The most important threat to the security of customers identified by the Bank and PKO Towarzystwo Funduszy Inwestycyjnych S.A. is associated with potential criminal activities of third parties targeted at customers using electronic channels of access to banking and investment services. For this reason, the Bank uses the latest ICT security solutions which guarantee secure access to funds held by customers we constantly improving the quality of its IT systems security, in particular with regard to the applications used by the Bank’s customers.

The initiatives regarding ensuring a stable and secure infrastructure made it possible to achieve very high reliability indicators for the operation of the IT infrastructure.

The bank attaches great importance to providing security information to customers and raising their awareness of the safe use of electronic banking services and payment cards, given that security in this respect depends to a large extent on the user's actions. These activities include mass educational campaigns, ongoing responses and explanations to customer enquiries, publication of the bank's positions regarding false e-mails, and distribution of information about secure logging and best principles for using electronic banking.

This concerns, among other things, combating actively phishing websites pretending to be the Bank’s websites, identifying criminals intentions and ability, taking into account tactics, techniques and procedures (standardization and structuring of information about threats within a single data model), tracking the development of malware attacking the Bank’s customers, developing mechanisms of detecting infected customers’ computers, as well as improving the rules and extending the scope of monitoring of electronic transactions. In 2022, the effectiveness of malware detection (especially mobile software) among the Bank's customers reached close to 100%.

CERT of PKO Bank Polski

The high organizational maturity in the area of handling cybersecurity incidents is particularly important in the light of the PFSA’s decision issued in 2018 on recognizing PKO Bank Polski S.A. as a key service operator as defined in the Act on the national cybersecurity system. The specialist CERT unit that operates within the bank's structures executes the IT security strategy for services that the bank provides. The monitoring of and responding to incidents are performed by the specialist CERT unit of the Bank. In order to ensure IT security of the Bank’s services, incident response operates on a 24/7/365 basis. The membership in these international organizations enables the bank's CERT team to respond faster and more effectively to cybersecurity threats thanks to the operational collaboration between the organizations, and exchange of experience and knowledge with similar entities throughout the world. Our membership is also a confirmation of the high quality of services rendered and recognition of the professionalism and skills in ensuring the IT security at the bank. In addition, the bank's representatives also engage in the works of the domestic Banking Cybersecurity Centre (BCC) operating within the Association of Polish Banks.

The Bank completed the project CyberSecurity Operations Center as part of which the processes of the Cybersecurity Department were streamlined and a strategy was drawn up for providing services to the Group companies. Moreover, as part of the project a SOAR class system was implemented, which allows the servicing of security incidents to be automated.

Unauthorized access to customer information

The risk of unauthorized access to customer information is managed according to the Security policy of PKO Bank Polski. The principles for ensuring security of protected information regulate the issues such as confidentiality of information and maintenance of the bank secrecy, and personal data security including liability of the bank's employees for personal data protection. In accordance with these principles, the access to protected information at the bank is only given to employees within the scope of their corporate tasks and duties. Each employee undergoes a training on security of protected information before starting to process such information. A non-disclosure agreement is signed between the parties if any materials containing protected information are provided to external entities. Complying with the General Data Protection Regulation (GDPR), incidents of breach of personal data protection that risk breaching personal rights and freedoms are reported to the President of the Personal Data Protection Office (UODO).

Each of the other entities in the group that processes personal data and is required to adopt appropriate regulations, has such regulations in place and applies them in practice. In managing security at the group level, a number of strategic companies have been identified. They have been required to sign agreements introducing the security standards that address the following issues: personal data protection, business continuity management, ICT security, counteracting money laundering, security incident management, principles of outsourcing and security reporting. The group also has a policy in place specifically for counteracting money laundering.

There are also policies in place that require notifying customers about any violations of security of their data, collected in accordance with the applicable legal requirements (including the principle of data minimization). The customers receive an unambiguous and clear information about their rights to access, change, withdraw, supplement and update their information. Steps for ensuring data security are taken with the participation of the bank's Management Board and implemented in line with the best policies and system security solutions. Such solutions are subject to constant evaluation, auditing and improvement in accordance with the best market practices.

