Firmly guided by our core values of Integrity, Initiative and Involvement, our Group Culture and Conduct Governance Committee is empowered to implement key initiatives to reinforce robust governance. A Board Risk Management Committee (RMC) provides oversight on risk governance matters within the Group.
We have in place Code of Conduct for our employees and financial representatives that sets out the standards of ethics and professional behavior expected.
Separately, we established a Supplier Code of Conduct that mandates third parties who supply or perform specific services for us, including parties such as suppliers, contractors and business partners, to observe our approach of non-tolerance on bribery and corruption.
We require employees and financial representatives to regularly update their knowledge on compliance of the code of conduct through online courses and training. We review these mandatory online courses regularly to ensure the contents are relevant.
For more information, please refer to our Corporate Governance disclosure.
Fair business practices are critical to building trust and loyalty with our customers. As a responsible financial institution, we regularly improve our practices beyond compliance with published codes of conduct. Delivery of customers’ Fair Dealing outcomes is tied to the performance assessment of senior management. This ensures that senior management takes the prioritization of Fair Dealing practices seriously. Great Eastern is committed to continuous strengthening of our fair dealing practices to ensure that the interests of our customers remain safeguarded and upheld.
We make it a priority to protect data and information of our customers and other stakeholders that are in our system. We have in place stringent practices that are regularly reviewed to comply with regulatory requirements and ISO27001 standard.
Protection of customer data is a key guiding principle and an important aspect in our business operations and activities. We have in place the Personal Data Protection Policy which governs the protection of customer data across all Great Eastern entities and agency force. It prescribes how we collect, use and protect personal information that has been provided to any Great Eastern entity. Personal information that is no longer required is destroyed and purged securely according to industry standards.
Awareness and education are key tenets behind our cybersecurity and data protection culture. Employees and financial representatives undergo regular training so that they can detect, report and respond appropriately to potential threats, and are constantly reminded of the need to maintain cyber hygiene. We also validate our cybersecurity controls through regular cyber and phishing tests, which include red-teaming exercises and bug bounty programmes conducted by external experts. As an attestation to our data protection standard, we have been awarded the Data Protection Trustmark Certification and the APEC Cross-Border Privacy Rules Certification.