In 2023, we expanded our capacity to tap into growing green and social business opportunities in the country. We conducted internal and external workshops and learning sessions to raise awareness on how to identify pipelines in these areas—a major step forward.

Sustainability-related product development

This spurred growth in the Bank’s sustainable finance portfolio. As of December 2023, our Wholesale Banking Segment (WBS) disbursed a total of PHP43.6 billion in qualified Green and Social loans. This substantial investment underscores our dedication to sustainability and responsible business practice.

At The Asset Triple A Country Awards for Sustainable Finance, SB Capital was awarded Best Green Bond 2023 for its role as sole manager, lead underwriter, and bookrunner for Citicore Energy REIT Corporation’s PHP4.5 billion fixed rate ASEAN Green bonds. Further, SB Capital was also recognized at the ESGBusiness Awards with the Renewable Energy Programme-Philippines award for its involvement in ACEN Corporation’s PHP10 billion ASEAN Fixed Rate Green bonds due 2027 as a joint lead underwriter and joint bookrunner.

In line with the overall ESG direction, policies and product propositions are being reviewed to ensure readiness and relevance to support sustainable finance. Actions have been started in Q4 2023, but implementation of various initiatives are expected in 2024.

Assessment of ESG risks in financing activities

Our Environmental and Social Risk Management System (ESRMS) is designed to identify, assess, and manage ESG risks associated with our banking operations and financing activities. The ESRMS encompasses the Bank’s lending and financing activities, investment activities, operations, and supply chain.

In 2023, Security Bank continued its efforts to integrate environmental and social risk assessment into our loan processes, prioritizing an understanding of our clients’ objectives and priorities. Recognizing the significant implications of failing to manage environmental and social issues appropriately, we committed to transacting only with clients engaged in responsible business practices.

To uphold this commitment, the Bank prohibits project fund expenditures and investments in several activities, including gambling, production, or trade in radioactive materials (with exceptions for medical and quality control equipment), businesses involved in child labor or forced labor, illegal activities, and production or trade in weapons and ammunition. In 2021, we committed to no longer finance the construction of new coal-fueled power plants, and completely exit coal financing by 2033; we continued to take the necessary steps forward to honor this commitment in 2023.

Group credit risk in ESG

At Security Bank, we’re actively planning the implementation of changes in credit risk assessment to directly incorporate ESRMS knowledge. We’re conducting further studies based on collected data to ensure alignment with regulatory expectations and industry best practices. Our aim is to mitigate any material financial, reputational, or regulatory risks arising from failure to minimize the negative impact of our operations on the environment or ensure healthy and safe premises for our stakeholders.

One example of how our Risk Management Group manages credit risk is through an Independent Risk Assessment (IRA), which is the pre-approval evaluation of select WBS accounts with identified weaknesses or higher than normal credit risk by the Independent Credit Risk Assessment Department. In scope credit proposals are subject to IRAs which evaluate the soundness of credits by documenting risk issues, assessing alignment of account plans with industry risk-reward portfolio actions, and providing recommendations on risk mitigations and credit structures to ensure portfolio quality.

ESG risk management oversight

ESG risk management oversight from the BOD resides with the Risk Oversight Committee (ROC) which reviews, approves, and ensures the effective implementation of the Group’s risk management framework.

ESG risk is embedded in the Bank’s comprehensive Risk Management Framework. The Bank has a comprehensive Risk Management Framework in place across all risk areas. ESG risk is embedded across these activities as a BAU. Our ESRMS document references specific frameworks, as applicable. For example, credit policies and procedures are found in the Credit Policy Manual, accordingly referenced. The Bank’s Risk Management Framework is mature, regularly updated to consider best practices and regulatory requirements.

In 2023, we initiated our Sustainable Finance Framework (SFF) to uphold our sustainability goals and outline our approach to accessing Sustainable Financing Instruments (SFIs). SFIs include green, blue, social, and sustainability bonds, loans, and other debt financing instruments supporting the Sustainable Finance Portfolio under the SFF. These SFIs will finance Eligible Projects that include:

• Access to essential services (e.g., Pharmaceutical manufacturers distributors and traders, drugstores, etc.) that provide access to underserved (including through affordable/generic medicines).
• Socio-economic advancement and empowerment programs to support and provide assistance for persons from disadvantaged socio-economic backgrounds, such as conditional and unconditional cash transfer (programs and social pension for elderly and persons with disabilities), loans to minority, underserved, and low-income individuals, and loans promoting entrepreneurship among females.

