Star Health Insu Management Discussions


Global economy

Overview

The global economic growth was estimated at a slower 3.2% in 2022, compared to 6% in 2021 (which was on a smaller base of 2020 on account of the pandemic effect). The relatively slow global growth of 2022 was marked by the Russian invasion of Ukraine, unprecedented inflation, pandemic-induced slowdown in China, higher interest rates, global liquidity squeeze and quantitative tightening by the US Federal Reserve.

The challenges of 2022 translated into moderated spending, disrupted trade and increased energy costs. Global inflation was 8.7% in 2022, among the highest in decades. US consumer prices decreased about 6.5% in 2022, the highest in four decades. The Federal Reserve raised its benchmark interest rate to its highest in 15 years. The result is that the world ended in 2022 concerned that the following year would be slower. The global equities, bonds, and crypto assets reported an aggregated value drawdown of USD26 trillion from peak, equivalent to 26% of the global gross domestic product (GDP). In 2022, there was a concurrently unique decline in bond and equity markets; 2022 was the only year when the S&P 500 and 10-year US treasuries delivered negative returns of more than 10%.

Gross FDI inflows – equity, reinvested earnings and other capital – declined

8.4% to USD 55.3 billion in April-

December. The decline was even sharper in the case of FDI inflows as equity: these fell 15% to USD 36.75 billion between April and December 2022. Global trade expanded by 2.7% in 2022 (expected to slow to 1.7% in 2023).

The S&P GSCI TR(Global benchmark for commodity performance) fell from a peak of 4,319.55 in June 2022 to 3495.76 in December 2022. There was a decline in crude oil, natural gas, coal, lithium, lumber, cobalt, nickel and urea realisations. Brent crude oil dropped from a peak of around USD 120 per barrel in June 2022 to USD 80 per barrel at the end of the calendar year following the enhanced availability of low-cost Russian oil.

Regional growth (%) FY 22-23 FY 21-22
World output 3.2 6.1
Advanced economies 2.5 5
Emerging and developing economies 3.8 6.3

Performance of major economies

United States: Reported GDP growth of 2.1% compared to 5.9% in 2021

China: GDP growth was 3% in 2022 compared to 8.1% in 2021

United Kingdom: GDP grew by 4.1% in 2022 compared to 7.6% in 2021

Japan: GDP grew 1.7% in 2022 compared to 1.6% in 2021

Germany: GDP grew 1.8% compared to 2.6% in 2021

Source: PWC report, EY report, IMF data, OECD data

Outlook

The global economy is expected to grow 2.8% in 2023, influenced by the ongoing Russia-Ukraine conflict. Concurrently, global inflation is projected to fall marginally to 7%. Despite these challenges, there are positive elements within the global economic landscape. The largest economies like China, the US, the European Union, India, Japan, the UK, and South Korea are not in a recession. Approximately 70% of the global economy demonstrates resilience, with no major financial distress observed in large emerging economies. The energy shock in Europe did not result in a recession, and significant developments, including Chinas progressive departure from its strict zero-Covid policy and the resolution of the European energy crisis, fostered optimism for an improved global trade performance. Despite high inflation, the US economy demonstrated robust consumer demand in 2022. Driven by these positive factors, global inflation is likely to be still relatively high at 4.9% in 2024. Interestingly, even as the global economy is projected to grow less than 3% for the next five years, India and China are projected to account for half the global growth.

(Source: IMF).

Indian economy

Overview

Even as the global conflict remained geographically distant from India, ripples comprised increased oil import bills, inflation, cautious government and a sluggish equity market. Indias economic growth is at 7.2% in FY 22-23. India emerged as the second fastest-growing G20 economy in FY 22-23. India overtook UK to become the fifth-largest global economy. India surpassed China to become the worlds most populous nation.

(Source: IMF, World Bank)

Growth of the Indian economy

FY 20 FY 21 FY 22 FY 23
Real GDP growth(%) 3.7 -6.6% 8.7 7.2

Growth of the Indian economy quarter by quarter, FY 22-23

Q1 FY 23 Q2 FY 23 Q3 FY 23 Q4 FY 23
Real GDP growth (%) 13.1 6.3 4.4 6.1

Source: Budget FY 23-24; Economy Projections, RBI projections

According to the India Meteorological Department, the year 2022 delivered 8% higher rainfall over the long-period average. Due to unseasonal rains, Indias wheat harvest was expected to fall to around 102 million metric tons (MMT) in 2022-23 from 107 MMT in the preceding year. Rice production at 132 million metric tons (MMT) was almost at par with the previous year. Pulses acreage grew to 31 million hectares from 28 million hectares. Due to a renewed focus, oilseeds area increased 7.31% from 102.36 lakh hectares in 2021-22 to 109.84 lakh hectares in 2022-23.

Indias auto industry grew 21% in FY 22-23; passenger vehicle (UVs, cars and vans) retail sales touched a record 3.9 million units in FY 22-23, crossing 3.2 million units in FY 18-19. The commercial vehicles segment grew 33%. Two-wheeler sales fell to a seven-year low; the three-wheeler category grew 84%. Till the end of Q3 FY 22-23, total gross non-performing assets (NPAs) of the banking system fell to 4.5% from 6.5% a year ago. Gross NPA for FY 22-23 was expected to be 4.2% and a further drop is predicted to 3.8% in FY 23-24.

