The Natural Disaster Insurance of Iceland (NTÍ) operates in accordance with the Special Act on Icelandic Natural Disasters Insurance, No. 55/1992, and Regulation No. 770/2023 on Icelandic Natural Disasters Insurance, as amended. The site of NTÍ is located in Hlíðasmára 14, Kópavogur.

NTÍ operates in the field of non-life insurance according to Act No. 55/1992 and the Act on Insurance Activities no. 100/2016. In accordance with the Act on Auditors, No. 94/2019, insurance companies are defined as public interest entities, and the role of audit committees in such entities is specifically provided for in the Annual Accounts Act, No. 3/2006.

The rules of procedure of the board are available on the NTÍ website. In preparing this statement of government, the latest versions of the guidelines of the Icelandic Trade Council, Nasdaq Iceland Ltd. and the Icelandic Confederation of Labour, which entered into force on 1 July 2021, were used.

1) Objectives and role
The role of the institution is to insure buildings and movable property insured against fire by general insurance companies, cf. Paragraph 1 of Article 5 of the Act on NTÍ. Insurance amounts shall be the same amount as the fire insurance at any given time. The institution also insures utility and port facilities in majority state or municipal ownership, as well as bridges and ski lifts, cf. Paragraph 2 of Article 5 of the same Act. The insurance amounts of these assets are based on the replacement value plus the cost of demolition and disposal. When structures are insured against natural disasters by NTÍ, this refers to primary insurance activities in the field of non-life insurance. The structures may be insured elsewhere than by NTÍ.

2) Organization of operations
NTÍ is a public institution that reports to the Ministry of Finance and Economic Affairs. There are five members of the board, three of whom are elected by the Althingi, one chosen by the insurance companies and the chairman appointed by the minister.

3) Risk and security management
NTÍ shall implement active risk management to identify and assess risks in its operations. Security measures shall be taken to ensure the safety of its employees, continuous operations and the institution’s ability to ensure a rapid and smooth response to damage to insured assets.

4) Insurance obligation and amounts
The institution shall take out insurance against natural disasters on buildings and movable property insured against fire with general insurance companies, and the insurance amounts shall correspond to the fire compensation assessment at any time. The insurance amounts of other valuables insured by the institution shall be based on the replacement value at any time.

5) Preparedness and response plans
NTÍ shall have a plan to respond to and ensure continuous operations following natural disasters or other shocks, both in the handling of claims and the operation of information systems. Emphasis shall be placed on good service and clarity in communications with customers in accordance with applicable laws and regulations.

6) Training and education
Re-education of employees and training shall be ensured in accordance with their field of work and the role of the organization, so that they are equipped to perform their role. Awareness of risk and safety issues shall be part of the organization's culture. 7) Transparency and accountability Emphasis shall be placed on transparency and reliability. Annual accounts and other important information shall be published on NTÍ's open website.

NTÍ has no judgments for criminal offences under the General Penal Code, the Competition Act, the Act on Insurance Companies or the Accounting, Annual Accounting, Bankruptcy or Public Provisions Act or the special legislation applicable to entities subject to public supervision of insurance activities.

NTÍ is subject to supervision by the Central Bank of Iceland and has established a coordinated risk management system that covers all operational aspects of NTÍ. NTÍ’s risk management policy is based on the COSO guidelines, which stands for the Committee of Sponsoring Organizations of the Treadway Commission. NTÍ’s management system and organization are recorded in its quality system. Instructions for employees aim to ensure that everyone is responsible for the quality of their work, NTÍ’s services and information security. Internal control is built into NTÍ’s operating procedures and internal audits and risk analyses are carried out regularly. A service department employee presents the results of quality and security issues, internal audits and the status of improvement projects annually following internal audits and other audits to the board and audit committee.
NTÍ emphasizes a clear division of labor and responsibility. Monthly reporting on the asset management portfolio is an important part of providing information to NTÍ’s board. In addition, detailed reporting on the portfolio is carried out quarterly and annually, an own risk and solvency assessment is carried out in parallel with the annual report on the performance of the portfolio. NTÍ's CEO and investment specialist generally meet several times a year with the treasury management parties to discuss how investment management and supervision are carried out and to assess whether this is adequate.
The annual risk management report and other regular reviews aim to ensure transparency in the operations and to facilitate NTÍ's ability to detect and correct potential errors, monitor deviations and fluctuations in the operations and provide scope for action if risk factors or changes in the operating environment give cause.
NTÍ's liabilities for incurred losses and reinsurance cover are assessed regularly and ensure that they are in accordance with the institution's needs and obligations.
An external audit agreement was concluded with Deloitte in the autumn of 2023 for a period of five years for the period 2023-2027 based on a tender conducted by the National Audit Office. An internal audit agreement is in force for the period 2024 to 2027 with KPMG.

