2. Home
    1. Private
    2. Unternehmen
    3. Kontakte & Services
    4. Die SZKB
  3. Berichte
  4. Sustainability Report
    1. Geschäftsbericht
    2. Nachhaltigkeitsbericht
    3. Zwischenbericht
    4. Downloads
  5. 2 Responsible business conduct
    1. 3 Responsible financing
    2. 4 Responsible investing
    3. 5 Climate Report
    4. Notes
  6. 2.1 Responsible business conduct towards clients
    1. 2.2 Responsible business conduct towards employees
    2. 2.3 Responsible business conduct towards the local environment
    3. 2.4 Responsible business conduct towards the environment
    4. 2.5 Responsible business conduct towards the financial sector

2.1 Responsible business conduct towards clients

Relevance of the topic for SZKB its objectives

Responsible business conduct is a key component of SZKB’s sustainability strategy. It is based on the principles of protecting clients, ensuring transparency and building trust. By acting ethically, the Bank not only strengthens its own reputation but also makes an important contribution to financial stability and trust throughout the industry. Opportunities and risks associated with business conduct towards clients can be viewed from two perspectives: inside-out and outside-in:

  • Inside-out 1: accepting responsibility at the heart of operations. SZKB develops its products and services in the interest of its clients. In doing so, their needs are taken into account while risks and opportunities are communicated in a clear and transparent manner. This approach strengthens not only client loyalty and long-term relationships but also the Bank’s market position. Through proactive risk management, SZKB protects the interests of its clients and supports the stability of the financial system.
  • Outside-in 2: adapting to external influences. External factors, such as economic or regulatory changes, have a direct impact on the Bank and its clients. SZKB responds to this with a forward-looking approach and by making f lexible adjustments to its products and services. In this way, it offers its clients a stable financial basis whilst at the same time increasing client satisfaction, which is a high priority for it.

SZKB has defined the following objectives for responsible business conduct towards clients in the key area of «client satisfaction»:

  • In the client satisfaction survey conducted every two years, 95% of clients express satisfaction or high satisfaction with SZKB.
  • In the client satisfaction survey conducted every two years, from 2030 onwards at least 70% of clients will say that they perceive SZKB as a sustainable or very sustainable bank.
  • By 2030, all branches will be accessible to clients with reduced mobility.

Responsible business conduct means not only catering to the needs of clients with high-quality products and services but also bolstering trust in the work of SZKB. Client satisfaction is achieved through reliability, transparency and respect for the concerns of clients. Ensuring that their personal data is protected is an essential part of this process. SZKB is committed to its responsibility to manage data securely and in accordance with the applicable legal requirements. This not only enhances security but also forms the basis for long-term cooperation rooted in trust.

SZKB has set for itself the following target in the key topic of «data protection/client data/privacy»: All SZKB full-time and part-time employees, as well as all authorised representatives with access to SZKB’s IT systems, are required to complete annual online training courses on data and information security to ensure the security of client data.

1 Considers the impact of a company’s own actions on clients, society and the environment. It assesses whether internal processes, products and services have been designed sustainably in order to achieve positive outcomes and minimise risks.

2 Focuses on external influences such as market trends, regulatory changes or societal expectations that affect the company. The aim is to proactively manage these influences and respond strategically to them in order to create competitive advantages and boost resilience.

 

«Client satisfaction» management approach
Advisory philosophy: «Advise well, Schwyz-style»
The advisory philosophy «Advise well, Schwyz-style» was introduced in 2024 with a value proposition and twelve advisory standards. It stands for holistic advice rooted in foresight and is based on clearly defined pillars. The aim is to understand the individual circumstances of our clients and to offer needs-based solutions rooted in financial expertise and pragmatism. Client advisors receive regular training and support from their supervisors in order to embed this philosophy in their work. All advisors in core segments have completed a two-day basic training programme and further training on specific topics. In addition, managers and client advisors from core segments each complete a one-day refresher training course on the core elements of the advisory philosophy: «Advise well, Schwyz-style». In addition, tools have been introduced in order to prepare for discussions and to analyse client circumstances. In addition, advisors complete an SAQ-certified training course in order to ensure their expertise.

