Home | Integrated Reporting | Risk Management
Risk Management

Safeguarding the Dreams of Every Indian

For 25 years, our approach to risk management has gone beyond safeguarding the Company. It has protected the dreams and aspirations of millions of Indians who place their trust in us. By anticipating uncertainty and building robust safeguards, we ensure that our commitments remain uncompromised, regardless of the external environment

In a dynamic financial and regulatory landscape, our risk management framework empowers us to move forward with clarity and confidence. It enables us to support new opportunities while maintaining stability, helping us honour every promise and enable every policyholder’s dream to take flight, securely and sustainably.

Risk Management Framework

At SBI Life, Enterprise Risk Management (ERM) is embedded across all functions and decision-making processes. Our approach is designed to address current risk exposures while remaining agile for future shifts. Risk management is integral to planning at every level of the organisation.

Our ERM framework spans key risk categories, including strategic, business, insurance, investment, operational, technology, regulatory and legal risks, enabling a comprehensive and proactive risk posture.

SBI Life’s ERM system is compliant with the ISO 31000:2018 Risk Management standard, reflecting our alignment with global best practices. This certification covers all departments across the corporate office, central processing centre and regional/branch locations.

The Company is also certified under ISO 22301:2019 (Business Continuity Management Systems) and ISO 27001:2022 (Information Security Management Systems). Annual surveillance audits and periodic recertification audits by external auditors ensure that the Company’s risk management practices are reviewed at least once every year.

We follow a dual-layered approach to risk identification and management

Top-down

Risk Appetite Statements, Annual Risk Review and Risk Dashboards are developed at the corporate level and monitored by the Risk Management Committee of the Board (RMC-B), integrating risk into strategic decision-making.

Bottom-up

Risk assessment at functional levels includes Key Risk Indicators (KRIs), Risk and Control Self-Assessments (RCSA) and Incident Reporting, ensuring process-level visibility and control.

To ensure governance and oversight, we have established dedicated risk committees with clearly defined mandates

Risk Management Committee of the Board (RMC-B)

A Board-level committee guiding the Company’s risk management strategy, supported by the RMC of Executives and ALCO.

Asset Liability Management Committee (ALCO)

An executive-level committee ensuring that the Company’s investments align with its obligations to policyholders, aiming to maintain an optimal balance between risk and return

Information Security Risk Management Committee (ISRMC)

This committee reviews information security risks and shares updates with RMC-E, convened by the Chief Information Security Officer (CISO).

Risk Management Committee of the Executives (RMC-E)

An executive-level committee for risk identification and mitigation across all functions; reviews quarterly updates.

Risk Events Monitoring Committee (REMC)

Addresses reputational and major external risk events.

Data Governance Committee (DGC)

This committee ensures compliance with data protection laws and privacy regulations, convened by the Data Protection Officer (DPO)

Strengthening culture of risk management

We believe that effective risk management begins with a strong, organisation-wide culture of awareness and accountability. To embed this mindset, we conduct regular initiatives that promote risk consciousness across all levels of the Company.

Throughout the year, employees are engaged through classroom sessions, onboarding modules, awareness snippets and internal communications, ensuring that risk awareness becomes second nature in day-to-day operations. Risk awareness is also embedded into employee journeys through targeted communication, including bite-sized messages shared via internal emails and WhatsApp groups. These cover key topics such as incident reporting, Risk & Control Self-Assessment (RCSA), operational risk, fraud monitoring, business continuity, information security and data protection, ensuring awareness remains timely, relevant and aligned with business priorities.

To further reinforce this culture, we commemorate key observances that align with our risk and compliance priorities:

Data Privacy Day

Risk Awareness Day

Computer Security Month

Cyber Jaagrookta Diwas

Innovation and Data-Driven Risk Practice

We leverage technology to strengthen risk intelligence across the organisation. Our Operational Risk Management System (ORMS) supports key processes such as incident reporting, RCSA, business continuity assessments, business impact analysis and branch-level risk and information security assessments — all through a unified digital platform

We also use a predictive underwriting model that assigns risk scores to proposals based on customer profiles and historical data. This data-driven model helps underwriters identify high-risk cases, reduce anti-selection and make more informed, accurate decisions — enhancing overall risk control and underwriting efficiency.

