One of the Bank’s priorities is to set the highest security standards. Customer security in the process of using the products of the Bank and the Bank’s Group primarily includes the security of Customers’ funds and the physical security of the Customers at the Bank’s facilities. [GRI 2-23] The question of security is governed in the Bank’s internal regulations, including the Security Policy at PKO Bank Polski S.A. and, in detail, the regulations regarding specific areas of security: (i) protection of people and property, (ii) IT System security, (iii) managing security incidents, (iv) security of protected information.

SECURITY OF CUSTOMERS’ FUNDS

The activities of the Bank and other entities of the Bank’s Group related to ensuring the security of customers’ funds concern ensuring the security of both the funds entrusted and the funds invested using the products offered. The initiatives regarding ensuring a stable and secure infrastructure made it possible to achieve very high reliability indicators for the operation of the IT infrastructure.

PHYSICAL SECURITY OF CUSTOMERS

The Bank and the other entities of the Bank’s Group ensure the highest quality of direct customer service at their locations, aided by security standards that meet the legal requirements and norms, implemented at the Bank. State-of-the-art systems, equipment and technical and organizational solutions adequate to the threats and risk identified are used in all facilities. They ensure physical safety of customers, employees, cash and deposits, as well as security of protected information, including bank secrecy and personal data.

CYBERSECURITY

The Bank has a security policy in place, which also relates to the principles of digital security. The policy was approved by the Management Board in 2015. The Bank has a Cybersecurity Department which deals with:

• ensuring the security of the Bank’s IT system,
• development of systems and monitoring of cybersecurity parameters and critical services,
• servicing cybersecurity events and incidents, including the events and incidents in the area of electronic banking.

The monitoring of and responding to incidents are performed by the specialist CERT unit of the Bank. In order to ensure IT security of the Bank’s services, incident response operates on a 24/7/365 basis.

Since 2021, a CyberSecurity Operations Centre has been in operation at the Bank, which also includes monitoring and incident response for the Bank's Group companies. The 24/7 SOC operates on the basis of a SOAR-class system allowing automation in monitoring, response as well as handling security incidents. In 2023, the PKO BP CERT team notified and blocked, in cooperation with CSIRT PFSA, CERT Polska and CERT Orange, more than 1,930 fake pages. The frauds mainly targeted electronic services and customers of the Bank, but 20% of the cases concerned frauds of a different type, which shows the contribution of the PKO BP CERT team to the overall level of ICT security in the Polish cyberspace.

CERT PKO BP is a member of an international forum of cybersecurity incident responders FIRST and belongs to the task force of European response teams (TERENA TF-CSIRT) and the related Trusted Introducer organization. It is also a leading member of the Banking Cybersecurity Centre, operating under the patronage of the Polish Bank Association.

In accordance with the Bank’s policy, the principles of cybersecurity must be complied with also by third parties (contractors).

Since 2022, Security Awareness training has been carried out periodically and extended to all employees and the Bank's Management Board.

In 2023, information within the scope of ThreatIntelligence was widely analysed in the scope of activities carried out in cyberspace related to the conflict of Russia/Ukraine, with the simultaneous inclusion of threats which may materialise at the Bank. At the same time, a system to identify trends in attacks on customers based on customer reports has been implemented in view of the constantly high threat posed by false investments and phishing attacks. The system is designed to monitor changes in customer attack scenarios.

AUDIT

The bank continuously addresses cybersecurity threats, monitoring information sources, developing potential threat scenarios, analyzing risks, implements safeguards and responding to incidents in a structured manner. The Bank has a formalized process in place for verifying the security and sensitivity of new or modified systems and applications before the launch of their production. Each project affecting key business processes is analysed and undergoes an IT security audit. Internal audits of IT processes occur at least once every three years.

MANAGING THE RISK OF UNAUTHORIZED ACCESS TO CUSTOMERS’ FUNDS THROUGH ELECTRONIC BANKING

The Bank and Towarzystwo Funduszy Inwestycyjnych S.A. consider criminal activities targeting customers using electronic banking and investment services as the most significant threat to customer security.

Firstly, the Bank employs the latest ICT security solutions which guarantee customers secure access to their funds.

Secondly, the Bank places a great deal of importance on informing and raising customers’ awareness about safe use of electronic banking services and payment cards. The Bank’s educational activities include, in particular:

• regular educational campaigns conducted on social media and other channels for contact with customers, e.g. the educational portal www.bankomania.pkobp.pl,
• videos illustrating examples of real attacks published on YouTube,
• educational articles in electronic media and the press,
• webinars and trainings with the most common attacks,
• responding to customers’ enquiries on an ongoing basis (e-mail, social media),
• onsite meetings for customers and banking stakeholders on the most common scams (aimed at seniors, entrepreneurs and students),
• ongoing communication of the Bank’s views on various issues and provision of educational materials on cybercrime and the principles of security to the media,
• on-going campaigns and spreading awareness through external information channels (cooperation with radio is currently underway through participation in programmes on cyber security),
• responding to other threat signals,
• provision of information on cybersecurity to customers through the Bank’s websites, transactional services and by e-mail.

In 2023, mechanisms were implemented to detect and prevent vishing attacks, which consist of attempts to impersonate the Bank's call centre and thereby persuade the Bank's customers to execute fraud scenarios.

In 2023, the Bank was improving systems for incident, anomaly and advanced malware detection and a large number of actions relating to incident handling was automated.

PRIVACY RISK

PKO Bank Polski S.A. follows the generally applicable regulations, and its own internal regulations on the security of protected information taking into account personal data protection issues.

The Bank's internal regulations with regard to security concern in particular:

• security of protected information,
• IT system security,
• protection of people and property,
• management of security incidents including data breach management,
• conducting investigations.

PRIVACY AND DATA SECURITY

The Security Standards for the Bank’s Group address the following issues: security of protected information including personal data protection, business continuity management, ICT security, anti-money laundering, security incident management, outsourcing principles and security reporting principles.

The Bank processes personal data in keeping with the requirements of the generally applicable laws, including the principle of legality and data transparency, the principle of purpose limitation, the principle of data minimization, and the principle of maintaining the accuracy, integrity, and confidentiality of processed data. In order to achieve these objectives, the Bank applies both procedural regulations and technological solutions. They are designed to observe the personal data processing principles defined in the GDPR.

The Bank appointed a Data Protection Officer (DPO) responsible for overseeing propoer personal data processing. Customers can contact the PO by sending letters to the Bank’s address and/or by e-mail: iod@pkobp.pl.

As required by the GDPR, the Bank has prepared Information on personal data processing and provides it to its customers. They are informed about the applicable principles of personal data processing, the purpose of its processing and their rights, including the right to access, rectify and erase data.

Moreover, a dedicated website of the Bank https://www.pkobp.pl/pkobppl-en/gdpr/ presents information on personal data processing, including information on the appointed DPO, on the manner of personal data processing, the legal basis for the processing, and the rights of the data subjects.