As one of the largest employers in Poland, the bank undertakes to conduct and promote ethical business, build an ethical organizational culture and follow the principles of social responsibility.

The bank adopted the revision of the code of ethics in 2022. The code is set of values, principles, standards of conduct and ethical attitudes, defines the mutual relations between persons working for the bank and between the bank’s employees and persons performing actions for the bank. The code is directly related to the bank’s organizational culture, it supplements this culture and is a tool supporting the popularization and implementation of ethical values at the bank. According to the bank’s working regulations, every employee of the bank is obliged to observe the code of ethics. Initiatives are organized to promote the code of ethics and the bank’s values. In addition, training in ethics and the bank’s values was prepared for all employees.

In accordance with the regulations concerning the assessment of suitability of candidates for management board members, adopted by the bank, the supervisory board takes into account the criteria of reputation, integrity and ethical conduct of candidates for the members of the bank’s management board. If a candidate for a management board member is found unsuitable in terms of the guarantee, the candidate may not be appointed to the body or measures may be taken to dismiss a member of the body from his/her position. Similar principles apply in the policy on the assessment of suitability concerning the members of the bank’s supervisory board.

[GRI 2-16] In the employment area there are mechanisms in place to promote and monitor compliance with the ethical standards at the Bank, including mechanisms for monitoring situations violating these principles, in particular those which may have a negative impact of the organisation on stakeholders, as well as the manner of dealing with business relations and the social environment.

Prevention of money laundering

In December 2022, the bank’s management noard updated a policy for preventing money laundering and financing of terrorism (AML), which applies to all entities of the bank’s group. The purpose of this policy is to prevent the use of the group’s products in the activities related to money laundering or financing of terrorism. The policy defines the standards that should be observed by the bank, its subsidiaries and all persons working for them, including permanent and temporary associates, consultants, contractors, external agents and their employees.

The Group identifies and verifies customers and beneficial owners, determines the risk of money laundering and financing of terrorism, monitors customers’ transactions and, in the event of identifying circumstances which may indicate money laundering or financing of terrorism and/or a well-founded suspicion of money laundering, it takes appropriate measures, including putting transactions on hold, blocking the account or freezing the funds.

We make every effort to ensure that the products we offer comply with the applicable provisions of law and market standards. Our efforts focus on ensuring that products are adequate to customer needs, while the form of a purchase offer is adequate to the product's nature. Before concluding an agreement, we provide reliable, transparent and comprehensive information to our customers about the product, in particular regarding the risks and benefits resulting from the purchase and all costs related to the conclusion, performance and possible early termination of the agreement.

[GRI 417-1] The bank’s group, including the bank, fulfils the requirements concerning correct labelling of banking and investment products by providing the customers with all the necessary information about them, especially at the pre-contract stage.

The scope of information provided about the products is specified in the applicable legal regulations and the recommendations of the PFSA. The general rule is that the highest level of protection is available to retail customers – consumers. This information is formulated in such a way that it is comprehensible to the so-called “average consumer” within the meaning of the Act on counteracting unfair market practices, i.e. a consumer who is sufficiently well-informed, attentive and cautious, whereas the scope of the information provided to financial institutions and other professional buyers of financial products and services is narrower.

The bank manages the risk of product misseling at the stage of each product's creation and introduction and then at the stage of offering the product to customers. Every product is subject to a pre-implementation analysis for risks that it generates and for identification of the target customer groups. The bank also identifies the groups of customers that should not be offered a given product because of its inadequacy to meet their needs or for other reasons (the so-called anti-groups). In instances where anti-groups have been identified, the control mechanisms are implemented to mitigate the risk of product misseling. Such risk is also mitigated by conducting an additional assessment of product adequacy directly before offering the product to customer. This approach enables us to eliminate cases for example of selling unemployment insurance to pensioners or long-term investment products to elderly customers. Additionally, the Bank always provides reliable and exhaustive information to Customers about the products offered so that they can make an informed choice in this regard.

PKO Bank Polski does not tolerate corruption and counteracts all corrupt practices. Such phenomena as nepotism and accepting or offering any physical goods in order to influence decisions or measures taken are in contradiction with the bank’s values of credibility and trust.