The advisory philosophy emphasises responsible sales practices. This is done in order to ensure that financial products are only offered if they match the needs and risk profile of clients, as well as to ensure financial protection for clients and to prevent over-indebtedness.

Development of products and services
SZKB attaches great importance to the quality of its products and services, which are regularly reviewed and assessed by the responsible specialist department. Client feedback and surveys provide additional insights concerning potential improvements. The results are fed into the Sales Commission, which decides on new products, as well as any expansion or adjustment of products already launched. The Commission, which includes representatives of the Executive Board, Sales Management, Sales and Market Management, Product Management and Asset Management, is responsible for careful analysis and implementation. Responsibility for the product development and review process, which is regulated in the directive «Introduction of New Products or Entry into New Business Areas», lies with the Product Management department. This process involves relevant functions from the first and second line (according to the three-line model of the IIA) and ensures that products are reviewed at appropriate intervals. Findings are discussed with the CEO or with the member of the Executive Board responsible for sales. Any changes are proposed to the Sales Commission. The Executive Board oversees all product launches. SZKB does not engage in active market cultivation outside Switzerland and complies appropriately with regulatory requirements such as the automatic exchange of information, the Qualified Intermediary Agreement and the FATCA Agreement.

Access to SZKB services
SZKB interacts with clients through a wide network of branches and cashpoints, advisory consultations, product documents and client communications. As a member of the Association of Swiss Cantonal Banks (VSKB), SZKB clients can withdraw cash free of charge from more than 2,000 cashpoints operated by cantonal banks throughout Switzerland. With 1.3 branches and 3.2 ATMs for every 10,000 residents, SZKB has an above-average density of branches and cashpoints in the Canton of Schwyz, ranking in the top third compared to other cantonal banks. SZKB ensures that accessibility requirements are fulfilled by new buildings and renovations.

Digital distribution channels complement this access and enable banking transactions such as payments and securities trading to be conducted flexibly via e-banking and mobile banking solutions. SZKB also offers alternatives such as telephone advice, video sessions and in-person appointments with clients on site. With tools such as the TWINT App and software integration for accounting systems such as Swiss21, Klara and Bexio, SZKB is expanding its range for private and corporate clients.

SZKB also uses events specifically designed with the audience in mind to present its range and to foster financial literacy among the general public. An internal event concept ensures efficient, professional implementation, taking into account sustainability, security and accessibility considerations. With practical formats and topics specific to the respective stakeholder groups, SZKB actively supports the responsible management of finances and enhances dialogue with its clients. Sustainability is firmly anchored in Marketing & Communication. The team is supported in its everyday work by guidelines, including practical checklists. This guidance ensures that communication and marketing activities are aligned with the sustainability strategy and contribute to a responsible future.

SZKB ensures that its banking services can be accessed through a wide range of interfaces. Thanks to an above-average density for Switzerland in terms of branches and cashpoints per 10,000 inhabitants, as well as digital and innovative solutions, SZKB ensures that its services are accessible, even in under-serviced areas and among under-serviced population groups (e.g. due to a lack of infrastructure in remote regions).

Transparency about products and services
SZKB focuses on transparency and provides its clients with targeted and comprehensive information concerning physical and digital channels, such as communication sent by postal mail, campaigns, bonus programmes and advertisements. With the e-banking and mobile banking solution, clients have an overview of their financial situation. Alongside product-specific information, SZKB provides individual data in the form of reports.

New products or extensions are communicated to sales staff and, if necessary, accompanied by training to ensure high-quality advice. Advertising campaigns are developed with input from multiple sources and, if necessary, are reviewed by the specialist units affected by the topics dealt with, such as the Compliance/Legal Services department, in order to ensure compliance with statutory and regulatory requirements.

Client satisfaction
At least every two years, SZKB measures client satisfaction and the Bank's external perception. In addition, targeted surveys on specific topics or selected client interactions are carried out in order to gain detailed insights. These surveys are conducted on a case-by-case basis, at most once or twice each year.