If data is processed on the basis of the consent of the data subject, the data subject is informed about the right to withdraw consent.

Bank’s Customers also have access to complaint paths for expressing doubts concerning data security, as well as requesting the exercise of rights under the GDPR. Internal regulations concerning the management of personal data breaches have also been developed. The Bank has defined the principles for informing customers about a breach of their data security. Those principles are in compliance with the generally applicable laws. This also applies to the provision of information competent authorities of breaches, which also results from internal regulations and legal

provisions. Ongoing exchange of information and improvement of security on the basis of the best practices are the permanent features of the cooperation and the Agreements in place in the Bank’s Group.

The Bank is obliged to maintain banking secrecy as defined in the Banking Law.

Any information constituting bank secrecy, including the personal data of the Bank’s customers, may only be made available in compliance with the obligations arising from the generally applicable laws in accordance with the provisions of the Banking Law.. In the event of a violation of personal data protection, the Bank takes measures in accordance with the adopted Principles for security incident management at PKO Bank Polski SA and the GDPR. If a violation is identified, immediate action is taken to analyse it and to mitigate its adverse effects, if any. Any violations of personal data protection resulting in a risk to the personal rights and/or freedoms of natural persons are immediately reported to the President of the Personal Data Protection Office (UODO). Moreover, if a violation of personal data protection could result in a high level of risk to the personal rights and/or freedoms of natural persons, the data subject is immediately notified of such violation.

Each of the other entities of the Bank's Group, which processes personal data, has separate internal regulations and performs obligations related to the protection of personal data as a separate administrator. The companies have implemented the Security Standards, including standards relating to personal data protection, which form part of the “Security Standard Guidelines for the PKO Bank Polski S.A. Group”. They are in line with the generally applicable regulations and the standards applied at the Bank and, to the necessary extent, they contain specific regulations which are adequate to the specific nature of the particular entity’s business. 

As one of the largest employers in Poland, the Bank is committed to conducting and promoting ethical business practices, fostering an ethical organizational culture and adhering to  the principles of social responsibility.

In December 2023, the Bank amended the Code of Ethics by resolution of the Management Board, and in January 2024, the Supervisory Board approved the amended Code. The Bank has revised and redefined the applicable values. Three key values have been introduced for the successful implementation of the Bank's mission and strategy:

• partnership – We work together to ensure the best customer and employee experience, building partner relations based on mutual respect, openness and trust,
• growth - We embrace change and take on ambitious challenges, we nurture our own growth and support others in doing so, we offer support to customers to grow in a rapidly digitalising world,
• impact - We act boldly, value proactivity, responsibility and commitment, are innovative in creating solutions and effective in achieving goals.

Verification of compliance with the Bank's ethical principles is assessed by the Bank's Management Board on an annual basis. Information on the outcome of the assessment by the Management Board is communicated at least once a year to the Bank's Supervisory Board.

Alongside promoting the Bank’s values and ethical conduct, it is equally important to the Bank to counteract all forms of ethical violations in all areas of operation (including combating mobbing and discrimination). Therefore, clear and transparent pathways have been established for:

• Reporting any violations, accessible to all employees in any form, including anonymously.
• Investigating reported potential violations.
• Monitoring and reporting (also to the relevant members of the Bank’s Management Board) identified violations.

ETHICS IN THE BANK’S GROUP

The entities of the Bank’s Group have implemented the Company’s Code of Ethics based on the template made available by the Bank, which means the application of uniform principles across the entire Bank’s Group. The Code of Ethics, revised in 2023, was distributed to the Bank's Group companies for implementation in January 2024.

COMMUNICATION OF CRITICAL CONCERNS

[GRI 2-16] In the employment area there are mechanisms in place to promote and monitor compliance with the ethical standards at the Bank, including mechanisms for monitoring situations violating these principles based on, among others, the internal procedures introduced, the Code of Ethics and reporting obligations towards the Management Board and the Supervisory Board. Within these mechanisms:

• Members of the Bank's Management Board receive information on occurrence of violations in their reporting areas on a quarterly basis,
• As part of the annual report on compliance with ethics at the Bank, the Management Board and the Supervisory Board of the Bank receive comprehensive information.

In 2023, no significant concerns were raised in the employment area, and therefore no significant concerns were raised to the Management Board and Supervisory Board of the Bank regarding negative influence of the organisation on its stakeholders, including those related to business relations.

COLLECTIVE KNOWLEDGE AND ASSESSMENT OF THE EFFECTIVENESS OF THE MANAGEMENT BOARD AND THE SUPERVISORY BOARD IN TERMS OF SUSTAINABLE DEVELOPMENT

[GRI 2-17]Assessment of the knowledge, skills and experience of members of the Management Board and Supervisory Board of the Bank on sustainable development, including the ability to manage ESG risk and the impact of ESG risk factors on Bank's operations, is one of the verification criteria as part of preliminary and periodic (annual) suitability assessments (members of the bodies) and collective (the Bank’s bodies) suitability assessments.

[GRI 2-18]The fulfilment of the tasks of the Bank's bodies in the field of sustainable development is achieved by, but not limited to:

• introduction/update of the Bank's internal regulations relating to the undertaking of ESG activities,
• determination by the Bank of non-financial indicators and objectives and their performance,
• development of the Bank's strategy aimed at achieving ESG objectives and sustainable development,
• setting managerial objectives to members of the Bank's Management Board covering the ESG area, including customer and employee satisfaction indicators as well as implementation of the Bank's strategy (linking the strategic objective for women in MRT positions to the remuneration of the members of the Bank's Management Board).

Performance review of the Bank's Management Board and Supervisory Board with regard to fulfilment of entrusted obligations, including monitoring the management of the organisation's impact on ESG issues, is assessed in several respects, including through periodic monitoring of:

• the implementation of the indicators and non-financial objectives related to the ESG area,
• implementation of management objectives of the Bank's Management Board members, including the implementation of the Bank's strategy,
• the impact of the organisation on the stakeholders and the social environment,

and is a component of, among others:

• control/review mechanisms in the area of compliance with corporate governance,
• the discharge of liability process,
• reporting and suitability assessment mechanisms for members of the body,
• a settlement mechanism of management objectives of the Bank's Management Board members, as well as
• Bank’s ESG ratings, which remain at the average level.

CONFLICT OF INTEREST

[GRI 2-15]The Bank has in place the Principles of managing conflicts of interest adopted by the Bank's Management Board and approved by the Supervisory Board. The Principles set out a policy for preventing, identifying and disclosing conflicts of interest or potential conflicts of interest and taking actions to control such conflicts, minimize the risk of their occurrence and mitigate their adverse effect on the Bank’s operations and its relations with the customers and other entities.

The Bank identifies a conflict of interest when there may be a conflict of interest between:

• the Bank and the its clients or entities affiliated with the Bank and its clients,
• two or more clients of the Bank,
• a related party of the Bank and the Bank,
• Bank or any entity affiliated with the Bank and a supplier or bidder or their related entity,
• The Bank’s shareholders and the Bank.

