Our Governance Framework
Our Corporate Governance and Risk Intelligence
We remained committed to enhancing shareholders value by building and maintaining a risk intelligent organization, increasing the transparency of our corporate governance practices, and strengthening the rights of our shareholders aligned with the best-in-class governance standards. The Company continued holding remote General Assembly Meetings in response to COVID-19 restrictions and its commitment to fight the pandemic and the spread of the virus. Our major shareholder Bupa Investment Overseas Limited (BIOL) is still one of the largest foreign strategic investors in the Saudi Market. We continue to invest in our corporate governance, including further embedding the “Three Lines of Defence” (3LoD) risk management model and the ongoing recruitment and development of appropriate capabilities to ensure a world class governance environment with world-class controls.
Our Code of Conduct
The Company’s Code of Conduct has been further embedded across the Organization during 2021 and all employees have received regular communication to keep them informed. The Code covers the following areas and, alongside our Values, is a key contributor to Bupa Arabia’s company culture.
Safeguarding Bupa Arabia’s assets
– we work to high professional standards
– we declare conflicts
– we represent Bupa Arabia
– we prohibit insider trading and stock tipping
– we manage risk
– we protect our intellectual property
Thriving through regulatory excellence
– we play by the rules
Adhering to competition laws
– we respect competition laws
– we speak up
Acting ethically and transparently with all our stakeholders
– we put our customers first
– we act ethically
– we keep information safe
– we fight money laundering and terrorism financing
– we know our suppliers
Preserving our community and our environment
– we celebrate diversity
– we stay safe and well
– we are ready for anything
– we take care of our planet
Our Enterprise Policies
The Company has built, enhanced, assessed, tested, approved and rolled out the Enterprise Policies Suite during 2021. Our Enterprise Policies (“EP”) are an important part of how we manage risk within Bupa Arabia by explaining how we are exposed to risk, why this risk needs to be managed and providing a consistent approach to the management of these risks. They also help ensure we meet business objectives, comply with legal and regulatory requirements of the jurisdictions in which we operate and help us protect our environment and give back to our communities. Our policies sustain and support our risk appetite.
The current suite of 33 Enterprise-wide Policies also supports our intent:
- To comply with the Saudi Central Bank (“SAMA”) requirements of the Insurance Corporate Governance Regulation;
- To comply with the Saudi Arabian Capital Market Authority (“CMA”) requirements of the Corporate Governance Regulation;
- To comply with legal and regulatory requirements of the jurisdictions in which we operate, including and not limited to the requirements of (Ministry of Commerce “MOC”, the Council of Health Insurance “CHI”, Ministry of Health “MOH”, Ministry of Investment “MOI”, Zakat, Tax and Customs Authority “ZATCA”, Ministry of Human Resources and Social Development “MOHRSD” and Anti Money Laundering and Combating Terrorist Financing Laws and Regulations “AML and CTF”;
- To adhere, in due course, to Solvency II articles and guidelines in relation to Systems of Governance; and
- To comply with global best practices.
Our Whistle-blowing Policy
We are committed to maintaining the culture of governance and ethical behavior in the workplace. We, as a company and as employees, comply with all rules and regulations, reinforced further by the professional standards we set ourselves at Bupa Arabia. To achieve this, we encourage employees to share any concerns, or any doubts regarding inappropriate behavior, through the channels specified for this purpose.
We want Bupa Arabia to become a place where our employees are encouraged to share their concerns in case of any problem related to wrong or unsuitable behavior in the workplace without any fear of retaliation.
Our Shariah Compliance
Bupa Arabia maintained its Shariah compliance. On 12 December 2021, Bupa Arabia received approval from the Shariah Review Bureau on its compliance and status as per the 2020 annual Shariah Audit Report (reference BPA-677-10-01-03-21) on the following functions:
- Separation of accounts (shareholder and policyholder).
- Compliance of shareholder and policyholder investments with Shariah Guidelines, in support of achieving overall Shariah compliance in the future, the Company continues to develop its policies and evaluate its contracts.
Corporate Governance and Bupa Arabia Commitment
Bupa Arabia is fully committed, through all levels of the Company hierarchy, including its Board and its Board Committees, to the implementation of world-class corporate governance standards, and to implementing the provisions contained in the Corporate Governance Regulations issued by the Capital Market Authority, Saudi Central Bank, and thereafter adhering to, the Corporate Governance Regulations of all Saudi regulators. Bupa Arabia is developing and instituting corporate governance structures, frameworks, codes, policies, procedures and standards to support its achievement of best practices and adherence to the regulations. Bupa Arabia continues to update the relevant policies and procedures and ensures they are aligned with all the regulatory requirements.
