Data security and privacy In a digital world, personal data is increasingly at risk of being misplaced, stolen or shared without consent. At the same time, with intelligent use of personal data, Komplett Bank can better understand its customers and develop more relevant and more customer-centric banking products and services. Therefore, Komplett Bank recognises its responsibility of managing the data collected and processed about its customers in a responsible manner and keeping consumer and employees data safe. Komplett Bank is subject to laws and regulations that stipulate how consumer data can be collected and processed, such as GDPR. Back in 2018, when GDPR came into force, the Bank appointed a Data Protection Officer (DPO) and a Chief information and security officer (CISO). The Bank has implemented guidelines and procedures to ensure compliance with the GDPR regulations. This mainly applies to the personal data regulations, including the basic principles and conditions for processing personal data, rights for individuals, duties for the Bank as controller and data processors and transfer of personal data within and across national borders. This also involves regularly reviews and development of the Bank’s internal control systems and risk management processes to continuously improve and address existing and emerging data security and privacy threats. Employees and consultants who collect, process or have access to customer data on behalf of the Bank receive mandatory training in data privacy facilitated by the CISO and/or DPO on regular basis. All managers are responsible for ensuring that employees with access to personal data have the necessary competence and are suitably qualified to secure our customers’ personal data rights, through following our procedures for information security. Any breaches to data security and privacy are reported and followed up immediately. Whistleblower routines Komplett Bank has established procedures for whistleblowing, adopted by the Board of Directors. It is implemented both internal and external channels for whistleblowing to facilitate reporting of any irregularities. The procedure shall safeguard both the whistleblower and the person(s) reported on and is available for all the Bank’s employees in both Norwegian and English. The external whistleblowing channel is operated by KPMG, and information on any reported cases are according to process forwarded to the compliance area, Legal advisor and Head of the Audit and risk committee to the Board of Directors. Ethical business behaviour Komplett Bank has adopted ethical guidelines, which set out a framework for helping the Bank’s representatives perform their duties in an ethically responsible manner and in line with the standards established by the Bank. Komplett Bank’s ethical guidelines supplement laws, rules, instructions and provisions which apply to the Bank’s activities and establish principles for conduct and actions in areas which other regulations otherwise do not cover. The guidelines provide a framework for what the Bank considers to be responsible conduct, but they are not exhaustive. The current version of the guidelines was last updated during the fall of 2022. Anyone who represents Komplett Bank must always strive to exercise good judgement, caution and consideration. The Bank’s risk management recognises that unethical actions or omissions in breach of human rights represent a potential operational risk factor. The Banks guidelines and other procedures have been put in place to help ensure that Komplett Bank does not become involved in business transactions and other projects which constitute unethical actions or omissions. Environmental footprint Komplett Bank’s activities are concentrated to the Nordic consumer credit market with the Bank having limited influence on what the credit is used for. The environmental impact of Komplett Bank’s activities is mainly related to energy consumption and waste from its premises, and some travelling. Being a fully digitalized Bank, with the products offered online through the Bank’s website, consumption of paper and the need for travel is minimised. The Bank has not prepared any specific guidelines relating to the external environment but encourage employees to reduce consumption and waste generated from their daily activities, e.g. food waste in the cantina. In order to reduce business travel, employees are encouraged to use digital solutions such as video conferencing and travelling by public transport when travel is necessary. For data storage, Komplett Bank uses Microsoft Office 365 and Azure Compute, which are between 80-98 % more energy efficient than traditional on-premises datacentres. The Bank is delivering IT equipment for recycling through its partner d|rig which provides the Bank an annual provides the Bank a report describing the fruits of the cooperation. The report allows the Bank to follow up the environmental footprint when it comes to recycling. According to the environmental report from d|rig, Komplett Bank is among the pioneer companies in the reuse and recycling of ICT equipment, and the Bank contributes to accelerating the shift from a use-and-throw mentality in the IT industry to a more sustainable development. In 2022, Komplett Bank delivered several units (screens, machines and servers), of which most units were used for reuse and the rest were used for material recycling. 26 ESG/Sustainability/CSR report
RkJQdWJsaXNoZXIy NTYyMDE=