At stc, we recognize that managing risk is a vital part of sustaining long-term growth, protecting shareholders value, and delivering on our commitments to customers and stakeholders. The telecommunications industry operates in a complex, dynamic environment where technological advancements, regulatory changes, cyber threats, and economic fluctuations present both opportunities and challenges. Our Enterprise Risk Management (ERM) framework is designed to proactively identify, assess, and manage risks across our operations to safeguard our strategic objectives and ensure business continuity.
Aligning risk management governance, frameworks and activities with stc Kuwait and stc Group’s strategies.
Proactively addressing and mitigating risks, both locally and globally, across all core areas of the business.
Building a culture of risk management through training and empowering employees to identify and actively mitigate risks.
stc is committed to integrating risk management into its strategic planning, decision-making, and operational processes by systematically identifying, assessing, and mitigating risks that could impact the Company’s objectives and operational effectiveness. stc employs a structured, Company-wide risk management approach, promoting risk awareness, implementing effective controls, and creating comprehensive departmental risk profiles.
This ensures the aggregation and comparison of risks across the organization, with each business unit proactively managing risks while seizing opportunities within the Company’s risk tolerance levels. The Board Risk Management Committee (BRMC) reviews and updates the ERM framework each quarter to align with changes in the Company’s internal and external environments stc is a publiclylisted company, governed by the Kuwait Capital Markets Authority (CMA) regulations.
Other applicable regulators include the Kuwait Ministry of Communication and the Communication and Information Technology Regulatory Authority (CITRA). The Company has also applied the guidelines contained in the Committee of Sponsoring Organizations (COSO) and International Standards Organization ISO 31000:2018, improving our ability to anticipate and respond to both current and emerging risks.
stc's management is committed to defining and clearly communicating strategic objectives essential to the Company’s success, ensuring alignment with timelines for achievement and longterm sustainability.
The Company has a well-established organizational structure, with the Risk Management Department (RMD) reporting directly to the BRMC, ensuring effective oversight. Recognizing that risks are inherent in business, stc implements strong controls to mitigate risks to an acceptable level, supporting the achievement of corporate and functional goals.
The Company adheres to comprehensive governance protocols, establishing clear approval processes, defining responsibilities, and providing a framework for monitoring strategic initiatives. stc remains fully compliant with all relevant laws and regulations, reinforcing a culture of accountability and risk awareness across its operations.
stc's ERM framework enables the effective implementation of ERM through a structured, consistent approach to identifying, measuring, managing, mitigating, and reporting on risks. This enables more informed decision-making and promotes resilience across the Company and its subsidiaries.
The RMD Context Document is a fundamental part of the Company’s risk framework, applying to all operational aspects of stc. This includes internal and external contexts such as Internal & External Audit, Key Risk Indicators (KRIs), and the Company’s defined Risk Appetite. It ensures that risk management activities are aligned with organizational objectives, stakeholder interests, and the dynamic environments in which the Company operates.
The Risk Appetite Statement is a foundational element of stc's ERM framework, outlining the types and levels of risk the Company is willing to accept in pursuit of its strategic goals and long-term value creation. It sets clear boundaries for acceptable and unacceptable risks across all areas of stc's operations, ensuring alignment with the Company’s vision and objectives.
The Risk Appetite Statement serves as the foundation for the principles that guide decisionmaking across the organization. It defines the thresholds for risk acceptance and management, providing a clear framework for evaluating risks in the context of strategic and operational decisions. As such, it acts as a critical reference point for all significant decision-making processes within the Company.
stc's risk appetite is classified as “Open,” reflecting the Company’s readiness to assume risks in key strategic areas, including Digital Transformation, Customer Satisfaction, Service Sustainability, Employee Growth, and Third-Party Risk Management. While the Company embraces calculated risk-taking in these areas, it ensures that robust risk mitigation controls are in place to manage and contain any potential threats.
The Company’s risk appetite is shaped by the evolving telecommunications industry, driven by technological innovation and market shifts, as well as stc's ambition to become a market leader by value. However, the Company maintains a more cautious approach toward risks related to regulatory compliance, legal obligations, and ethical standards.
stc's risk appetite is dynamic and regularly reviewed to ensure its relevance in the face of changing business strategies or external market conditions. The Risk Appetite System is continuously refined through collaboration between the ERM team, the CEO, and C-level executives, with final approval from the Board of Directors. Risk tolerance levels are clearly defined across all key business areas, combining both quantitative and qualitative measures to maintain a proactive and balanced approach to risk management, safeguarding the Company’s objectives and minimizing potential threats.
