Customers: Inviduals and Families-
Companies
Security
UniCredit Security defines and enhances the Group Security strategy, aiming at protecting people, sensitive
information and assets (tangible and intangible) of UniCredit closely to business needs.
The Group Chief Security Officer (GCSO) exercises Global Governance and coordinates the Security functions
within the Bank as well as the Group by ensuring the implementation of appropriate security standards while
maximizing the quality of services.
In June 2012, the governance role of the Holding Company on security matters at Group level was enhanced,
by updating the role of the Security function in particular with respect to the responsibilities in terms of
steering, coordination and control towards the Legal Entities. In addition, in 2012 the UniCredit Security
reinforced the cooperation with UniCredit Business Integrated Solutions ScpA, the Global Factory of the
UniCredit Group, technical competence center for the instrumental services (ICT, Real Estate, Procurement,
Back/Middle Office) which, moreover, provides operational security services also on the basis of specific
outsourcing agreements.
In 2012 UniCredit Strategic Risk Analysis (SRA) unit enhanced our business security by providing country risk
analyses to internal units. SRA issued more than 220 reports on over 12 countries in which we had business
prospects, with the aim to assist in security risk analyses activities (e.g. organized crime, terrorism, reputation,
etc). Moreover, targeted educational activities allowed SRA unit to strengthen our employee and customer
knowledge regarding country-specific security issues. These initiatives aim at supporting our business units as
well as external customers in their internationalization activities, by providing specialized information support
related to the Security Area.
The protection of the UniCredit employees is a 360-degree activity. To this aim the project Gate 365, launched
in 2011, was implemented in 2012. Gate 365 is an intranet web site to monitor UniCredit Travelers and
security risks worldwide.
With respect to the Business Continuity & Crisis Management (BC&CM) initiatives during 2012 the
improvement of the awareness of the UniCredit BC&CM framework through web-based courses for the BC&CM
managers continued. Moreover, a first release of the Crisis Management system was developed in order
to immediately identify potential impacts on Company assets, in order to improve the Group emergency
responses.
Remaining the personal data protection of the UniCredit customer data a key factor during 2012 the effective
and efficient management of all related topics was carried out by updating the related regulations within
UniCredit SpA and by monitoring the implementation of the Global Rules issued on the matter.
As far as 2013 is concerned, UniCredit Security will roll out the Group federal approach as per the GOLD project
by enhancing the governance role on the basis of high level principles/processes to be locally implemented
accordingly to Country/Legal Entity specificities, pursuing a higher level of local responsibility.
With respect to SRA, for 2013 the intention is to continue launching initiatives finalized at mitigating the
operative/business risks within the Group.
In 2013, the BC&CM processes (at Legal Entity level) and the related performance monitoring will be enhanced.
Moreover, it is intended to develop cross countries synergies to BC&CM processes to be applied to the CIB
Division as well as to develop models for emergency response.
As far as the Security Governance is concerned, in 2013 we will improve the management of the Global Rules.
Moreover, the security performance monitoring will be enhanced as well as the spreading of the security
awareness throughout the Group will be pursued.
52 2012 Sustainability Report · UniCredit