[GRI 205-1] Within the bank’s group, including the bank, the risks related to corruption are identified in particular in the individual and business customer service areas, in the area of the supply of goods and services to the entities of the bank’s group, including the bank, by external entities, in connection with donations and sponsorship agreements. These areas are subject to particular attention, the processes are regulated in detail, while decisions which have significant financial consequences are accepted, in principle, through the so-called “second hand” (they require dual acceptance).

[GRI 205-3] In 2022, no cases of corruption were confirmed, as in 2021.

The bank’s internal regulations concerning the principles for conducting marketing activities define the features of appropriate advertising messages, as well as the list of undesirable actions. 

[GRI 417-3]  No incidents of non-compliance concerning marketing communications were identified in 2022.

Each time, the correctness of the communication is consulted with the units whose tasks include verifying the compliance of messages with the generally applicable laws. The ethical standards in marketing communication and the mechanisms for preventing the risk of unethical communications also apply to materials prepared at the Bank’s request by external entities (advertising agencies, event agencies).

In addition to the internal regulations for its marketing communications, the bank follows the Code of Banking Ethics (Principles of good banking practice) by the Association of Polish Banks, the Good Practices in consumer credit advertising standards developed in cooperation between the Association of Polish Banks, the Conference of Financial Enterprises and the Association of Lending Companies, the PFSA's Principles of advertising banking services and the Canon of good financial market practices prepared by entities in the financial and insurance sectors.

In order to maintain proper relations with all of its shareholders, the bank has adopted the “PKO Bank Polski S.A. Information Policy with respect to contacts with investors and customers”. According to its provisions, the overriding aim of the bank’s information activities is to guarantee high standards of communication with capital market participants, which are a sign of respect for the principles of universal and equal access to information. As part of its information policy, the ank takes into account the interests of all investors, provided that they are not in conflict with the bank’s interests. The objective of the information policy is to define the mechanisms of communication with capital market participants to ensure appropriate, fair and full access to information about the bank for all investors, without giving preference to any of them.

Complaints

Any irregularities reported by the bank's customers, in particular in the form of complaints, are considered within timeframes specified by the existing provisions of law. Depending on the results of the findings, the bank takes steps to eliminate irregularities, prevent their future occurrence and improve the quality of its services. Similar solutions to manage the risk of product misselling (while respecting the principle of proportionality) are also in place at other entities of the group that are involved in financial product creation or sales.

The handling of complaints is conducted on two lines: (1) the first line consists of a review by the responsible bank units in accordance with their tasks of first-time complaints of customers and reports concerning personal data violations from the President of the Personal Data Protection Office, (2) the second line is the customer's Ombudsman and the associated Office of the Ombudsman that consider the customer appeals against the bank's decision in the first line of the complaint process, as well as the reports filed by the PFSA or external institutions vested with protection of customer rights. The solution proposed by the Ombudsman is the final position of the bank in a given matter.

Our objective is to find itself among the best three banks, taking into account the level of the customer's recommendation ratio. The current place among other banks is not satisfactory and the bank is undertaking a number of actions aimed at improving this ratio. In 2022, the bank's recommendation ratio was re-recognised in the objectives of most of the Bank's units – it is a continuation of customer-oriented approach in line with the principle that their satisfaction and loyalty are key in terms of our actions and strategy.

As part of relational surveys, in 2022 internal relational surveys of Personal Banking customers and SME customers were carried out for the first time. Both surveys are carried out on a continuous basis. In 2022, a survey was also implemented in the IKO mobile application. The survey is available to every customer after logging in. The customer can share their opinion. In addition, a survey was carried out for the first time in the iPKO transaction service, embedded in the mail. In total, in 2022 the bank collected over 950 thousand surveys using various methods, including the remote channels. There are plans to further increase the number of processes monitored, especially the service processes following the purchase of a product. We continued satisfaction surveys of corporate customers. The main monitored indicator, the relational NPS, was 41, which was the highest result since the beginning of the survey implementation in the corporate segment.

