SAL’s risk management framework pivots on the application of industry best practices in a manner calculated to support the achievement of the Company’s strategic objectives and long-term growth ambitions. The framework addresses risks that may impact SAL’s vision, strategy, customers, assets, organizational structure, employees, and operational activities.
Enterprise Risk Management (ERM) is embedded across the organization and integrated into strategic, operational, and business decision-making processes. In 2025, SAL refreshed its risk appetite to ensure continued alignment with its evolving strategy and growth trajectory, while maintaining a disciplined approach to risk-taking. Oversight of risk management activities is driven by the Risk Management Committee, which plays a central role in monitoring risk exposures and the effectiveness of mitigation measures across the Company.
Risk Management Policy
The Company’s risk management policy is designed to provide a structured and consistent approach to identifying, assessing, managing, and monitoring risks across the Company. The policy aims to:
- Embed risk management as a standard management practice across all levels of the organization, ensuring that risk considerations are integrated into strategic, operational, and business decision-making.
- Protect the Company from adverse events while supporting the execution of strategic initiatives and new developments, by reducing risk exposure, mitigating the severity of potential impacts, and implementing appropriate controls to limit losses where risks materialise.
- Support the effective achievement of the Company’s objectives by enhancing operational efficiency, enabling the execution of strategic initiatives, and maintaining a strong focus on serving customers.
- Reduce the cost and impact of risks through proactive identification, timely mitigation, and continuous monitoring of key risk exposures.
- Safeguard the interests of the Company, the Board of Directors, shareholders, and other stakeholders by promoting disciplined risk-taking aligned with the Company’s objectives and risk appetite.
- Align with internationally recognised risk management standards and industry best practices, ensuring that the Company’s risk management approach remains robust, consistent, and responsive to its operating environment.
Risk Appetite
SAL’s risk appetite defines the nature and level of risk the Company is willing to accept in pursuit of its strategic objectives and long-term growth ambitions. The Company seeks to ensure that risks are taken in a deliberate, disciplined, and well-informed manner, balancing the pursuit of opportunities with the need to safeguard operational resilience, financial strength, and stakeholder interests.
In 2025, SAL refreshed its risk appetite to align with its evolving strategy and growth trajectory. While the underlying risk assessment framework and methodologies remain consistent, the refreshed risk appetite reflects a more forward-looking approach that supports strategic initiatives, new developments, and expansion activities, within clearly defined governance and oversight parameters.
SAL does not accept risks that could materially compromise the achievement of its strategic objectives, business continuity, regulatory compliance, or reputation. Risks that exceed the Company’s defined risk appetite are duly escalated to the concerned committee, and management is required to implement timely and appropriate response actions. These risks are also reported quarterly to the Board of Directors.
The Company’s risk appetite framework encompasses the following key elements:
- Risk philosophy – Promotes disciplined risk-taking in support of value creation, while maintaining a strong focus on sustainability and resilience.
- Risk attitude – The Company adopts varying approaches to risk (risk-seeking, risk-neutral, or risk-averse) depending on the nature of the activity, strategic importance, and potential impact.
- Risk and return considerations - These ensure that risks undertaken are commensurate with expected returns and aligned with the Company’s strategic priorities.
- Mitigation preferences - Emphasize proactive risk mitigation, control enhancement, and risk transfer where appropriate.
- Risk treatment priorities – Guide management in determining when to avoid, reduce, transfer, or accept risks based on their significance and alignment with objectives.
- Acceptable impact thresholds - Defined at a high level to support consistent decision-making while avoiding undue exposure to adverse outcomes.
- Risk appetite categories - Provide a structured view of key risk areas across strategic, operational, financial, regulatory, and reputational dimensions.
Through this approach, SAL seeks to enable informed decision-making, support the successful execution of its strategy, and maintain alignment between risk-taking, governance, and stakeholder expectations.
Risk Categories
SAL has identified the below risk categories. Oversight of these risk categories, including the monitoring of risk exposures and the effectiveness of mitigation actions, is driven by the Risk Management Committee, which provides organization-wide governance and ensures alignment with the Company’s risk appetite and strategic objectives.