As Indias domestic demand remained steady amidst a global slowdown, import growth in FY 22-23 was estimated at 16.5% to USD 714 billion as against USD 613 billion in FY 21-22. Indias merchandise exports were up 6% to USD 447 billion in FY 22-23. Indias total exports (merchandise and services) in FY 22-23 grew 14% to a record of USD 775 billion in FY 22-23 and is expected to touch USD 900 billion in FY 23-24. Till Q3 FY 22-23, Indias current account deficit, a crucial indicator of the countrys balance of payments position, decreased to USD 18.2 billion, or 2.2% of GDP. Indias fiscal deficit was estimated in nominal terms at

~ H17.55 lakh crore and 6.4% of GDP for the year ending March 31, 2023. (Source: Ministry of Trade & Commerce) Indias headline foreign direct investment (FDI) numbers rose from USD 74.01 billion in 2021 to a record USD 84.8 billion in FY 21-22, a 14% Y-o-Y increase, till Q3 FY 22-23. India recorded a robust USD 36.75 billion of FDI. In FY 22-23, the government was estimated to have addressed 77% of its disinvestment target ( H 50,000 crore against a target of H65,000 crore).

Indias foreign exchange reserves, which had witnessed three consecutive years of growth, experienced a decline of approximately USD 70 billion in 2022, primarily influenced by rising inflation and interest rates. Starting from USD 606.47 billion on April 1, 2022, reserves decreased to USD 578.44 billion by March 31, 2023. The Indian currency also weakened during this period, with the exchange rate weakening from H75.91 to a US dollar to H82.34 by March 31, 2023, driven by a stronger dollar and increasing current account deficit. Despite these factors, India continued to attract investable capital.

The countrys retail inflation, measured by the consumer price index (CPI), eased to 5.66% in March 2023. Infiation data on the Wholesale Price Index, WPI (calculates the overall price of goods before retail) eased to 1.3% during the period. In 2022, CPI hit its highest of 7.79% in April; WPI reached its highest of 15.88% in May 2022. By the close of the year under review, inflation had begun trending down and in April 2023 declined below 5%, its lowest in months.

Indias total industrial output for FY 22-23, as measured by the Index of Industrial Production or IIP, grew 5.1% year-on-year as against a growth of 11.4% in FY 21-22. India moved up in the Ease of Doing Business (EoDB) rankings from 100th in 2017 to 63rd in 2022. As of March 2023, Indias unemployment rate was 7.8%. In 2022-23, total receipts (other than borrowings) were estimated at 6.5% higher than the Budget estimates. Tax-GDP ratio was estimated to have improved by 11.1% Y-o-Y in RE 2022-23. The total gross collection for FY 22-23 was H18.10 lakh crore, an average of H1.51 lakh a month and up 22% from FY 21-22, Indias monthly goods and services tax (GST) collections hit the second highest ever in March 2023 to H1.6 lakh crore. For 2022–23, the government collected H16.61 lakh crore in direct taxes, according to data from the Finance Ministry. This amount was 17.6% more than what was collected in the previous fiscal.

Per capita income almost doubled in nine years to H172,000 during the year under review, a rise of 15.8% over the previous year. Indias GDP per capita was USD 2,320 (March 2023), close to the magic figure of USD 2500 when consumption spikes across countries. Despite headline inflation, private consumption in India witnessed continued momentum and was estimated to have grown 7.3% in 2022-23.

Outlook

There are green shoots of economic revival, marked by an increase in rural growth during the last quarter and appreciable decline in consumer price index inflation to less than 5% in April 2023. India is expected to grow around 6-6.5% (as per various sources) in FY 23-24, catalysed in no small measure by the governments 35% capital expenditure growth by the government. The growth could also be driven by broad-based credit expansion, better capacity utilisation and improving trade deficit. Headline and core inflation could trend down. Private sector investments could revive. What provides optimism is that even as the global structural shifts are creating a wider berth for Indias exports, the country is making its largest infrastructure investment. This unprecedented investment is expected to translate into a robust building block that, going ahead, moderates logistics costs, facilitates a quicker transfer of products and empowers the country to become increasingly competitive. This can benefit Indias exports in general, benefiting several sectors. The construction of national highways in 2022-23 was 10,993 kilometres; the Ministry of Road Transport and Highways awarded highway contracts of 12,375 km in the last financial year (Source: IMF). The global landscape favours India: Europe is moving towards a probable recession, the US economy is slowing, Chinas GDP growth forecast of 4.4% is less than Indias GDP estimate of 6.8% and America and Europe are experiencing its highest inflation in 40 years.

Indias production-linked incentive appears to catalyse the downstream sectors. Infiation is steady. India is at the cusp of making significant investments in renewable energy and other sectors and emerging as a suitable industrial supplement to China. India is poised to outpace Germany and Japan and emerge as the third-largest economy by the end of the decade. The outlook for private business investment remains positive despite an increase in interest rates. India is less exposed to Chinese economic weakness, with much less direct trade with China than many Asian peers. Broad-based credit growth, improving capacity utilisation, governments thrust on capital spending and infrastructure should bolster investment activity. According to our surveys, manufacturing, services and infrastructure sector firms are optimistic about the business outlook. The downside risks are protracted geopolitical tensions, tightening global financial conditions, and slowing external demand.

