CODES AND POLICIES
Sustainability Policy
Sustainability Risk Integration Policy
A policy on the integration of sustainability risks into the decision-making process and when providing investment and insurance product advice.
Due Diligence Policy Concerning Major Adverse Impacts
Ethical Code
Grupo Unicaja has a Code of Ethics which was approved by the Board of Directors on 20 December 2024. It strengthens the wager we have placed on a business culture based on fostering upright, professional, honest and transparent conduct.
This Code sets out our corporate values and our commitment, which are meant to guide the personal and professional behaviour of our employees, executives and members of the Group's governing bodies.
Complaint Channel Form
In accordance with the "Financial Crime Risk Prevention Programme of Unicaja Banco, S.A.", the Complaint Channel is placed at the disposal of third parties unconnected to the Bank for notification of specific irregular conduct with possible criminal implications that has come to the notice of said third parties within their organisations.
Confidentiality of any communications sent is absolutely guaranteed as is the protection of the personal data of all those involved. On no account shall anonymous communications be accepted. Confidentiality will be kept at all times unless the information has to be disclosed to an administrative or court authority, including the Spanish Attorney General’s Office.
Supplier's General Ethical Principles
These Principles promote and foster the rules of conduct that should prevail in contractual relationships with our suppliers.
The approval of the Supplier's General Ethical Principles in January 2025 transferred to our suppliers the rules of conduct contained in Unicaja Grupo's Code of Ethics and Sustainability Policy.
Through these new Principles, the Institution has reaffirmed its commitment to people by stating that the engagement of suppliers at Unicaja is to be carried out in a fully transparent, impartial and objective manner, thus encouraging competition and equal opportunities.
By means of these Principles, Unicaja sets out the essential kinds of conduct which we consider suppliers must fulfil, thereby abiding by the most stringent ethical standards, promoting respect for human rights, labour rights and caring for and protecting the environment.
Criminal Risk Prevention and Reaction to Breaches Policy
Corruption and Bribery Prevention Policy Unicaja Banco Group
Quality Policy
Unicaja Banco S.A. is a stock market listed Spanish bank with a proven record of solvency and financial solidity, that has taken over the historical experience of a dozen savings banks, some of them over a century old, and features its small business orientation, with cautious management in its commercial strategy and risk profile.
We fulfil our mission by attending to a set of values, among them there are:
- Its special client orientation and continual improvement
- Process based approach: their review is continuous to seek the highest levels of service quality and efficiency
- Encouraging innovation and transformation to adapt to external and internal clients needs
At Unicaja we define Quality as the positive experience of the Parties Concerned with our company: external clients, internal clients, employees, shareholders, society, allies, providers and supervisory bodies, a positive experience being understood as reasonable coverage of the needs and expectations each of them has.
We undertake to Detect /Evaluate /Act on all the Risks and Opportunities linked to the Quality Management system implemented to assure the results foreseen: to increase the desirable effects, to prevent or reduce undesired effects and achieve Improvement. Thus, Quality orientation and continuous Improvement affect all the certified scopes of our Bank.
The quality management systems that we have implemented are aligned with the strategic objective of customer focus, while always keeping our commitment to comply with all applicable laws and regulations as well as the Articles of Association governing Unicaja and the requirements of the ISO 9001:2015 standard.
Our Quality Policy is a document that must have internal and external visibility. It must be communicated, understood and observed within the institution. It must be revised and updated when so required.
Certificates issued according to the ISO9001:2015 standard:
Internal Audi: Internal audits of Risks, Subsidiaries, Branch Network and Financial Agents.
Information Security System
Unicaja Banco, S.A. is the first and only financial institution to be certified by AENOR for the UNE-EN ISO/IEC 27001:2017 and ISO/IEC 27701:2021 standards.
Unicaja has had an information security management system certified by AENOR according to the UNE-ISO/IEC 27001:2014 standard since 2007. After the latest extension made to it in 2016, it governs the information security best practices management system for its electronic banking and corporate portal services, host-based IT services, branch network IT services, intranet and corporate IT services, services associated to POS terminals, as well as other web portals.
The ISO 27001 standard is an international standard which specifies the requirements for the implementation, maintenance and continuous improvement of an Information Security Management System (ISMS). This system is used to protect the confidentiality, integrity and availability of information. The standard provides an information security framework that helps organisations identify and manage their information security risks effectively.
In addition, Unicaja's information security management system was certified according to the ISO/IEC 27701:2021 Privacy Information Standard in 2022. This standard is an extension of the ISO/IEC 27001 standard on information security management. It sets out privacy protection guidelines, how organizations should manage personal information and allows the privacy standard's fulfilment to be demonstrated anywhere in the world.
Unicaja has shown through this dual certification its commitment to offering its customers secure digital environments having stringent security standards in so far as its applications and systems are concerned, offering protection to its operations and all the information it holds to the highest security levels.