Support for Filipino MSMEs

As one of the fastest-growing segments of the Bank, our Business Banking Segment (BBS) provided much-needed support for Micro, Small, and Medium Enterprises (MSMEs) through its data-driven, holistic proposition and multi-channel approach. Since its inception in 2022, BBS successfully rolled out its new operating model and will continue to invest in platforms, processes and product enhancements to prepare the business for its next phase of growth.

In 2023, BBS’ achievements included:

Our Information Security (InfoSec) Office developed and implemented the Bank’s Information Security Systems Plan (ISSP) and Information Security Program (ISP) as prescribed under the BSP MORB 148, Appendix 75. This was based on a three-point strategy (Readiness, Resiliency, and Compliance – 2RC), which prioritized proactive and preventive measures, adopted the ‘Assume the Breach Position’ paradigm, strengthened defensive capabilities, and pursued certification and compliance to regulatory requirements and generally accepted security standards.

The Bank has an Information Security Policy that addresses the information security objectives of confidentiality, integrity, and availability. All information used by Security Bank and its subsidiaries is considered and shall be protected from damage, loss, misuse, or inappropriate disclosure.

With this policy, the Bank includes requirements for data retention and disposal in third-party agreements. The Bank also has Implementing Guidelines for Data Erasure Management.

Internal Audit also conducts a review of the Information Security implementation of the Bank based on Circular 982, which covers the Information Security Policy and its implementation. Information Security is part of the Information Systems’ (IS) Audit universe. This means that this information is part of the annual Audit Plan that the Audit Committee approves. InfoSec is one of the Audit areas that is evaluated every year to see if it should be part of the current year’s Audit Plan.

External independent audits are conducted at least once every two years.

A key milestone achieved in our Information Security maturity was the strengthening of our information security standards with ISO/IEC27001:2022 certification by The British Standards Institution (BSI), making us the first local bank to attain this upgraded Information Security Management System (ISMS) certification.

Data privacy

Security Bank recognizes and values the protection of personal data, The Bank’s Data Protection Policy ensures that the collection and processing of personal data adheres to the general principles of transparency, legitimate purposes and proportionality, and that the Bank complies with the requirements and standards set by the Data Privacy Act of 2012 and relevant issuances of the National Privacy Commission. A dedicated Group Data Protection Officer (DPO) appointed by the Board oversees compliance with the regulatory requirements under the DPA and provides adequate support in addressing cross-organizational privacy risks. Being part of the Compliance Group, the approach to managing compliance risks is applied to data privacy, such as advisory, issuance/ review of policies and procedures, risk assessment, training and testing.

The Bank completed the privacy impact assessment and gap analysis for its processes and systems in 2022 and will continue to review these on a regular basis to ensure that they remain accurate and up to date. Aside from the e-Learning module on data privacy, additional training is also conducted for certain selected units that extensively handle customer information. A Security Incident Management Policy is also in place to ensure that any personal data breaches are reported and addressed in a timely manner. View the Bank’s Privacy Notice.

Security Bank consistently adheres to good corporate governance principles of fairness, accountability, and transparency in all its dealings, ensuring a high degree of integrity in the conduct of all its affairs. In 2023, we received the 4 Golden Arrow Recognition for Excellence in Corporate Governance from the Institute of Corporate Directors (ICD), proving our commitment to ethical governance practices, which have been a cornerstone of our operations.

In carrying out its advocacy of good corporate governance, Security Bank has implemented a Governance System that encompasses the three critical pillars consisting of: (1) a Board of Directors that provides direction for business and risk strategies, organization, financial soundness and governance; (2) Senior Management that carries the implementation of strategies and initiatives set and approved by the Board; and (3) an internal control system which covers the implementation of key control functions such as risk management, compliance and internal audit.

The Bank’s Board-approved Manual of Corporate Governance (the “Manual”) embodies the corporate governance rules and regulations of the BSP, the SEC, the Philippine Stock Exchange (PSE), and global best practices, ensuring disclosure and transparency to uphold the rights of the Bank’s stockholders and other stakeholders, and instilling awareness in directors, officers, and employees of their responsibilities to conduct business in a safe and sound manner at all times.