In 2024, we introduced a new technological solution for individual customers to enhance security in financial services – an automated verification of whether a customer’s PESEL number is restricted. This solution applies to all consumers. When opening an account or applying for a loan, as well as when withdrawing significant cash amounts at a branch, we check whether the customer has flagged their PESEL number as restricted. If they have, no new agreements or cash withdrawals exceeding three times the minimum wage will be processed. This measure provides additional protection against identity theft. The Vice President of the Management Board, responsible for Retail Banking, oversees the implementation and application of this solution.
Actions Taken Regarding Material Impacts on Consumers and End-Users and Approaches to Managing Material Risks and Leveraging Material Opportunities Related to Consumers and End-Users, as well as the Effectiveness of Such Actions [S4-4]

We implement a range of measures to prevent material negative impacts on our customers’ financial security and safety. We regularly assess the threat landscape, particularly in the area of cybersecurity, gather data from our customers, and exchange information within the financial sector. We conduct various consumer protection initiatives through educational campaigns, website communications, and social media engagement, raising consumer awareness about online threats, cybercriminal tactics, and protection methods, while also contributing to broader social resilience against cyber threats.
To mitigate the risk of misleading customers, all informational materials are reviewed by the Legal Department and the Compliance Department. Similarly, the New Product Implementation Process follows internal regulations, including customer documentation approval within the legislative process, ensuring Compliance with Appropriate Banking Practices.
We prioritise security for both customers and employees during phone interactions, ensuring that our customers feel safe when engaging with the Bank over the phone. In 2024, we introduced and promoted a new security feature – digital business cards – to both customers and employees. The “Send Business Card / Customer Assistance” feature, available within the Bank’s mobile apps, allows to:
- verify an employee’s identity if the customer has doubts about whether they are speaking to a legitimate Bank representative;
- identify and confirm the customer’s identity securely.
We work on improving the customer experience in telephone banking at our branches. Since 2024, all branches within our network operate under one centralised contact number, ensuring a high call answer rate and a unified standard for telephone service. This centralised call handling system aims to resolve customer needs remotely, minimising the necessity for branch visits.

We remain committed to educational efforts and cybersecurity communication. The Bank’s official information security policy – Security Education – outlines the approach to educational initiatives and cybersecurity communications, particularly targeting customers. We also conduct the #CYBERczujni (Be #CYBERAware) educational campaign, continuously monitoring its effectiveness by analysing reach and engagement metrics.
In 2024, the Bank actively promoted insurance products designed to provide customers with financial security in situations where unexpected adverse events could impact their ability to repay loans or credit obligations. These products include CPI PEX, CPI KH, Life Insurance, and Property Insurance.
We place particular emphasis on monitoring the quality of offered insurance products, regularly analysing complaint trends, claim rejection rates, and loss ratios. The Bank collaborates closely with Insurance Undertakings in this regard.
In 2024, we successfully implemented Recommendation U and aligned with Best Practices for CPI Insurance. As a result, we now offer higher-quality insurance products with improved loss ratios and lower rejection rates, delivering greater value to customers and supporting them throughout the claims process. Additionally, we have refined our approach to identifying customer needs more precisely, ensuring that we offer tailored insurance solutions.
A key element of our customer and consumer risk management framework is personal data protection. We have robust processes in place to inform Data Subjects (i.e., individuals to whom the data pertains) about potential data breaches, providing them with guidance on minimising negative consequences and preventing future incidents. In our correspondence regarding complaints, we inform Data Subjects about how their personal data is processed by the Bank or, where applicable, by Credit Information Bureau (BIK). Furthermore, the Bank’s Information Security Section analyses feedback from the Polish Data Protection Office (UODO) regarding personal data breaches and complaints filed by Data Subjects.
The primary method for assessing the effectiveness of the Bank’s consumer privacy initiatives involves reviewing feedback from the Polish Data Protection Office (UODO) regarding:
- Data breach incidents reported by the Bank and the measures taken to mitigate their impact;
- Complaints filed by Data Subjects and the Bank’s responses to these complaints.
Additionally, we conduct awareness campaigns to educate customers about fraud prevention, including common scams such as online fraud and phishing attacks. The DPO reviews all customer communications designed to increase awareness and vigilance against cyber threats.
All initiatives undertaken by Pekao Group require substantial resource investments, including dedicated staff time or infrastructure maintenance. However, it is currently not feasible to provide detailed financial data on each specific initiative.