ANTI - MONEY LAUNDERING

In 2023, the Bank took measures to comply with the provisions of the Act of 1 March 2018 on the prevention of money laundering and terrorist financing (hereinafter: the "AML Act") and the guidelines of the European Banking Authority. To this end, in the second quarter, the Bank's Management Board appointed Mr Dariusz Szwed, President of the Bank's Management Board, as the person responsible for implementing the obligations set out in the AML Act. An officer in a managerial position (AMLCO) has also been appointed, responsible for ensuring that the activities of the Bank, its employees and other persons cooperating with the Bank comply with the provisions of the Act, as well as a senior officer (AMLRO) entrusted with, among other things, identifying risks related to money laundering and terrorist financing in the Bank's activities and taking measures to mitigate them.

Internal AML/CFT procedures were also revised. In the second quarter of 2023, the Bank's Management Board updated the Principles for Counteracting Money Laundering and Terrorist Financing at PKO Bank Polski S.A., defining the procedure and division of responsibilities with regard to AML/CFT. In November 2023, the Policy on Counteracting Money Laundering and Terrorist Financing (hereinafter the "Group Policy") was also updated for all entities of the Bank's Group and foreign branches, with the aim of strengthening the supervision of the duties performed in terms of AML/CFT in these entities.

Legal changes in the area of AML/CFT have contributed to a significant increase in the number of responsibilities imposed on financial institutions, which is why the number of FTEs for AML/CTF functions has increased by 79% in 2023. Mandatory training programmes were extended to all personnel performing AML responsibilities

We make every effort to ensure that the products we offer comply with the applicable provisions of law and market standards. Our efforts focus on ensuring that products are adequate to customer needs, while the form of a purchase offer is adequate to the product's nature. Before concluding an agreement, we provide reliable, transparent and comprehensive information to our customers about the product, in particular regarding the risks and benefits resulting from the purchase and all costs related to the conclusion, performance and possible early termination of the agreement.

[GRI 417-1] The bank’s group, including the bank, fulfils the requirements concerning correct labelling of banking and investment products by providing the customers with all the necessary information about them, especially at the pre-contract stage.

[GRI 2-27] In terms of the products offered, PKO Bank Polski S.A. and the PKO Bank Polski S.A. Group pursue a policy which is to ensure: compliance of the products with the applicable regulations and their correct labelling. The scope of this policy at the Bank and in the Bank’s Group encompasses the stage of formulating a product offer, the presentation of the product to the customer, the purchase (i.e. signing the agreement) and the stage of the product being used by the customer.

The principles and mechanisms of pursuing the compliance policy and appropriate labelling of products apply to the Bank and the entire Bank’s Group.

COMPLIANCE OF THE PRODUCTS WITH THE APPLICABLE STANDARDS

The Bank and the Bank’s Group make every effort to ensure that the products offered meet the requirements set out in the legal regulations and the accepted market standards. These efforts are focused on ensuring that:

• the products offered are adequate to the needs of the customers to whom they are addressed,
• the manner and proposed form of the purchase of products are adequate to their nature,
• before concluding the agreement, customers are provided with reliable, transparent and comprehensive information about the product, in particular its nature, design, conditions, benefits and risks, as well as fees, commissions and other costs related to the conclusion, performance and potential early termination of the agreement (in a manner comprehensible to an average person).

These principles apply to all entities of the Bank’s Group, as well as the enterprises which the Bank has entrusted with the performance of specific operations related to the sale and/or handling of products.

MANAGING THE RISK OF MISSELLING PRODUCTS TO CUSTOMERS

As part of ensuring compliance of the products with the regulations, the Bank manages the misselling risk at the stage of product development and launch, and then at the stage of offering the product to customers. Each product undergoes a pre-implementation analysis with regard to the risks it generates and the identification of target customer groups. The Bank also identifies the groups of customers to which the Bank should not offer the purchase of a given product because of its inadequacy to their needs or for other reasons (the so-called anti-groups). Employees of the Bank may not recommend or offer the purchase of financial instruments that are assessed as incompatible with the customer's objectives or needs. The misselling risk is also mitigated at the stage of commencing the sales activity – before offering the purchase of a specific product to a customer, it is assessed whether a given product is adequate to the needs of this type of customer. It aims eliminate the cases, for example, of selling unemployment insurance to pensioners and/or long-term investment products to elderly persons. Additionally, the Bank always provides reliable and exhaustive information to customers about the products offered so that they can make an informed choice. The Bank informs customers about both benefits and risks arising from the purchase of the individual products.

The Bank applies solutions to bar customers from instruments that do not comply with their sustainable development preferences by, among other things, analysing customers' needs and paying particular attention to the content of the advertising messages formulated to inform them of the environmental aspects of the products offered (see 13.7.5B).

The Bank considers any irregularities reported by the Bank’s customers (in particular complaints) within the deadlines arising from the legal regulations. Depending on the findings, the Bank takes steps to eliminate such irregularities, prevent their future occurrence and improve the quality of service (for more information, see chapter 13.7.5A).

Similar solutions concerning misselling risk management, in keeping with the principle of proportionality, are also in place in the other entities of the Bank’s Group which develop and/or sell financial products.

APPROPRIATE PRODUCT LABELLING

[GRI 417-1]The Bank’s Group, including the Bank, fulfils the requirements concerning appropriate labelling of banking and investment products by providing the customers with all the necessary information about them, especially at the pre-contract stage.

The scope of information provided about the products is specified in the applicable legal regulations and the recommendations of the PFSA. The general rule is that the highest level of protection is available to retail customers – consumers. This information is formulated in such a way that it is comprehensible to the so-called “average consumer” within the meaning of the Act on counteracting unfair market practices, i.e. a consumer who is sufficiently well-informed, attentive and cautious, whereas the scope of the information provided to financial institutions and other professional buyers of financial products and services is narrower.

Proper product labelling also applies to the Bank's advertising messages, which support its sales activities and shape its brand image. All marketing materials published by the Bank take into account the specific obligations arising from the legal regulations (e.g. the Consumer Credit Act – as regards the advertising of such loans) as well as market standards and the PFSA guidance formulated in the adopted “Principles of advertising banking services”.

COMPLIANCE WITH THE LAW AND REGULATIONS

[GRI 2-27]In 2023, there were no significant instances of non-compliance with the law in the Bank and no significant penalties were imposed on the Bank for non-compliance with the law.

ANTI-CORRUPTION SYSTEM AT THE BANK

PKO Bank Polski S.A. does not tolerate corruption and counteracts all corrupt practices. Such phenomena as nepotism and accepting or offering any physical goods in order to influence decisions or measures taken are in contradiction with the Bank’s values of credibility and trust.

The Bank has a number of internal regulations regarding the prevention of corruption, including accepting benefits, presents or gifts, in particular:

• PKO Bank Polski S.A.’s Code of Ethics,
• Code of Banking Ethics (Principles of Good Banking Practice) by the Polish Bank Association,
• Principles of ensuring compliance, non-compliance risk management and conduct risk management at the Bank.

