Actions on significant impacts on consumers and end-users and applying approaches to manage significant risks and opportunities related to consumers and end-users, and the effectiveness of these actions (S4‑4), (MDR‑A)

Download
PDF
  • ESRS:
  • Taking action on material impacts on consumers and end-users, and approaches to managing material risks and pursuing material opportunities related to consumers and end-users, and effectiveness of those actionsS4-4
    Taking action on material impacts on consumers and end-users, and approaches to managing material risks and pursuing material opportunities related to consumers and end-users, and effectiveness of those actions
  • Actions and resources in relation to material sustainability mattersMDR-A
    Actions and resources in relation to material sustainability matters

In 2024, we have taken a number of actions to manage significant impacts related to consumers and end users. We are implementing these activities on a continuous basis and will continue and adjust them in future years For more details on ongoing activities and initiatives in the area of consumers and endusers, see subsections S4-1, S4-3.and Chapter VI, “Customer Relations” and Chapter VIII, “Business Development in 2024”.

Customer Experience Management

Taking care of customer satisfaction is one of the key elements of our strategy. This dimension describes the Total Experience strategic direction, in which we have adopted the Net Promoter Score (NPS) as the main measure of customer experience. We manage it systemically, in line with the Group’s ”Customer Experience (CX) Management Policy”.

In accordance with the provisions of the policy, we conduct regular NPS and customer satisfaction attributes surveys for all business segments. Our knowledge about the customer is also enriched by other sources, e.g. additional research on contact channels, analysis of complaints or the customer’s voice in social media.

Based on this information, each of the business segments defines priorities and develops an annual action plan. We identify both positive and negative impacts on clients in order to manage them accordingly. Progress towards customer satisfaction goals is monitored on a quarterly basis including the with the involvement of the Management Board.

The CX policy not only describes the process of managing customer satisfaction in the Bank, but also formalises a set of mandatory customer-centric standards regarding communication and plain language, service across all channels, and research and design of solutions for customers. The role of standards is to continuously improve the quality and consistency of the customer experience, regardless of the communication channel they choose.

As a Group, we have adopted an approach that we call „customer-centricity”. In line with our strategy, we aspire to be a market leader in terms of service quality, focused on the needs and expectations of customers. The standards we have adopted include:

  • the „Compass” product and service design standard, which is based on modern customer-centric principles of design,
  • the ”Rzecz jasna” (”Clear Thing”) standard of simple communication , which we have implemented both in the process of exchanging information with customers and internally,
  • the standard of empathetic service, in which it is increasingly important to combine digital solutions with in-branch customer service.

Customer service standards apply to every stage of the customer relationship cycle – from the moment of interest in our offer to the end of the business relationship. In accordance with the ”Santander Bank Polska S.A. Information Policy”, we are committed to reliable, comprehensive and timely communication to customers, both current and potential, in terms of the services and products offered, as well as information about the Bank’s financial condition. The overriding aim of communication with the customer is to enable them to fully understand the principles and the offer of the Bank, so that they can consciously and responsibly make decisions about the use of specific products. We inform our customers about changes in our products and services, in compliance with statutory and contractual deadlines, Bank’s range of products and services, rules for using products and services, and we respond to our customers’ inquiries and doubts.

  • Wybrane standardy obsługi klienta Santander Bank Polska S.A.:
    • mówimy do klientów prosto i zrozumiale
    • wspieramy edukację finansową klientów oraz informujemy o zasadach cyberbezpieczeństwa
    • szanujemy różnorodność klientów i wspieramy osoby z niepełnosprawnością – tak, aby każdy czuł się dobrze w naszej Grupie Kapitałowej
    • pomagamy klientom nawet w sprawach niezwiązanych z Bankiem. Z własnej inicjatywy robimy dsla nich więcej niż się spodziewają
    • podpowiadamy nowoczesne i ekologiczne rozwiązania obsługi bez papieru
    • informujemy o działaniach charytatywnych i zachęcamy klientów do działania

Human rights in relation to customers

As part of our commitments to protect human rights in relations with customers and end users, as a Group, we rely on the provisions of the ”General Code of Conduct” and the ”Responsible Banking and Sustainability Policy”. The latter document includes a comprehensive approach to managing issues related to human rights, sustainable development and stakeholder responsibility.

