• Annual Report | Responsible Banking 2021
Value for

our customers

Creating long-term value with our customers is fundamentally important in achieving our Responsible Banking goals. The range of products that we offer, which are tailormade to the needs of our customers, have helped us earn their loyalty, in addition to forging trust-based relationships and ensuring their satisfaction with our services.

Interactions with our Customers

We offer our customers a series of simple and tailormade products through a multi-channel approach, providing them with access however, whenever and wherever they need. We are extremely interested in listening to them in order to better understand their thoughts regarding our services and whether or not we are meeting their expectations. The end goal is to improve their experience.


Customer Service

We strive every single day to offer all our customers outstanding and tailormade services that are accessible, fair and innovative because we are convinced that great service amounts to customer satisfaction. To listen to our customers, we have a Central Customer Service and Assistance Unit, which acts as our communication channel with customers, and which comprises the following areas:




Customer Satisfaction and Quality

We have a number of support channels and strategies to help drive the customer satisfaction by listening to them and improving their experience. We have achieved this through a range of products and services that adapt to the needs and expectations of each of our customers.

Emotional HUB

This program has allowed us to create unique experiences for our customers and improve the relationship they have with the Bank. In 2021, we coordinated the following HUB programs:

  • 1.First Contact Resolution: Improving and capitalizing customer experiences by considering the impact of a first contact resolution.
  • 2.Mortgage Experience: Defining and implementing an experience throughout the customer lifecycle in order to create a memorable experience during the application process and subsequent relationship.
  • 3.Insurance Experience: Defining and implementing an end-to-end experience - encompassing the entire customer life cycle - monitoring and ensuring the correct sales processes, engagement and protection renewal.
  • 4.Employee Experience: Designing an experience to engage with our employees by promoting communication and the leadership of each person working at Santander Mexico.
  • 5.ONE Experience: Promoting a Data Driven culture by integrating information and data management methodologies to create a value insight that drives actions to perfect the Santander Mexico product, segment and channel experience.
  • 6.Payroll: Offering employees who are payroll holders a great experience from the onboarding process to them using the Bank’s products and benefits.
  • 7.SME: Transforming the experience of SME customers, attracting new customers, and increasing their permanency with the Bank.
  • 8.BEI: Improving the experience for BEI customers who are in the process of opening an account, in addition to defining the roadmap for digital transformation.
  • 9. Credit Card Recovery: Extending the customer experience during the credit card payment process and increasing collections through digital tools.
  • 10.Biometrics: Decreasing enrollment times (95% of enrollments in 6.5 minutes) and increasing the percentage of successful enrollments from 88% to 95% in order to improve the customer experience during this process.
  • 11.Private Banking: Improving the experience of Private Banking customers during their time at the Bank, in addition to increasing engagement and transactions with customers from this segment.
  • 12.Credit Cards: Improving customer experience during the application process and use of the LikeU credit card.

NPS (Net Promoter Score)

We have implemented the NPS (Net Promoter Score) Recommendation indicator as part of our strategy to listen to the opinions of our customers and detect any areas of opportunity. This has allowed us to monitor their complaints and address them adequately, in addition to driving our performance and streamlining our customer service.

The majority of the Bank’s surveys are conducted via Qualtrics, a tool that is directly managed within the Bank, allowing us to carry out daily evaluations of our customers’ experiences through online feedback.



During 2021, our NPS for mobile channels was 68, while for Internet channels it was 51. This year, the surveys were conducted internally, which is why the number of opinions was higher and more diversified. This was a positive step in continuing to identify our areas of opportunity and improving our customer service.

The Santander Touch

Our employees are a key part of improving our customer experience within our branches. They are committed to ensuring customer satisfaction, actively participating in a process to make their experience a unique one. They focus on the following actions:

  • Before opening the branch, they must make sure that everything is in its place before welcoming customers.
  • Our employees then welcome our customers, listening to them and solving their problem before saying goodbye.
  • Our employees must find out the customer’s name and call them by it while helping them, identify the relationship they have with the Bank, and make them feel part of the family.
  • Our employees invite them to use our digital channels.



In 2021, we rolled this program out to our Contact Center and Central Areas. Our major actions during the year included presenting awards to the best Santander Personal Offices and Branches, recognizing more than 200 employees for having the best NPS during the first half of the year.

At the Contact Center, we presented two commemorative plaques and handed out 5,000 ID badge holders to employees for having increased NPS between August 2020 and August 2021. We also recognized the outstanding efforts of 100 employees for their NPS during Q3 2021.

In Central Areas, we handed out more than 1,600 kits to employees who had the highest number of mentions for their performance in the NPS survey.

Accessibility

As part of our commitment in our role as a Responsible Bank, we promote financial inclusion through our correspondent banking network. We have increased the number of people who have access to our financial services, offering them basic banking transactions without having to visit a branch.






*People who do not have access to basic banking services because they live in remote and/or rural areas.