In addition, SZKB participates in surveys conducted by the Association of Swiss Cantonal Banks (VSKB), including surveys regarding client satisfaction and the image of the Bank. SZKB uses YouGov’s Swiss Brand Observer, which analyses the perception of 225 brands and the impact of advertising campaigns on a weekly basis. Through this and other ad hoc studies, SZKB is gaining insights in order to optimise client satisfaction.

Complaints management and client feedback
Client satisfaction is central to SZKB's client service. Complaints are received, recorded and processed centrally by the client advisor or the Client Centre. The process for monitoring and analysing complaints is regularly reviewed, in particular with regard to quality assurance and raising awareness among employees.

Segment & Sales Management receives and reviews complaints weekly to ensure they have been correctly recorded in accordance with the internal «Complaints Management» policy. Patterns and frequencies are analysed in order to derive targeted improvement measures. The results are in corporated into reporting on operational risks and are integrated on a quarterly basis into the overall Bank’s risk report, which is presented to the Executive Board, the Bank Council and the Swiss Financial Market Supervisory Authority (see Chapter 2.1.1 Relevance, objectives, management approach and measures, Section Organisation for managing operational risks). This approach helps strengthen client relationships through competent complaints handling while also recognising scope for possible improvements.

Key measures

During the reporting year, SZKB focused on the following measures in the area of responsible business conduct towards clients in the key area of «client satisfaction»:

  • Identifying client satisfaction
  • Processing complaints and client feedback systematically
  • Providing training and courses for clients
  • Driving forward product development

 

Management approach to
«data protection/client data/privacy»
Anchoring data protection in the organisation
The head of Finance and Risk Management is responsible for ensuring compliance with data protection requirements. The Compliance/Legal Services and Security department identifies the data protection requirements that must be applied along with the data security measures that need to be implemented in the Operations & Platforms department.

SZKB treats personal data confidentially and in accordance with the applicable statutory provisions, including the Swiss Data Protection Act. Details on data protection are set out in the internal «Data Protection» directive. In principle, data is only shared with third parties if this is necessary for the performance of the contract. In the context of a final and enforceable judgement, order or legal obligation, personal data must be released to authorities in Switzerland and abroad in connection with civil, administrative and criminal proceedings. SZKB attaches great importance to the protection of personal data. A public Privacy Policy transparently describes how data from clients, employees, and third parties is processed and protected. The aim is to ensure the responsible handling of data and to strengthen trust amongst all stakeholder groups.

Data handling
SZKB ensures that data is reliably protected at all times by modern systems and programmes. Technical and organisational measures prevent loss, destruction, and unauthorised access to and alteration or dissemination of information. Access controls, encryption and de-identification ensure that sensitive data remains confidential.

The Payment Card Industry Data Security Standard (PCIDSS) has been implemented in relevant areas. Personal data is protected in accordance with the least-privilege and need-to-know principle in order to prevent unauthorised access as well as unintentional alteration.

Premises not open to the public are secured by personal access controls, and access to IT systems is only provided via individual access credentials. The Bank’s security concept is based on the need-to-know principle.

Security measures are regularly adapted in line with technical developments and reviewed by internal and external controls. In addition, employees benefit from recurring training and awareness-raising measures. These measures also apply to SZKB contractual partners for which ISAE-3402 reports (International Standard on Assurance Obligations, ISAE) are requested from relevant partners according to risk-based considerations. SZKB concludes information security and order data processing agreements with partners if they process personal data on behalf of SZKB.

SZKB maintains an inventory of the data records and updates it regularly. Any data subject may request information as to whether and, if so, which personal data concerning them is being processed. In addition, the data subject has the right, in particular, to obtain the rectification and erasure of the data in accordance with statutory provisions. Personal data is stored for as long as is necessary to fulfil contractual, statutory or regulatory obligations or internal requirements, as a general rule for 10 years after the end of the business relationship. Storage for a longer period may be necessary within the context of ongoing or anticipated legal or regulatory proceedings or due to other overriding interests. After the reason for storage no longer applies, data is deleted or anonymised if technically possible.

