Stakeholder identification and consultation

Please describe which stakeholders (or groups/ types of stakeholders) you have identified, consulted, engaged, collaborated or partnered with for the purpose of implementing the Principles and improving your bank’s impacts. This should include a high-level overview of how your bank has identified relevant stakeholders, what issues were addressed/results achieved and how they fed into the action planning process.

MKB regularly identifies and updates its stakeholder list each year, evaluating their influence on the Bank and their reliance on MKB’s performance (impact level).

In 2023, MKB recognized 12 primary stakeholder groups: shareholders and investors, employees, clients, suppliers and contractors, governmental authorities, regulatory bodies (the Bank of Russia), financial institutions, professional and expert communities, rating, ranking and ESG agencies, local communities, nonprofit organizations, and the media.

For each stakeholder category, the Bank employs specific communication channels to effectively ascertain their needs.

To evaluate the effectiveness of its stakeholder communication, MKB periodically conducts satisfaction surveys. Furthermore, the Bank conducts annual surveys to gauge the importance of material topics, which are later reported in the Bank’s annual reports.

The main channels, methods, and outcomes of stakeholder interactions in 2023 are detailed in the corresponding section of MKB’s Annual Report.

How did MKB work with its clients and customers to encourage sustainable practices and enable sustainable economic activities?

In its 2023 PRB Report MKB reports that it works with its clients and customers to encourage sustainable practices and enable sustainable economic activities as follows:

MKB aims to adopt a responsible approach in its dealings with clients, suppliers, and business partners.

To foster sustainable practices among its corporate clients and manage potential negative impacts, the Bank developed its Environmental and Social (E&S) Procedure in 2021 and updated it in 2023.

Additionally, the Bank approved its Responsible Investment Policy during the reporting year.

Both the E&S Procedure and the Responsible Investment Policy outline several measures for addressing the E&S aspects of clients’ negative impacts, including:

• A commitment to refrain from providing financial support to projects or borrowers engaged in sectors deemed to have an unacceptable level of negative impact, as detailed in the E&S exclusion/restrictive list.
• Stricter requirements for Category A projects (those with significant adverse environmental and social risks) in line with the Bank’s approved model list of such projects.

By developing its ESG finance framework, MKB aims to encourage clients to reduce their negative environmental and social impacts and support the shift towards sustainable development.

By assessing the ESG risks of its borrowers, recommending measures to enhance their environmental and social responsibility and offering green financing, MKB facilitates their transition to a sustainable and responsible business model.

MKB has established a set of bylaws for suppliers and contractors to promote sustainable practices, including:

• Supplier and Contractor Code of Conduct
• Procedure for Managing Environmental and Social Impact during Design and Procurement Stages
• Code of Corporate Ethics
• Anti-Corruption Policy

In 2024, MKB planned to revise its current E&S, Health and Safety (H&S), and Energy Efficiency & Conservation (EE&C) Integrated Management System Policy or develop a comprehensive Sustainability Policy.

 

UN Principles for Responsible Banking: Accelerating a positive global transition for people and the planet

With over 300 signatory banks representing almost half of the global banking industry, the Principles for Responsible Banking are the world’s foremost sustainable banking framework. Through these Principles, the banking community takes action to align core strategies, decision-making, lending and investment with the UN Sustainable Development Goals and international agreements such as the Paris Climate Agreement.

FBRH Principles for Responsible Banking (PRB) Assurance:

First class PRB assurance services: The result of solid, hands-on ESG/ Sustainability experience

• • • FBRH is a GRI Certified Training Partner (Global), ISEP Training Centre and a member of CPD.
    • FBRH builds trust. Over 200 reviews from top professionals from around the world demonstrate our ability to build strong, trusting business relationships.
    • FBRH possesses a unique skill set that combines ESG/sustainability certified training, experience in advisory services and report preparation, and ESG/sustainability report assurance.

The combination of all the above empowers FBRH to provide first class Principles for Responsible Banking (PRB) assurance services.

 

References:

This case study is based on published information by MKB, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original please revert to the following link:

https://ir.mkb.ru/en/sustainability/disclosures/reports

Note to MKB: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.

What are the material issues the company has identified?

