2. Home
    1. Private
    2. Unternehmen
    3. Kontakte & Services
    4. Die SZKB
  3. Berichte
  4. Sustainability Report
    1. Geschäftsbericht
    2. Nachhaltigkeitsbericht
    3. Zwischenbericht
    4. Downloads
  5. 2 Responsible business conduct
    1. 3 Responsible financing
    2. 4 Responsible investing
    3. 5 Climate Report
    4. Notes
  6. 2.1 Responsible business conduct towards clients
    1. 2.2 Responsible business conduct towards employees
    2. 2.3 Responsible business conduct towards the local environment
    3. 2.4 Responsible business conduct towards the environment
    4. 2.5 Responsible business conduct towards the financial sector

2.1 Responsible business conduct towards clients

Relevance of the topic to SZKB and objectives

Responsible business conduct is a key component of SZKB’s sustainability strategy. It is based on the principles of protecting clients, ensuring transparency and building trust. By acting ethically, the Bank not only strengthens its own reputation but also makes an important contribution to financial stability and trust throughout the industry. Opportunities and risks relating to business conduct vis-à-vis clients can be divided into an inside-out perspective and an outside-in perspective:

  • Inside-Out 1: accepting responsibility at the heart of operations. SZKB develops its products and services in the best interest of its clients. In doing so, their needs are taken into account while risks and opportunities are communicated in a clear and transparent manner. This approach strengthens not only client loyalty and long-term relationships but also the Bank’s market position. Through proactive risk management, SZKB protects the interests of its clients and supports the stability of the financial system.
  • Outside-In 2: adapting to external influences. External factors such as economic or regulatory changes have a direct impact on the Bank and its clients. SZKB responds to this with a forward-looking approach and by making flexible adjustments to its products and services. In this way, it offers its clients a stable financial basis whilst at the same time increasing client satisfaction, which is a high priority for it.

SZKB has defined the following objectives for responsible business conduct towards clients in the key area of «client satisfaction»:

  • In the client satisfaction survey conducted every two years, 95% of clients express satisfaction or high satisfaction with SZKB.
  • In the client satisfaction survey conducted every two years, from 2030 onwards at least 70% of clients will say that they perceive SZKB as a sustainable or very sustainable bank.
  • By 2030, all branches will be accessible to clients with reduced mobility.

Responsible business conduct means not only catering to the needs of clients with high-quality products and services but also strengthening trust in the work of SZKB. Client satisfaction is achieved through reliability, transparency and respect for the concerns of clients. Ensuring that their personal data is protected is an essential part of this process. SZKB is committed to its responsibility to manage data securely and in accordance with the applicable legal requirements. This not only enhances security but also forms the basis for long-term cooperation rooted in trust.

SZKB has set for itself the following target with immediate effect in the key topic of «data protection/client data/privacy»: All SZKB full-time and part-time employees, as well as all authorised representatives with access to SZKB’s IT systems, are required to complete annual online training courses on data and information security to ensure the security of client data.

1 Considers the impact of a company’s own actions on clients, society and the environment. It assesses whether internal processes, products and services have been designed sustainably in order to achieve positive outcomes and minimise risks.

2 Focuses on external influences such as market trends, regulatory changes or societal expectations that affect the company. The aim is to proactively manage these influences and respond strategically to them in order to create competitive advantages and boost resilience.

 

 

«Client satisfaction» management approach

Advisory philosophy: «Advise well, Schwyz-style»
The new advisory philosophy «Advise well, Schwyz-style» was introduced in 2024 with a value proposition and twelve advisory standards. It stands for holistic advice rooted in foresight and is based on clearly defined pillars. The aim is to understand the individual circumstances of our clients and to offer needs-based solutions rooted in financial expertise and pragmatism. Client advisors receive regular training and support from their supervisors in order to embed this philosophy in their work. All advisors in core segments have completed a two-day basic training programme and further training on specific topics. In addition, tools have been introduced in order to prepare for discussions and to analyse client circumstances. In addition, advisors complete an SAQ-certified training course in order to ensure their expertise.

The advisory philosophy places a particular emphasis on ethical and responsible sales practices. This is done in order to ensure that financial products are only offered if they match the needs and risk profile of clients, as well as to ensure financial protection for clients and to prevent over-indebtedness.

Development of products and services
SZKB attaches great importance to the quality of its products and services, which are regularly reviewed and assessed by the responsible specialist department. Client feedback and surveys provide additional insights concerning potential improvements. The results are fed into the Sales Commission, which decides on new products, as well as any expansion or adjustment of products already launched. The Commission, which includes representatives of the Executive Board, Sales Management, Sales and Market Management and Product Management, is responsible for careful analysis and implementation.

The product development and review process is regulated in the directive «Introduction of New Products or Entry into New Business Areas», and incorporates relevant functions from the first and second line. The Executive Board oversees all product launches.