Apart from monitoring the level of customer satisfaction, the bank also conducts an in-depth dialogue with customers at every stage of the product development process – the concept of changes is preceded by the analysis of customers' needs and previous reports, the prepared concept is verified with customers, while the implementation involves the assessment of satisfaction with the solution prepared. In the process of granting budgets for development works, the assessment of the impact of a given action on customer satisfaction is taken into account, while measures based on their satisfaction are an ongoing element of post-implementation assessment. 

The nature of the business activities means that the direct impact of the Bank and the Bank’s Group on the natural environment is limited. Direct impact on the environment depends on the manner of consumption of limited natural resources. The group monitors the consumption of such resources and engages in activities aimed at reducing their consumption. In previous years, a number of entities of the Bank’s Group performed energy efficiency audits. On the basis of the results of such audits, the group entities identified the areas with the highest energy saving potential and drew up action plans which are currently being successively implemented.

The group entities have procedures and structures in place for monitoring the legal changes regarding the environment, which are significant for their operations. In 2022, none of the group entities conducted any projects that could significantly affect the environment. [GRI 307-1] No administrative proceedings relating to a breach of the environmental regulations were conducted with respect to the group that would result in any financial penalties.

Indirect environmental impact

One of the tools for managing credit risk for selected industries/sectors is lending policies. The bank has the following policies: Renewable Energy Sources, Carbon-Intensive Energy Sector, Chemistry-Oil-Gas, Revenue Real Estate (adopted and implemented in 2022), Construction and building materials, Car Dealers and CFM companies, Public Healthcare, Trade, LGU.

Since 30 June 2021 each time the bank assesses the impact of the ESG factors on a customer’s creditworthiness in the corporate segment and in the companies and enterprises segment, evaluated using rating method.The bank also examines the impact of credit transactions on ESG and classifies them to four categories, from transactions with a positive impact on ESG to those with material negative impact. When assessing the ESG factors, the Bank takes into account such factors as the risk of climate change and its impact on the customer’s operations, potential influence of the customer on climate, factors related to human capital or health and safety, and governance factors (including the corporate culture and internal audit).

By using appropriate tools, the Bank estimates ESG risks, assesses and controls them. The identification of ESG risks allows the identification of projects which do not meet the increasingly high environmental and social requirements. By identifying these risks the bank may support the financing of environmentally sustainable and socially responsible projects, as well as eliminate the financing of activities/projects with a negative impact on the environment.

Over the last two years we significantly increased its share of green funding in its portfolio. The newly granted loans for projects related to the implementation of investments in RES, whose year-on-year increase amounted to more than PLN 1.3 billion, are mainly responsible for high value of this ratio, of which the newly granted financing made available to the customer is PLN 998 million. The dominant objective of financing was photovoltaic farms. The group continues to expand its product offer to support the environmental protection.

The bank wants to achieve its business objectives by maintaining its impact on the climate change resulting from its operating and product activities and the impact of climate change on business activities at the lowest possible level. In our activities, we want to support the long-term objective of the Paris Agreement – increase of the global average temperature below 2°C as compared to pre-industrial times. 

As the biggest bank in Poland that sets trends for innovative banking products, we recognize the impact of our business activities on local communities and the environment. We are aware of our corporate responsibility for complying with the obligations that result from the Paris Agreement. We signed the Ecological Responsibility Charter of Polish Entrepreneus and Employers, where we obliged ourselves to work towards the principles of climate neutrality and circular economy.

In 2021, it adopted ambitious short-term objectives concerning reduction in the bank’s (Scopes 1 and 2) GHG emissions aligned with the objectives of the Paris Agreement. The bank is focused on improving the measurement of GHG emissions generated by the bank in all scopes. The bank has also made a commitment regarding the composition of its product portfolio (the relation of “green” financing to carbon-intensive financing, increasing the volume of green financing by 5% a year, eliminating the exposure to the coal-mining sector by 2030).

Key non-financial performance indicators in the area of the environment.