[GRI 205-1] Within the Bank’s Group, including the Bank, the risks related to corruption are identified in particular:

• in the individual and business customer service areas,
• in the area of the supply of goods and services to the entities of the Bank’s Group, including the Bank, by external entities,
• in connection with donations and sponsorship agreements.

The Bank’s internal regulations on the prevention of corruption with regard to the Bank’s employees and people acting on behalf of the Bank include:

• the prohibition to accept benefits, presents or gifts intended for personal use from customers and prospective customers, as well as from the representatives of the entities cooperating with the Bank and/or seeking to enter into cooperation with the Bank, which could:
• result in an informal obligation to a given customer and/or person cooperating with the Bank,
• cause a conflict of interests,
• otherwise affect the manner in which the Bank’s employee performs their professional duties negatively.

[GRI 205-3] In 2023, no cases of corruption were identified, as in 2022.

[GRI 417-3] In 2023, as part of the marketing activities conducted by the Bank’s Group and the Bank, no administrative proceedings concerning the violation of ethics in marketing communication were pending, and no inconsistencies were recorded in marketing communication.

COMPLAINT PROCESS

The complaints process is an important link in building a positive customer experience and satisfaction with cooperation with Bank Group entities. Each customer complaint is considered individually individually, and the reported problem is thoroughly analyzed and explained.

Complaints are handled in a reliable and objective manner, taking into account all the information and documents related to the problem reported by the customer and in accordance with the provisions of the law and concluded agreements.

In 2023, the entities of the Bank’s Group received approx. 349 thousand complaints (352 thousand in 2022), of which over 82% were handled within 14 days (79% in 2022). Approximately 53% of all cases were fully or partly settled in the customer’s favour (56% in 2022).

MARKETING COMMUNICATION

The Bank’s marketing communication policy is regulated by the “Principles for the conducting of marketing and public relations (PR) activities and social communication by PKO Bank Polski S.A.” which were adopted by resolution of the Management Board in June 2022.

COMMUNICATION WITH INVESTORS AND CUSTOMERS

In order to maintain proper relations with all of its shareholders, the Bank has adopted the “PKO Bank Polski S.A. Information Policy with respect to contacts with investors and customers” (the policy was approved by the Management Board on 9 December 2014). According to its provisions, the overriding aim of the Bank’s information activities is to guarantee high standards of communication with capital market participants, which are a sign of respect for the principles of universal and equal access to information.

INVESTORS’ INTEREST IN ESG ISSUES

[GRI 2-29]Investors' interest in ESG issues in 2023 remained at levels far lower than before the outbreak of the war in Ukraine. Investors who demonstrated interest in this topic focused on the issues of the Bank's involvement in the energy transition and the potential impact of the parliamentary elections on the Bank's corporate governance principles.

The Bank operates a tab dedicated to ESG issues on its website:

ESG at PKO Bank Polski Group (pkobp.pl). https://www.pkobp.pl/investor-relations/esg-at-pko-bank-polski-group/

CUSTOMER SATISFACTION

[GRI 2-29] The Bank evaluates the stakeholders’ commitment based on regular customer satisfaction surveys.

RETAIL CUSTOMER RECOMMENDATION AND SATISFACTION SURVEYS

In line with the Strategy for 2023-2025, the Bank places emphasis on improving the customer experience. The aim is to be among the top three banks according to the criterion of customer recommendation of the bank (NPS indicator). The current position is not satisfactory. The Bank has been taking a number of measures to improve the indicator. One of these is the inclusion of the bank's recommendation indicator in the objectives of most of the bank's units, continuing the customer-centric approach based on the principle that customer satisfaction and loyalty are central to the bank's operations and strategy.

The Bank still conducts the following internal retail customer surveys:

- relational surveys – conducted among customers in the segments: Primary Customer, Personal Banking and Sole Proprietorships (SME), measuring the level of customers’ loyalty and their satisfaction with cooperation with the Bank, encompassing the whole of the customer’s experience,

- transactional surveys – conducted at the key points of contact between the customer and the Bank, immediately after the event, measuring satisfaction with a given interaction, which is defined in space and time, and the Bank’s NPS following the customer’s recent experience in connection with that event.

In 2023, the Bank collected approximately 1.5 million surveys through various methods, including remote channels. Plans include further increasing the number of monitored processes, especially those related to post-purchase service.

INSTITUTIONAL CUSTOMER SATISFACTION SURVEYS

In 2023- 2025 Strategy, institutional customer satisfaction is one of the key pillars - the Bank aims to be among the three top-rated banks. The Bank measures its position in an independent, external benchmark study, which allows it to analyse customer satisfaction with its services compared to competitor banks and set targets that reflect its market position. Institutional customer NPS goals are included in the Bank's note, notes of members of the Bank's Management Board and key employees related to the corporate and corporate banking area. In 2023, the targets set were met at 120%.

De to the nature of its business, the direct environmental impact of the Bank and its Capital Group on the natural environment is limited. The Group entities have procedures and structures to monitor legal changes in the environmental sector relevant to their operations. In 2023, none of the Group entities conducted an activity that could significantly affect the environment. [GRI 307-1] No administrative proceedings relating to a breach of the environmental regulations were conducted with respect to the Group that would result in any financial penalties.

Direct environmental impact depends on the use of limited natural resources. The Group monitors the consumption of such resources and engages in activities aimed at reducing their consumption.

In 2023, none of the Bank's Group entities conducted an energy efficiency audi. In 2021, in accordance with the requirements of the Act on energy efficiency the Bank conducted an energy efficiency audit. The findings of the audits in previous years were used to identify the areas with the greatest energy-saving potential and to draw up action plans, which are now being successively implemented.

[GRI 303-1] According to estimates, in 2023 water consumption in the Bank was approx. 229.4 million litres (224.2 million litres in 2022) and 46.6 million litres (45.5 million litres in 2022) in other entities of the Group. The increase in water consumption in the Bank (by 2.3% y/y) is due to the increased presence of employees in the office (up by 1pp), the increase in headcount and the first-time inclusion of the Bank's foreign branches in the calculations.

Since 2019, the Bank has been systematically reducing energy consumption. Total energy consumption in 2023 is down 4.6% for the Group compared to 2022, including a 3.8% decrease for the Bank and an 8.7% decrease for the companies. The consumption of certain fuels in buildings has decreased: natural gas, LPG and coal. Group companies (SGK) reported a 720% increase in diesel consumption in relation to 2022. In 2023, the company that consumed the most diesel (99.6% of total SGK consumption) was KREDOBANK S.A. The increased demand for diesel was a result of the ongoing war in Ukraine - rocket attacks by the Russian army resulted in power supply problems, causing KREDOBANK S.A. to use diesel generators. The consumption of diesel used in SGK vehicles has also changed. Diesel consumption decreased by 35.5%, as a result of the replacement of diesel cars at PKO Leasing.

