Sustainability Related Policies

Information and Cyber Security Management Policy

Information and data stand as foundational assets within the domain of any banking and financial services organization.They are the most critical items for digitizing business operations, product and services, playing a pivotal role in delivering an exemplary customer experience.Therefore, it is imperative that the security of this data is maintained.At Burgan Bank, we strive to prevent the continuous threats that may be lurking internally or externally to sabotage the information and data or adversely affect our Information processing facilities and systems. Protecting and securing such information and data has emerged as a pivotal focus for any banking organization.Ensuring the confidentiality, integrity, and availability of information assets and technologies that process them of this data is an ongoing constant effort through our cyber security initiatives structured to identify, protect, defend and monitor Cyber Security activities in a structured method. In accordance with Central Bank of Kuwait’s (CBK) cybersecurity framework, Burgan Bank has developed its Information and Cyber Security Policy. This policy is designed to reflect the intentions of the Board of Directors and Senior Management providing comprehensive framework for directing, governing, managing and controlling the information and data assets of the Bank. The policy aims to:

• Implement and enforce a range of tailored Information and Cyber Security control measures to ensure confidentiality, integrity and availability of information and data assets
• Establish a robust Governing structure that clearly define roles, responsibilities and accountabilities for action and/or inaction of various stakeholders, and the consequences of non-adherence to the Policy;
• Ensure that the Bank’s security control requirements are meticulously defined through periodic Risk Assessments. This process involves the careful selection and implementation of appropriate Risk Treatment Plans to fortify the Bank’s security posture;
• Establish a robust Governing structure that clearly define roles, responsibilities and accountabilities for action and/or inaction of various stakeholders, and the consequences of non-adherence to the Policy;
• Establish minimum security baseline standards that need to be configured while implementing Banking Application systems and Infrastructure components;
• Provide Cyber Security requirements that to be taken into consideration during the acquisition and implementation of new Banking Application systems and Infrastructure components;
• Develop and sustain Methodologies and Framework to integrate and coordinate Governance, Risk and Compliance initiatives seamlessly within the business processes;
• Provide a holistic view of the current Governance, Risk, and Compliance (GRC) posture with respect to Information and Cyber Security to make informed decisions to manage cyber risks effectively;
• Ensure continued availability of Banking Application systems and infrastructure to support uninterrupted banking services to the Bank’s customers; and
• Identify, contain and mitigate any Cyber Security incidents and breaches.
• The Policy is applicable to all Bank employees, contract employees, temporary contracting staff, as well as staff members of Third-Party Service providers and Third-Party information processors.

Whistleblowing Policy Summary

The whistleblowing policy of Burgan Bank is designed to foster an environment of encouragement and support for employees, vendors, consultants, and advisors, and all other associated parties, including both minority and majority stakeholders.This policy is in place to safeguard those who voice their concerns about behavior within the company that may be unethical, illegal, or in violation of our code of conduct. We are committed to protecting the rights and well-being of anyone who speaks up in these situations, ensuring that the bank upholds the highest standards of ethical and legal conduct. The purpose of this policy is to encourage and support all stakeholders in addressing red flags related to any malpractices, and improve the overall integrity and performance of the organization through transparent and effective procedures, in addition to highlighting the proper channels of reporting any detected malpractices. Whistleblowers can raise any concerns via email, telephone, or online form. Additionally, whistleblowers have access to the bank’s Whistleblowing Committee, whistleblower officer, and welfare manager if necessary. This procedure is also adopted by Burgan Bank to enable the Bank staff / employees to raise awareness, doubts or concerns they may have on probability of violations (private disclosures / whistleblowing) directly to the Chairman and to eliminate the possibility of retaliations and detrimental actions in the work environment of the Bank through ensuring confidentiality of whistleblower as much as possible. We take the utmost care to protect the identity of whistleblowers and the confidentiality of such a report, within the limits defined by applicable laws and regulations.

Fair Advertising Summary

Burgan Bank operates a fair advertising policy that prioritizes the protection of consumer rights. It applies to all advertisements related to financial products and services offered. The bank’s marketing communications follow the below guiding principles (as adopted from the Central Bank of Kuwait’s Banks Customer Protection Manual)

• Respectful to human dignity and does not incite or condone any form of discrimination.
• Financial inclusion being one of the main pillars of services, ensure that relevant banking products and services are communicated to a diverse category of customers and members of society
• Will not without justifiable reason play on fear or exploit misfortune or suffering.
• Will not appear to condone or incite violent, unlawful or anti-social behavior.
• Will not contain statements or audio or visual treatments which offend standards of decency currently prevailing.
• Framed so as not to abuse the trust of consumers nor exploit their lack of experience or knowledge.
• Relevant factors likely to affect consumers’ decisions should be communicated in such a way and at such a time that consumers can take them into account.
• be truthful and not misleading.
• Do not contain any statement, claim or audio or visual treatment which, directly or by implication, omission, ambiguity or exaggeration, are likely to mislead the consumer.
• Our employees shall communicate clearly and fully with customers regarding the terms and conditions of our services and shall not attempt to deceive or mislead customers and the public.