As part of works on the bank's Strategy 2023-2025, the Bank tried to estimate emissions generated by its product portfolio. The bank does not have any data on the emissions of its customers, while some of them do not even have such knowledge about themselves. In order to estimate the emissions, data on the industry's average emissivity were used. The estimated product emissions in Scope 3 exceed the currently reported emissions of the bank in Scope 1 and Scope 2 by over 300 times. In the new strategy, the bank declared that it will start emission calculations in Scope 3 and prepare the trajectory of emission reductions based on a scientific approach.The Bank discloses climate-related information in accordance with the TCFD (Task Force on Climate-related Financial Disclosures).

For several years, the bank has been conducting climate disclosures in CDP Disclosure Insight Action using the TCFD recommendations and for 2022 as one of seven Polish banks, and it has received a climate change disclosure rating (“D”). 

According to Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability-related disclosures in the financial services sector (Sustainable Finance Disclosure Regulation), in 2021 PKO TFI S.A. and the bank’s Brokerage Office published their strategies for incorporating sustainability risks into investment decision-making processes and information on the integration of changes in compensation policies to consider sustainability risks. PKO TFI S.A. also published a statement that it does not take into account the adverse effects of its investment decisions on sustainable development factors.

In 2022, the bank implemented the Commission Delegated Regulation (EU) 2017/565, which recommended the inclusion of ESG factors in the investment advisory and portfolio management services. We also implemented Directive 2017/593 together with transposition in the form of a regulation of the Minister of Finance of 11/08/2022, which came into force on 22/11/2022. Internal regulations were amended and MiFID questionnaire was supplemented with an additional question to customers regarding their investment goals related to sustainable development. ESG factors were also included in the process of product governance, i.e. the identification of target markets. Information collected from customers regarding the ownership and/or non-fulfilment of investment purpose related to sustainable development is taken into account when determining whether the customer is in the target group for the product. This principle does not apply to structured deposits, derivatives and State Treasury bonds. Similar changes concerning the survey of customer sustainable development goals preferences were introduced in PKO TFI S.A. 

According to Article 8 of Regulation (EU) 2020/852 of the European Parliament and of the Council and Commission Delegated Regulation (EU) 2021/2178 (Article 10), the Bank’s Group is obliged to disclose its indicators for 2022 as regards two objectives of the Taxonomy for sustainable activities: climate change adaptation and climate change mitigation. Delegated acts have not yet been adopted for the remaining four objectives of taxonomy.

The bank’s group is working on incorporating the criteria of compliance with the Taxonomy into its business strategy, the establishing of objectives, into product building processes and into the principles of cooperation with its Customers and counterparties. In accordance with the new Strategy, the bank set the objective of achieving the highest volume of new financing of sustainable and transformation projects.

Every employee of  the Bank’s Group is important, regardless of their gender, age, health condition, sexual orientation, religion, marital status or country of origin. The bank and the entities of the Bank’s Group use their best efforts to ensure diversity among the employees at every level in accordance with the applicable internal policies.

[GRI 405-2] The global ratio of women’s salaries to men’s salaries calculated as the total weighted average salary of women to that of men was 95% at the bank and 92% in the Bank’s Group. 

The gender pay gap calculated on the basis of the weighted average salary was 5% at the bank and 8% in the Bank’s Group. The gender pay gap at the bank based on the median was 3.9%. The gender pay gap level does not indicate any unfounded inequalities in the amounts of women’s and men’s salaries, and the reasons for the small deviations owing to gender are the result of the nature of the organization in which female employees are more numerous. The bank’s remuneration policy does not discriminate employees based on their gender. The process of determining the salaries at the bank is based on the valuation of positions. The salary is related to the complexity of the tasks within a given organizational structure, the level of responsibility associated with a given position and the necessary skills. The bank performs regular salary reviews for different positions, which also analyse the relationship between the salaries of women and men.

[GRI 401-2] All non-salary benefits are available to the employees irrespective of their type of contract or working time. Additional medical care: varied packages of benefits assigned to specific groups of positions. Employee Pension Programme - in the form of an agreement under which the bank makes a basic contribution (3.5% of an employee’s salary) and an additional employee contribution to the investment funds managed by PKO TFI S.A. Other major companies in the Bank’s Group also have EPPs in place. Additional benefits from the company social benefits fund: MyBenefit cafeteria system.