SZKB provides public information in its Privacy Policy concerning the principles according to which all business areas at SZKB process personal data.

Consideration of information security within projects
Information security is considered an independent project objective within projects. It is an objective with equivalent status, alongside functionality and performance, in the development, procurement and use of information processing systems. For IT projects, SZKB relies on the principles of «security by default» and «security by design». This means that systems are designed safely from the outset with high security standards and incorporate security aspects at an early stage of development. Measures such as multi-factor authentication, data encryption and the deactivation of insecure functions are an integral part of this.

Emergency planning for security incidents 
An incident response plan with specific playbooks, including one for data breaches, ensures a quick response, thorough analysis of the situation and the taking of appropriate action in the event of security incidents. In addition, data backups are made periodically. At least once a year, their restoration is tested to ensure that important data can be reliably restored in the event of an emergency.

Information security management system 
SZKB operates an information security management system (ISMS) in accordance with ISO 27001 and is aiming to obtain ISO 27001 certification in 2026. As part of the security system, vulnerabilities are assessed from a risk perspective. SZKB also proactively conducts internal and external audits at varying intervals to ensure high standards with regard to information security. At least once a year, an external security company is instructed to audit SZKB’s security structure. In the context of projects and the introduction of new systems, risk-based checks are carried out to identify any potential vulnerabilities and, if necessary, validated with external partners and passed on to the SOC partner (security operations centre) for analysis. Anomalies are systematically analysed, and measures are defined. Any vulnerabilities identified as part of the continuous bug bounty programme are also validated by an external partner1. The process for third-party management systematically captures and controls risks by working together with external partners. Partners are evaluated based on a materiality assessment. In cases with increased relevance, such as access to core ICT processes, classified information or personal data, an in-depth risk analysis is conducted using the technical and organisational measures (TOM) questionnaire and, if necessary, a data processing (DP) agreement is concluded. The cybersecurity level of relevant partners is continuously monitored using the security scorecard. If the defined thresholds are not met, targeted measures are initiated to strengthen information security and reduce risks.

SZKB employs comprehensive technical and organisational measures in order to prevent and detect data incidents. Data loss prevention systems on end devices, in the e-mail gateway and in the proxy prevent any unauthorised leakage of sensitive information. These functions will be further strengthened in the future with the establishment of a technical solution for data classification. In addition, a network detection and response (NDR) system monitors the network for potential data breaches and anomalies. All systems are continuously monitored by the Security Operations Centre (SOC). In the event of an incident, defined playbooks are activated for a rapid, coordinated response. The efficacy of the information security management system (ISMS) is ensured by regular internal and external audits.

Organisation for the management of operational risks
The Operational Risk Commission (ORC) is a commission established by the Executive Board to manage operational risks in accordance with the risk catalogue. Duties and powers include operational risk reporting, monitoring and compliance with risk tolerance, the identification of measures to reduce risk or ensure compliance with reporting obligations to the Executive Board and the Bank Council and ensuring compliance with statutory and regulatory reporting obligations.

The ORC ensures effective management of operational risks within the company and also serves as a liaison body between the risk management units (first line) and the independent control bodies (second line). The ORC ensures effective management of operational risks within the company and also serves as a liaison body between the risk management units (first line) and the independent control bodies (second line). The ORC includes two members of the Executive Board as well as representatives of the second line of defence, IT and operational areas.

Key measures

SZKB focused on the following measures in the area of responsible business conduct towards clients during the reporting year in the key area of «data protection/client data/privacy»:

  • Raising employee awareness and providing training to employees
  • Establishment of artificial intelligence (AI) governance

1As a complement to other security measures, bug bounty programs serve to identify, document and remedy any vulnerabilities within IT systems and applications, working in cooperation with ethical hackers. They comply with legal requirements and act with the consent of the parties involved.

Identifying client satisfaction

Client satisfaction is assessed every two years. The 2024 client satisfaction survey was conducted online by an external institute.