Union Budget FY 23-24 provisions

The Budget 2022-23 sought to lay the foundation for the future of the Indian economy by raising capital investment outlay by 33% to H10 lakh crore, equivalent to 3.3% of GDP and almost three times the 2019-20 outlay, through various projects like PM Gatishakti, Inclusive Development, Productivity Enhancement & Investment, Sunrise Opportunities, Energy Transition and Climate Action, as well as Financing of

Investments. An outlay of H5.94 lakh crore was made to the Ministry of Defence (13.18% of the total Budget outlay). An announcement of nearly H20,000 crore was made for the PM Gati Shakti National Master Plan to catalyse the infrastructure sector. An outlay of H1.97 lakh crore was announced for Production Linked Incentive schemes across 13 sectors. The Indian government intends to accelerate road construction in FY 23-24 by 16-21% to 12,000-12,500 km. The overall road construction project pipeline remains robust at 55,000 km across various execution stages. These realities indicate that a structural shift is underway that could strengthen Indias positioning as a long-term provider of manufactured products and its emergence as a credible global supplier of goods and services.

Indian health insurance sector

Since two decades, the Indian insurance market has grown at a CAGR of 17% with an estimated valuation of USD 131 billion in FY 22-23. Health insurance is a major contributor to the Indian insurance market, accounting for 29% of the total insurance market.

The growth in the health insurance industry is credited to factors such as increasing per capital income, population growth, accelerating urbanisation and rising market penetration.

Indias retail health insurance market accounted for 50% of the insurance market and was valued at an estimated USD 4 billion in FY 21-22. Moving forward, retail health insurance is expected to increase 5.3x to a projected

USD 25 billion. This growth is expected to be catalysed by factors such as an increasing demand for health insurance, surging healthcare and hospitalisation costs, rising awareness around health and health insurance as well as interest from global and domestic investors.

(Source: Livemint, InvestIndia, Statista)

4 forces widening insurance sector opportunities

Growing awareness of personal risk and uncertain availability of socially funded benefits

Near-term tailwinds from rising nominal rates, but real rates may remain low for long

The growing role of technology

Rise of Asian economies and the return of geopolitics

Source: McKinsey

Indias health insurance penetration

18 % people in urban areas covered under any kind of health insurance scheme in India

14 % of people in rural area covered under any kind of health insurance scheme

75 % of Indians not covered by any government or private health insurance scheme Source: thehindubusinessline. com, acko.com

43.7 % adults are covered by public or private health insurance in the United Kingdom in 2022 Source: grandviewresearch

66 % of people covered by private health insurance in the United States in 2021

Indian travel insurance sector

The Indian travel insurance market was estimated to be USD 892.29 million in 2022 and estimated at USD 2011.25 million by 2027, growing at a CAGR of 17.65%.

Travel insurance hedges unanticipated events during domestic or international travel such as stolen or lost property, emergency medical treatment, accidental death, trip cancellations and disruptions, baggage loss or delay, etc.

The period of insurance starts from the day of travel until one returns. The travel insurance market in India accounts for less than 1% of the global insurance industry. However, this scenario is expected to transform owing to increasing travel for personal, business and educational purposes, making travel insurance a necessity.

The coverage for financial losses incurred during domestic or international travel is also included, which is expected to drive the growth of the travel insurance market in India. However, the lack of awareness about insurance policies may hinder the growth of the market. In a bid to attract consumers, companies are now offering round-the-clock emergency services, like replacing lost passports, financial aid and _ight rescheduling and allow customisation based on the insureds location and specific needs.

Source: researchandmarkets, mordorintelligence

Indian accident insurance sector overview and new guidelines

Each year, around 150,000 individuals lose their lives on roads in India. On an average, this equates to 1,130 accidents and 422 fatalities daily, or roughly 47 accidents and 18 deaths per hour. As a result of this trend, there has been a growing demand for personal accident insurance among the Indian population. Various policies have been introduced in the nation to offer coverage against these accidents and provide necessary protection.

From April 1, 2021, the Insurance Regulatory and Development Authority of India (IRDAI) mandated that all general and health insurance companies must provide a standardised personal accident insurance plan known as Saral

Suraksha Bima. This move is expected to encourage the growth of personal accident insurance coverage in India. The personal accident insurance industry in India is expected to grow steadily at a rate of 4.43% each year from 2023 to 2030. This growth is because companies now have to include accident insurance for their employees and such coverage is also being added to motor and travel insurance plans. More people are learning about standalone accident insurance because group policies dont offer as many benefits.

The new rules for standard personal accident insurance will include coverage for death and disabilities within a one-year period. The insured amount can be in multiples of H50,000, starting from a minimum of H250,000 up to a maximum of H10 million. Insurance companies can offer additional benefits and optional coverage like temporary total disablement and hospitalisation expenses. They can also set prices for these options as long as they follow the rules from the IRDAI. This will encourage insurers to try out new types of insurance and create unique and personalised plans.

Source: The Hindu Business Line, GlobalData, marketwatch.com, morth.nic.in

Growth drivers

Population growth: In 2023, India overtook China as the worlds most populous country.

Demographic shift: In 2022, the average age of an Indian was 28.7 years. More than half of Indias population was under 25 years of age. The consumer market was largely driven by millennials (15-34 years).

Middle-class power: India is expected to form 23% of the global middle class, growing households earning between USD10,000 and USD50,000 per year till 2028, widening their wallet share for insurance.

Urbanisation: By 2030, India will have more than 70 cities, compared to only 55 cities in the USA, in terms of population, catalysing healthcare and insurance demand.

Growing literacy: In 2022, Indias literacy rate was 79.1% as against 74.04% in 2021, the increase indicating a growing understanding of insurance products and benefits.

Rise in lifestyle diseases: India has approximately 101 million diabetic patients and 60% patients with heart disease, which indicates that India has a large population with a number of lifestyle diseases. These diseases usually transform into terminal illnesses, which require a large spending, encouraging a preference for health insurance.

