CFSL Integrated Report 2021

76 C I M F I N A N C I A L S E R V I C E S L T D C O R P O R A T E G O V E R N A N C E CORPORATE GOVERNANCE REPORT (continued) For the year under review, only one Director, namely Mr. Denis Motet, dealt in the shares of the Company and acquired 20,900 shares. The direct and indirect interests of Directors in the shares of the Company are set out in the table on page 74. 2.10 Information, Information Technology (IT) and Information Security policy The Board oversees information governance within the organisation and ensures that the performance of IT systems leads to business benefits and creates value. The Group adopted various IT policies during the year. For instance, a Firewall Policy was implemented to mitigate the risks associated with security threats, while a Data Privacy Policy, which complies with the requirements of the Data Protection Act 2017, was set up to protect and ensure the confidentiality of personal or sensitive personal data. The Group has also adopted a Data Retention and Disposal Policy to minimise data storage amount and retention time. Matters of importance with regard to information security policies are also taken up by the Risk Management Committee and recommendations are submitted to the Board for approval. The Board, through its committees, ensures that proper policies have been implemented for the protection of the Company’s information assets. Policies have also been set up to protect the integrity, ensure the confidentiality and control the usage of and access to the information essential for the smooth running of the Company’s business activities. Mitigation actions were taken by management following the advent of the COVID-19 outbreak to minimise the information security risks. Management also ensured that all employees were provided with the appropriate tools to ensure a smooth transition to teleworking, thus guaranteeing business continuity. The Board approves material investments in information technology and security, as set out in the annual budget, according to the business needs of the Group. 2.11 Board performance review Following recommendations made by the CGCRC, the Board approved a Board evaluation framework that will allow the Company to smoothly transition from an internally-led Board evaluation to an externally-led exercise. This exercise will be extended over a three year period and ensure that the Company complies with best practices in terms of Board evaluation. The evaluation for this year was conducted internally by way of a peer evaluation in addition to a questionnaire circulated to each Director to obtain their views on the effectiveness of the Board, to assess their contribution to the Board’s performance and to identify areas of improvement. Once the results have been analysed by the CGCRC, they will be reported at Board level and used to improve the Board’s effectiveness.

RkJQdWJsaXNoZXIy MzQ3MjQ5