49
Raiffeisen Bank International | Sustainability Report 2017
GRI content index / Assurance statement Engaged citizen Fair partner Responsible banker Sustainability management Overview Foreword
Social product responsibility
RBI is aware of the impacts of its business activities on society. Virtually, all payment transactions are processed
through banks and by issuing loans, banks have an influence on the purposes for which funding is utilized. Our
products and services can therefore directly contribute to changing the life situations and consumer behavior of
the population. Indirect influences arise through investments in projects or companies with particular social or
societal relevance, from which people could either benefit or be disadvantaged.
Observing human rights is a basic requirement in connection with all of the products and services
we offer. Specifically, we do not finance transactions connected with forced or child labor or in
violation of the European Convention on Human Rights, obligations under the labor and social
law of the respective country, applicable regulations issued by international organizations
(including the relevant UN conventions) or the rights of local populations or indigenous people. RBI is also not
involved in business with products which can serve to suppress demonstrations or political unrest or infringe on
human rights in some other way. This is especially true for businesses involved in countries in which political
unrest, military conflicts or other violations of human rights are taking place or expected.
Considering the requirements and concerns of our customers also plays an important role for our company in the
shaping, sale and use of products and services. The security of our products and the security of our customers
are both of central concern to us. Along with access to relevant information regarding products and services, this
includes the verifiability of claims, explanations of the possible risks associated with products or services and
appropriate information on risk reduction. Where possible, we inform customers about the sustainability aspects
of our products. We carefully check any complaints which are brought to us and respond as soon as possible.
We also strive to provide comprehensive barrier-free access to our financial services for disabled persons.
Protection of customer data
The RBI views comprehensive protection for all data provided to or made available to the group (concerning
customers as well as employees) to be an important part of its business activities. Strict organizational rules apply
throughout RBI for collecting, storing, processing and sharing such information (as far as is permissible and/or
necessary for the business activities), and compliance with these rules is regularly monitored by Group Auditing.
In addition, all data protection measures implemented and employed throughout RBI are aligned to the most
current technical security standards.
The most important principles of the data protection measures applied within RBI are:
• Classifying all data/information according to a four-level system, with appropriate (technical) authorization
required for read and/or write access even in the “standard” category 2 protection class.
• All read or write accesses are continuously logged electronically, and these logs are even centralized in the
case of particularly sensitive classified data/information.
• Regular backup routines (on a daily basis for business-critical data/information).
• Technical security measures (such as network security and segmentation) to additionally regulate access to
data.
Instances of complaints relating to violations of customer privacy and the loss of customer data are monitored in all
units. The reasons for the complaint or data protection violation are investigated and necessary measures are taken.
In financial year 2017, there were no substantiated complaints within RBI AG in Austria regarding violations of
customer privacy or the loss of customer data. In our network, complaints relating to data protection violations
were received in four network banks, and in one network bank there was a case of fraudulent data theft; however,
we did not become aware of any releases of customer data. All incidents were investigated immediately and
appropriate countermeasures were introduced.