SEB works in a structured way to protect the bank from cyber-attacks, sabotage, intrusion attempts, crime and terrorism. We work at various levels with the aim to increase the bank’s resilience against cyber threats. Our ambition is to be in tune with existing threats and in line with regulatory requirements. We have moved from being reactive and monitoring our internal IT environments and preventing attacks, into proactively building knowledge about potential threats, existing in other markets.
We focus on three key areas:
- Fraud prevention, -detection and -response
- Actions to prevent money laundering and financing of terrorism
- Compliance with government sanctions against criminal suspects
Cyber crime and ID theft
Cyber crime can be described as criminal activity that involves the Internet, a computer system, or computer technology. Examples include computer viruses, phishing and identity theft. Financial institutions are a prime target, even though a shift has been seen toward online merchants, as security efforts within the financial sector have had a deterrent effect on cyber criminals’ ambitions.
Combating money laundering
SEB put large efforts into combating money laundering, and believes that a sound know-your-customer (KYC) process is the best method of preventing that. Based on a professional relationship with customers, this is an important tool to achieve an appropriate level of Customer Protection. We abide by European Union legislation on anti-money laundering (AML) and know-your-customer. We apply enhanced due diligence for customers, products and countries, where there is a perceived risk that the Bank is used for money laundering and financing of terrorism.
Training of employees
Awareness among employees is key in our efforts to prevent crime. SEB offers various trainings for employees, including an education package with e-learning, films and working material. Four digital training sessions are mandatory for all employees – the Code of Conduct (including work against corruption), Anti-money laundering, Prevention of fraud and Cyber security. All new employees must complete these sessions within the first three months of employment. Existing employees are required to complete them every three years. At year-end 2017, over 91 per cent of our employees had completed the Code of Conduct training.
SEB has an established whistleblowing process. Most reports of suspected irregularities are still made to local managers. Reports are also regularly made to the Head of Compliance and Head of Internal Audit, mostly via telephone or the specific email address. Notifications come from employees, but complaints also come from customers, suppliers and other stakeholders. It is possible to raise issues anonymously by an encrypted e-mail address.
All reported incidents or circumstances are promptly investigated and, when applicable, reported to the bank’s CEO and the Audit and Compliance Committee.
Read more about SEB's Whistleblowing process