Information Security

Our Group Technology Risk Management Framework and Information Technology Security Management and Cyber Resiliency Policy outline our cybersecurity policies and guidelines to protect our data and assets. These ensure that cybersecurity risks are identified and managed in a consistent way across the Bank.

We monitor, detect and respond to potential cybersecurity risks and threats and continually upgrade our security capabilities to respond to the evolving threat landscape by partnering leading cybersecurity providers and enhancing our security technology and capabilities.

We are also committed to enhancing our operating models and strengthening our defences to keep pace with the dynamic threat landscape. Through these efforts, we contribute to the security and stability of the financial system and help to build trust in the banking environment. As we advance our digital capabilities, we will continue to increase our investments in our cyber resilience and security.

Recognising that everyone plays a role in data protection and cybersecurity, we regularly train our people on information security and cybersecurity risks. We keep our people informed of developments, share best practices with them and conduct activities such as phishing simulations and internal cybersecurity training to raise our colleagues’ awareness and to assess their understanding, vigilance and susceptibility to cybersecurity threats.