In 2023, the Bank installed 15 photovoltaic installations with a total capacity of 451.78 kWp, for which the estimated renewable energy yield is 409,373 kWh/year. At the end of 2023, the Bank's facilities had 28 photovoltaic micro-installations, with 5 units installed at the end of the year not yet put into production.

In 2023, the share of loans for clients in high-emission sectors was 0.19% (with the Bank’s tolerance limit < 1.6% and the Capital Group’s < 1.6%) compared to the value at the end of 2022, which was 0.38% (more in section 13.7.7 – Indicators and objectives).  

INDIRECT ENVIRONMENTAL IMPACT MANAGEMENT

One of the tools for managing credit risk for selected industries/sectors is lending policies. The Bank has the following policies: Renewable Energy Sources, Carbon-Intensive Energy Sector, Chemistry-Oil-Gas, Revenue Real Estate (adopted and implemented in 2022), Construction and building materials, Car Dealers and CFM companies, Public Healthcare, Trade, LGU (adopted and implemented in 2022).

On 29 May 2020, the European Banking Authority issued the Guidelines on loan origination and monitoring (EBA/GL/2020/06), which apply to the Bank as of 30 June 2021. The guidelines set out internal governance, processes and mechanisms for credit and counterparty risk, as well as requirements related to the assessment of borrowers' creditworthiness. In accordance with the guidelines, the Bank assesses, on a case-by-case basis, the impact of the ESG factors on a customer’s creditworthiness in the corporate segment and in the companies and enterprises segment, evaluated using rating methods. The Bank takes into account data on client energy consumption and greenhouse gas emissions data as well as on their emission reduction and climate change adaptation plans.

The credit process also includes an assessment related to the loan transaction. On the one hand, the Bank assesses the impact of a given loan transaction on ESG issues, and on the other hand, it examines how ESG factors affect the loan transaction.

As part of the verification exercise, the Bank classifies lending transactions into four colour-coded categories: transactions with a positive impact (green ESG category), transactions with a neutral impact (white ESG category), transactions with a possibly negative impact (yellow ESG category) and transactions with a significantly negative impact (brown ESG category).

In assessing the ESG factors, the Bank takes into account, among others, the risk of climate change and its impact on the customers’ operations, potential influence of the customer on climate, factors related to human capital, health and safety, and governance factors (including the corporate culture and internal audit). By using appropriate tools, the Bank estimates ESG risks, assesses and controls them. The identification of ESG risks allows the identification of projects which do not meet the increasingly high environmental and social requirements.

The Bank closely monitors the information published on anthropogenic climate change and is aware of corporate responsibility for complying with the obligations recorded in the Paris Agreement. The Bank wants to achieve its business objectives by maintaining its impact on the climate change resulting from its operating and product activities and the impact of climate change on business activities at the lowest possible level. In its activities, the Bank wants to support the long-term objective of the Paris Agreement - increase of the global average temperature below 2°C as compared to pre-industrial levels.

Since 2019, the Bank has been calculating the level of greenhouse gas emissions from operational activities (for the Bank and for the Bank’s Group). In 2021, it adopted ambitious short-term objectives concerning reduction in the Bank’s (Scope 1 and Scope 2) GHG emissions aligned with the objectives of the Paris Agreement (accounting the Directors’ Report for 2022). The Strategy for 2023-2025 adopts new climate targets and an accounting of these is provided in section 13.4. The Bank is focused on improving and expanding the measurement categories of GHG emissions generated by the Bank in all three scopes. Additionally, the Bank eliminates carbon-intensive energy sources, buys energy from RES, takes actions limiting energy consumption (e.g. photovoltaic installations in selected real properties of the Bank).

The Bank is aware of the impact of its loan portfolio on climate and the impact of the risk of climate change on its loan portfolio. The Bank has adopted lending policies for the carbon-intensive sector, RES, as well as the chemical, oil and gas industries. The aim of the policy for the carbon-intensive sector is to successively reduce the exposure to customers and transactions based on coal as an energy carrier (consistency with the European climate policy and moving towards net-zero carbon emissions in 2050) and to refrain from financing new energy production sources based on coal and lignite. On the other hand, the RES policy assumes increasing the financing of operations related to renewable energy in a successive manner.

The Bank discloses climate-related information in accordance with the TCFD (Task Force on Climate-related Financial Disclosures) recommendation. The guidelines aim to encourage financial institutions and non-financial companies to disclose information on climate-related risks and opportunities. The guidelines centre around four thematic areas: Governance, Strategy, Risk management, Metrics and objectives. For several years, the Bank has been conducting climate disclosures in CDP Disclosure Insight Action using the TCFD recommendations and for 2023 as one of eight Polish banks, and it has received a climate change disclosure rating (“D”).

CLIMATE DISCLOSURES ACCORDING TO THE TCFD STANDARD

The Management Board of the Bank defines the risk framework, oversees the implementation of the set objectives, strategies and policies and defines the principles of their management in the context of the risk management in the field of environmental protection. In accordance with their powers. Units are responsible for the coordination and management of individual ESG risks and their impact on the Bank's operational risk according to their competences.

The Committees functioning in the Bank within the scope of their tasks and competences take decisions, issue recommendations, and opinions on activities related to ESG risk.

In 2023, the Sustainable Development Committee was established to take the decisions necessary for the implementation of the Bank's and the Bank Group's strategic objectives in terms of sustainable development and to oversee the management of the impact of ESG factors on the Bank and the Bank's Group. The Committee is composed of all members of the Management Board and heads of most areas. The Committee’s activities are chaired by the President of the Management Board or the Vice-President of the Management Board managing the work of the Bank’s Management Board, and their deputy is the Vice President of the Management Board supervising the Risk Management Area.

At the end of 2022, the ESG Sustainability Department was established in the Bank, reporting to the President of the Management Board. Its task is to ensure that the Bank's and the Bank Group's operations comply with generally applicable laws and other external regulations relating to sustainable and responsible ESG development and to coordinate activities to ensure that the Bank's and the Bank Group's strategic ESG objectives are met.

The Credit Risk Department is responsible for the development and creation of solutions and tools to support ESG risk management, including the sourcing of information for ESG risk management and the implementation of solutions arising from generally applicable legislation (e.g. EU Taxonomy, Pillar 3 disclosure) or regulations of supervisory or control authorities regarding ESG risk management.  The Department is also responsible for monitoring strategic credit risk limits and strategic climate risk limits for credit risk, monitoring the utilisation of internal portfolio limits, in particular with regard to climate risk limits, coordinating the implementation of consistent risk management standards across the Bank's Group for mitigating the impact of climate factors on individual risks, in particular on the risk level of the Bank's loan portfolio.

The ESG Public Programmes Department is responsible for supporting the development of the Bank's offering to its banking customers: companies, enterprises and corporate banking in terms of products and services linked to public and EU programmes, including those supporting ESG sustainability, in particular climate transformation.