SZKB does not engage in active market cultivation outside Switzerland and complies appropriately with regulatory requirements such as the automatic exchange of information, the Qualified Intermediary Agreement and the FATCA Agreement.

Access to SZKB services
SZKB interacts with its clients via a broad network of branches and cashpoints, advisory consultations, product documents and client communications. As a member of the Association of Swiss Cantonal Banks (VSKB), SZKB clients can withdraw cash free of charge from more than 2,000 cashpoints operated by cantonal banks throughout Switzerland. With 1.4 branches and 3.2 ATMs for every 10,000 residents, SZKB has an above-average density of branches and cashpoints in the Canton of Schwyz. SZKB ensures that accessibility requirements are fulfilled by new buildings and renovations.

Digital distribution channels complement this access and enable banking transactions such as payments and securities trading to be conducted flexibly via e-banking and mobile banking solutions. The barrier-free design of digital services takes into account the fact that people with restrictions must also have easy access. SZKB also offers innovative alternatives such as telephone advice, video sessions and in-person appointments on site. With tools such as the TWINT App and software integration for accounting systems such as Swiss21, Klara and Bexio, SZKB is expanding its range for private and corporate clients.

SZKB also arranges specifically designed events and public events to present its range and to foster financial literacy among the general public. An internal event concept ensures efficient, professional implementation, taking into account sustainability, security and accessibility considerations. With practical formats and topics specific to the respective target group, SZKB actively supports the responsible management of finances and enhances dialogue with its clients.

SZKB ensures that its banking services can be accessed through a wide range of interfaces. Thanks to an above-average density for Switzerland in terms of branches and cashpoints per 10,000 inhabitants as well as digital and innovative solutions, SZKB ensures that its services are accessible at all times, even in under-serviced areas and among under-serviced population groups (e.g. due to a lack of infrastructure in remote regions).

Transparency about products and services
SZKB focuses on transparency and provides its clients with targeted and comprehensive information concerning physical and digital channels, such as communication sent by postal mail, campaigns, bonus programmes and advertisements. With the e-banking and mobile banking solution, clients always have an overview of their financial situation. Alongside product-specific information, SZKB provides individual data in the form of reports.

New products or extensions are communicated to sales staff and, if necessary, accompanied by training to ensure high-quality advice. Advertising campaigns are developed with input from multiple sources and, if necessary, are reviewed by the specialist units affected by the topics dealt with, such as the Compliance/Legal Services department, in order to ensure compliance with statutory and regulatory requirements.

Client satisfaction
At least every two years, SZKB measures client satisfaction and the outside world’s perception of the Bank. In addition, targeted surveys on specific topics or selected client interactions are carried out in order to gain detailed insights. These surveys are conducted on a case-by-case basis, at most once or twice each year.

In addition, SZKB participates in surveys conducted by the Association of Swiss Cantonal Banks (VSKB), including surveys regarding client satisfaction and the image of the Bank. Since 2024, SZKB has been using YouGov’s Swiss Brand Observer, which analyses the perception of 225 brands and the impact of advertising campaigns on a weekly basis. Through this and other ad hoc studies concerning topics such as «security in banking», SZKB is gaining valuable insights in order to optimise client satisfaction.

Complaints management and client feedback
Client satisfaction is the focus of SZKB client service. Complaints are received, recorded and processed centrally by the client advisor or the Client Centre. The process for monitoring and analysing complaints is regularly reviewed, in particular with regard to quality assurance and raising awareness among employees.

Segment & Sales Management receives and reviews complaints weekly to ensure they have been correctly recorded in accordance with the internal «Complaints Management» policy. A dashboard is used to analyse patterns and frequencies in order to derive targeted improvement measures. The results are incorporated into reporting on operational risks and are integrated on a quarterly basis into the overall Bank’s risk report, which is presented to the Executive Board, the Bank Council and the Swiss Financial Market Supervisory Authority (see Chapter 2.1.1 Relevance, objectives, management approach and measures, Section Organisation for operational risks).

This approach enables client relationships to be strengthened through competent complaints handling and, at the same time, to identify potential for improvement.

 

Key measures

SZKB focused on the following measures in the area of responsible business conduct towards clients during the reporting year in the key area of «client satisfaction»:

  • Identifying client satisfaction
  • Processing complaints and client feedback systematically
  • Providing training and courses for clients

 

Management approach to «data protection/client data/privacy»

Anchoring data protection in the organisation
The head of Finance and Risk Management is responsible for ensuring compliance with data protection requirements. The Compliance/Legal Services department identifies the data protection requirements that must be applied along with the data security measures that need to be implemented in the Security department.