[GRI 102-41] A Collective Bargaining Agreement concluded with the company trade union organizations is in force at the bank. It governs, among other things, salary-related issues.

Diversity

The obligation of equal treatment in employment is a fundamental principle at the level of policies, regulations and processes developed and carried out at the bank. Therefore, the bank’s internal acts adopted at Management Board level include crucial commitments pertaining to:

• counteracting discrimination in employment and non-discrimination of employees, in particular due to gender, age, disability, race, religion, nationality, political views, trade union membership, ethnic origin, denomination or sexual orientation or due to employment for a limited or unlimited period or on a full-time or part-time basis,

• application of objective criteria and transparent rules at the bank in the processes of recruitment, remuneration, employee development, access to training and access to employee benefits,

• guaranteeing equal treatment of employees performing the same type of work or work of equal value,

• applying objective and fair criteria for performance appraisal.

Policy on bullying and discrimination

The bank strongly opposes any forms of discrimination that contradict the organization’s values and promotes attitudes based on mutual respect among employees. Any conduct that can suggest the presence of bullying is unacceptable.

The bank has internal regulations in place for counteracting bullying and discrimination and for handling complaints concerning the violation of employee rights. These principles guarantee counteracting unfavourable phenomena in employee relations and specify how to react to situations of interpersonal conflicts. Based on these principles, an employee of the Bank may report a complaint about any breach of the employee rights defined in the legal acts or internal regulations without worrying about the consequences. Moreover, the employee is entitled to additional support in the process of investigating the complaint.

Training in the subject of diversity

Appropriate diversity management increases team work efficiency, improves the atmosphere at work, helps retain valuable and experienced employees, enhances innovation and creativity. For these reasons, such training is organized at the bank during which managers acquire knowledge and skills in the management of diverse teams, which makes it possible to eliminate undesirable behaviour and situations and support the valuable and positive ones. In 2021, webinars were mostly dedicated to the organization of remote work, team communication, and emotions and stress management.

Cooperation with external entities

Collaboration with external entities that supports diversity in the workforce includes internship and training programmes offering the opportunity of development to students and graduates of secondary schools and universities with various profiles. Professional development programmes for people with disabilities, including the provision of workstations adapted to the needs of such people . Cooperation with universities and secondary schools.

[GRI 102-12] For many years, the bank has been initiating and implementing social projects combining business objectives with initiatives for all stakeholder groups. In accordance with its Mission, we conducting activities whose aim is to have a positive impact on Poland, its people, companies, culture and the environment. The bank builds its capital based on the national values and traditions. It conducts and supports activities aimed at commemorating important historic events, promoting pro-social attitudes and popularizing the Polish tradition and culture. We actively involved in educational and sports projects. Its experience and leading position in the financial market also require it to promote entrepreneurship and support the Polish economy. The bank participates actively in organizing economic congresses and industry conferences enabling the exchange of experience and building Polish and international business relations. The bank carries out projects both at national and local levels, supporting initiatives that are important to local communities. Such activities facilitate the integration of communities, the development of entrepreneurship among the region’s inhabitants and its promotion.

The PKO Bank Polski Group influences the social environment and its development, we offer to our customers financing of housing needs, we support the development of local government units by financing public investments, we support the development of small enterprises, the development of education and we counteracting financial exclusion and provide access to services for customers with disabilities.

In the process of developing regulations, procedures and policies relating to human rights, the entities of the Bank’s Group draw on the achievements of international organizations and respect the fundamental principles set out in the International Bill of Rights which is composed   the Universal Declaration of Human Rights, the UN Convention: the International Covenant on Civil and Political Rights, the International Covenant on Economic, Social and Cultural Rights.

Depending on the size and specificity of a given entity of the Bank’s Group, observing human rights is manifested both in the internal provisions, the initiatives undertaken and in everyday practice. This concerns, in particular, to the rights to recognize the identity of every employee, proclaiming one’s views and opinions, freedom of thought, conscience and religion, protection of personal rights, equal treatment, access to information, access to healthcare, respect for privacy.