STRATEGY

The Bank adopted a Strategy for 2023-2025, in which it specified its climate ambitions as follows:

• limiting the Bank’s own CO2 emissions of the Bank through modernisation of branches and offices, and electrification of fleets,
• increasing the share of energy from certified green sources,
• achieving net-zero in Scope 1 and 2 by 2030.

In the risk area, the Bank intends to:

• extend the process of scoring and analysis of the portfolio to include ESG aspects,
• build sector expert opinions,
• carry out climate stress tests,

With regard to financing, the Bank wants to:

• expand the product offer supporting sustainable development,
• identify priority sectors and customers to support decarbonisation,
• finance complex transformation investments,
• begin calculating Scope 3 emissions as part of the preparation of the trajectory of a science-based reduction.

Considering the strategic objectives in terms of sustainable development, understood as a positive impact on the environment and society together with ensuring compliance with the principles of corporate governance, the Bank adopted the "Principles for the classification of sustainable development financing in the PKO Bank Polski S.A. Group" in December 2023. The principles take into account the requirements of international standards and the regulatory environment, in particular those arising from the EU Taxonomy and the European Green Bond (Regulation (EU) 2023/2631 of the European Parliament and of the Council). The principles are subject to regular review, at least quarterly. The findings of the review are presented to the Sustainable Development Committee.

In accordance with Article 8 of the EU Taxonomy, PKO Bank Polski Group S.A., as a public interest entity preparing non-financial statements in accordance with Directive 2014/95/EU of the European Parliament and of the Council of 22 October 2014 amending Directive 2013/34/EU as regards disclosure of non-financial and diversity information by certain large undertakings and by groups (hereinafter: the NFRD), is required to disclose information for 2023 indicating what proportion of the portfolio is used to finance taxonomy-aligned activities. The primary performance indicator for credit institutions is the Green Asset Ratio (GAR), which refers to the core lending and investment activities of the Bank's Group, including loans, advances and debt securities, as well as equity instruments. The GAR reflects the extent to which the Bank’s Group finances Taxonomy-aligned activities.

GAR determines the percentage of the Bank Group's assets financing Taxonomy-aligned (environmentally sustainable) business activities compared to the total assets of the Bank's Group taken into account in the GAR calculation.

In December 2023, the Bank adopted the “Principles for the classification of sustainability financing in the PKO Bank Polski S.A. Group”, which take into account the requirements of international standards and the regulatory environment, in particular those arising from the EU Taxonomy and the European Green Bond. The Bank is in the process of implementing the provisions of the Principles, in particular with regard to its business and reporting processes, as well as the related IT systems. In January 2024, taxonomy questionnaires were implemented at the Bank to support the assessment of meeting the technical screening criteria of the EU Taxonomy for targeted financing.

The Bank Group's disclosure for 2023 provides a full taxonomic analysis of the Bank Group's individual transactions in terms of both eligibility for the taxonomy and alignment with the taxonomy in relation to the first two environmental objectives: climate change mitigation (CCM) and climate change adaptation (CCA).

In 2023, PKO TFI offered two "green" sub-funds separated within PKO Parasolowy fund: “PKO Global Ecology and Social Responsibility” and “PKO Global Bond”. Both sub-funds are categorised as “light green plus products”, i.e. fulfilling the requirements of Article 8 of the SFDR and having balanced investments in addition (within the meaning of Article 2(17) of the SFDR). At the same time, PKO TFI launched a website dedicated to "green investments" (Zielone inwestycje (ESG) (pkotfi.pl)).

In 2023, PKO TFI, together with a working group established at the Chamber of Fund and Asset Managers, took steps to develop a solution that would meet the requirements of the Regulation of the Minister of Finance of 29 June 2023 amending the Regulation on the manner, procedure and conditions for the conduct of activities by investment fund companies, which became effective on 24 January 2024.

PKO TFI has analysed and revised its customer survey process, where the questions on investment objectives defined by the customer include the option to make investments taking into account sustainable development goals (ESG).

In 2023, the Bank adjusted the content of the Principles for Managing Products Covered by MIFID in the Bank to the changes introduced in November 2022 in the IT systems, which involved including in the product management process the client’s objectives related to sustainable development and sustainable development factors.

Every employee of the Bank Group is important regardless of gender, age, health status, sexual orientation, religion, marital status or country of origin.  The Bank and the Bank's Group entities, in their operations, take care of the diversity of the workforce at each job level in accordance with internal policies in this regard.

Employment

The Bank adjusts its level of employment on an ongoing basis to the current business needs and development plans. The Bank Group's headcount at the end of 2023 was 25,601 FTEs (including: 1,489 FTEs in Ukrainian companies), up 529 FTEs compared to the end of 2022. The increase in employment is due to the implementation of new initiatives as part of the adopted strategy.

[GRI 2-8] The main form of employment in the Bank as well as in the Bank's Group is an employment contract. The Bank also utilises civil law agreements for its employees. In 2023, 1,721 persons received payment under a specific work contract, a contract of mandate, or a student internship: 2 specific work contracts, 1,506 contracts of mandate, and 213 student internships. The percentage of persons working on the basis of civil law contracts constitutes 7.4% of employment contracts and civil law contracts combined.

HYBRID WORK MODEL

The Bank operates a hybrid work model that allows for a flexible approach, adjusting its principles to the realities and business objectives. Decisions about the proportion of work in the office and at home are made by managers.

REMUNERATION

[GRI 405-2] The global gender pay ratio calculated as the total weighted average salary of women and men (including the salaries of members of the Management Board of the Bank - alignment with EBA guidelines) paid in 2023 was 98% (+2 p.p. y/y) in the Bank and 97% (+4 p.p. y/y) in the Bank's Group.

The gender pay gap calculated on the basis of the weighted average salary was 2% at the Bank and 3% in the Bank’s Group. The gender pay gap at the Bank based on the median was 1.6%.

The presented gender pay gap level does not indicate any unjustified inequalities in education or renumeration among women and men, and the reasons for the deviations owing to gender are the result of the nature of the organization, where the majority of employees are women.

The Bank's remuneration policy is gender-neutral. The changes introduced in 2022 to the Remuneration Policy for employees of the Bank and the Bank’s Group were intended to emphasise the importance of gender neutrality in remuneration and the application of this principle.

[GRI 2-21] The ratio of the highest total remuneration paid in 2023 to the median of the total annual remuneration of all employees (excluding the highest salary) was 10.6.

[GRI 2-30]A Collective Bargaining Agreement concluded with the company trade union organizations is in force at the Bank. It governs, among other things, salary-related issues. According to the Collective Bargaining Agreement, the Bank’s employees are entitled to the following salary components: (i) the base salary, (ii) allowances for working overtime and at night and in conditions which are particularly onerous and harmful to their health, (iii) bonuses and rewards for special achievements at work.

[GRI 2-30]A Collective Bargaining Agreement concluded with the company trade union organizations is in force at the Bank.