In its 2019 Sustainability Report MKB identified a range of material issues, such as customer satisfaction, increasing the accessibility of services, economic efficiency, professional development and training of employees. Among these, promoting information security stands out as a key material issue for MKB.

Stakeholder engagement in accordance with the GRI Standards              

The Global Reporting Initiative (GRI) defines the Principle of Stakeholder Inclusiveness when identifying material issues (or a company’s most important impacts) as follows:

“The reporting organization shall identify its stakeholders, and explain how it has responded to their reasonable expectations and interests.”

Stakeholders must be consulted in the process of identifying a company’s most important impacts and their reasonable expectations and interests must be taken into account. This is an important cornerstone for CSR / sustainability reporting done responsibly.

Key stakeholder groups MKB engages with:

Stakeholder Group	Method of engagement
Customers	·      Customer service, including development of the network of branch offices ·      Receiving queries ·      Remote banking service (mobile banking, contact centre, internet banking) ·      Information about bank products, reporting, availability of branch offices of the Bank, environmental plans and actions, and other important information as published on the MKB website (Russian or English version) ·      Analysis of customer satisfaction
Employees	·      Advanced training ·      Benefits package ·      Support and assistance in developing internal corporate sports clubs and events for the company employees ·      Participation in sports events, charitable, and other public and environmental events ·      Corporate portal ·      The hotline that allows sending complaints and queries to the members of the Audit and Risk Committee under the MKB Supervisory Board
Society	·      Participation in social and environmental projects of the Russian Government, other governmental bodies, and development of its own projects ·      Development of financial products for different categories of people ·      Support of small and medium business entities ·      Development of a regional network of offices and creation of additional jobs in the regions ·      Interaction with higher educational institutions, probation programmes, training
Shareholders and investors	·      Meetings of shareholders ·      Communication using different channels (including conference calls, meetings, correspondence via email, webcasts) ·      Disclosure of information important for shareholders and investors on the electronic page for investors (in Russian and English) ·      Publication of financial and nonfinancial reports
Counterparties and partners	·      A transparent competitive procurement system
Governmental bodies and regulators	·      Information disclosure and compliance with all legislative requirements in the field of banking activities ·      Participation in projects and work meetings on the improvement of laws in different areas (expert councils, work groups, round-table discussions, and other forms of communications) ·      Contribution to the development of regions with the extension of the regional network of presence
Mass media	·      Regular communications with the key media, prompt response to incoming questions ·      A high level of content mobility on the MKB website, in social networks, and other sources of communication

How stakeholder engagement was made to identify material issues

To identify and prioritise material topics MKB engaged with its stakeholders through an interactive survey tool.

What actions were taken by MKB to promote information security?

In its 2019 Sustainability Report MKB reports that it took the following actions for promoting information security:

• Combating fraud
• MKB pursues a zero-tolerance policy toward illegal actions against its customers. For this purpose, MKB:
  • has implemented and maintains fraud monitoring processes for remote banking;
  • investigates any attempts of stealing funds from the bank’s customers;
  • interacts with the Bank of Russia and other credit institutions, communication service providers, and law enforcement agencies for the exchange of information about the actions of fraudsters and for the timely prevention of fraudulent activities;
  • implements the programme for enhanced protection of systems and data, which is reviewed annually and updated completely every three years.
• The above activities resulted in dozens of prevented attempts of stealing funds from legal entities and individuals, which saved them dozens of million rubles. The only loss by a legal entity because of the fraudster’s actions in the remote business education system (RBES) in 2019 amounted to RUB 3,000; the transaction was marked as suspicious but was additionally confirmed by the customer itself.