Source: India today, economictimes.com

Policy support: IRDAI directed and proposed a number of policies for travel and accident care, which will come with a single premium payment option and collected in advance with no restrictions on minimum and maximum age of entry. Additionally, it is mandatory to offer Saral Suraksha Bima, the standard personal accident insurance for all general and health insurers in India from April 1, 2021.

Rural-centric approach: Insurance companies in India must demonstrate sustained dedication to rural development and tailor products to align with rural population needs. Government insurance initiatives like Pradhan Mantri Jan Arogya Yojana, Pradhan Mantri Fasal Bima Yojana, Pradhan Mantri Suraksha Bima Yojana, and Pradhan Mantri Jeevan

Jyoti Bima Yojana exemplify positive strides in this direction.

Mobile penetration: Improved mobile penetration, connectivity and data speed, along with Aadhaar and bank account penetration, have facilitated Indias transition from a cash-based to a digital economy. India has witnessed a dramatic increase in internet users over the past few years with 60% internet penetration as a percentage of the total population in 2021 compared to less than 30% in 2016.

Source: The Wire, Statista, The Hindu Business Line, India Infoline, Livemint

Company overview

Star Health is one of Indias biggest private health insurers with a market share of 14.07% in FY 22-23. The companys health insurance policies were mainly distributed through individual agents, who accounted for a significant percentage of the gross written premium (GWP) in FY 22-23. The total number of individual agents grew at a CAGR of 13.89 %, reaching 0.63 million in FY 22-23. The company trained 0.362 million individual agents, representing 57% of its total number of individual agents. Corporate agent banks and other corporate agents also contributed to the companys GWP. The company leads the non-public health insurance market in terms of new branch openings since FY 17-18, with a branch network over 2.38 times larger than the next largest provider. As of March 31, 2022, the company had a distribution network of 835 health insurance branches across 25 States and 5 Union Territories in India, supplemented by 369 sales managers stations and 6468 sales managers. Other distribution channels include direct online sales, brokers, insurance marketing firms and web aggregators. The corporate agent banks and other corporate agents accounted for 2180 million and 210 million, respectively, of the companys GWP in FY 21-22. Broad and variable range of coverage options are offered by the company, mainly for retail health, group health, personal accident and overseas travel, which accounted for 92.26%, 6.23% , 1.50% and 0.02% respectively, of our total GWP in FY 22-23 The products target a variety of customer segments including individuals, families, students, senior citizens, as well as persons with pre-existing medical conditions across the broader middle market customer segment. The products include family floater products, in which the sum insured extends the coverage to the entire family on the payment of a single annual premium; individual products, which are best fit to the individual needs; and specialised products, which focus on customers with pre-existing conditions, after considering the associated risks. These specialised products are developed by the company through its creative product development process and analysis of market demand and coverage gaps using market leading claims processing experience of approximately 8.95 million claims processed since our inception until March 31, 2022. From FY 17-18 to February 2022, the Company launched 44 new products (including all variations of policies). The Family Health Optima Insurance Plan, Star Comprehensive Insurance Policy, Senior Citizens Red Carpet Health Insurance Policy and Medi Classic Insurance Policy (Individual) contribute to 75.2% of the Companys retail health business.

Financial performance and ratios

The operating profit margin was 6.3%, mainly due to a higher claims ratio owing to COVID-19 claims impact. Financial performance in terms of Net Profit margin stood at 11.4%, which was comparatively better than the operational performance because of a higher investment income with an annualised investment yield of 6.94%.

The various financial ratios are as given below:

ROE 10.49%
Combined ratio 95.33%
Loss ratio 65.00%
Expense ratio 30.33%
Retail growth rate 17.95%

Net Profit Margin (%) or sector-specific equivalent ratios, as applicable

5%

Details of any change in Return on Net Worth as compared to the immediately previous financial year along with a detailed explanation thereof

Return on closing Net worth has improved from (23.1%) for previous financial year FY 21-22 to 11.4% for the current financial year FY 22-23 due to profit

Internal control systems and their adequacy

The Company has an established internal control system embracing Entity Level Controls (ELC) and Process Level Controls (PLC) to commensurate with the size, scale and complexity of the operations. It provides reasonable assurance about the achievement of the Companys objectives with regard to reliability of financial reporting, effectiveness and efficiency of operations, safeguarding of assets, and compliance with applicable laws and regulations. The Company has adequate control environment which provides appropriate foundation for the other components of the entitys internal control system. It helps in identification and assessment of the risk, enabling implementation of corrective measures. The action plans for the identified risks are documented through risk and control matrices (RACM). A report on identified risks along with the management action plan specifying the timelines are placed before the Audit Committee on quarterly basis, for appraisal. Monitoring activities are carried out by the Internal Audit Department whereby the risk and controls are reviewed on a periodical basis to strengthen and enhance the effectiveness of the existing control system.

Human resources

The Company equips employees based on their skills as it believes that the quality of employees is key to its success, authorising them to consistently evolve with ongoing technological advancements. During the year, the Company organised training programmes in different areas such as technical skills, behavioural skills, business excellence, general management, advanced management, leadership skills, customer orientation, safety, values and code of conduct. The Companys employee strength stood at 14,750 as on March 31, 2023.

Cautionary statement

The Management Discussion and Analysis sections contains your Companys objectives, projections, estimates and expectation may constitute certain statements, which are forward looking within the meaning of applicable laws and regulations.