Description20252024
Proportion of clients who are satisfied
or very satisfied with SZKB		Next due in 202695%
Clients perceive SZKB as a sustainable
or very sustainable bank		Next due in 202679%

 

Processing complaints and client feedback systematically

At SZKB, client complaints are taken seriously and systematically recorded and handled. Proper handling of complaints also provides an opportunity to improve products and services and to strengthen client loyalty.

Description20252024
Number of complaints received201214

 

Providing training and courses for clients

To enhance client familiarity with banking topics and increase client satisfaction, SZKB offers information platforms, including client events. Clients are taught how to safely use digital banking services and are assisted with important topics in this way. SZKB has been continuing the Clever@SZKB series, through which the Bank offers the Schwyz community free talks on various topics in order to improve financial literacy. SZKB also uses various other channels to provide financial information, such as videos and radio streams with insights and analyses from the Chief Investment Officer, the SZKB podcast, regional newspapers, specialist articles in newspapers and magazines, the SZKB client magazine, newsletters and so on. This enables it to reach its clients via digital and physical channels.

Driving forward product development

SZKB is further developing its product range to cater to the needs of its clients as well as the requirements of a modern banking landscape. During the reporting year, several product developments were implemented to increase both efficiency and the client experience. These included the sustainability bonus as an incentive for responsible action, new commercial cards for corporate and commercial clients and the launch of foreign currency transfer and STU products. In addition, a venture capital module was created, enabling clients with a long investment horizon to participate via funds in exclusive, broadly diversified venture capital investment opportunities.

SZKB expanded its digital range with the introduction of contactless cash transactions at ATMs (NFC) and digital pensions in October 2025. Hybrid client onboarding, which has been available since 2025, enables efficient digital account opening. These further developments help to achieve a future-fit, user-friendly service design.

 

Raising employee awareness and providing training to employees

In 2025, all SZKB employees were obliged to complete IT system access training courses on information security and data protection. The awareness of SZKB partners with access to SZKB systems was raised by their responsible contact person at SZKB or the Security department. The signing of non-disclosure agreements also further raised awareness about the need to handle sensitive information in a responsible manner.

In order to enhance security awareness, SZKB has pursued, among other things, measures such as simulated phishing and smishing attacks as well as regular information campaigns via the intranet.

Establishment of artificial intelligence (AI) governance

SZKB has established company-wide AI governance arrangements. The use of artificial intelligence must be designed in such a way as to guarantee data protection and data security. The strategy sets out guidelines for the responsible use of AI. For the purpose of risk mitigation, the use of AI is subject to the expectations of the Swiss Financial Market Authority.

 

 

The action taken to improve client satisfaction and strengthen data protection has achieved positive results overall. By reducing the interval between surveys and systematically evaluating client feedback, SZKB can capture client needs more precisely and incorporate them into the future development of its product range in a targeted manner. The optimisation of the complaints process and the training of client advisors promote transparent and practical support. In addition, client events and information formats such as Clever@SZKB boost financial expertise and confidence in the Bank.

In the area of data protection, awareness-raising and training for all employees with IT system access have been systematically implemented. Security awareness has been noticeably increased through phishing tests, regular awareness campaigns and the requirement to conclude non-disclosure agreements. The rollout of company-wide AI governance also lays the foundation for the responsible usage of new technologies in a manner compliant with data protection law.

Overall, the combined measures significantly help to strengthen client satisfaction, data security and trust, and also support SZKB in its sustainability strategy.

Further development and next steps

Training focusing on sales dialogue and sales meetings is planned for the Sales Management staff. They also continue to actively support client discussions in order to specifically strengthen the advisory expertise of their employees. The next client satisfaction survey is planned for 2026.

The focus in 2026 will be on stepping up awareness-raising measures within the framework of the awareness concept 2.0. The project for replacing the access control system has been launched, and implementation will start in 2026. The content of the information security management system (ISMS) is being further developed with the aim of obtaining ISO 27001 certification in 2026. Third-party risk management (TPRM) will focus on stabilisation and targeted further developments, while further optimisations are planned in the area of business continuity management (BCM). In addition, it is planned to introduce a technical solution for classifying data.