This will ensure Bupa Arabia succeeds in fulfilling the five key elements of corporate governance:
– Strong commitment to corporate governance.
– Strong commitment to world-class Board practices.
– Strong regime of disclosure, transparency fairness, accountability, and responsibility.
– Appropriate control environments and processes.
– Protection of all shareholders’ rights, including minority shareholders.
Bupa Arabia affirms its commitment to the implementation of the highest professional standards and international best practices for the prevention of bribery, corruption, fraud, financial crimes, and its commitment to preventing anti-competitive practices.
Bupa Arabia affirms its commitment to maintaining and developing its formal Corporate Governance Framework (CGF), including its Code of Corporate Governance (CCG), in alignment with international best practices, and in adherence to the regulators’ corporate governance regulations. Bupa Arabia is planning to further enhance its key governance documents, for the approval of the shareholders, during 2022.
Control Functions
In support of ensuring robust practices of legal affairs and corporate governance, internal controls, risk management, and cybersecurity and technology risk management, and in order to adhere to the relevant Saudi Arabia regulatory requirements of insurance companies, the Company has established the below detailed control functions. In addition to any other regulatory or supervisory requirements the principal role, duties and responsibilities of these control functions include, but are not limited to:
The Legal Affairs and Corporate Governance Department (LACGD)
The LACGD is responsible for the frameworks, codes, policies and procedures governing the management of the relationships, and the associated information sharing to and from, the Company’s management, shareholders and other stakeholders, including its regulators and its employees, in accordance with all the laws and the relevant regulations.
The LACGD reports to the CRO and is responsible for ensuring the Company’s compliance and adherence to the laws and relevant regulations. The LACGD also manages the Company’s relationships with the Capital Market Authority (CMA) and Saudi Stock Exchange (Tadawul).
Director – Legal Affairs and Corporate Governance, General Counsel, Nasser AlQawas
Mr. Nasser AlQawas joined Bupa Arabia in May of 2016 and has over 25 years of substantial legal, compliance, corporate governance, and board secretariat experience. Throughout his career, he has managed to build a solid acumen in driving organizations to act with the highest level of integrity and in compliance with the local and international prevailing laws, in the different regions where they operate, in addition to administering efficient and transparent legal processes and documentation. He started his professional career in Arent Fox law firm for six years, and during his 20-year tenure at NCB, he was responsible for a variety of different roles and responsibilities, including Head of the Legal Enforcement Section, Manager of Legal Advisory and Research, General Board Secretary, the Group Chief Compliance Officer and then the Chief Legal Advisor.
Nasser was appointed by a Royal Decree to be a reserved committee member in the Banking Dispute Committee in Jeddah. He is also a Board Member in a variety of companies and chairs a few committees.
Nasser holds a Master’s Degree in law, a diploma in Regulation, Compliance and Anti-Money Laundering (from the University of Reading, England), a Compliance Officer Certificate from the Financial Academy, and a Leadership Executive Certificates from INSEAD.
The Risk Management Department (RMD)
The RMD is responsible for the overall risk management process across Bupa Arabia, coordinating the development of the Risk Management Policy and related frameworks, for monitoring the risk database/register and for reporting on material risks and action plans.
The RMD reports directly to the CRO, with access to the RMC, and the structure entails: Enterprise Risk Management, Fraud Risk, Operational Risk Management and Risk Operations, Health and Safety, Management of Insurable Risks, and Risk Analytics.
Director – Risk Management Department, Ahmed Jaber
Mr. Ahmed Jaber joined Bupa Arabia during 2016. Ahmed holds a Bachelor’s Degree in Industrial Engineering from King Fahad University of Petroleum and Minerals. He has 20 years of experience in engineering, risk, credit control, operational risk, fraud prevention and investigations, and internal audit.
Prior to joining Bupa Arabia, Ahmed was Head of Investigations and Fraud Prevention at the National Commercial Bank (NCB) and previously; Head of Operational Risk Management and Acting Head of Retail Banking Audit. He was also the Western Regional Head of Country Credit and Risk Control in SAMBA and worked as a field engineer in Schlumberger Middle East.