The statements in this management discussion and analysis report could differ materially from those expressed or implied. Important factors that could make a difference to the Companys operation include raw material availability and prices, cyclical demand and pricing in the Companys principal markets, changes in the governmental regulations, tax regimes, forex markets, economic developments within India and the countries with which the Company conducts business and other incidental factors.

Our risk management approach

Fostering Star Healths Profitable and Responsible Growth: Navigating Risks with Purpose

Our commitment is to facilitate organisation expansion in a profitable, responsible, and sustainable manner. We achieve this by strategically managing our risk exposure, prioritising safety, and upholding our cultural values. Our purpose remains steadfast: safeguarding our customers and society for a brighter future.

Acknowledging the inherent risks, we strategically diversify these risks by leveraging our scale, a wide array of products and services, as well as multiple distribution channels. This strategic approach empowers us to navigate challenges effectively and seize opportunities, reinforcing our commitment to excellence.

Kapil Punwani, Chief Risk Officer

Overview

At Star Health, risk management is not seen as a standalone function but rather as an integral component of the organisations activities and decision-making process. Our risk management culture is deeply ingrained in our strategy and company structure. Identification, assessment and placement of risks, as well as creating strategies and actions to minimise or harness those risks, are all part of the Enterprise Risk Management (ERM) Framework.

All businesses face uncertainties, and the challenge for management is to determine how much uncertainty the business is prepared to accept as it strives to grow stakeholder value. Uncertainty presents risk and opportunity, with the potential to erode or enhance value. The underlying principle of our risk management culture is that the organisation exists to provide value to its stakeholders and to promote an ethical and compliant culture within the organisation.

An established ERM culture is essential for Star Health to effectively manage the complex risks inherent in their business, such as regulatory compliance, cyber threats and other malpractices. By adopting a comprehensive and integrated approach to risk management, we are minimizing the potential losses, protecting our reputation and enhance the long-term sustainability.

Our goals

Promote a culture of risk awareness, with a focus on transparency, accountability and continuous improvement.

Safeguard the interests of our customers, shareholders, employees and intermediaries.

Ensure compliance with all relevant laws, regulations and industry standards.

Maintain a robust corporate governance framework to manage risk at all levels of the organisation.

An organised, thorough and adaptable approach to managing and accepting risks while doing business.

Foster collaboration and communication across different departments to ensure a holistic and integrated approach to risk management.

Risk mitigation initiatives

The company comprehensively considers risk mitigation strategies such as implementing stricter authentication protocols for claim submissions as well as investing in cybersecurity measures to prevent data breaches.

Overall, our Integrated Enterprise Risk Management System helps health insurance companies proactively manage risks and protect their bottom line while ensuring that they provide quality health insurance services to our customers.

Board governance

The Board Risk Management Committee (BRMC) oversees the overall governance and strategic direction of the organisation, establishes an effective ERM and oversees the identification, assessment and mitigation of risks across the organisation. They also make risk management decisions in relation to strategic risk exposure and operational matters, including corporate strategy and mergers and acquisitions.

The governance structure at Star Health is designed to ensure that risks are proactively identified, assessed and

The ‘Three Lines of Defence strategy is aligned with the Star Health Enterprise Risk Management Framework. First line of defence

Line management

The primary responsibility for managing risks and implementing policies and procedures, lies with the Heads of Departments at the Central Office, who oversee day-to-day operations.

Second line of defence

Risk management

The second line of defence is responsible for monitoring the implementation of effective risk management practices and providing support to the primary risk owners in assessing and reporting risk-related information.

Third line of defence

Internal audit

The Internal Audit role provides independent assurance to the Management, Audit Committee and Board on the adequacy and effectiveness of the governance, risk management and internal control framework and procedures within the company.

managed in a comprehensive and coordinated manner, with the ultimate goal of protecting the interests of all stakeholders, including policyholders, investors and employees.

The Committee also monitors external risk factors, reviewing the most significant emerging risk scenarios that may impact Star Healths business strategy.

Roles and responsibilities to moderate risks

Risk management framework

Star Healths risk management framework efficiently creates and executes strategies, policies, processes and controls to manage all material and strategical risks for the company. It comprises systems, structures, policies, processes, applications and employees. Given the scope, business blend and complexity of our operations, this approach provides management with the utmost trust that each risk is being handled e_caciously and diligently.

Our company policies clearly define the high ethical standards we anticipate from our employees and other entities. We mandate every individual and entity, regardless of their position, to familiarise themselves with and endorse our Code of Conduct. We have established a comprehensive framework that lays down pertinent policies and benchmarks across all channels. These guidelines are universally applicable within Star Health, and it falls upon every member of the leadership team to ensure that the business adheres to them.

Our framework plays a crucial role in bolstering the companys efforts to fulfil our mission for the well-being of our customers, employees, and shareholders. This framework assists the business in recognising, projecting, comprehending, and controlling our risks, thereby preserving a secure, enduring, and controlled environment.

Our framework includes vital elements like risk appetite, risk governance, encompassing risk policies and business standards, oversight committees, roles, and duties. Additionally, our processes for recognising, assessing, handling, monitoring, and disclosing risks are also part of the framework, incorporating risk models and stress and sensitivity analysis, which even encompasses the resilience of business plans and guides decision-making, which is not limited to financial risk.

Enterprise risk management policy: To find, evaluate, observe, review, manage and report risks, we have outlined our enterprise risk management policy. The functional policy and processes also stipulate that risks must be managed methodically, with the process of risk management clearly outlined and its various components properly incorporated into our day-to-day operations.

