IT and cybersecurity

The year 2021 in the Area of New Technologies and Cyber Security was a year of dynamic changes – the most challenging task was to achieve the Bank’s agile transformation objectives while implementing changes resulting from the outbreak of the coronavirus pandemic.

2021 was also a year of design and preparation for large-scale investments to be made in the coming years and aligned with the Bank’s strategic priorities.

In 2021, in response to the prolonged coronavirus pandemic, a number of actions were taken to:

on the independent NIST scale and increasing compliance with BNP Paribas Group standards,

responding to the migration of customers to digital channels, while providing a best-in-class user experience for business customers,

on which all the new applications being deployed and the entire GO ecosystem run,

for selected non-production environments to ensure maximum levels of automation and access to the latest services,

through the continuous evolution of digital working environment solutions and the hot-desk model.

The most important IT projects completed in each area in 2021

INITIATIVES FOR BUSINESS LINES

Developing the GOmobile application and the GOonline environment with new functionalities and services:
- myID – possibility to confirm identity online, including creation of a Trusted Profile
- possibility to repay loans from an account in another bank
- self-service functions such as generating bank confirmations
Development of the GOone application supporting customer service at Branches and Contact Centres with new capabilities such as:
- mechanism for digital signing of bank documents
- Mobile onboarding process for new groups of customers
- GObetter – a new system for handling bank complaints
Digital Product Center – expansion of functionality for GOonline customers in relation to regulator requirements: PFR Financial Shield, 500+ and Good Start applications
Launch of GOinvest system to support advisers in the digital handling of investment products for clients

Implementation of new electronic banking GOonlineBiznes and GOmobileBiznes
Credit Process – implementation of a new eTermsheet application for the SME segment, which automates the drafting and approval of credit decisions, preparation of credit documentation and monitoring of contract terms and conditions
Onboarding and post-sales services – implementation of a solution for handling the beneficial owner’s VAT documents
Syndicated loans – launch of a new tool to automate syndicated loans
Continuous development of FX PL@NET with new functionalities, such as:
- 24/7 functionality
- notifications on limit utilisation
- Multiforward transaction
- presentation of exchange rates for customers without a bank account

Development of the GOFx trading platform – new functionalities: faster access to exchange rates, ability to split transactions
Development of the FXPLUS trading platform to support foreign payments for clients without accounts in these foreign currencies, including exotic ones
Implementation of a new product – Fixed Rate Loan – through the use of the IR CAP mechanism, customers have the opportunity to hedge loans against interest rate increases

PROJECTS RELATED TO THE BANK’S DAILY OPERATIONS

BigData – development and improvements of the Hadoop platform, including optimisation of DSA (Data Storage Area) data management processes allowing for a 30% reduction in storage occupancy
Implementation of central SMS integration – a set of services was made available allowing for comprehensive handling of the Bank’s communication with customers via SMS
SWIFT complaint analysis – shortening the SWIFT complaint handling time by 80% thanks to the use of AI and Big Data algorithms automating the process of analysis and verification of complaint notifications – the system analyses SWIFT messages on a daily basis, indicates the path for their handling on an ongoing basis, and handles and closes some of them on its own
Implementation of a new mobile application to support HR processes in the Bank

New hardware platform for banking systems – modern, virtualized, automated and scalable
IT monitoring – increase the number of applications covered by IT monitoring
Optimisation of the database refresh process on test environments
I can do IT – training programme for workers 50+

Coordination of the Bank Security Committee’s activities related to crisis management during the COVID-19 pandemic and ensuring maximum protection for the Bank’s employees and clients
Secure ICT environment adjusted to the possibility of remote work in continuous mode for all Bank employees
ISO27001 certification in the area of Security – confirmed by a supervision audit
Enhanced security monitoring of SOC for Linux servers and databases
Improving security in the software development cycle
Extending the scope of privileged identity management in the CyberArk system
Red Teaming exercises proving aspects of physical security and social engineering methodologies
Continuation of the campaign addressed to the Bank’s employees concerning phishing, i.e. a fraud method in which an offender impersonates another person or institution in order to extort confidential information (e.g. log-in details, credit card data), to infect the computer with malware or to persuade the victim to perform certain actions
Building awareness of cyber security threats and solutions among Employees and Customers:
- As every year, the organisation of the Cybersecurity campaign, which aims to raise awareness among Bank employees on security aspects
- A series of webinars for Bank employees from „sensitive population” groups,
- Webinars for Bank employees on security in cloud computing
- Customer awareness „red light” campaign on Facebook – 10 videos and educational articles
- Call centre workshops on handling e-banking fraud scenarios
- E-learning training session „How to be safe in the Bank”