Ahmed has an International Diploma in Risk Management (American Academy of Financial Management), an Executive Certificate from the London Business School and other certifications [Certified GRC Professional (GRCP), Certified GRC Auditor (GRCA) Certified Fraud Examiner (CFE), Certified Risk Analyst (CRA), Certified Operational Risk Manager (CORM), Project and Contract Risk Specialist (PCRS) and Certified Compliance Officer (CCO)].
The Cybersecurity and Technology Risk Department (CSTRD)
The CSTRD is a Second Line of Defence and is responsible for the overall cybersecurity and technology risk monitoring processes across Bupa Arabia, coordinating the development of the related policy and frameworks, and for assessing and monitoring the IT, cybersecurity and technology risks, and for reporting on the associated material risks and mitigation plans.
The CSTRD is responsible for the alignment of the Company with the regulatory mandated cybersecurity and BCM frameworks, issued by the Saudi Central Bank and the National Cybersecurity Authority.
The CSTRD reports directly to the CRO, with access to the AC and RMC as required and its structure covers cybersecurity, information systems resilience and technology risk, and BCM.
Director – Cybersecurity and Technology Risk Department, Mr. Feras I. Alsubaihi
Mr. Feras Alsubaihi joined Bupa Arabia in 2020. He has over 16 years of experience in cybersecurity and information technology, including several assignments in the financial and banking sector, most notably as the Head of IT Security and then Head of Security Operations Center (SOC), during his period at AlJazira Bank. Additionally, he became the Chief Information Security Officer at Abdullatif Jameel Financial Group. He also served as Chairman of the Cybersecurity Committee of the Financial Sector at SAMA. He was also selected as one of the top three Chief Information Security Executives for the 2020 edition in the Kingdom by The International Data Corporation “IDC Summit”.
Feras holds a Bachelor's Degree in computer science from King Abdulaziz University and is a certified chief information security officer accredited by the EC-Council Headquarters in United States. In addition to a number of technical and management certificates accredited in the field of cybersecurity management and information technology, the most significant of which is the lead implementer of ISO 27001, Microsoft Certified Systems Engineer, Cisco Certified Network Associate.
Finance Pricing, Actuarial, Asset Management and Business Advisory Departments
The finance pricing and actuarial capabilities of the Company are essential control functions to ensure the accuracy of the Company’s pricing and the claims reserving, in accordance with both international best practice and Saudi regulations, and these roles report to the finance function, headed by the CFO. Additionally, the Asset Management and Business Advisory Department performs a key control function, in relation to the management of investment assets, in accordance with the Board approved Investment Policy Statement (IPS), risk appetites, and in adherence to the SAMA regulatory investment guidelines.
Director – Commercial Finance, Mr. Hatim Jamal
Mr. Hatim Jamal has more than 11 years of experience in different fields such as financial analysis and planning, accounting, tax, product/program development, strategy development, and operational excellence. Prior to joining Bupa Arabia, Mr. Jamal was a Partner at Strategic Gears Management Consultancy where he advised multiple clients in both the private and public sectors. He covered projects related to strategy development, economic impact assessment and operational excellence. Prior to that, he worked at Procter & Gamble in different finance assignments such as forecasting and planning, commercial finance, finance strategy and finance control. During these assignments, he worked in the Saudi office covering all markets in Arabian Peninsula and in the Switzerland office covering India, Middle-East and Africa markets. Mr. Jamal joined Bupa Arabia in the first quarter of 2021. He holds a Bachelor's Degree in Finance and Economics from King Fahd University of Petroleum and Minerals.
Director – Actuarial and Financial Analysis, Mr. Chadi Saba
Mr. Chadi Saba has over 16 years experience in the health insurance sector. He joined Bupa Arabia in 2009, holding several management positions in pricing and commercial finance. His responsibilities include; product development, setting pricing strategy, benefit control, and claims reserving. He was appointed as Director – Actuarial and Financial Analysis, during 2018. Prior to that, Mr. Saba held the position of Actuarial Analyst at GlobeMed where he was involved in rate adequacy studies, underwriting performance reviews, actuarial modelling and reinsurance arrangements.
Mr. Chadi holds a Bachelor's Degree in Actuarial Science and Insurance from Notre Dame University and a Master’s Degree in Financial Economics from the American University of Beirut.
Director – Asset Management and Business Advisory, Mr. Ahmed Bajunaid
Mr. Ahmed Bajunaid has more than 14 years experience in investment management. He joined Bupa Arabia in 2018 to lead transformation activities related to the investment management function, and to assist with company-wide key strategic initiatives as part of the business advisory function. He was appointed as Director – Asset Management and Business Advisory during 2019.