• Promoting cybersecurity
• MKB pays much attention to information security and resistance to cyber threats. The following biggest threats for MKB were identified within the frames of its information security strategy:
  • External attacks as a result of actions of hacker groups, which are aimed at stealing data or money via payment systems
  • Attacks aimed at customers and stealing customers’ funds via remote banking services
  • Fraudulent actions of the bank’s employees or counterparties, which may cause data leaks or thefts using authorised access to MKB’s information systems
  • Logical attacks at ATMs (use of special software for money disbursement without using cards and for debiting accounts) and payment terminals (use of special software to reload cards without cash)
• The following projects were initiated and successfully finished for the implementation of measures to prevent the materialisation of threats:
  • Implementation of the next generation firewall as a basic element of protection against external attacks
  • Implementation of a solution to counter targeted attacks made using malicious emails or malicious websites, which use 0-day vulnerabilities and are not detected by standard means of protection, for example, antivirus software (as a result of system operation, over 650 targeted attacked were repelled)
  • Implementation and development of the personnel training system simulating sending of malicious attachments and fishing links by hackers and appointing testing automatically if an employee opens such attachments or types a password to their account on the websites available at the fishing links
  • Development and implementation of an antifraud system to identify abnormal and illegal payments sent to the Bank of Russia or to the international data transfer and payment system SWIFT

• Identifying and eliminating vulnerabilities
• To minimise the probability of merely technical vulnerabilities typical of information systems and logical vulnerabilities affecting customer service processes and products, MKB started supporting the following processes in 2019:
  • External scanning of vulnerabilities; full coverage was reached for all 179 publications of MKB’s services on the web and external networks, scanning results are recognised by auditors as performed by the Approved Scanning Vendor as part of the PCI DSS (Payment Card Industry Data Security Standard) standard conformity audits.
  • A red team was set up—that is, a group of specialists with qualifications similar to hackers, whose main task is to conduct penetration tests and identify vulnerabilities through the eyes of hackers for the purpose of thorough identification of vulnerabilities that cannot be identified instrumentally.
  • The Information Security Department participates in, and controls, all tasks of IT development, including the following:
    • Analysis of business requirements
    • Analysis of technical assignments
    • Formation of a set of requirements for the implementation of security-by-design and security-by-default concepts for all services and products developed by MKB
    • Verification of the fulfilment of requirements before bringing the implemented tasks in action
    • Participation of red team specialists for the purpose of vulnerability analysis in any services published on the web and in any payment applications
  • External penetration tests organised by the internal audit are performed by specialised companies with highly proficient specialists.

• Responding to information security incidents in a timely manner
• To monitor and provide timely response to information security incidents, MKB has a security incidents response team. In 2019, the work of this team, operating as part of the Information Security Department, resulted in the creation of the monitoring system architecture, implementation of the subsystem of collection and primary analysis of incidents, implementation of the incident response platform, and automation of the formation of any incidents as tasks for the team members in the implemented platform. The ongoing processes are built so that the time from the attack to the analysis of the processes within the attack and to the termination of the attack usually does not exceed 4 hours.

Which GRI Standards and corresponding Sustainable Development Goals (SDGs) have been addressed?

The GRI Standard addressed in this case is: Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data

Disclosure 418-1 Substantiated complaints concerning breaches of customer privacy and losses of customer data corresponds to:

• Sustainable Development Goal (SDG) 16: Peace, Justice and Strong Institutions
• Targets: 16.3, 16.10

 

78% of the world’s 250 largest companies report in accordance with the GRI Standards

SustainCase was primarily created to demonstrate, through case studies, the importance of dealing with a company’s most important impacts in a structured way, with use of the GRI Standards. To show how today’s best-run companies are achieving economic, social and environmental success – and how you can too.

Research by well-recognised institutions is clearly proving that responsible companies can look to the future with optimism.

7 GRI sustainability disclosures get you started

Any size business can start taking sustainability action

GRI, ISEP, CPD Certified Sustainability courses (2-5 days): Live Online or Classroom  (venue: London School of Economics)

• Exclusive FBRH template to begin reporting from day one
• Identify your most important impacts on the Environment, Economy and People
• Formulate in group exercises your plan for action. Begin taking solid, focused, all-round sustainability action ASAP. 
• Benchmarking methodology to set you on a path of continuous improvement

See upcoming training dates.
References:

1) This case study is based on published information by MKB, located at the link below. For the sake of readability, we did not use brackets or ellipses. However, we made sure that the extra or missing words did not change the report’s meaning. If you would like to quote these written sources from the original, please revert to the original on the Global Reporting Initiative’s Sustainability Disclosure Database at the link:

http://database.globalreporting.org/

2) https://www.globalreporting.org/standards/gri-standards-download-center/

Note to MKB: With each case study we send out an email requesting a comment on this case study. If you have not received such an email please contact us.