Risk appetite statement: Risk appetite is the maximum amount of risk that it can tolerate to ensure that business operations continue. This will include risk appetite statements (quantitative and qualitative) outlining the overall risk strategy, the underlying limits or thresholds for each of the risk appetite statements, the most critical risks faced by the organisation and the indicators that will be used to monitor these risks on an ongoing basis.

Risk oversight through key risk indicators (KRIs): We have implemented a comprehensive set of key risk indicators (KRIs) to monitor and evaluate various risks across different dimensions, including periods, channels, and other relevant vectors. This strategic approach empowers us to proactively assess risk trends, enabling effective risk mitigation and control measures. This consolidated approach allows us to monitor risk exposure against predefined limits, ensuring alignment with our enterprise-wide risk management objectives. Key risk indicators serve as vital early warning signals for management, facilitating proactive risk management and control when measurements approach or exceed predefined tolerance levels. By closely monitoring KRIs, we can identify and address risks that may be nearing unacceptable levels before they escalate beyond our risk tolerance. These key risk indicators are meticulously defined and tracked, especially for the most critical risks that have the potential to impact our overarching strategy. This approach empowers us to make informed decisions, safeguard our organisational goals, and bolster our commitment to maintaining excellence in risk management Risk governance: To handle risk governance standards, a risk reporting process has been developed and executed. Top risks are identified and allocated to the proper risk owner for mitigation. Mitigation strategies are reviewed on a regular basis. A dedicated management accepted risk system (MARS) has been deployed to keep a check on accepted risks as well as to revisit them periodically.

Enterprise management risk committee: To address continuing risk management concerns, an enterprise risk management committee (ERMC) of executives and functional heads meets regularly. Star Health considers ERMC a critical component of its business for effectively managing risks and protecting value for partners. The committee fosters a mindset of responsible business practises and provides assurance to the management, the Board and external governance entities such as auditors and regulators. The management reviews and concurs with any instances of risk acceptance scenarios based on adequate business justification.

Chief Risk Officer: The Chief Risk Officer independently reports to the Risk Management Committee of the Board. The Chief Risk Officer is supported by the risk management team in performing the risk management activities of the organisation and has an unbiased and independent approach to operational matters. The Chief Risk Officer acts as the custodian of the risk management framework and guides the implementation of the framework across the organisation. Recommendations of the committee of executives on risk management are reported to the Risk Management Committee of the Board by the Chief Risk Officer, with support from the risk management team. The Chief Risk Officer has access to all activities within Star Health that have the potential to generate material risk, including information technology systems and other operational matters.

Risk management team: The risk management team supports the Chief Risk Officer in the implementation of the risk management framework laid down by the Risk Management Committee. The risk management team assist in monitoring and reviewing the implementation of the risk management practises and help to maintain an aggregated view of risk throughout the organisation by providing periodical updates to the management. The risk management team helps embed a culture of risk across diverse functions and resources and supports them in deploying and monitoring mitigation measures. Also, the risk management team manages the enterprise-wide business continuity management programme and, along with the functional owners, identifies, assesses and manage the impact of interruptions on business processes.

Head of department at central office: Heads of department at the central office are part of the first line of defence and are primarily responsible for managing risks and implementing controls within their department.

Central office risk champion: The risk champion is responsible for coordinating with the risk management team and operationalising risk-related activities for their respective departments at the central office.

Zonal in-charge and branch in-charge: On a regular basis, information for risk purposes is provided from junior offices to higher offices, i.e., Branches to zonal office and zonal office to risk team at central office. These committees, from a risk management perspective, review and refresh risk registers, monitor action plans and review the operational loss events provided by the respective risk champion.

Risk champions: Zonal risk champions are responsible for coordinating with the respective zonal in-charge and branch in-charge to operationalise risk-related activities for their respective zonal office and branch office. They will facilitate activities such as the refresh of the risk register, developing action plans for identified issues and reporting operational loss events to the respective zonal in-charge and branch in-charge.

Risk reviews and risk based branch audits: We extensively carry out corporate risk reviews, guided by the prioritisation of risks and our pre-defined risk appetite and tolerance levels across different risk categories. These metrics demonstrate how prioritisation results from evaluating the likelihood and scale of each risk. Additionally, we perform risk-based audits at Star Healths various branch offices. These branch offices are selected considering internal risk assessments, operational risk exposure, and other related parameters.

Using the results from these evaluations and audits, we implement mitigating measures employing the CAP (Corrective Action Plan) methodology. This aims to minimise risk and the probability of potential adverse outcomes through risk review. Our progress in this regard is monitored monthly and reported to the

Executive Risk Management Committee and the Board Risk Management Committee. Some mitigations actions are referred in the below table.

Principal risks and its preventive measures

The table below outlines the general risks and their mitigation. It delves into their consequences, projections, and measures to counter them. We account for the individual and combined implications of these trends while formulating and executing our risk management processes.

Underwriting risk Mitigation

Refers to the risk that the Company faces in terms of risk selection and retention on its books.

We have a well-defined underwriting policy that is signed off by the Board and reviewed and updated annually. Underwriting policies are used as a basis for determining the price charged to the insured.

Compliance risk Mitigation

Includes changes in applicable regulatory or statutory framework, changes in government policy actions and reform measures, non- compliance various regulations or provisions issued by other authorities (IRDAI, SEBI, MCA etc.).

We have a strong compliance structure to monitor important compliance risks, inform business functions of applicable regulatory requirements and provide training to ensure a compliance with applicable laws.

Credit risk Mitigation

Comprises the risk of change in the credit profile of the investee company leading to change in valuation of its underlying securities and/or delay/ default by the company in meeting its financial obligation.