The Board and staff have jointly established a Code of Ethics for NTÍ, which is intended to be a kind of roadmap for those who work for NTÍ. The Code of Ethics is a guiding light for the Board and employees on the ethical responsibility that all parties involved have agreed to follow in word and deed. The rules are based on values ​​that should govern all NTÍ decisions, which are fairness, reliability, cooperation and initiative. The Code of Ethics was last revised in October 2023.

The Human Resources Policy was last reviewed and approved by the Board in January 2025, and it is based on five main components, workplace culture, management and development, employment relations, career development and health and well-being. Assessment of compliance with the Human Resources Policy is regularly assessed by external experts through interviews with employees and managers.

The board has set out a vision for individual policy areas in policy documents that are part of NTÍ's quality system. Goals and guidelines have been set for all board policies to ensure their implementation and compliance.

The Board of Directors’ rules of procedure are generally reviewed annually and were last confirmed in January 2025. The rules stipulate, among other things, the qualifications of board members, their division of labor and their responsibilities. The rules also cover the roles and responsibilities of the board and CEO, the organization’s board representation, information provision to the board, meeting procedures, minutes and the board’s decision-making power. In addition to its policy-making role, the board monitors that NTÍ’s operations are in accordance with laws and regulations and monitors the organization’s accounting and allocation of funds. The board monitors the effectiveness of risk management, the effectiveness and efficiency of internal operations and contributes to the achievement of NTÍ’s goals.
The risk management policy is under constant review and the three largest risk factors in the operations are defined as; claims handling, portfolio management and actuarial risk. The risk management policy is in the spirit of COSO 2017 harmonized risk management, where, among other things, covers risk culture, strategy, project implementation risks, risk information and reporting, as well as requirements for internal control and risk measurement. It was last approved by the Board in February 2024.
The information security policy was last revised in January 2025 and is based, among other things, on the requirements of EIOPABos-20/600 regarding risks in the operation of information systems of regulated entities.
The Board approved NTÍ's revised environmental and climate policy in January 2025, which is intended, among other things, to ensure compliance with "Green Steps in State Administration" and support the state's emphasis on reducing greenhouse gas emissions. NTÍ does not have a specific policy on social responsibility, but the Board has set a policy on responsible investments in a policy document that was approved by the Board on June 7, 2024. There is also a guidance document with information on sustainability focuses in NTÍ's quality system, LBN-0557.
The Board of Directors has not established a policy on diversity in relation to the Board of Directors. The Board assumes that those who appoint the Board of Directors comply with applicable law at any time.
The Board of Directors holds joint meetings with the internal and external auditors and the Audit Committee on internal control and risk management. Both the Board of Directors and the Audit Committee meet at least once a year without the presence of the CEO of NTÍ. The Board of Directors’ assessment of its own work was last conducted in December 2024 and the Board of Directors considered that it had fulfilled its obligations under the law and operating rules and that its work had yielded the desired results. The Board of Directors’ self-assessment focused on assessing the organization and implementation of Board meetings, information provision to the Board, the roles, responsibilities and limits of authority of the Board of Directors and CEO, the effectiveness of the Board members and assessing the work of the Chairman of the Board and CEO.
The Audit Committee submits an annual report to the Board of Directors on its work and assesses its own work according to good practice for audit committees.

The board has established a privacy policy which is published on NTÍ’s website. Privacy is part of the risk assessment for all contracts concluded by NTÍ, and processing agreements are concluded wherever personal data is processed. Great emphasis is placed on the security of personal data in information systems. PwC acts as the privacy officer on behalf of NTÍ.

NTÍ's investment policy is reviewed at least annually and the rules on investment activities as necessary, most recently in January 2025. Great emphasis is placed on asset distribution in NTÍ's investment policy. There are agreements with Arion Bank, Icelandic Securities and Landsbankinn for asset management. Assets are in both domestic and foreign assets and the main emphasis is placed on low-risk investments where security is the guiding principle over asset returns. Analytica monitors asset managers and compiles monthly overviews of the portfolio's status and compliance with the investment policy. The board receives a monthly summary of the portfolio's status for presentation. A detailed quarterly analysis report and comparison of the performance of asset managers is prepared and submitted to the board for discussion.

Reinsurance agreements are concluded with the purpose of reducing the organization's risk due to large loss events. Since 2014, Aon has handled reinsurance brokerage. Renewal of reinsurance agreements takes place at the end of each year for the following calendar year.

The board of NTÍ is made up of five people and the term of office is from 1 July 2023 to 30 June 2027. Three are elected by Alþingi. Insurance companies that collect premiums (SFF) elect one board member, while the Minister of Finance and Economy appoints a chairman. Board members are appointed for a four-year term. The board consists of: Sigurður Kári Kristjánsson, chairman, Jóna Björk Guðnadóttir vice chairman, Hallfríður G. Hólmgrímsdóttir, Ragnar Þorgeirsson and Steinar Hardarson.

