Read more
Sustainability lies at the heart of Aktia's operations. This means that Aktia operates in accordance with good corporate governance, ethics, and transparency. Aktia follows international principles and standards and takes the initiative to encourage other actors to join as well. Aktia operates by principles of good governance and is solvent and reliable.
Corporate responsibility management and good governance
Information and cyber security
As a critical organisation for emergency supply within the financial sector, information security, data protection and the protection of customer data is of paramount importance to us and key factors in maintaining customer trust. The work to maintain and promote information security and data protection at Aktia is employee-based, comprehensive (People, Processes, Places and Products/Technology), long-term, and integrated into all our activities.
In order to comply with regulations from the Finnish Financial Supervisory Authority, the European Banking Authority and different legislative requirements, including GDPR and its national derivates, DORA and the NIS1/NIS2 directive, Aktia has chosen the ISO/IEC 27001 framework as a basis of its information security management system (ISMS). Our ISMS is fully integrated into our overall management system including established guidelines for information security and data protection. ISMS covers all business areas at Aktia and all employees are responsible for compliance with the rules for protection of information, and all managers and named owners are responsible for compliance with the rules in their own area of responsibility.
Aktia heavily invests resources to making sure that all Aktia services are adhering to security by design, and privacy by design principles, and that the provided services are tested and secure. These services are thoroughly security tested on a continuous, on-going regular basis by external parties that are experts in security testing.
Aktia implements a comprehensive approach to security, which means that Aktia implements security on many levels, according to so called defense-in-depth principle, and performs regular security tests on its services, processes, and infrastructure by third-party experts that utilize industry best practices and that use cutting edge security tooling and proven methodologies. By performing regular comprehensive security and penetration testing against its services and systems and by utilizing proven state of the art security tools for monitoring, Aktia can monitor its overall security posture for effectiveness and address potential improvements needs.
Security and privacy are core values of Aktia, the security of Aktia’s services is constantly being developed and scrutinized, and this is reflected in the security and awareness training that Aktia mandates from its personnel, and in the high level of security of the services that Aktia provides to its customers.
Corporate responsibility policies and guidelines
Aktia’s sustainability work is guided by the Group’s sustainability programme and climate strategy, which support the selected UN Sustainable Development Goals. Our main policies and principles are Codes of Conduct for Aktia's employees and suppliers, the sustainability programme, climate strategy, climate policy, WWF’s Green Office principles, principles for responsible investment, anti-bribery policy, occupational health and wellbeing programme (Aktia Wellbeing), diversity policy, disclosure policy, and the principles for responsible lending. Aktia also complies with laws, regulations and good banking and insurance practice. To protect employees, Aktia has a whistleblowing channel for reporting actual or suspected unethical business practices. Training is organised around relevant themes to raise awareness of sustainability and foster the commitment of the organisation to corporate responsibility work.