ACTIVITY REPORT 2021 BRED, A TRUSTED THIRD PARTY Trust is the basis of the overall close relationship that BRED maintains with its customers. The increasing use of digital technology by customers is accompanied by a potentially greater risk of their personal data being used by third parties for commercial or fraudulent purposes. At BRED, customers can be confident about the use of their data, as it always acts in their best interests, with a code of ethics that ensures the data privacy, and an information system that guarantees data protection. BRED has taken cyber risks into account for several years. The aim of BRED’s strategy is to protect its data and its Innovation is an integral part of BRED’s strategy. It must customers’ data and assets. enable us to strengthen our value offering and greatly increase This strategy is based on several principles which enable it our local banking without distance commitment, by offering to anticipate new threats, detect illicit activities and manage a simplified and flexible customer experience, while ensuring security incidents as soon as possible. the security of the processes. These activities include, but are not limited to: • use of digital intelligence services that make it possible Françoise Epifanie Development Director to identify and eradicate illicit copies of BRED’s website, and social media that aim to deceive our customers and employees, to identify attempts at improper use of our trademarks or mobile applications; To provide a few figures, in 2020 and 2021 in particular: • raising the awareness among customers and employees; • over 1 ,000 phishing websites were closed on average less • annual information systems (IS) security campaigns making than 36 hours after being identified; it possible to identify and correct internal and external • l ess than 5 fraudulent mobile applications were removed weaknesses, to assess the digital footprint of key persons (Apple Store, Google Play, etc.); in the company, and assess our maturity in terms of cyber • over 500 internet domain names usurping the BRED resilience relative to our business sector; Group’s identity were cancelled. • use of security ethics researchers to constantly assess the strength of the applications made available to our customers. 21 Open to the worldCapitalising on our success