Absa Bank (Mauritius) Limited (the bank) is governed by an Enterprise Risk Management Framework where controls, through policies and standards, are enforced to risk manage identified critical risks faced by the bank. Policies and standards are regularly reviewed and subsequently approved by the board of the bank in addition to the board of Absa Group Limited. The policies and standards are posted on the organisation’s intranet, accessible to its employees.
The bank has implemented a set of policies for data management, information security, cyber security and technology risks so as to have a holistic controlled approach for confidentiality, integrity and availability of information created, processed, transmitted, stored and disposed by the Bank. The policies and standards cover information which can be accessed both logically and physically while regular training and awareness programmes are done to ensure common understanding across the Bank.
As per the Enterprise Risk Management Framework, the Bank has also implemented appropriate governance and monitoring teams across different lines of defence, who are responsible to monitor adherence to these policies and standards while assessing their operating effectiveness. Governance forums like the Risk Forum and the Control Forum, which are comprised of relevant members of the Management, are used to review and track remediation of any non-adherence to these policies and standards.