Corporate governance report (continued) PPS Integrated Report 2021 Corporate governance report | 94 TECHNOLOGY AND INFORMATION GOVERNANCE During2021 PPSGroupcontinuedwith themodernisation and rationalisation of the business applications. Group IT completed the migration of most of the business workloads systems to the cloud. A large proportion of legacy systems were also decommissioned during this period. The core business applications have also received significant attention to further enhance system stability, quality and performance. Focus on digitalisation continued with a drive to provide seamless and highquality end-user experience. 2021 will be noted as the year with the highest amount of cyber security related activity worldwide. PPS, amongst other insurance providers, has seen a substantial increase in cyber incidents and in March 2021 PPS was also the victim of a malicious cyber incident. PPS involved local and international security service providers to identify potential data exposure, restore the systems, and implement remediated services. After the system restoration, the investigations concluded that PPS did not suffer any compromise or exfiltration of member data due to the incident. PPS has further enhanced the cyber security protection measures in partnership with international cyber security experts and will continue with a defence-indepth security strategy with increased governance, user education and use of technology to increase the cyber security maturity. During the year, critical roles in the IT Operating model were filled and the team is now best positioned to create partnerships between business and IT, drive delivery of key strategic projects, ensure quality in operations, enable consistent architectures and create a robust layer of governance and security in the organisation. The Group Technology Steering Committee (GTSC) was established in 2019 and, as a subcommittee of the Group Risk Committee (GRC), continued to provide strategic insight, prioritisation on key initiatives, as well as governing technology and information to support the organisation in achieving its strategic objectives. The GTSC was instrumental during the cyber incident to provide strategic leadership and guidance. Annual reviews of Group IT were conducted by Internal Audit and other independent assurance providers on, inter alia, IT control audits, King IV governance, IT disaster recovery and Information Technology Infrastructure Library (ITIL) maturity. REGULATORY DEVELOPMENTS During the year under review, there was a significant volume of proposed legislation and amendments to existing legislation, all of which will impact the governance and reporting of governance within the PPS Group. This has placed additional responsibilities on the PPS Group Boards and management to ensure adherence to, and compliance with, the new requirements. The most important legislative changes for PPS are highlighted below: 1. COVID-19 As the globe continues to navigate through the Covid-19 pandemic, in 2021 South Africa remained under the National State of Disaster declared on 18 March 2020. Regulations continued to be published under the Disaster Management Act, 2002, prescribing the steps necessary to prevent an escalation of COVID-19, or to alleviate, contain and minimise the effects of COVID-19. The PPS Group heeded the President’s call and all PPS Group employees were appropriately enabled to work from home. In addition to the changing regulations issued under the Disaster Management Act, there have been many circulars issued by the Financial Sector Conduct Authority (FSCA) and the PPS Group has complied with all of the legislation emanating from the disaster. PPS has formulated a mandatory PPS Group Vaccination Policy and has implemented a hybrid and flexible work plan for PPS Group employees. 2. MARKET CONDUCT In October 2020 the National Treasury published for comment a second draft of the Conduct of Financial Institutions Bill 2018 (COFI Bill), that will regulate the conduct of financial institutions. One of the main changes was the removal of the enabling provisions of conduct standards which will be included in the FSR Act. The impact of the Bill on the PPS Group is high, as it will introduce new standards. PPS has submitted comment on the COFI Bill via ASISA. The National Treasury will likely table the COFI Bill in Parliament in 2022. 3. POLICY HOLDER PROTECTION RULES The FSCA published proposed amendments to the Policyholder Protection Rules (Long-term Insurance), 2017 and Policyholder Protection Rules (Short-term Insurance), 2017 (2017 PPRs). The main objective of the draft proposed amendments is to give effect to certain necessary enhancements to the 2017 PPRs, informed by supervisory findings on the implementation of and compliance with the 2017 PPRs and a number of regulatory and supervisory projects undertaken over the past two years.
RkJQdWJsaXNoZXIy NzI4MzY4