In the area of customer relations, as a Group, we are committed to:

  • Equal treatment of customers: regardless of origin, gender, age, religion or social status, all customers are treated fairly and equally, in accordance with the principles of responsible banking.
  • Privacy and personal data protection: A key element of the policy is to guarantee the security of customer data, in accordance with the law, including the GDPR (as implemented under Polish law), and international privacy standards.
  • Responsible marketing: we strive to present our products in a fair, transparent and understandable manner, in accordance with the principles of ethics and transparency

In addition, our human rights policies and activities are aligned with international standards, such as:UN Guiding Principles on Business and Human Rights,

  • Universal Declaration of Human Rights,
  • OECD Guidelines for Multinational Enterprises,
  • Principles of Responsible Banking (UNEP FI).

In the period from 1 January to 31 December2024, no incidents of human rights violations were recorded in the Group. The Group has policies in place to manage the impact on the consumer and end-user, including human rights. These processes include responsible sales principles, data protection, and complaint reporting and handling mechanisms – detailed information can be found further down in the statement.

Transparent communication

We understand that transparent communication is one of the key elements of effective cooperation with the client. We know how important it is to communicate effectively, have clear rules and regulations and listen to the voice of the customer and learn from them.

In the Group, the standards for communication with customers are defined by:

Brand and Marketing Policy, which sets out uniform principles, responsibilities and key processes in the area of brand management, marketing and communication.

Customer Experience Management (CX) Policy, which defines a communication system to provide customers with a consistent experience related to the Santander brand.

In the creation of information materials, marketing communication and organisation of events, we are guided by the principle of honest and complete information about the Bank’s and the Group’s products. We create communication with customers in a clear, simple and understandable way, taking into account the characteristics of the target group, including all mandatory information resulting from regulations and standards set by financial supervisory authorities. Information and advertising materials concerning the products and services offered by the Bank are prepared and made available in accordance with the applicable regulations and fair competition principles.

The Bank is a signatory of the ”Code of Banking Ethics” and the ”Banks’ Declaration on the Plain Language Standard. We systematically introduce the principles of plain language in contracts and other documents, resulting in their becoming more understandable and readable for customers. When preparing communication, we are guided by the principles of consistency, coherence, transparency and neutrality.

We align communication, marketing, and sales practices with applicable law and the ethical standards. We are committed to:

  • informing about significant changes in regulations and guidelines (in the form of messages in the mobile and web application),
  • monitoring the implementation of regulatory projects,
  • applying procedures for the approval of new products and significant changes in products,
  • verifying model contracts, communication and advertising, procedures and training, and periodically monitor processes and products.

The general rules for preparing and verifying marketing materials are also set out in the ”Handbook of Advertising and Marketing Communication of Santander Bank Polska S.A.. Detailed standards for a given product group are included in the guidelines developed by the Financial Crime Compliance and Prevention Division. The basic principle is that the marketing material should be reliable, honest, true and written in an understandable and simple language, adapted to the recipient. Before publication, each material is verified to ensure that it meets the standards described in the guidelines. In addition, training and workshops are held periodically for units preparing marketing communication, which strengthen the knowledge and skills of employees.

At the Bank, we are also aware of the fact that customers’ decisions to purchase products are increasingly dictated by the desire to reduce the impact on the environment or to have a positive impact on it. We want to provide customers with reliable and honest information that they can rely on when making purchasing decisions. Therefore, we apply the ”Sustainability Communication and Advertising Guidelines. We review business projects and new product proposals for greenwashing at an early stage of preparing the offer to make sure that the change does not generate the risk of misleading the customer or greenwashing.