Before joining Bupa Arabia, Ahmed worked at Sanabil Investments, where he was responsible for investing and managing its global private equity program. Prior to this, he spent nine years at the Saudi Aramco Investment Management Department conducting strategy analysis and as a fund manager conducting due diligence and reporting for private equity, public equities, and hedge funds. Ahmed also worked with Cambridge Associates as an investment consultant within the private equity research team between Boston and London.
Mr. Ahmed holds a Bachelor of Arts Degree in Business Finance from Durham University and an MBA from Columbia Business School.
Independent Functions
In line with best practice corporate governance, and as a key part of the Bupa Arabia Three Lines of Defence model, the Company has independent functions which report directly to the AC, with dotted line reporting to the CEO for day-to-day administration, and both functions have full access to the Board, and also Board Committees, where required. The Compliance Department forms part of the Company’s Second Line of Defence and the Internal Audit Department is a Third Line of Defence.
The Compliance Department (COD)
The COD is considered as an essential factor for Bupa Arabia’s success and market leading position in health insurance in the Kingdom of Saudi Arabia, due to the critical role it plays in effectively managing compliance risks, integrating a strong compliance culture into daily business activities and strategic planning of Bupa Arabia, maintaining Bupa Arabia’s reputation, and protecting Bupa Arabia’s stakeholders.
The COD reports directly to the AC and its structure, roles and responsibilities are authorised by the AC.
Head – Compliance Department, Mr. Luay Abumansour
Mr. Luay Abumansour joined Bupa Arabia in December 2019, bringing more than 14 years experience in the areas of compliance, Anti-Money Laundering (AML), Counter Terrorist Financing (CTF), and corporate governance. Prior to his joining, Mr. Luay was the Head of Compliance and AML/CTF at Abdul-Latif Jameel United Real Estate Financing Company for five years, where he established and built the compliance and AML/CTF function. Before that, he spent seven years in Bank Aljazira, where he played several roles in the area of AML/CTF compliance, his last role being the Head of AML/CTF investigations division. His previous experience also covers compliance monitoring, and regulatory relations and monitoring. Throughout his career, he has managed to build an effective and robust relationship with Saudi regulators.
Luay holds a Bachelor’s Degree in Systems and Industrial Engineering from King Fahad University of Petroleum and Minerals. He is also a Certified Compliance Professional (CCP) by the International Academy of Business and Financial Management.
The Internal Audit Department (IAD)
The IAD is an independent, objective assurance and consulting activity that is guided by the philosophy of Bupa Arabia’s governance and systems of internal controls.
The primary role of the IAD is to help Bupa Arabia’s Board and AC protect the assets, reputation and sustainability of the Organization. Internal Audit will achieve this by assessing whether key significant risks are identified and appropriately reported to the Board and the AC, assessing whether they are adequately controlled, and by assisting Executive Management to improve the effectiveness of governance, risk management, and internal controls.
In its capacity as a Third Line of Defence, IAD assists Bupa Arabia in accomplishing its purpose of “longer, healthier, happier lives” by bringing a systemic and disciplined approach to evaluate and improve the effectiveness of the Organization’s risk management, control, and governance processes.
The IAD reports directly to the AC and its structure, roles, and responsibilities are authorized by the AC, and it contains talented audit professionals experienced in financial, operational, compliance and IT audits.
Director – Internal Audit, Mr. Younis Eishan
Mr. Younis Eishan has more than 12 years of experience in internal auditing covering value-addition through assurance and consulting services in various sectors. Throughout his career, Younis built a solid acumen in driving organizations to act with the highest level of integrity, risk understanding and management, corporate governance, compliance with internal and external rules and regulations, internal controls and reporting processes as well as the implementation and administration of efficient and transparent internal audit processes.
Prior to joining Bupa Arabia, Younis was heading the internal audit group of Abdul Latif Jameel United Finance and during which 12-year tenure he held many positions in public and private sectors in providing assurance services in internal auditing, compliance to regulators’ rules and regulations, internal controls system, restructuring, benchmarking, and served as the Audit Committees’ secretary. In addition, he held positions in providing consulting services in strategic planning, process reengineering, digitalization and e-services, and project management.
Mr. Eishan holds a Bachelor’s Degree in Science from the
King Abdul Aziz University, Master’s Degree in Computer Science from Eastern Michigan University, and has held
various professional certificates throughout his career.
Mr. Eishan has resigned from Bupa Arabia as of 4 November 2021.