GHL System Berhad Annual Report 2019

A N N U A L R E P O R T 2 0 1 9 23 COMPLIANCE TO RULES AND REGULATIONS The Group is fully committed to maintain the highest standards in corporate governance and makes every effort to be fully compliant with relevant rules and regulations, e.g. Companies Commission of Malaysia, Card Schemes rules and regulations, regulations issued by Bank Negara Malaysia, Bursa Malaysia, Anti-Money Laundering Acts, Data Protection Acts as well as other applicable compliance laws, regulations, and standards in all of the jurisdictions in which the Group operates. The Group implements a corporate-wide approach to monitor compliance and is regularly reviewed to reflect the latest best practices and new regulations, which are communicated to employees on a consistent basis. Anti-Money Laundering Policy To corroborate with the Government’s and BNM’s initiatives in preventing the use of financial system for illicit and money laundering activities, as well as the financing of terrorist activities, the Group has set up an extensive infrastructure and various processes to support such efforts. Cyber Security The Group is accessed annually by a qualified security accessor from the Payment Card Industry Security Standards Council (“PCISSC”) to ensure the safe handling of cardholder information at every step, and is certified Payment Card Industry Data Security Standard (“PCIDSS”) compliant. Anti-Bribery and Corruption Policy This Policy’s principal objective is to safeguard the Group’s reputation by countering conflicts of interest, bribery and corruption, and ensuring that business practices are conducted in an ethical and professional manner. All employees are to abide by the Policy and ensure that there is no offering, soliciting, or receiving of any gifts/bribery in any form, to or from current or potential customers, vendors, or merchants, either directly or indirectly, which may influence the employee’s judgement in a decision-making process or put the employee in a position of conflict. Customer Data Privacy The Group takes customer data privacy seriously and ensures that it is protected at all times by maintaining a Privacy Policy in line with the Personal Data Protection Act (PDPA) 2010. Various measures have been put in place to safeguard all data from unauthorised access and security breaches. The Group also acknowledges that as customers and employees information become more digitalised, the risk of cyber-attacks increase. As such, the Company is committed in maintaining high information technology security controls to ensure sustainability of its business operations and will continue to implement best practices embedded within the security standards. Customer Due Diligence Customer due diligence/Know-Your-Customer (KYC) is conducted by the Group’s Risk Department for proper customer identification and risk assessments using reliable information and documentation. KYC allows a standardised approach to understand the customers/merchants during on-boarding and ongoing due diligence reviews. This ensures that the Group only deals with customers whose background information has been adequately verified and approved to eliminate probabilities of chargeback or fraud. Whistle Blowing Policy The Group operates an independent and unbiased Whistle Blowing Policy which encourages employees and any party to bring to the attention of the Board any concerns of integrity and misconduct. With the aim to develop an open culture, accountability and integrity, the Group’s Whistle Blowing Policy offers protection and places significance on confidentiality, encouraging employees and third parties to speak up if serious concerns about misconduct and irregularity arise. SUSTAINABILITY STATEMENT CONT’D