Some of the entities of the group have included provisions relating to respect for human rights and the prohibition of discrimination in such documents as their working regulations or the code of ethics. The bank’s policy concerning respect for human rights is contained in its policies and principles.

No cases of employment of minors or forced labour were identified in the group entities operating in various countries. The issues of observance of human rights are reflected in the procedures and agreements signed with entities.

The bank takes action to prevent violations of human rights, including employee rights, but it is not able to eliminate all conflicts. In 2021, 21 cases concerning employment relationships ended in the final termination of proceedings (15 cases were won, 6 cases were lost).

The bank conducts its banking activities with the support of external entities. It is therefore exposed to operational risk arising from outsourcing of services to other entities. Such risk applies to all stages of outsourcing – from planning through selection of an entity to perform the activities for the bank, conclusion of the outsourcing contract, monitoring the cooperation and ending the cooperation. As part of the operational risk management related to outsourcing, the bank:

The operational risk management related to outsourcing of activities also takes place at PKO Bank Hipoteczny that – as the bank's wholly-owned subsidiary – applies its best practices for management of such risk. The procedures implemented at PKO Bank Hipoteczny correspond to standards applied at the bank.

Cooperation with suppliers of goods and services

PKO Bank Polski is convinced that responsible management of the supply chain may increase the commitment of suppliers to the concept of sustainable development and corporate social responsibility. This is why the bank requires suppliers to provide declarations about their key activities related to social responsibility, at the time of sending inquiries to potential suppliers of products or services.

Suppliers that are interested to cooperate with the bank may register themselves on a dedicated procurement platform (the so-called PKO Zakupy). The task of the bank's Procurement Department is the supervision of the supply process for necessary materials and services of required quality. In addition to the bank's broad interest, the department oversees compliance of the procurement processes with the ethical principles, including the principle of equal treatment of all participating parties. When selecting a supplier, the bank also takes into account certain non-price criteria such as compliance of the supplier with business ethics, with the aim of building transparent relationships with suppliers.[GRI 414-2] No negative social impact was identified in the supply chain in 2021.

The bank builds its supplier relationships on the basis of honesty, transparency of action, mutual respect and professionalism by: honouring the accepted arrangements and obligations, settling payments and other liabilities on time and in accordance with the agreed contractual terms (the standard payment term is 30 days), resolving difficult and conflict situations through dialogue, verifying suppliers on substantive and business grounds, and informing them about standards of conduct. The value of overdue invoices in 2021 constituted a marginal percentage of all invoices paid.

In 2021, the bank renewed the Corporate Certification issued by the Chartered Institute of Procurement and Supply (CIPS), which confirms that the certified organization has implemented the highest procurement standards. It also certifies the bank's compliance with the principles of ethics and global trends in Corporate Social Responsibility (CSR). The certificate is a proof that PKO Bank Polski is a reliable and solid business partner for its customers and suppliers, and that it strives to continuously improve its operating processes. PKO Bank Polski is the only financial institution in Poland and the entire CEE to hold this prestigious certificate.

All subsidiaries of the bank perform OHS tasks in accordance with the applicable laws. These laws are so clear that, in fact, it means applying the same OHS rules across the entire bank’s group. Entities located outside Poland operate under the rules specific to the country in which they are registered. The basic occupational health and safety management system arising from the generally applicable laws covers 100% of the employees.

[GRI 403-5] All employees participate in the system of OHS training. Such activities are organized in compliance with the law and, depending on the number of employees in a given company, they are carried out by the internal OHS service or a properly qualified external provider.

[GRI 403-9] In 2021, 69 accidents were reported (66 in 2020). As a result of the proceedings conducted, 3 of them were not classified as accidents at work, and 12 are still pending. [GRI 403-10] 5 instances of suspected work-related ill health in the bank’s employees were reported in 2021, 4 of which concerned former employees (3 in 2020). In 2021, the ruling authority issued 8 decisions concerning cases reported in prior years, including 6 decisions in which it was concluded that there were no grounds for classifying the illness as a case of work-related ill health, and 2 decisions in which the ruling authority identified the presence of an occupational disease. The other proceedings are still pending.