The tools which help to identify, analyse and evaluate risks across the Company are as shared below:

a)Annual Risk Assessment

Identifies, prioritises and monitors SBI Life’s key risks. It complements other risk evaluations and enables timely, appropriate responses. Identified risks are regularly reviewed throughout the year.

b)Key Risk Indicators (KRIs)

Key Risk Indicators (KRIs) are defined and monitored for critical risks impacting strategy. They help management track risks nearing unacceptable levels and identify top risks for the Company.

c)Risk & Control Self-Assessment

Risk & Control Self-Assessment (RCSA) identifies process risks and reviews control design and effectiveness. It reflects the quality of internal controls and risk mitigation. Risk assessments analyse risks by evaluating consequence and likelihood within control contexts. These factors combine to estimate overall risk levels.

d)Incident Reporting Process

The Incident Reporting Process ensures systematic reporting of incidents across all departments. It supports self-improvement process and is a tool for operational loss data collection. Function heads, Risk Officers and employees are responsible for reporting incidents in their areas.

e)Business Continuity Management (BCM) and Disaster Recovery Planning (DRP)

The Company has a robust Business Continuity and Disaster Recovery Plan, outlining roles and responsibilities. BCP and DRP are tested annually, with results reviewed by the RMC-E and RMC Board.

f)Fraud Monitoring

The Company follows a Fraud Prevention Policy as per IRDAI guidelines, with a holistic approach to identify, measure, control and monitor fraud risk.

g)Information Security

The Company complies with regulatory information security requirements and has a designated Chief Information Security Officer (CISO) to monitor security risks.

h)Data Protection

A Data Protection Officer (DPO) is appointed to oversee data governance, privacy, classification and protection. The DPO ensures compliance with data privacy regulations and acts as the contact for the Data Protection Authority.

i)Risk Control Unit (RCU)

The Risk Control Unit (RCU) implements enterprise-wide risk management at regional and branch levels. Regional Risk Managers handle risk assessment, monitoring and training activities.

j)Monitoring & Reporting

Risk reporting is an essential component of the risk management process of identification, assessment and monitoring risks. Risk update is shared with RMC-E and RMC-B every quarter.

Information Security

Ensuring the security of information assets is a core priority at SBI Life. Our practices are guided by a comprehensive Information and Cyber Security Policy and are ISO 27001:2022 certified, reflecting alignment with global standards.

A dedicated Information Security Team (IST), led by the Chief Information Security Officer (CISO), drives the Company’s security strategy. The Information Security Risk Management Committee (ISRMC) convened by the CISO, regularly monitors all security initiatives and reports updates to the Risk Management Committee of the Board, ensuring ongoing oversight, accountability and alignment with enterprise risk objectives.

Mitigating Principal Risks in our Operating Environment

Distribution Risk

Risks

This refers to the risk arising from an overdependence on a single distribution channel, which may expose the business to potential disruption — especially in the face of regulatory changes or market shifts. An imbalanced channel mix can also indicate challenges in expanding or strengthening alternate distribution avenues.

Stakeholders Impacted

Material topic

M1 -Customer service and satisfaction
M3 -Purposeful products and services driving financial inclusion
M5 -Risk management and business continuity

Impact on capitals

Mitigation

To address this risk, the Company continues to take a multi-pronged approach:

  • Focused recruitment, training and retention of high-performing agents and Life Mitras (LMs)
  • Reactivation initiatives to engage and energise inactive agents
  • Strengthened training and development programmes across all distribution channels
  • Continued enhancement of digital platforms to boost e-commerce and online sales
  • Expansion of partnerships with licensed entities to diversify distribution reach

Financial Capital

Service Capital

Intellectual Capital

Human Capital

Social & Relationship Capital

Natural Capital

Product Risk

Risks

Product risk arises when policy terms are unclear, the product mix lacks balance, or the portfolio fails to meet specific customer needs — potentially affecting business relevance, customer satisfaction and competitiveness.

Stakeholders Impacted

Material topic

M1 -Customer service and satisfaction
M3 -Purposeful products and services driving financial inclusion

Impact on capitals

Mitigation

To manage this risk, the Company has implemented the following:

  • Balanced product mix strategy aimed at reducing dependency on Unit-Linked Insurance Plans (ULIPs)
  • Increased focus on Non-Par and Protection product segments to drive diversification
  • Regular introduction of innovative products aligned with evolving customer needs and market trends
  • Ongoing monitoring of low-selling products to detect and address underperformance in specific segments

New Business Risk

Risks

New business risk refers to the potential inability to achieve defined sales targets due to internal challenges or external market dynamics.

Stakeholders Impacted

Material topic

M3 -Purposeful products and services driving financial inclusion
M5 -Risk management and business continuity

Impact on capitals

Mitigation

The Company continues to address this risk through a targeted approach:

  • Monitoring and increasing recruitment of Life Mitras (Retail Agency Channel) and Specified Persons (Other Banks)
  • Focused activation of SBI and non-SBI branches, along with Channel Intermediary Facilitator (CIF) engagement
  • Improving productivity metrics for Development Managers and Life Mitras
  • Driving branch-level performance through retail agency sales budgets
  • Running performance-based contests for Regional Rural Banks (RRBs)
  • Enhancing Institutional Alliances (IA) through partner engagement, digitalisation and system integration

People & Culture Risk

Risks

This risk arises from talent shortages, high attrition, inadequate succession planning or cultural misalignment with the organisation's core values, all of which can impact long-term performance and continuity.