Portfolio is diversified by limiting single company and single ISIN exposure based on its rating profile. The credit exposures are regularly monitored and evaluated for necessary portfolio-based action.

Liquidity risk Mitigation

Comprises the risk of not having enough low price sensitive liquid assets to meet financial obligations in timely manner.

We maintain sufficient short-maturity liquid assets to meet our 30-day projected net pay-out obligations. Portfolio also carries sufficient long- term liquid assets that can be sold to generate funds.

Operational risk Mitigation

Refers to the failure of necessary processes and essential systems that can hamper business continuity.

We have a defined business continuity management system that is certified and compliant with ISO 22301:2019. It ensures that we are capable of providing timely customer service in the event of any disaster.

Market risk (interest rate risk / equity risk) Mitigation

Refers to the risk of a change in the price of assets and liabilities due to fluctuations in interest rates, foreign exchange rates and stock prices.

The duration of liabilities is short and are less sensitive to change. The risk on the asset side is mitigated by the diversification of the portfolio, maintaining a defined asset and liability management gap and limiting exposure to risky assets after studying the impact of the price sensitivity of these assets on key financial parameters of the company.

This ensures that even in a worst-case scenario, the risk remains within acceptable limits.

As per regulation, assets are considered held-to-maturity and their marked-to-market valuation does not impact key financial parameters unless losses are realised through the sale of assets.

 

Information security risk Mitigation

This is a calculation based on the likelihood that an unauthorised user will compromise the confidentiality, integrity and availability of data

Star Health has designed and implemented a robust and comprehensive business resilience and information security framework covering people, processes, technology and third-party ecosystems.

The programme has been developed and certified based on industry practises and international standards (ISO 22301 and ISO 27001), enabling it to ensure continuity of operations and protection of sensitive information from malicious actors.

Cognizance of risk: Comprehensive evaluation and auditing of our risk management framework

Our Internal audit team performs a comprehensive evaluation of the organisations risk management framework periodically and process-wise. This assessment involves a systematic review of the methods, tools, and procedures utilised for the identification, assessment, control, monitoring, and communication of pertinent risks. This evaluation takes into account both the likelihood of occurrence and the potential impact of these risks.

Furthermore, specific components of our risk management processes have undergone audits within the scope of ISO:27001 and ISO:22301. These audits are overseen either by qualified internal auditors or by experienced third-party certification auditors. These auditors adhere closely to established best practice guidelines for management systems. Through these rigorous evaluations, we ensure that our risk management practices remain robust and aligned with industry standards.

Incorporating climate risk within the scope of risk management framework

Post-COVID-19 era, an increased recognition of health insurance significance, the climate change phenomenon is poised to elevate awareness even further. This presents an opportunity to enhance insurance penetration within the country. As our insurance penetration grows, post-disaster pay-outs will become more substantial. Our company comprises a robust governance framework that evaluates all risks, engaging the Board and senior leadership to adopt suitable mitigation measures.

This encompasses diverse impact assessments, including existing and emerging regulations, technology, legal, market, and reputational risks, as well as physical risks. Our climate risk assessment encompasses various stages in the value chain, encompassing our operations, upstream and downstream activities, clients, and spans short to long-term horizons. Such considerations are now introduced to our overall enterprise-wide risk management strategy and are closely monitored. Integrating climate risk enhances our existing underwriting parameters, enabling sophisticated approaches. Furthermore, product pricing can be a factor in climate change impact for optimal design and pricing. This marks an early stride for us, and quantifying climate risk influence on pricing and investment strategy, remains intricate.

Cultivating a robust risk management culture: empowering every corner of our organization

At the heart of our risk management strategy lies a vibrant risk management culture, reinforced by an ongoing capability-building program that extends across all tiers of our workforce. It is paramount that each employee, regardless of the role, comprehends the intricacies of risk management and possesses the skills to implement mitigating controls. This collective effort serves as our shield against foreseeable and unforeseen risks that might otherwise threaten our organisational integrity.

We uphold a dynamic approach to education and engagement, regularly conducting comprehensive sessions, deploying interactive modules, circulating informative email communications, organising engaging quizzes, and utilising diverse digital platforms to enlighten our employees, agents, and other stakeholders. This multifaceted approach revolves around heightening risk awareness and fostering sensitisation. Our focus extends to a spectrum of subjects, including operational risk, fraud detection, resilience, data security, and data protection.

In line with a commitment to cultivating a culture of risk awareness, the Company introduced innovative initiatives that capture attention and drive participation:

Risk management induction programme: E-learning

Risk advisory series

AML awareness learning module

Effective internal controls: E-learning

Internal Honey Bee newsletter: Risk awareness

Leadership induction training: Face to face

Information security awareness

Celebrating cyber Jaagrooktaa Diwas

Promoting business continuity, crisis & disaster management, and Workplace safety awareness

Senior management training on cyber crisis simulation, business continuity, and information security aspects Thew Company established a dedicated helpdesk available at all times, supplementing the existing Whistle-blower mechanism. This provides all employees with a platform to report potential risk incidents arising from their experiences. This proactive reporting contributes to enhancing our risk management and monitoring practices.

Risk Awareness Week: A notable event in our calendar, dedicated to the theme of ‘Prevention today for a better tomorrow. This initiative encompasses a comprehensive exploration of all risk categories, underscoring key concerns, prevention strategies, and mitigation techniques. It also encompasses social media campaigns targeting cyber fraud awareness, leadership communications, employee engagements, and an enlightening awareness series.