As part of our efforts to improve the quality of communication, the Bank conducts regular language audits to assess the degree of simplicity of the language used in both internal and external communication. The audit is based on the PLI (Plain Language Index), which measures the compliance of the content with the principles of simple and understandable language. We analyse representative samples of texts, including content published on the intranet, formal documents, agreements, responses to complaints and materials available on the Bank’s website. This process identifies areas for improvement, in particular in terms of eliminating banking jargon and using more accessible wording.

These activities are in line with the Bank’s strategy, which is aimed at transparent and friendly communication with customers and improving the experience related to the use of financial products and services.

Security of services, transactions and customer data

Due to the nature of our business, we process significant amounts of customer personal data and other confidential and sensitive information. Maintaining standards of customer data security is one of the key areas for us to build trust in the strategic direction of ”Total Responsibility”.

In our Group, we have implemented a number of regulations relating to the principles of protecting the security of our customers’ services, transactions and data. The overarching one is the „Principles of Corporate Governance in the Field of Cybersecurity”. These are the rules, tasks, and responsibilities, but also the processes and elements of supervision for managing this area for all Group Companies. In addition, we implemented in the Group the ”5 Principles of Cybersecurity Policy, which aims to promote responsible use of the Internet and IT resources by our employees. We know that every employee has a part to play in the protection of personal data, which is why the policy is available on the intranet and all employees, regardless of seniority, are obliged to know its provisions. The implementation of this goal is monitored by regular phishing tests, which provide a practical educational element for employees – thus, they learn the techniques used by cybercriminals.

We meet national and EU standards for data protection against cyber threats. The information security management system is certified in accordance with ISO/IEC 27001:2013 and includes supervision over information security in the Group’s business environment and assessment of specific requirements for information and IT systems security.

We monitor regulations and technologies related to IT security and adapt our systems to changing conditions on an ongoing basis. This allows us to continuously improve our internal transaction systems and tools that our clients use on a daily basis.

The security of customer data is our priority, which is why we strive to raise awareness of today’s cyber threats. As a Bank, we conduct regular education campaigns, using various communication channels, including those that reach customers who are less active on the Internet:

  • Online and mobile banking educational campaigns – CRM campaigns are carried out every month, targeted at individual customers and SMEs, which reach about 3 million users.
  • Social media – we regularly publish cyber-educational posts on social media (Facebook, Instagram) every two weeks as part of the „Don’t believe in fairy tales for adults” („Nie wierz w bajki dla dorosłych”) campaign and, if necessary, warnings. The reach of these activities exceeds 2 million users and includes both customers and other Internet users.
  • „Don’t believe in fairy tales” („Nie wierz w bajki”) campaign – in October 2024, we expanded our education campaigns to include radio to reach less digitised customers.
  • Website and support tools – we regularly update the security website and promote the use of the CyberRescue tool.
  • Programme for seniors – The Santander Bank Foundation launched the „Independent and safe seniors online” programme.
  • Nationwide campaigns – we cooperate with the Polish Bank Association, for example on the nationwide campaign 'Watch out for cybercriminals – don’t let yourself get robbed’ („Uważaj na cyberprzestępców – nie pomagaj się okraść”), and with the Warsaw Institute of Banking, on cybereducational activities addressed to young people and students.

Activities addressed to employees

  • Adaptation program: we implement a monthly training program (over 1,000 participants) in the field of cybersecurity for new employees of the Branch Network, CWB, and Multichannel Communication Area.
  • Education on the intranet: we regularly publish content on the intranet about current cyber threats and cyber events at the Bank.
  • Phishing tests: hands-on tests allow employees to enhance their ability to recognise suspicious messages.
  • CyberOctober: During Cybersecurity Month, we organized webinars and other educational initiatives with experts.

