SEB works in a structured way to protect the bank from cyber-attacks, sabotage, intrusion attempts, crime and terrorism. We work at various levels with the aim to increase the bank’s resilience against cyber threats. Our ambition is to be in tune with existing threats and in line with regulatory requirements. We have moved from being reactive and monitoring our internal IT environments and preventing attacks, into proactively building knowledge about potential threats, existing in other markets.
We focus on three key areas:
- Fraud prevention, -detection and -response
- Actions to prevent money laundering and financing of terrorism
- Compliance with government sanctions against criminal suspects
Cyber crime and ID theft
Cyber crime can be described as criminal activity that involves the Internet, a computer system, or computer technology. Examples include computer viruses, phishing and identity theft. Financial institutions are a prime target, even though a shift has been seen toward online merchants, as security efforts within the financial sector have had a deterrent effect on cyber criminals’ ambitions.
Combating money laundering
SEB put large efforts into combating money laundering, and believes that a sound know-your-customer (KYC) process is the best method of preventing that. Based on a professional relationship with customers, this is an important tool to achieve an appropriate level of Customer Protection. We abide by European Union legislation on anti-money laundering (AML) and know-your-customer. We apply enhanced due diligence for customers, products and countries, where there is a perceived risk that the Bank is used for money laundering and financing of terrorism.
Supporting the business
During 2016 we have supported the business line with security in the digitalisation of different processes. We have also continued the work with developing and broadening existing fraud monitoring systems in order to meet future threats and regulatory demands, e.g the European Payment Service Directive. This work will continue during 2017.
Training of employees
Awareness among employees is key in our efforts to prevent crime. We offer various trainings for employees. In 2016, SEB launched a new education package with e-learning, films and working material. Four new digital trainings are mandatory for all employees – Code of Conduct, Anti-money-laundering, Fraud prevention and Cyber security. All new employees must complete these trainings within the first three months of employment. Existing employees shall complete them every three years.
At year-end, over 90 per cent of our employees had carried out the Anti-money laundering training.
SEB has an established whistleblowing process. Most reports of suspected irregularities are still made to local managers. Reports are also regularly made to the Head of Compliance and Head of Internal Audit, mostly via telephone or the specific email address. Notifications come from employees, but complaints also come from customers, suppliers and other stakeholders. It is possible to raise issues anonymously by an encrypted e-mail address.
All reported incidents or circumstances are promptly investigated and, when applicable, reported to the bank’s CEO and the Audit and Compliance Committee.
Read more about SEB's Whistleblowing process