To this end, a risk analysis is conducted both before and after the development of a new product or service, also globally, taking into consideration the Bank’s entire ICT environment. Key risks associated with insufficient protection of clients’ funds and privacy include: leakage, loss or unauthorized modification of sensitive data that may affect the financial stability of clients. The consequences of materialization of such risks include regulatory and legal non-compliance (penalties and litigation), financial losses suffered by the Bank (compensations and return of funds lost by clients) and a decrease in the level of clients’ trust in the Bank (reputation risk).
The information security system in place in the Bank Millennium Group is modeled after the international ISO/IEC 27001 standard which defines the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving information security management in the organization. The information security management system consists of a set of the documented processes in force in the Bank and in the Bank Millennium Group’s Companies in the part aligned to the profile of the activity they conduct.
The accepted information security management model determines the comprehensive system for protecting all information processed in the Bank, including information on clients, employees, business partners and transactions. In order to achieve this goal, the Bank uses a broad range of organizational, IT, telecommunication measures and in particular device protection mechanisms, systems, applications, databases and communication channels. The information security management model was construed to safeguard against influence being exerted by key risks such as a potential loss of information concerning financial transactions, a leak of confidential information and inaccessibility of services.
The data and resources of Bank Millennium clients are under constant oversight of a dedicated specialist team ensuring security of all the channels used to access the Bank’s products and services. The company attaches particular importance to the security of our customers using electronic channels to access banking products and services by improving technical and operational security measures. The Bank has been using tested and safe methods to confirm identity of IT system users and is constantly developing them to ensure safe and convenient access to the Bank’s systems. Our clients may use innovative identification methods such as biometric fingerprint data.
The introduced solutions and implementation of the applicable policies and legal requirements are subject to regular audits and tests performed by professional internal auditor teams as well as renowned audit and IT security firms.
New threats and methods employed by criminals are undergoing constant analysis to be able to counter them even more effectively. In addition, the Bank has been actively collaborating with other financial sector entities in Poland and internationally, sharing its knowledge about contemporary threats, trends and the evolving methods of abuse.
The obligatory educational program applicable to all employees is a significant part of the Bank’s information security system. It contains a set of information about the best practices in personal data protection, banking secrets, company secrets and other confidential data. The training covers both current employees of the Bank Millennium Group and former employees of Euro Bank as well as staff of cooperating companies who may obtain access to the Bank’s network.
Bank Millennium Group
% of trained employees