SZKB treats all personal data confidentially and in accordance with the applicable statutory provisions, such as the Swiss Data Protection Act. Details on data protection are set out in the internal «Data Protection» directive. In principle, data is only shared with third parties if this is necessary for the performance of the contract. In the context of a final and enforceable judgement, order or legal obligation, personal data must be released to authorities in Switzerland and abroad in connection with civil, administrative and criminal proceedings.

Data handling
All SZKB systems and programs are state-of-the-art in terms of security and are protected by means of technical and organisational measures against loss, destruction, unauthorised access, modification or dissemination. Access controls, encryption and de-identification ensure that sensitive data is protected and remains confidential. The Payment Card Industry Data Security Standard (PCI-DSS) has been implemented in relevant areas. Personal data is protected in accordance with the least-privilege and need-to-know principle in order to prevent unauthorised access as well as unintentional alteration or deletion. Premises not open to the public are secured by personal access controls, and access to IT systems is only provided via individual code and password. The security system complies with applicable provisions and the need-to-know principle.

Security measures are regularly adapted in line with technical developments and reviewed by internal and external controls. In addition, employees benefit from regular training and awareness-raising measures. These measures also apply to SZKB contractual partners for which ISAE-3402 reports (International Standard on Assurance Obligations, ISAE) 1 are requested from relevant partners according to risk-based considerations. SZKB concludes order data processing agreements with partners if they process personal data on behalf of SZKB.

SZKB maintains an inventory of the data records and updates it regularly. Any data subject may request information as to whether and, if so, which personal data concerning them is being processed. In addition, the data subject has the right, in particular, to obtain the rectification and erasure of the data in accordance with statutory provisions. Personal data is stored for as long as is necessary to fulfil contractual, statutory or regulatory obligations or internal requirements, as a general rule for 10 years after the end of the business relationship. Storage for a longer period may be necessary within the context of ongoing or anticipated legal or regulatory proceedings or due to other overriding interests. After the reason for storage no longer applies, data is deleted or anonymised if technically possible.

SZKB provides public information in its Privacy Policy concerning the principles according to which all business areas at SZKB process personal data. It can be viewed on the SZKB website.

Emergency planning for security incidents
For IT projects, SZKB relies on the principles of «security by default» and «security by design». This means that systems are designed safely from the outset without any need to take additional security measures and consider security aspects at an early stage of development. Measures such as multi-factor authentication, data encryption and the deactivation of insecure functions are an integral part of this.

In order to avoid data leaks and to ensure confidentiality and data storage, SZKB carries out regular risk assessments and data backups, which are checked for recovery at least once a year. An incident response plan with specific playbooks, including one for data breaches, ensures a quick response, thorough analysis, and the taking of appropriate action in the event of incidents.

Information security management system
SZKB operates an information security management system (ISMS) in accordance with ISO 27001 and aims to secure ISO 27001 certification in the next few years. As part of the security system, vulnerabilities are assessed from a risk perspective. SZKB also proactively conducts internal and external audits at varying intervals to ensure high standards with regard to data security. At least once a year, an external security company is instructed to audit SZKB’s security structure. In the context of projects and the introduction of new systems, risk-based checks are carried out to identify any potential vulnerabilities and, if necessary, validated with external partners and passed on to the SOC partner (security operations centre) for analysis. Anomalies are systematically analysed and measures are defined. Any vulnerabilities identified as part of the continuous bug bounty program are also validated by an external partner 2.

Organisation for operational risks
The former Security Commission (SI-COM) was replaced by the Operational Risk Commission (ORC). The ORC is a commission established by the Executive Board to manage operational risks in accordance with the risk catalogue. Duties and powers include operational risk reporting, monitoring and compliance with risk tolerance, the identification of measures to reduce risk or ensure compliance with reporting obligations to the Executive Board and the Bank Council and ensuring compliance with statutory and regulatory reporting obligations.

The ORC ensures effective management of operational risks within the company and also serves as a liaison body between the risk management units (first line) and the independent control bodies (second line).

 

Key measures

SZKB focused on the following measures in the area of responsible business conduct towards clients during the reporting year in the key area of «data protection/client data/privacy»:

  • Raising employee awareness and providing training to employees
  • Development of artificial intelligence governance (AI)

 

1 ISAE 3402 Type I: Assessment of the suitability and structure of controls. Control design and implementation are reviewed. ISAE 3402 TYPE II: Additional review of the effectiveness of controls during the audit period. Definitions and specific implementation are assessed.

2 Bug bounty programs serve, as a complement to other security measures, to identify, document and remedy any vulnerabilities within IT systems and applications, working in cooperation with ethical hackers. They comply with legal requirements and act with the consent of the parties involved.

Identifying client satisfaction

While an ordinary client satisfaction survey was previously completed by clients only once every four years, SZKB has now adjusted the survey rhythm to once every two years due to the importance of client satisfaction and the inclusion of the "voice of the client". Surveys were conducted both in 2023 and 2024 due to a change in reporting arrangements.

