Our risk management and compliance model ensures we operate in a way that both reflects our values and culture and delivers on our responsible banking strategy.
It has three lines of defence: 1) business support units, 2) risk management and compliance units, 3) and internal audit. The board of directors, which is responsible for risk control and management, sets the group-wide risk appetite.
Our responsible banking area is particularly concerned with social, environmental and reputational risks, especially those stemming from compliance, conduct, digitalization and climate change.
Risk culture in our corporate culture - Risk Pro
Our risk management stands on a shared culture that ensures all employees understand and manage the risks inherent in their daily work. We reinforce it with risk awareness campaigns throughout the employee lifecycle; training with the Risk Pro Banking School and Academy; the sharing of best practices; and the re-evaluation of risk culture to check for areas of improvement.
Cybersecurity
Banco Santander considers cybersecurity critical in the digital age and has embedded it within our culture so we can promote behaviours that protect our customers’ information and the bank. Our cybersecurity and IT conduct policy outlines acceptable uses of Santander's IT equipment and services; highlights areas of risk and misconduct; and explains how our cybersecurity standards and rules can avoid or mitigate reputational and commercial risks.
We train our employees to treat our customers’ data securely and ethically.
Banco Santander also spreads cyber-awareness in our communities. Our digital channel awareness initiatives help our customers and communities stay safe online. We also work with state-run and private institutions to share knowledge about, and to collaboration on, cybersecurity.