Our commitment to risk awareness extends beyond organisational boundaries. We actively supported the International Fraud Awareness Week, hosted by the Association of Certified Fraud Examiners (ACFE), leveraging this opportunity to instil awareness both within our organisation and among our customers through social media channels.

To gauge the effectiveness of our program and ensure continuous enhancement of risk management practices, we involve employees and other entities in a structured feedback process. This process fosters ongoing improvement and enables us to tailor our initiatives to resonate with the needs of our workforce.

During awareness campaigns, we introduced incentives in the form of cash gift vouchers, engaging employees and other entities across all hierarchies to contribute by suggesting risk management best practices, identifying unattended risks, timely engagement with learning modules, and enthusiastic participation in quizzes.

Our resolute dedication to cultivating a culture of risk management readiness stands as a testament to our commitment to excellence and safeguarding the future of our organisation and all those it serves.

Encouraging feedback assures committment

93 93 91 93

% of employees felt the overall risk awareness campaign was a success.

% of employees felt that overall risk awareness was valuable to their learning experience.

% of employees felt that information was relevant and productive for their job profile.

% of employees felt that risk management would help strengthen the company.

Business continuity

Business continuity management refers to the ability of a business to continue its critical operations in the event of an unexpected disruption. This is an important aspect of enterprise risk management for any organisation and involves identifying potential threats, developing contingency plans and regularly testing and updating those plans.

Given the ongoing shift towards digitisation, encompassing elements, maintaining constant access to networks, IT systems, and data, has gained paramount importance. Any instance of subpar system performance or service interruptions, may lead to increased expenses and potential damage to a companys reputation. Effectively addressing these risks, which involves implementing contingency plans is essential for upholding uninterrupted business operations.

We have implemented a robust system of policies, procedures and controls to manage business continuity risks and we regularly monitor and review our performance against these standards. Threat assessment: Star Health has identified a range of potential threats that could impact business continuity, including natural disasters, cyber-attacks, power outages, supply chain disruptions and pandemics. We have developed plans and procedures to address each of these threats and we regularly review and update them to ensure they remain relevant and effective. Identification, detection and protection of digital assets are integral to organisation-level information security management. Contingency plans: In the event of a disruption, our organisation has a number of contingency plans in place to ensure that critical business functions can continue. These plans include alternative communication methods, backup power sources, offsite data storage and alternative supply chain arrangements. We test these plans on a quarterly basis based on the severity of the matter to ensure they are effective and identify potential areas for improvement.

Communication: Effective communication is a key element of business continuity management. Star Health has established clear communication within our company and with external stakeholders, including customers, suppliers and regulators. This enables us to quickly and effectively respond to disruptions and minimise the impact on our business operations. ISO certification: Star Health has achieved ISO 22301 certification for its business continuity management system. This certification demonstrates our commitment to maintaining resilience and preparedness in the face of potential disruptions as well as our assurance to our internal and external stakeholders that the organisation is adhering to good practices in business continuity management.

Information Security

Information security and governance framework are an essential component of any organisations operations. As we continue to rely on technology for our day-to-day activities, the importance of protecting our data and information from unauthorised access, theft, or corruption, cannot be over-emphasised. We have a Zero Tolerance Policy towards non-compliance to the defined cyber security guidelines and our organisation has taken adequate steps to ensure confidentiality, integrity and availability are maintained at all times and governed through a robust Information security management system and this is reflected in the ISO certification that we have achieved in FY 22-23. The Board risk management committee takes active interest in our Information security/cybersecurity strategy, placing significant importance on cybersecurity and information security related concerns. During these discussions, the Chief Risk Officer (CRO) and Chief Information Security Officer (CISO) share regular updates and strategies to ensure protection against information security related risks. Our cybersecurity team is equipped with up-to-date technologies, processes, and practices aimed at safeguarding networks, systems, computers, programs, and data from unauthorised access, damage, or attacks.. The company has implemented the following measures:

Risk assessment and management: The company regularly conducts risk assessments to identify potential threats to our information systems and assets. We also have in place a risk management plan that outlines the actions to be taken to mitigate these risks.

Policies and procedures: The company has developed policies and procedures that govern our information security practices. These policies and procedures cover areas such as access control, data backup and recovery, incident management and employee training. Cybersecurity awareness and training: The company provides regular training and awareness to our employees to ensure they are aware of the inherent threats existing in cyberspace and know the importance of information security whilst working. Regular emails and periodic interactions with employees are undertaken to raise their awareness and make them understand the importance of cyber security in the digital landscape. Every first Wednesday of the month, we diligently conduct Cyber Jaagrookta (Awareness) Diwas (CJD), aimed at fostering Cyber Security Awareness. This ongoing campaign not only educates our stakeholders about potential digital threats but also equips them with the knowledge to protect their digital presence. Additionally, our annual Information Security Awareness Week serves as a concentrated effort to further emphasize the importance of safeguarding sensitive information. These initiatives collectively contribute to further enhance our organizations resilience against evolving cyber risks.

Incident response and management: We have a defined incident response framework and management process to respond to any security incidents. These incidents are promptly reported on a real-time basis, and appropriate corrective and preventive mitigating actions are implemented. We have dedicated internal helpline to address phishing, cyber security and other information security issues promptly along with the escalation matrix. ISO certification: The company has achieved ISO 27001 certification, which is an internationally recognised standard for information security management systems (ISMS). This certification demonstrates our dedication to safeguarding our information systems and assets against potential threats, as well as our assurance to our customers and other interested parties that the company manages information security in accordance with global standards and allows us to stay ahead of emerging threats and risks.