[GRI 401-2] All non-salary benefits are available to the employees irrespective of their type of contract and/or working time (full time and/or part time).

RECRUITMENT POLICY

The recruitment policy of the Bank’s Group is focused on employing persons with different types of professional experience and skills based on high standards of counteracting discrimination and personal data protection. The recruitment process respects the rights of the candidate, which means that all employees of the Bank and the Group involved in the process are guided by the principles of equal treatment and do not discriminate between job applicants, including, in particular, on the grounds of: gender, age, disability, race, color, religion, nationality, political opinion, trade union membership, ethnic or social origin, property, birth or sexual orientation.

FREEDOM OF ASSOCIATION AND TRADE UNION ORGANIZATIONS

The employee representation in the Bank consists of Trade Unions and the Bank’s Employee Council.

As of December 31, 2023, the participation of employees who are members of trade union organizations amounted to 12/6% relative to the total number of employed individuals.

[GRI 407-1] No operations or suppliers characterized by a high risk of restricting the freedom of association and collective agreements were identified at the Bank in 2023.

DEVELOPMENT AND EDUCATION

[GRI 404-2] Development activities are adjusted to the specific nature of the Bank and the individual entities of the Bank’s Group and regulated by internal regulations. It guarantees a flexible approach to the development policy. All employees in the Group can benefit from training actions regardless of age or gender. Individual entities may apply position-related criteria when directing employees to specific training, such as participation in higher education courses (various levels of education in individual entities of the Bank’s Capital Group) or foreign language courses.

In 2023, the #ESGo development programme was launched. The aim of the programme is to educate all employees on sustainability. Building core and expert competencies is expected to enable the Bank's successful ESG transition. In 2023, 293 employees participated in ESG training and 1,923 people attended online meetings.

1. DIVERSITY

Promoting diversity is present in many aspects of the activities of the Bank and the entire Bank’s Group. It assumes, among other things, respect for others, equal treatment and using the potential of employees. Diversity means that people are important irrespective of any differences between them, such as their gender, age, health condition, sexual orientation, religion, marital status or country of origin. In building teams, the Bank understands that diversity is their asset both in creating innovations and in smooth operations.

The Bank aims to ensure, promote and disseminate diversity. It ensures that diversity, both as a value and a practice, is present in the organizational culture, initiatives and measures taken, as well as in the relevant policies, regulations and processes.

PRINCIPLES OF EQUAL TREATMENT, ANTI-DISCRIMINATION AND RESPECT FOR HUMAN RIGHTS

The obligation of equal treatment in employment is a fundamental principle at the level of policies, regulations and processes developed and carried out at the Bank.

POLICY AGAINST BULLYING AND DISCRIMINATION

The Bank strongly opposes any forms of discrimination that contradict the organization’s values and promotes attitudes based on mutual respect among employees. Any conduct that can suggest the presence of bullying is unacceptable.

The Bank has rules to counteract bullying and discrimination and to handle complaints regarding violations of employee rights. These rules ensure the prevention of adverse phenomena in employee relations and specify the response to interpersonal conflicts.

In accordance with its mission, the Bank conducts activities whose aim is to have a positive impact on the society, the economy, and the environment. The Bank supports activities promoting pro-social attitudes and popularising national heritage, educational and sports projects, and actively participates in economic and industry events.

In the most significant program areas, The Bank and its Foundation implement projects jointly or separately. Furthermore, the Foundation is involved in activities which are focused on social welfare, protection of life and health, and ecology.

For years, the Bank has been initiating and implementing social projects that integrate business objectives with activities for the benefit of all stakeholder groups. In accordance with our mission, we carry out activities aimed at having a positive impact on society, the economy and the environment. We build our capital based on national values and traditions. We conduct and support activities aimed at commemorating important historical events, promoting pro-social attitudes, and popularizing Polish tradition and culture. We actively engage in educational and sports projects. Experience and leadership in the financial market also obliges us to promote entrepreneurship and support the Polish economy. The Bank actively participates in the organization of economic congresses and industry conferences, enabling the exchange of experience and building business relationships of Polish and international scope. We carry out projects both on a national and local level, supporting initiatives important for local communities. These activities serve to integrate communities, develop entrepreneurship among the region's residents and promote the region.  

Table 79. Expenditure on sponsorship and charitable activities in 2023 of the Bank, the PKO Bank Polski Foundation and the Bank's Group companies (in PLN)

The PKO Bank Polski Group influences the social environment and its development, we offer our customers financing for housing needs, support the development of local government units by financing public investments, support the development of small businesses, the development of education and also counteract financial exclusion and enable access to services for customers with disabilities.

In 2023, The Group paid a total of PLN 7,378 million in the form of central and local taxes.

[GRI 2-23] Entities within the PKO Bank Polski Group, in the process of creating regulations, procedures, and policies related to human rights, draw from the achievements of international organizations and respect the fundamental principles outlined in the international Bill of Human Rights, which includes the

Universal Declaration of Human Rights, UN Convention: The International Covenant on Civil and Political Rights, and the UN Convention: The International Covenant on Economic, Social, and Cultural Rights.

Depending on the size and specificity of a given entity of the Bank’s Group, observing human rights is manifested both in the internal provisions, the initiatives undertaken and in everyday practice. It particularly pertains to rights such as the recognition of personhood for each employee, freedom of expression and opinion, freedom of thought, conscience, and religion, protection of personal goods, equal treatment, access to information, access to healthcare, and respect for privacy.

[GRI 2-24] One of the most crucial elements/stages of the analysis is the identification of human rights in the context of the operations conducted. No cases of employment of minors or forced labour were identified in the Group entities operating in various countries.

A separate task is the issue of observing the human rights in the supply chain which, in the context of the Group entities, boils down to relationships with suppliers and the outsourcing of services (mainly banking services). The issues of observance of human rights are reflected in the procedures and agreements signed with these entities.

Some entities within the group have included provisions regarding respect for human rights and the prohibition of discrimination in the work regulations or code of ethics. The Bank’s policy regarding respect for human rights is included in the Bank’s policies and regulations.

[GRI 2-25] The Bank takes actions to prevent violation of human rights, including employee rights, but it is not able to eliminate all conflicts. In 2023, 17 labor disputes were conclusively resolved (11 were won, 6 were lost).

Entities within the Bank’s Group monitor the risks associated with individual human rights and manage them at the company level.

The Bank applies the principles of social responsibility in the supply chain by managing its relationships with external entities through:

• optimising the level of competition in the procurement procedure,
• fair treatment of bidders and suppliers,
• ensuring the confidentiality of the proceedings,
• ensuring that the requirements and criteria established in the procedure are proportionate to the goods or services purchased,
• managing conflicts of interest,
• taking measures to prevent corruption and ensure the integrity and transparency of procurement processes,
• committing suppliers to adhere to the principles of social and environmental responsibility.

The Bank conducts banking activities with the support of external entities. As a result, it is exposed to operational risk arising from outsourcing services to them.

