Operations and Financial Risk Management

Operations and Financial Risk Management

We operate our business with integrity and manage financial risk.

To learn more, download our Corporate Social Responsibility (CSR) Report.

Code of Ethics

We will operate with integrity and trust. These qualities aren't merely desirable in our industry - they're critical to maintaining the stability and longevity that our customers and stakeholders expect. We value our reputation as an ethical company and work to ensure that people at all levels of AFG understand their role in upholding it.


Enterprise Risk Management

  • We maintain a rigorous Enterprise Risk Management process with input from senior leaders across administration, operations, finance, accounting, legal, human resources, investments, information technology, information security and other areas.
  • 100% - Employees of AFG and its insurance subsidiaries who are required to participate in annual conflict-of-interest and information security training.
  • 100% - Employees who receive education on security awareness strategies through the year to help keep them safe both at work and home.

Board Oversight Function of Enterprise Risk

  • AFG’s Audit Committee is responsible for the oversight of risks from cybersecurity threats.
  • At least annually, the full Board of Directors receives and at least quarterly, the Audit Committee receives an overview from the Chief Information Security Officer or another senior member of the EISG of the Company’s cybersecurity threat risk management and strategy processes.
  • Like others in the insurance industry, AFG experiences cyber-attacks and other attempts to gain unauthorized access to its systems on a regular basis and anticipates continuing to be subject to such attempts.
  • Over the last three years, AFG has not experienced any material adverse events and has not paid any penalties or settlements related to an information security breach.

Ongoing Commitment to Risk Management

  • AFG has adopted the National Institute of Standards and Technology (NIST) framework which provides a comprehensive method for developing a flexible, repeatable, performance-based and cost-effective approach to identifying and managing cybersecurity risks.
  • AFG utilizes a variety of techniques to provide for the availability of critical data and systems, maintain regulatory compliance, manage its material risks from cybersecurity threats and to protect against, detect, and respond to cybersecurity incidents including, but not limited to, the following:
    • Conducts regular phishing testing of all employees and all members of the Board of Directors;
    • Utilizes full-desk encryption on all Company laptops and desktops;
    • Maintains a defense in depth security control strategy that is tested against high risk threats such as ransomware and other trending attack vectors;
    • Validates compliance with internal data security controls through the use of security monitoring utilities and internal and external audits;
    • Performs self-assessments measured against industry-leading cybersecurity frameworks for standards, guidelines and best practices, including the NIST cybersecurity framework; and
    • Purchases information security risk insurance from a third-party insurer that provides protection against the potential losses arising from a cybersecurity incident.

Protect Us. Protect You. Program

  • Protecting the Company from cybercrime is part of our culture.
  • Through this Program, we emphasize education and awareness.
  • All employees receive education about security awareness strategies throughout the year to help keep them safe both at work and at home.
  • Employees also participate in cybersecurity awareness training annually.