Inclusive banking

In the Group, we adapt our offerings, services, and communication systems to meet the needs of all customers. Our services are available through traditional branches, digital channels, and a network of self-service devices. Accessibility is enhanced through the ”Barrier-Free Banking” program, which has been consistently implemented by the Bank since 2010. The program aims to ensure access to the Bank’s offerings for customers with various needs, including people with disabilities and special requirements. All branches and partner outlets follow the ”Barrier-Free Banking Standards.” Partner branches and Bank branches are equipped with magnifying glasses and signature frames to assist visually impaired and blind customers. Customers who are unable to read or write can receive advisor support in confirming their intent. In partner outlets, Bank branches, and remote channels, customers can connect online with an advisor fluent in Polish Sign Language (PJM).

Branches are designed and retrofitted according to accessibility guidelines. Solutions used there include, among other things, portable induction loops and independent access for wheelchair users or people with individual needs.

Remote channels – including online and mobile banking, as well as the www.santander.pl portal – are continuously developed and tested for accessibility for all customers, including people with disabilities. In accordance with the Act on Ensuring Accessibility for People with Special Needs, the Bank provides accessible documents upon request, including non-personalized contract and regulation templates.

More details on the barrier-free service and digital accessibility solutions can be found in point 3, Chapter VI “Relations with customers”.

 

In 2024, there were legal and administrative proceedings relating to our business in the context of customers rights.

The ongoing court cases mainly concerned historically granted CHF-denominated and CHF-indexed mortgage loans. These matters are described in detail in Chapter X ”Financial performance in 2024”.

In 2024, the court of appeal issued ruling regarding the financial penalty imposed on the Bank by the Office of Competition and Consumer Protection (UOKiK) in 2020. The penalty related to provisions in annexes to CHF- and EUR-denominated mortgage agreements concerning the rules for determining foreign exchange buy and sell rates. The Court of Appeal ruled that the violation was unintentional and reduced the penalty from PLN 23.6 to PLN 5.9 million. The Bank published information about the decision on its website, paid the fine, and filed a cassation appeal.

Additionally, in 2024, the Financial Ombudsman imposed a minor financial penalty on the Bank due to an incomplete response to a customer complaint. The Bank paid the required penalty.

In addition, there were ongoing administrative proceedings of the UOKiK against the Bank, which concerned:

  • principles of processing unauthorized payment transactions / customer reports of unauthorized payment transactions,
  • determination of whether patterns used in consumer trade contain prohibited contractual provisions with regard to changes in rates of fees and commissions for banking activities and modification of other terms of the agreement during its execution,
  • early repayment of mortgages, in which the OCC examines whether banks settle correctly with consumers. The proceedings concern settlement after full or partial repayment of a mortgage loan.

In addition, in 2024 the Financial Ombudsman fined the Bank a small value due to an incomplete response to a customer complaint. The Bank paid the due penalty.

In the context of customer data privacy, the Office for Personal Data Protection (UODO) imposed a financial penalty of PLN 1.44 million on the Bank in 2024 for failing to provide information about the data breach in 2018. The Bank appealed against the decision to the Regional Administrative Court. In addition, the President of the UODO issued 9 warnings against the Bank concerning matters of non-financial nature. The Bank appealed against 7, for which, and accepted 2 of them, appropriate corrective measures have been implemented.

In 2024, the Office of Competition and Consumer Protection conducted 2 proceedings against Santander Consumer Bank:

  • A proceeding regarding practices infringing collective consumer interests, which concerned unauthorized transactions,
  • A proceeding related to an appeal against a UOKiK President’s decision (court proceedings) – this involved an individual customer offer and the inclusion of insurance in the total cost of credit.

As a result of a hacker attack on the IT infrastructure of the PGD Group (Santander Consumer Bank intermediary), documents containing personal data were stolen and then made public on the Darknet.

In May 2024, the Bank detected unauthorized access to a Santander Group database hosted by a third-party provider. In the case of Poland, the data breach did not involve customers, but employees and job applicants. We informed the President of the Office of Personal Data Protection of the breach and took appropriate steps to minimize the impact on those whose data was leaked and to prevent similar cases in the future.