|
Financial |
Financial risk is any uncertainty that could lead to an adverse financial impact on SAL financial performance. High Financial risks could have a severe impact that SAL will not be able to meet its financial obligations. |
|
Operational |
Risk of loss resulting from inadequate or failed internal processes, people, systems commercial and/or external events impacting daily operations across all business lines. This Category includes the risk of failure to attract the best talent in the market and/or retaining the existing best performing talent as well as the risk of high attrition. |
|
Reputational |
Risks impacting the Company’s image, the loss of value to SAL’s brand and inability to satisfy customers. Reputational risks, at a regional level or larger scale, may also impact the ability to attract investors and/or professional capabilities. |
|
Strategy |
Risks impacting SAL’s ability to achieve its mission, goals and strategic objectives. These include strategic planning risks that may lead to potential failure to achieve core objectives. |
|
Health, Safety & Environment |
Risks impacting the health and safety of employees, external contractors, customers, residents and citizens of all geographic regions where SAL operates as a company. These risks also include the ecosystem and environment in which SAL operates as a company. |
|
Regulatory, Legal & Compliance |
Risk of loss arising from non-compliance of regulatory requirements, legal actions and litigations. These risks are dependent on level of adherence to applicable regulations and the governance and legislative framework of the Company. |
|
Security |
Risks impacting the security of SAL stations, aircraft, cargo and airport infrastructure. |
|
Information Technology |
Risks impacting the digitization and IT operations within the Company. |
|
Cyber |
Risks impacting cybersecurity environment at SAL. The protection of privacy, integrity, and accessibility of data and information in cyberspace. Cyberspace is acknowledged as an interaction of people, software and worldwide technological services. |
Risk Appetite Statements
|
Financial |
SAL has Low appetite for financial risks. SAL as a company is not prepared to take any risks which may jeopardize its financial stability, which is achieved through maintaining healthy financial performance over the long term, meeting financial obligations, and remaining solvent under varying economic and business conditions Investments in any projects or business growth by SAL are based on and supported by defined metrics. Also, SAL has Low appetite for material misstatements in its financial reporting. |
|
Operational |
SAL aims to provide secure and satisfying transport, logistics and cargo services to all its customers and clients. SAL has Low appetite for any threat that impacts the activities related to cargo, ground handling operations, commercial, freight forwarding, transport, or warehousing activities. SAL is committed to attracting the best talent in the market and retaining its existing best performing talent. Therefore, SAL has Low appetite to risk in Operational area. |
|
Strategy |
SAL has Moderate appetite for pursuing opportunities through a set strategy guided by the principles of risk return optimization, which shall enable SAL to achieve sustainable growth. |
|
Reputational |
SAL has Low appetite for risks impacting its brand and image. |
|
Health, Safety & Environment |
SAL is committed to the prevention of staff injuries, environment protection, promoting safe operations and healthy lifestyle for all stakeholders – from direct and outsources employees to customers and clients. Therefore, Company has Zero appetite for any Health, Safety and Environment related issues or incidents. |
|
Regulatory, Legal and Compliance |
SAL has Low risk appetite for regulatory and compliance violations or breaches which may expose the company to unwarranted legal and regulatory implications. |
|
Security |
SAL has Zero tolerance for security breaches and applies a risk-based approach with the primary aim of preventing terrorism and criminal activity at all its facilities. To achieve this, SAL follows the industry best security practices and follows guidance from relevant national/international agencies. |
|
Information Technology |
SAL has Low appetite for risks impacting its Information systems, IT operations and infrastructure to ensure minimum downtime and challenges in operations. |
|
Cybersecurity |
SAL has Low appetite for risks impacting Cybersecurity, network and infrastructure security to safeguard against all types of cyber-attacks and ensure minimum downtime and challenges in operations. Low risk appetite also pertains to Personal Data Breaches in line with applicable privacy laws and regulations such as |
Risk Assessment and Evaluation
Risk likelihood reflects the probability of a risk event occurring, while impact considers the potential effect on SAL’s strategic objectives, operations, financial performance, and reputation. Risks are assessed using a structured evaluation approach aligned with the Company’s risk appetite to determine their significance and prioritisation.
Risks that exceed acceptable tolerance levels are escalated through management and reported in detail to the Risk Management Committee together with appropriate mitigation and response actions.
Risk Impact Measurement
Risk impact is measured consistently across all risk categories, considering the potential effect on SAL’s strategic objectives, operations, financial performance, regulatory compliance, and reputation. Impact considerations are embedded into management decision-making to support informed prioritisation and effective risk responses.
Senior Executives, including Presidents, Chiefs, Vice Presidents, Department Directors, and management teams utilise risk impact guidance as part of the risk management framework.
Responsibilities
Responsibility for the effective implementation of SAL’s risk management and risk appetite framework is shared across the organization and supported by appropriate governance oversight.
- Risk appetite is reviewed and approved by the Chief Executive Officer, the Risk Management Committee, and the Board of Directors, ensuring alignment with SAL’s strategic direction and growth ambitions.
- Risk appetite is designed to be aligned with the Company’s strategy, values, and objectives, and is embedded into performance management and decision-making processes where appropriate.
- Ownership of risk management is distributed across the organization, with executives, management, and employees responsible for applying risk management practices within their respective areas of responsibility, subject to ongoing oversight and monitoring.
- The Risk Management function, in collaboration with management, supports the monitoring of key risk exposures, mitigation actions, and response measures, and provides consolidated reporting to the Risk Management Committee and the Board.
- Risk considerations are integrated into strategic planning and major initiatives, considering internal and external factors such as market dynamics, regulatory developments, business conditions, and customer requirements.