Information Security Policy
Securing Bank's information and systems has been one of the most significant priorities for the Bank. Tothis end a multilayer defence approach is used in terms of governance and security controls. The governance model follows regulatory directives employing the 3 lines of defence. Management support is at the highest possible level and there is direct independent reporting to the appropriate Board committees. In parallel all our security controls follow regulatory standards (GDPR, NIS, PSD2, PCI, SWIFT) and international best practices (such as ISO27001).
The Group has very low appetite for threats and losses arising from cyber attacks and information misuse. Investment are thus made in terms of people to first, second and third lines of defence employing qualifies security engineers, analysts and IT auditors. In addition, significant investments are made in state-of-the-art technolocy on a continuous basis (such as machine learning and artificial intelligence).