CFSL Integrated Report 2025

97

Introduction

Group Overview

Leadership

Strategy & Performance

Risk Management Report (Continued)

NON-FINANCIAL RISKS

Technology & Cyber Risks

Potential disruptions from system failures and reliance on third-party technology. Cyber risk encompasses threats from attacks, data breaches, and employee misconduct.

Risk Response/Mitigation Measures

Three lines model: Independent Oversight is maintained through a dedicated IT security team under the first line of defence and a Chief Information Security Officer (CISO) providing second-line assurance. Cybersecurity Governance: Robust policies and standards are in place, aligned with the Bank of Mauritius’ Guideline on Cyber and Technology Risk Management. Incident Response: A comprehensive cyber and technology incident response plan ensures timely and effective handling of disruptions. IT Risk Monitoring: A dedicated IT Operations team is responsible for identifying, tracking, and managing technology-related risks.

Disaster Recovery Preparedness: Regular disaster recovery drills are conducted to validate CFSL’s readiness and ensure operational continuity. Vulnerability Management: Periodic penetration testing and vulnerability assessments are conducted with support from external experts. Cyber Awareness & Training: Ongoing training and awareness programmes are delivered to staff, focusing on emerging cyber threats, including phishing and social engineering. Risk Reporting: Technology and cyber risks are independently monitored and reported to the Operational Risk Forum and the Risk Management Committee for oversight.

Risks from human factors: skill gaps, talent attraction constraints, misconduct, succession issues, or low engagement.

People Risk

Risk Response/Mitigation Measures

Talent Management: Continued investment in graduate programmes and internal capability development to attract and retain key talent. Succession Planning: Plans in place to ensure leadership continuity and mitigate key person dependency. Employee Engagement: Regular surveys and recognition initiatives to foster a motivated and values-driven workforce.

Operational Efficiency: Ongoing HR process automation and performance management enhancements. Wellbeing & Resilience: Health and wellness programmes to support employee wellbeing and reduce absenteeism risks. Proactive Monitoring: Key HR risk indicators (e.g. attrition, engagement, resource availability) are closely tracked and managed.