Operations and Financial Risk Management

We operate our business with integrity and manage financial risk.

To learn more, download our Corporate Social Responsibility (CSR) Report.

Download CSR Report

Sustainability Areas of Focus

Operations and Financial Risk Management

We operate our business with integrity and manage financial risk.

View our Operations and Financial Risk Management Page

Communities

We support organizations that make a positive impact in the communities where we live and work and promote social opportunity.

View our Communities Page

Workplace

We create a welcoming and rewarding place to work and build a career.

View our Workplace Page

Environment

We manage environmental risk and operate sustainably.

View our Environment Page

We will operate with integrity and trust. These qualities aren't merely desirable in our industry - they're critical to maintaining the stability and longevity that our customers and stakeholders expect. We value our reputation as an ethical company and work to ensure that people at all levels of AFG understand their role in upholding it.

 

Download Code of Ethics
  • We maintain a rigorous Enterprise Risk Management process with input from senior leaders across administration, operations, finance, accounting, legal, human resources, investments, information technology, information security and other areas.
  • 100% - Employees of AFG and its insurance subsidiaries who are required to participate in an annual certification and acknowledgment process to ensure they understand and adhere to our Code of Ethics.
  • 100% - Employees of AFG and its insurance subsidiaries who are required to participate in annual information security training.
  • 100% - Employees who receive education on security awareness strategies through the year to help keep them safe both at work and home.
  • AFG’s Audit Committee is responsible for the oversight of risks from cybersecurity threats.
  • The full Board of Directors (at least annually) and the Audit Committee (at least quarterly) receive a presentation from and engage with the Chief Information Security Officer or another senior member of the Enterprise Information Security Group with respect to the Company’s cybersecurity threat risk management and strategy processes, cybersecurity trends and emerging issues and related topics.
  • Like others in the insurance industry, AFG experiences cyberattacks and other attempts to gain unauthorized access to its systems on a regular basis and anticipates that such attempts will continue.
  • Over the last three years, AFG has not experienced any material adverse events and has not paid any penalties or settlements related to an information security breach.
  • AFG has adopted the National Institute of Standards and Technology (“NIST”) Cybersecurity framework, which provides a comprehensive method for developing a flexible, repeatable, performance-based and cost-effective approach to identifying and managing cybersecurity risks.
  • AFG utilizes a variety of techniques to provide for the availability of critical data and systems, maintain regulatory compliance, manage its material risks from cybersecurity threats and to protect against, detect and respond to cybersecurity incidents. These techniques include, without limitation, the following:
    • Conducts regular phishing simulation tests of all employees and all members of the Board of Directors;
    • Utilizes full-disk encryption on all Company laptops and desktops;
    • Maintains a defense-in-depth security control strategy that is tested against high-risk threats such as ransomware and other trending attack vectors;
    • Validates compliance with internal data security controls through the use of security monitoring utilities and internal and external audits;
    • Performs self-assessments measured against industry-leading cybersecurity frameworks for standards, guidelines and best practices, including the NIST cybersecurity framework; and
    • Purchases information security risk insurance from a third-party insurer that provides protection against the potential losses arising from a cybersecurity incident.
  • Protecting the Company from cybercrime is part of our culture.
  • Through this Program, we emphasize education and awareness.
  • All employees receive education about security awareness strategies throughout the year to help keep them safe both at work and at home.
  • Employees also participate in cybersecurity awareness training annually.