The 2024 client satisfaction survey was conducted online by an external institute.

Description20242023
Proportion of clients who are satisfied or very satisfied with SZKB95%96%
Clients perceive SZKB as a sustainable or very sustainable bank79%53%

 

Processing complaints and client feedback systematically

At SZKB, client complaints are taken seriously and systematically recorded and handled. Proper handling of complaints also provides an opportunity to improve products and services and to strengthen client loyalty.

 

Description20242023
Number of complaints received216214

 

It is important for SZKB to record client complaints in the system so that continuous improvement can take place. In 2024, the recording process was optimised, and verification mechanisms were further developed in a targeted manner. Due to the systematisation of the process of recording and reviewing complaints, the raising of client advisor awareness through training in the complaints process and a positive culture in relation to mistakes, more complaints were recorded than in previous years.

 

Providing training and courses for clients

To enhance client familiarity with banking topics and increase client satisfaction, SZKB offers information platforms that include ones taking the form of client events. Clients are taught how to safely use digital banking services and are assisted with important topics in this way. In the summer of 2024, SZKB also launched the Clever@SZKB series, through which the Bank offers the Schwyz community free talks on various topics in order to improve financial literacy. SZKB also uses various other channels to provide financial information, such as videos and radio streams with insights and analyses from the Chief Investment Officer, the SZKB podcast, regional newspapers, specialist articles in newspapers and magazines, the SZKB client magazine, newsletters and so on. This enables it to reach its clients via a variety of digital and physical channels.

Raising employee awareness and providing training to employees

In 2024, all SZKB employees were obliged to complete IT system access training courses on information security and data protection. The awareness of SZKB partners with access to SZKB systems was raised by their responsible contact person at SZKB or the Security department. The signing of non-disclosure agreements also further raised awareness about the need to handle sensitive information in a responsible manner.

In order to enhance security awareness, SZKB has pursued measures such as simulated phishing and smishing attacks as well as regular information campaigns via the intranet. In October 2024, the Bank actively participated in the global Cybersecurity Awareness Month and provided employees with topic-specific learning videos to further increase resilience against cyber threats.

 

Development of artificial intelligence (AI) governance

During the reporting year, the development of company-wide AI governance was initiated. The use of artificial intelligence must be designed in such a way as to guarantee data protection and data security. The strategy sets out clear guidelines for the responsible use of AI. For the purpose of risk mitigation, the use of AI is then subject to the supervisory expectations of the Swiss Financial Market Authority.

In order to anchor the strategy within the organisation, employees will be prepared in future through the provision of targeted training in the responsible handling of AI.

Assessment of effectiveness

In 2024, SZKB was able to maintain the proportion of clients who are satisfied or very satisfied with SZKB. SZKB will persist in confronting daily challenges in the times ahead in order to maintain or further improve this result. SZKB has also improved significantly in terms of its perception of being a sustainable bank. The measures implemented and planned have had an impact and confirmed SZKB’s progress along its chosen path.

SZKB considers the measures taken in the key area of client satisfaction to be appropriate and effective.

SZKB requires "all full-time and part-time employees, as well as all authorised representatives with access to SZKB’s IT systems, to complete annual online training courses on data and information security to ensure the security of client data". All SZKB employees completed this training in 2024.

SZKB considers the measures taken in the key area of "data protection/client data/privacy" to be appropriate and effective.

 

Further development and next steps

Over the coming year, comprehensive measures are planned to further anchor the advisory philosophy. This includes the introduction of a new, multi-day onboarding programme for new SZKB client advisors. Existing advisors receive refresher training, which is supplemented by targeted learning nuggets dealing with individual aspects of the advisory philosophy. In addition, the other sales staff who do not work in core segments receive training on the advisory philosophy. Sales managers continue to support client discussions in order to promote and develop the advisory expertise of their employees through targeted coaching.

The next client satisfaction survey is planned for 2026.

SZKB ensures that applicable accessibility requirements are comprehensively fulfilled by new buildings and renovations. In addition, SZKB has undertaken to examine existing structures in order to identify scope for optimisation over the coming years.

In the area of information security, the certification of the Information Security Management System (ISMS) according to ISO 27001 will be sought over the coming years. This will involve a pre-audit and a subsequent certification audit. In addition, a new annex to the contract containing technical and organisational measures (TOM) will be introduced in 2025 in order to ensure data security, which will have to be signed by the respective partners. The introduction and implementation of cloud governance will be completed next year. In addition, in the area of information security it is planned to further develop awareness measures in the context of the extended awareness concept 2.0. In the area of physical security, access control systems for bank premises are due to be exchanged soon.

From 2025, the issue of artificial intelligence will become an integral part of employee training, which will focus on the responsible handling of sensitive data and the secure use of generative AI.