaints during the quarter (year) ŞS- number of complaints resolved during the quarter (year)

Annex 17 to the ‘Corporate Governance Standards for Insurers’ Information on insurance agreements Key insurance types Insurance agreements renewal rate Compulsory: Volunteer: Note:

1. The ‘Key insurance types’ column includes the names of the voluntary insurance regulations on which the insurance product is based for compulsory and voluntary insurance types.
2. The indicator in the ‘Insurance agreements renewal rate’ is calculated as follows: YƏ=YS/(QSM + SM) YƏ - insurance agreements renewal rate YS - number of renewed insurance agreements during the quarter (year) QSM – number of expired, not renewed agreements by the same insured at the end of the previous quarter (year) SM – number of expired insurance agreements during the quarter (year)