The case for CSR/ Sustainability Reporting Done Responsibly


Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Insights on how you can protect the environment, maintain and increase the value of your company, through a structured process.

Home / case studies / Case study: How BCV protects customer privacy

Case study: How BCV protects customer privacy

Founded 175 years ago, BCV is the leading bank of Vaud Canton in Switzerland and one of the country’s five largest universal banks by total assets, offering a comprehensive range of financial products and services. Committed to providing excellent customer service, BCV takes every precaution to prevent the disclosure of non-public information relating to BCV and its customers.  Tweet This!

This case study is based on the 2019 Sustainability Report by BCV published on the Global Reporting Initiative Sustainability Disclosure Database that can be found at this link. Through all case studies we aim to demonstrate what CSR/ ESG/ sustainability reporting done responsibly means. Essentially, it means: a) identifying a company’s most important impacts on the environment, economy and society, and b) measuring, managing and changing.

Layout 1Abstract

In 2019, to combat cyber and other security threats, BCV carried out a cybersecurity awareness campaign to help customers and employees prevent cyberattacks. In order to protect customer privacy BCV took action to:

  • tackle cybercrime
  • keep data secure

What are the material issues the company has identified?

In its 2019 Sustainability Report BCV identified a range of material issues, such as contributing to Vaud’s economic development, products and services suited to customers’ needs and expectations, retirement, compensation, and other employee benefits, diversity and equal opportunity. Among these, protecting customer privacy stands out as a key material issue for BCV.

Stakeholder engagement in accordance with the GRI Standards              

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The reporting organization shall identify its stakeholders, and explain how it has responded to their reasonable expectations and interests.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups BCV engages with:

To identify and prioritise material topics BCV engaged with its stakeholders through the following channels:

Stakeholder Group                Method of engagement
Vaud Cantonal Government and Cantonal Parliament




·      Regular contact with the Vaud Cantonal Government as part of BCV’s information-exchange agreement

·      Responsiveness by the Bank towards BCV-related questions and requests that Vaud’s Cantonal Parliament submits to the Cantonal Government (e.g., motions that ask or require the government to legislate)

Employees ·      Employee engagement surveys


·      Market research and satisfaction surveys

·      Systematic analysis of customer complaints

Shareholders (apart from the Canton of Vaud) ·      Annual Shareholders’ Meeting

·      Regular meetings with professional investors

Sustainable development interest groups ·      Responding to questions, requests, and comments


Supervisory and federal authorities


·      Regular meetings with the Swiss Financial Market Supervisory Authority (FINMA) and the Swiss National Bank (SNB)
Suppliers and partners


·      Formalised processes for managing relationships with main suppliers
Cultural and sports associations ·      Responding to questions, requests, and comments

·      Numerous exchanges about sponsoring and donations

What actions were taken by BCV to protect customer privacy?

In its 2019 Sustainability Report BCV reports that it took the following actions for protecting customer privacy:

  • Tackling cybercrime
  • The growth of digital banking services means that cybercrime is an increasingly pressing concern, especially for a bank the size of BCV. Accordingly, BCV has assessed potential threats to its businesses, including cyberattacks and other security risks, and taken appropriate measures to protect its IT systems, data, and operations. BCV monitors these threats around the clock and because the methods used by cybercriminals are changing constantly, BCV regularly upgrades its practices and tests its capacity to withstand cyberattacks. Additionally, BCV works closely with specialised partner firms and Swiss government agencies in charge of combating cybercrime, such as the Reporting and Analysis Centre for Information Assurance (MELANI). BCV’s business continuity plans are also tested at regular intervals.
  • Keeping data secure
  • BCV makes sure that both customers and employees are guaranteed full confidentiality, in accordance with the law and established practices. If required to collect personal data about customers or employees, whether by law or by circumstances, BCV handles such data in compliance with data protection requirements. And whenever BCV shares data with authorised third parties, it adheres to the law and BCV’s General Conditions. Appropriate organisational and technical measures are also in place to prevent documents and records from being viewed, used, modified, or destroyed by unauthorised persons. In 2019, no legal action was taken against BCV for breach of confidentiality or customer data loss.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?

The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data

Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:


80% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.

FBRH GRI Standards Certified, IEMA & CIM recognised Sustainability Course | Venue: London LSE

By registering for the next 2-day FBRH GRI Standards Certified, IEMA & CIM recognised course you will be taking the first step in gaining the many benefits of sustainability reporting.

Most importantly, you will gain the knowledge to use the GRI Standards, project manage your own first-class sustainability report and:

  • Identify your most important impacts on the Environment, Economy and Society
  • Begin taking solid, focused, all-round sustainability action ASAP



1) This case study is based on published information by BCV, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:


Note to BCV: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.