Seniors Program – Customers

This program focuses on a sector with the following traits: income below MXN $11,000 (€440), a source of lifetime income, little or no use of technology and digital media, loyal customers with good credit ratings, specialized drug and medical requirements, limited access to social security.

The value proposition for this sector focuses on offering them priority service at our branches, including a differentiated loan application policy, insurance-based consumer credit products, a differentiated sales channel available via the Contact Center with differentiated scripts adapted for this group, and special follow-up processes, especially for victims of fraud.

Oaxaca Police

The goal of this program is to create a value proposition for our customers who are payroll holders from the Oaxaca State Ministry of Public Security with income below MXN $4,310.04, offering them liquidity when faced with a difficult situation and/or allowing them to improve their credit conditions with the previous disbursement authorities.

Inclusive Branches

During 2021, we continued working to ensure that our branches are increasingly inclusive. We incorporated an internal TV program for branch employees that contains a series of training spots about inclusive terms, topics regarding disability, rules of engagement, what to do and what not to do when interacting with someone who has a disability, and the major barriers they face.


We also developed inclusive service index cards to help branch employees better serve people with disabilities.

Diversity and Inclusion - Customers

We held a number of focus groups with vulnerable people or those who have historically been discriminated against (people with disabilities, the elderly, LGBT+ people, and foreigners) to understand the main needs and barriers they face when requesting financial products and services or accessing a branch.

We also created inclusive service index cards for branch employees to offer customers a more equal and inclusive experience.

We also reviewed the physical and digital accessibility of our branches, and we developed a plan of action to address any areas of opportunity.

None of this would be possible without our employees, which is why we offer them training in marketing, internal communication, external communication, digital accessibility, and inclusive communication and language.

Customer Protection

Personal Data Protection

Our Personal Data Protection Policy focuses on correctly preventing, managing and controlling compliance risks regarding personal data protection that could affect the Bank. It determines what Santander Mexico employees, no matter their function, must take into account in order to ensure compliance with data protection.

As a Responsible Bank, we comply with information security standards and data protection and privacy laws to protect our customers’ sensitive and personal information. Our Data Security Incident Management Policy and Privacy Notice allow us to ensure the proper handling and use of our customers’ information, as well as providing them with timely information about their rights.

As additional measures to consolidate personal data protection measures for our customers, we have created a Compliance area within the bank to classify information and create data inventories for the information being used. We have also created training manuals and courses, available to all our employees, that focus on data protection.

Principles of Consumer Protection

We have created specific functions for Financial Consumer Protection in order to listen to our customers on a daily basis and learn more about how they think and feel with regard to the Bank.

This is why we are working on communicating a culture of Consumer Protection, making our customers the center of our business in order to listen to them and address their needs.

Our Consumer Protection Policy stipulates specific criteria to identify, regulate and exercise our customer’s rights in terms of their relationship with Santander Mexico, in addition to stipulating specific compliance supervision and control criteria.

To ensure our relationship with our customers is based on transparency and ethics, we have implemented the ten Principles of the Financial Consumer:

  • 1. Fair and Respectful Treatment.
  • 2. Design of Customer-Centric Products and Services.
  • 3. Transparency in Communication.
  • 4. Responsible Pricing.
  • 5. Asset Protection.
  • 6. Personal Data Protection.
  • 7. Complaint Management.
  • 8. Financial Education.
  • 9. Responsible Innovation.
  • 10. Vulnerable Customers.



We continue bolstering our Consumer Protection processes, and to do so we have been raising awareness about a culture of personal data protection among our employees, helping them see how important the privacy notice is and how serious a matter it is to transfer data without complying with official standards.

We also have prevention campaigns aimed at our customers, including:

  • Providing information about fraud prevention measures.
  • Reconfirming that the Bank will never request their personal information during phone calls or via message and/or e-mail.
  • Offering continuous employee training regarding the handling of personal information and measures to avoid data theft.

Privacy, Data Protection and Cybersecurity

We are aware of the importance of technologies in our constantly changing world, which is why we strive to use them to achieve our goals. However, we also know that the use of these tools implies responsibility given the inherent risks. We have a number of policies to protect data and information within the Bank. These policies are based on industry standards and are the result of regulatory compliance, as well as good practices in the sector.

The Data and Information Protection Policy provides management within Grupo Financiero Santander México (GFSM) with the minimum compulsory requirements to develop, implement and maintain safeguards and controls to protect third parties’ data and information, as well as the Bank internal data and information protection. We also have a Data Loss Prevention Policy that provides GFSM management with the minimum compulsory requirements to detect data exfiltration.

Furthermore, through the Santander Employee Cybersecurity Requirements Policy, we promote the responsible use of information technology among our employees and third parties, focusing on areas of risks and misuse. Its function is to show how reputational or commercial risks can be avoided, mitigated or managed through Santander’s key cybersecurity standards. In addition to these policies, our Corporate Cybersecurity Framework is the approach to identify vulnerabilities in Information Systems that pose a risk to data security and is based on industry standards such as NIST/ISO/ IEC 27001/ISO/IEC 27002.