The Procurement Policy of October 2023 has been developed based on market best practice, taking into account the findings of internal audits. The Bank is bound by the regulations on the purchase of goods for services, laying down principles and methods of purchases which are updated on an ongoing basis, in accordance with the changing regulatory environment. The main regulatory provisions in addition to the Policy are the “Principles for purchasing goods and services”, “Procedures for purchasing goods and services at the Bank”, “Supplier or Bidder Code of Ethics”. In 2024, it is planned to repeal the existing Principles and Procedures and adopt new internal legislation in their place to regulate the procurement process by taking into account the latest trends and regulatory requirements.

In 2023, the ESG questionnaire has been introduced, in which a bidder aiming to provide services or offer supplies to the Bank is required to answer a series of questions that may affect the evaluation of bids in the procurement process (see section on ESG). The ESG questionnaire is attached to the RFP.

In 2023, during the procurement process the Bank analysed situations which could cause a potential conflict of interests. All employees of the Bank participating in the purchasing procedure confirm the absence of a conflict of interest.

In 2023, the Bank has made the use of ESG criteria mandatory in all procurement procedures conducted by tender.

Within the environmental area, the bidder is assessed, among other things, on whether they:

• Undertake action to reduce the amount of waste produced, applies the rules for separating waste, disposes of hazardous waste in an appropriate manner,
• Rationally use of electricity and heat, favours the use of "green" energy, takes measures to reduce water consumption and counteracts water pollution,
• Minimize emissions of greenhouse gases, exhaust fumes and dust to an extent appropriate to its operations, and in particular manages its car fleet in a rational manner, choosing vehicles with lower capacity and fuel consumption and, where possible, equipped with environmentally friendly propulsion systems.

As part of the social area, the bidder is assessed, among other things, as to whether they:

• Ensure that human rights are respected in its activities, does not employ children and complies with the applicable legislation on child labour,
• Comply with legislation on workers' rights, including health and safety at work, ensures proper working conditions for its employees,
• ensure equal treatment, in particular of employees and contractors, does not engage in any discriminatory practices, in particular on the grounds of age, gender, disability, religion or racial affiliation.

As part of the corporate governance area, the bidder is assessed, among other things, as to whether they:

• Base their activities on fair and free competition as well as reliability and credibility in communication,
• Protect and do not disclose confidential information obtained in the course of cooperation, comply with security regulations for all information processed,
• Exercise due diligence in selecting contractors who meet ESG requirements

Evaluation criteria relating to ESG are mandatory evaluation criteria for offers in tendering proceedings.

[GRI 414-1] In 2023, the Bank applied ESG criteria in all tendering proceedings.

[GRI 414-2] In 2023, the Bank did not record any negative social effects in the supply chain.

[GRI 407-1]In 2023, the Bank did not identify operations and suppliers within a high level of risk regarding the restriction of freedom of association and collective bargaining. 

The Bank's "Rules for the protection of persons and property", adopted by a resolution of the Management Board in 2018, specify the obligation to train employees in fire protection and outline general procedures in case of a fire.

[GRI 403-1] OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEM

The Bank’s OHS Service is organized as an independent Office for Occupational Health and Safety (OHS) and is a part of the Administration Division. The unit is divided into field teams supporting all of the Bank’s facilities in Poland. The employees of the Office perform the tasks specified in the “Regulation of the Council of Ministers (...) on the OHS Service” on a daily basis including:

• periodical assessment of occupational risk,
• analysis of accidents and incidents that have occurred to date and monitoring events that may potentially lead to accidents,
• ongoing and periodical OHS inspections in all locations and units of the Bank,
• conducting introductory and periodical OHS training,

[GRI 403-2] HAZARD IDENTIFICATION, RISK ASSESSMENT AND INCIDENT INVESTIGATION

The Bank has identified workplace hazards and did not recognize any positions with risk classified as. Risk assessments were conducted using the Risk Score method, covering 100% of the positions at the Bank. Each assessment is subject to ongoing monitoring and periodical verification.

[GRI 403-3] OCCUPATIONAL HEALTH SERVICES

The Bank has a contract for providing occupational health services with Luxmed. Employees undergo initial and periodic examinations at Luxmed branches or affiliated facilities.

[GRI 403-4] EMPLOYEE PARTICIPATION, CONSULTATION AND COMMUNICATION ON OCCUPATIONAL HEALTH AND SAFETY

Communication between the employees and the employer is carried out in the form of an open dialogue through Trade Unions. The unions operate at the Bank in a robust and representative manner. An employee representative always participates in the periodic OHS Commissions and has the opportunity to communicate directly with occupational health and safety representatives

[GRI 403-5] EMPLOYEE TRAINING ON OCCUPATIONAL HEALTH AND SAFETY

Occupational Health and Safety training at the Bank is organized by the internal OHS service. Introductory training is carried out on an ongoing basis in all locations in Poland in a classroom setting using proprietary materials and teaching aids. In 2023, 3,189 new employees were trained. In the same year, periodic training was completed by 12,236 individuals, thus completing all training that was suspended due to COVID-19 related regulations.

Additionally, among the OHS Office staff, there are qualified paramedics and first aid instructors who systematically train employees in pre-medical first aid. Such training is provided to volunteers and in 2023, 247 individuals were trained.

[GRI 403-6] PROMOTION OF EMPLOYEE HEALTH

All entities of the Bank’s Group, including the Bank, take voluntary (other than legally required) action to promote employee health.

[GRI 403-7] PREVENTION AND MITIGATION OF OCCUPATIONAL HEALTH AND SAFETY IMPACTS DIRECTLY LINKED BY BUSINESS RELATIONSHIPS

Preventive measures taken at the Bank to improve safety and working conditions include:

• support and definition of measures to be taken in the event of occurrence or psychological or social hazards, such as stress or bullying,
• information campaigns concerning ergonomics and safety at work (manuals, brochures, topic-specific intranet sites),
• additional, non-obligatory training in first aid and safe driving courses for employees using company vehicles.

[GRI 403-8] EMPLOYEES COVERED BY THE OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEM

The basic occupational health and safety management system, derived from general legal provisions, covers 100% of employees.

[GRI 403-9] WORK-RELATED INJURIES

In 2023, 78 accidents were reported (68 in 2022). As a result of the proceedings conducted, 8 of them were not classified as work-related accidents, and 17 are still pending. The most common work-related injuries include fractures, sprains and contusions, as well as superficial body injuries.

In 2023, the remaining entities within the Bank’s Group reported a total of 8 workplace accidents (6 in 2022), one of them concerned a person working based on a contract other than the contract of employment. All proceedings were completed, and all of them were classified as an accident at work.

[GRI 403-10] OCCUPATIONAL DISEASES

In 2023, two proceedings were initiated for the occurrence of occupational diseases in former employees of the Bank, both proceedings are still pending with the State Labour Inspectorate, and no decisions have been issued in this regard. However, 6 proceedings that had been initiated in previous years were completed, with 7 decisions issued.