Case study: How BCV protects customer privacy
Founded 175 years ago, BCV is the leading bank of Vaud Canton in Switzerland and one of the country’s five largest universal banks by total assets, offering a comprehensive range of financial products and services. Committed to providing excellent customer service, BCV takes every precaution to prevent the disclosure of non-public information relating to BCV and its customers. Tweet This!
This case study is based on the 2019 Sustainability Report by BCV published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.
Abstract
In 2019, to combat cyber and other security threats, BCV carried out a cybersecurity awareness campaign to help customers and employees prevent cyberattacks. In order to protect customer privacy BCV took action to:
- tackle cybercrime
- keep data secure
Subscribe for free and read the rest of this case study
Please subscribe to the SustainCase Newsletter to keep up to date with the latest sustainability news and gain access to over 2000 case studies. These case studies demonstrate how companies are dealing responsibly with their most important impacts, building trust with their stakeholders (Identify > Measure > Manage > Change).
With this case study you will see:
- Which are the most important impacts (material issues) BCV has identified;
- How BCV proceeded with stakeholder engagement, and
- What actions were taken by BCV to protect customer privacy
Already Subscribed? Type your email below and click submit
What are the material issues the company has identified?
In its 2019 Sustainability Report BCV identified a range of material issues, such as contributing to Vaud’s economic development, products and services suited to customers’ needs and expectations, retirement, compensation, and other employee benefits, diversity and equal opportunity. Among these, protecting customer privacy stands out as a key material issue for BCV.
Stakeholder engagement in accordance with the GRI Standards
The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:
Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.
Key stakeholder groups BCV engages with:
To identify and prioritise material topics BCV engaged with its stakeholders through the following channels:
Stakeholder Group | Method of engagement |
Vaud Cantonal Government and Cantonal Parliament
| · Regular contact with the Vaud Cantonal Government as part of BCV’s information-exchange agreement · Responsiveness by the Bank towards BCV-related questions and requests that Vaud’s Cantonal Parliament submits to the Cantonal Government (e.g., motions that ask or require the government to legislate) |
Employees | · Employee engagement surveys |
Customers
| · Market research and satisfaction surveys · Systematic analysis of customer complaints |
Shareholders (apart from the Canton of Vaud) | · Annual Shareholders’ Meeting · Regular meetings with professional investors |
Sustainable development interest groups | · Responding to questions, requests, and comments
|
Supervisory and federal authorities
| · Regular meetings with the Swiss Financial Market Supervisory Authority (FINMA) and the Swiss National Bank (SNB) |
Suppliers and partners
| · Formalised processes for managing relationships with main suppliers |
Cultural and sports associations | · Responding to questions, requests, and comments · Numerous exchanges about sponsoring and donations |
What actions were taken by BCV to protect customer privacy?
In its 2019 Sustainability Report BCV reports that it took the following actions for protecting customer privacy:
- Tackling cybercrime
- The growth of digital banking services means that cybercrime is an increasingly pressing concern, especially for a bank the size of BCV. Accordingly, BCV has assessed potential threats to its businesses, including cyberattacks and other security risks, and taken appropriate measures to protect its IT systems, data, and operations. BCV monitors these threats around the clock and because the methods used by cybercriminals are changing constantly, BCV regularly upgrades its practices and tests its capacity to withstand cyberattacks. Additionally, BCV works closely with specialised partner firms and Swiss government agencies in charge of combating cybercrime, such as the Reporting and Analysis Centre for Information Assurance (MELANI). BCV’s business continuity plans are also tested at regular intervals.
- Keeping data secure
- BCV makes sure that both customers and employees are guaranteed full confidentiality, in accordance with the law and established practices. If required to collect personal data about customers or employees, whether by law or by circumstances, BCV handles such data in compliance with data protection requirements. And whenever BCV shares data with authorised third parties, it adheres to the law and BCV’s General Conditions. Appropriate organisational and technical measures are also in place to prevent documents and records from being viewed, used, modified, or destroyed by unauthorised persons. In 2019, no legal action was taken against BCV for breach of confidentiality or customer data loss.
Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?
The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data
Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:
- Sustainable Development Goal (SDG) 16: Peace, Justice and Strong Institutions
- Targets: 16.3, 16.10
78% of the world’s 250 largest companies report in accordance with the GRI Standards
SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.
Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.
7 GRI sustainability disclosures get you started
Any size business can start taking sustainability action
GRI, IEMA, CPD Certified Sustainability courses (2-5 days): Live Online or Classroom (venue: London School of Economics)
- Exclusive FBRH template to begin reporting from day one
- Identify your most important impacts on the Environment, Economy and People
- Formulate in group exercises your plan for action. Begin taking solid, focused, all-round sustainability action ASAP.
- Benchmarking methodology to set you on a path of continuous improvement
See upcoming training dates.
References:
1) This case study is based on published information by BCV, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:
http://database.globalreporting.org/
2) https://www.globalreporting.org/standards/gri-standards-download-center/
Note to BCV: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.