Deputies on the board are Elísabet Júlíusdóttir, Gunnar Már Gunnarsson, Margrét Arnheiður Jónsdóttir, Sigríður Gísladóttir and Silja Dögg Gunnarsdóttir.

The Board of Natural Disaster Insurance Íslands believes that the provisions of guidelines on governance no. 2.3.2 regarding the independence of directors is satisfied. The board members are all independent of the organization and its day-to-day management.

It is customary to invite all deputies to attend one board meeting a year as observers, but this is usually done at a board meeting held on the morning of the annual meeting in May each year. The purpose of inviting deputies to the annual meeting is to promote the maintenance of knowledge about the activities and to ensure that they are familiar with the working practices that are followed in connection with board meetings. The Board of Directors of Natural Disaster Insurance of Iceland met 12 times in 2023 and a deputy was called to a meeting in eight cases due to the absence of the main members. Two board members were absent from three meetings and two were absent from one meeting. The chairman of the board attended all meetings of the board during the year.

During the year, finance and asset management focused on 29% of the board's working time, claims handling 18%, strategic planning and quality issues 17%, actuarial risks and reinsurance 15%, and risk management and control aspects of the business 11%. Other aspects of the board's duties amounted to 8% of the board's tenure.

The audit committee works according to the rules of procedure on the basis of IX. chapter A. in the Act on Annual Accounts no. 3/2006. In Article 108 stipulates the obligation of units related to public interests to operate an audit committee. NTÍ's audit committee is made up of three committee members elected by NTÍ's board.

The role of the committee is to monitor the work process for the preparation of financial statements, risk management and the effectiveness of internal control. It shall ensure the quality of the organization's annual accounts and other financial information and the independence of its auditors.

The audit committee consists of Sigurður Þórðarson, chairman, Steinunn Guðjónsdóttir and Ragnar Þorgeirsson, who is also a board member. Deputies are not appointed to the audit committee, so meetings are generally not held unless all committee members can attend the meeting.

The committee met eight times in 2024.

The guidelines of the Icelandic Chamber of Commerce, Nasdaq Iceland hf. and the Confederation of Icelandic Employers are based on the Act on Limited Liability Companies and therefore do not directly apply to NTÍ's operations. Nevertheless, they are taken into account when preparing the corporate governance statement. The guidelines recommend that all deviations from the guidelines be specified, and this is done in the following list.

• Chapter 1.
  In light of the fact that NTÍ is not a limited liability company and that the board of directors is not elected at the annual general meeting, this chapter does not apply to NTÍ's operations.
  

• Chapter 2.
  Clause 2.2.1 is not followed in light of the fact that the appointment of the board of directors is in accordance with Act No. 55/1992 and the board of directors does not have decision-making power over the composition of the board of directors.
  Clauses 2.3.3 – 2.3.6 do not apply to NTÍ since NTÍ is not a limited liability company.
  The board of directors does not annually assess the size and composition of the board of directors in accordance with clause 2.6.2 where it is within the power of the Althingi, the Ministry and the SFF to appoint board members.
  Section 2.7 on remuneration policy does not apply to NTÍ as NTÍ is not legally obliged to have such a policy.
  The Board has not established a specific policy on sustainability, diversity and ethics according to section 2.9, but information on sustainability focuses that can be found in various NTÍ policy documents can be found in LBN-0557. Section 2.10 on relations with shareholders does not apply as NTÍ is fully owned by the Icelandic state.
  

• Chapter 5.
  No subcommittees of the Board of Directors operate at NTÍ apart from the Audit Committee which is legally required and operates in accordance with the provisions that apply to it.
  No remuneration committee according to section 5.4 operates at NTÍ as NTÍ is not a limited company.
  

• Chapter 6.
  The Board of Directors has not established a diversity policy in relation to the Board of Directors pursuant to point 5 of clause 6.1.2, as the appointment of the Board of Directors is governed by Act No. 55/1992 and the Board of Directors does not have decision-making power over the composition of the Board of Directors.
  Point 7 of clause 6.1.2 does not apply to NTÍ's operations, as there is no nomination committee in place, given that NTÍ is not a limited company.
  Section 6.1.3 does not apply to NTÍ, as NTÍ is not part of a group.
  Section 6.3 does not apply to NTÍ, as Island.is has developed a procedure for appropriate and relevant information on the websites of government agencies that NTÍ follows.

This statement of management has been prepared by the board of directors and the director of NTÍ to the best of my knowledge. It is intended to provide clear information on the governance of the institution to customers, regulators, the owner and others concerned.