Governance

Aspiring
to Become India’s Most Valuable Bank

We are committed to achieving and adhering to the highest standards of corporate governance and uphold global best practices across our operations.

Guided by the Code of Conduct and Ethics

Our Code of Conduct and Ethics applies uniformly to all employees including the senior management. All employees are made aware of compliance to the Code at the time of induction and through annual declarations. The Board of Directors retains a general oversight on compliance with the Code of Conduct and Conflict of Interest policies.

Building Trust: Conflict of Interest Policy

The Conflict of Interest policy provides an indicative list of common situations which may give rise to conflicts of interest between our staff and the interests of the organisation, consumers, and other stakeholders. The roles and responsibilities of employees as well as the obligation to report any possible conflict of interest are enumerated in the policy. The policy is available on our website.

Promoting Transparency: Whistle Blower Policy

We have a Board approved Whistleblower policy and a Whistle Blower Committee to encourage reporting of suspected or actual occurrence of illegal, unethical, or inappropriate action, behaviour, or practices by staff without fear of retribution. The details of the Whistle-blower policy and Vigil Mechanism are available on our website at https://www.axisbank. com. On a quarterly basis, the Audit Committee of the Board reviews a synopsis of the complaints received and the resolution thereof.

All employees are made aware of escalation mechanisms in specific areas such as whistle-blower and POSH during induction and through mandatory annual e-learning modules. Every employee must compulsorily qualify in the online LMS module on the Code of Conduct and Whistleblower policy.

Imbibing Accountability: Staff Accountability Framework

The staff accountability framework ensures a robust Corporate Governance environment by fixing accountability for regulatory breach, non-compliances, errors in regulatory reporting and misrepresentation of facts. As per defined severity of the misconduct, disciplinary penalties have been aligned to the Staff Accountability Matrix.

Strengthening Consumer Confidence: Customer Privacy, Confidentiality and Data Security

Our top priority is to ensure total security of the personal information of customers, using it solely for banking activities and preventing any misuse. The Data Privacy Office, established in fiscal 2022, intends to achieve this objective. We have also implemented other measures to ensure confidentiality:

  • We are compliant with all applicable regulations including General Data Protection Regulation (GDPR), IT Act – India, Payment Card Industry Data Security Standard (PCI DSS), RBI – KYC, Aadhar Act, and data localisation
  • Identifed all applications handling personal/sensitive data and implemented adequate security measures including user access management
  • An Enterprise Data Catalogue keeps track of all personal/sensitive data and changes among the data

Safe Operations: Fraud Detection and Safe Banking

We undertake measures on an ongoing basis to strengthen, prevent, detect, and respond to fraud incidents through real time transaction monitoring, sharper detection through learnings from incidents, proactive control measures, and other early detection systems.

Safe Assets: Information and Cybersecurity

We continue to pursue a comprehensive Information Security and Cybersecurity policy and standards based on industry best practices while complying with regulatory guidelines

Information Security Management Framework

We have invested in strong technical and administrative controls to proactively prevent, detect, contain, and respond to any suspicious activity.

  • Compliant with ISO27001 standard for information security management and PCI DSS standard
  • Adopted defence in-depth methodology to protect our crown jewels from intrusion by malicious actors
  • Our 24x7 Security Operation Centre (SOC) keeps vigil on our digital assets and coordinates with the RBI, CERT-In (the Indian Computer Emergency Response Team), National Critical Information Infrastructure Protection Centre (NCIIPC), National Payments Corporation of India (NPCI) etc. for implementation of their recommendation
  • Implemented payment security controls like multifactor authentication, device identification, and real time fraud risk transaction monitoring for all digital channels such as Internet Banking, Mobile Banking, WhatsApp Banking, Credit Cards, etc.

Key Cybersecurity Controls

Secure Access

Multifactor authentication has been enabled for users connecting through remote access

Preventing Sensitive Data Acess

Secure and isolated environment for remote access to critical systems configured to prevent sensitive data leak or unauthorised access

Data Leakage Prevention

Advanced end-point controls and Data Leakage Prevention (DLP) control to detect and prevent endpoints which are chosen targets of cyber-attackers

Attack Prevention

Spam and phishing e-mails protection have been enabled to protect against email-based cyberattacks that were rampant during the pandemic

Enhanced Monitoring

24x7 security monitoring along with usage of Cybersecurity Threat Intelligence to detect malicious underground activities