The Group continued to enhance its management of information security (cyber security) risk on an ongoing basis in 2019. It has assessed the risks, identified controls and is implementing solutions. The Group already has comprehensive IT security policy and procedures, which are in line with leading industry practices. The Information Security Risk Management Committee at the Head Office meets regularly and has implemented a new Information Risk Management Framework and Group Policy and Guidance.