Stakeholders Impacted

Material topic

M2 -Governance, transparency and ethical business practices
M6 -Employee and supplier centricity
M7 -Human rights

Impact on capitals

Mitigation

The Company has adopted several measures to retain talent and foster a strong employee-centric culture:

  • Regular review of employee benefits, including enhanced insurance coverage and incentives for higher education
  • Focus on overall well-being through health benefits like Mediclaim and life insurance
  • Introduction of employee-friendly policies such as a revised Work from Home policy to promote flexibility and work-life balance
  • Focused on building a high-performing workforce by hiring quality talent, nurturing and engaging employees and ensuring long-term retention

Customers

Employees

Business Partner

Shareholders

Regulators

Suppliers

Communities

Data Privacy Risk

Risks

Data privacy risk refers to the potential compromise of sensitive customer, employee or vendor information — posing regulatory, reputational and operational threats, especially in a third-party dependent environment.

Stakeholders Impacted

Material topic

M1 -Customer service and satisfaction
M4 -Data privacy and information security
M7 -Human rights

Impact on capitals

Mitigation

The Company maintains a strong data protection posture through a robust governance and control framework:

  • Implementation of a Board-approved Data Governance Policy and oversight by a dedicated Data Governance Committee
  • Deployment of Data Loss Prevention (DLP) and Data Classification tools to monitor and restrict data movement
  • Use of Data Rights Management (DRM) to secure sensitive third-party-handled data
  • Ongoing sensitisation through awareness campaigns and training to build a privacy-aware culture
  • Supervision and compliance managed by the Data Protection Officer (DPO)

Fraud Risk

Risks

Fraud risk refers to the potential for financial or reputational loss resulting from fraudulent activities committed by internal or external stakeholders. In an industry built on trust, such risks can have serious operational and compliance implications.

Stakeholders Impacted

Material topic

M2 -Governance, transparency and ethical business practices
M4 -Data privacy and information security
M5 -Risk management and business continuity

Impact on capitals

Mitigation

The Company adopts a strict Zero Tolerance approach to fraud, with no exclusions. The following measures are in place to proactively detect, prevent and respond to fraudulent activities:

  • A dedicated Central Complaints and Fraud Investigation Cell, supported by a field network of investigators
  • Encouragement of whistleblower reporting to flag suspicious activities
  • Use of advanced analytics to detect potential fraud through internal and external data patterns
  • Detailed investigation of all reported cases to identify root causes, process gaps or responsible parties
  • Implementation of preventive controls and tracking of fraud-related losses for recovery and monitoring
  • Timely corrective, punitive and preventive actions in all proven cases
  • Regular awareness programmes to communicate fraud risk expectations and build a vigilant workforce

Further, all the risks are monitored through KRIs and discussed with the respective functions and the Senior Management. We have put in place adequate safeguards to mitigate each of the risks and monitor the same on an ongoing basis.

Financial Capital

Service
Capital

Intellectual Capital

Human
Capital

Social & Relationship Capital

Natural Capital

Customers

Employees

Business Partner

Shareholders

Regulators

Suppliers

Communities

Emerging Risks

Climate Change

Increased exposure to and changing patterns of extreme weather events such as floods, storms and rising sea levels are perceived as having more tangible effects than financial risks or liability risks related to climate change. In view of the changing climate situation, there could be an impact on investments made by global investors in terms of additional exposure to specific sectors like EV and alternative sources of energy, while withdrawing money from certain other sectors. Increased temperature variability and the resulting heatwaves can not only affect agriculture, productivity water resources, but also health and mortality.

The Company has adopted a graded, three-pronged approach to assess the risks associated with its own operations, investment portfolio and insurance underwriting portfolio. The assessment of climate change risks and the development of a transition framework have been initiated, along with the formulation of a supporting policy.

Geopolitical Instability

Widening geopolitical fractures continue to drive global divergence. Key global and regional powers are testing the boundaries of international law and cooperation through military exercises in tense regions. These tensions may lead to higher fuel prices and an increased cost of living, potentially impacting our expense ratios. They are also spilling over into financial markets, affecting our investment portfolio. Geopolitical and geo-economic instability is likely to make it more challenging to address common global issues.

Artificial Intelligence

AI and its related technologies are set to have a profound impact on every aspect of the insurance industry, from distribution and underwriting to pricing and claims. Advanced technologies and data are already transforming distribution and underwriting, with policies being priced, purchased and issued in near real time. As AI becomes more deeply embedded in the industry, insurers must be prepared to adapt to the evolving business environment. It is essential for insurance leaders to understand the key drivers of this transformation and how AI will reshape claims handling, distribution, underwriting and pricing. With this understanding, they can begin to build the right skills and talent, adopt emerging technologies and foster a culture that enables success in the insurance industry of the future.

All the emerging risks are being monitored closely and suitable steps and safeguards are being envisaged.