The objective of the Corporate Cybersecurity Framework, and its development, is to make Santander a cyber-resilient organization through proactive and holistic risk management, allowing the company and its customers to benefit from the enormous opportunities offered by digital technology. To this end, effective management of growing risk requires a global approach to cybersecurity in all geographic and business areas.

Cybersecurity management is complex due to the global and dynamic nature of threat sources and their techniques. Attacks can originate anywhere in the world and the impact of an incident in one country or business area can affect all other Group geographies. This is especially relevant in the reputational risk context, when the Group's reputation may be affected by an attack on any of its entities or subsidiaries.

In Mexico, local authorities - such as the National Banking and Securities Commission (CNBV) through the Bank Circular (Circular Única de Bancos) and the Bank of Mexico through a number of circulars that outline the standards for payment methods - establish the reporting of relevant cybersecurity incidents within the fixed timeframes and terms stipulated in the regulations with which our Cybersecurity Incident Response Policy is aligned. As well as the operation manuals and the Bank of Mexico circulars (BANXICO) and the Federal Law on Protection of Personal Data Held by Private Parties (INAI).


In addition, our Cybersecurity Incident Response Policy outlines the minimum compulsory requirements for GFSM’s Cybersecurity Incident Response strategy, which includes the trends, frequency and origin of attacks on systems, data and information. The communication and scaling of incidents is undertaken based on this policy and its applicable regulations.

The growing cyberthreat, added to Santander's increasing dependence on digital systems, makes Cybersecurity one of the main non-financial risks for the Bank. The protection of systems, information and customers are a top priority for the Group and an essential component of Santander's goal of "contribute to the progress of people and companies" and "provide excellent digital services to our customers".

The cybersecurity risk for Santander in terms of new and emerging cyberthreats, as well as the attack vectors it faces, is made up of three key elements:

  • Unauthorized access or improper use of information or systems (personal information theft, plans for mergers and acquisitions or intellectual property).
  • Electronic fraud (diversion of payments by electronic means, withdrawal of funds from customer accounts and channel fraud, credit card fraud, identity theft, etc.).
  • Business activity alteration due to a cyber incident (cyber sabotage, cyber extortion, denial of service, ransomware).

Through our Cyberthreat Intelligence Policy, we outline the minimum compulsory requirements for compiling, processing, analyzing, communicating and integrating intelligence regarding cyberthreats that include payment methods and attack vectors of, among others, ransomware.

Our employees play a fundamental role in guaranteeing the cybersecurity of Santander Mexico, which is why, through a range of internal communication campaigns, training sessions and other activities, we raise awareness among them regarding good practices and the measures that they should take to protect information. Our employees must take compliance courses within established timeframes and pass the corresponding assessments. We also invite them to attend information security and technological risk days organized by the Group.

We have an Information Security Awareness and Training policy that outlines the minimum compulsory requirements for developing, implementing and maintaining safeguards and controls for information security training and awareness activities. These annual events are compulsory for all employees and are offered during the onboarding process.

The content of the training must include scenarios that cover areas of significant and growing concern, including phishing and social engineering, data loss via e-mail or removable media, and the involuntary publication of confidential or proprietary information on social media.

During 2021, we coordinated the following activities:

  • Sent e-mails that contain examples of possible cyberattacks.
  • Provided recommendations to keep passwords safe and the importance of doing so.
  • Offered cybersecurity tips and the five cybersecurity codes of conduct to all Bank employees.
  • Hackin’ Hacktober: sessions offered by the Cyber Response team to raise awareness among employees of the most recent ransomware attacks or WhatsApp impersonation.
  • NoMoreRansom: Santander Group officially joined this Europol program that offers free resources to victims of ransomware.
  • Phishing Grand Slam: an annual phishing competition held in October involving all employees, the winners were those with the fewest clicks and the most reports of spam.
  • My Phishing History 2021: during October, all employees received a summary of their performance during global phishing exercises and feedback from their superiors.


Customer Ombudsman

In order to detect areas of opportunity within the Bank and to improve our services, we have an institutional model to listen to our customers. The Customer Ombudsman model has been perfected since it was first implemented more than ten years ago. It is coordinated by third parties, meaning that the conflict resolution process is objective, efficient and transparent.

The figure of the Customer Ombudsman has evolved, and as part of this transformation we are no longer directly dependent on the Board of Directors. Our support and reports are directly submitted to the Group’s President, taking into consideration that it is essential to correctly obtain the company’s results in a manner that is respectful of the community we serve and operate in.



* As a result of the COVID-19 pandemic, the Customer Ombudsman continued working remotely.
15. 61.43% of cases were ruled in favor of the customer.

Business Practices

In order to adapt to the constant changes within the global economy and to emerging business practices, we continuously work on developing our products and services. We not only strive to ensure they are innovative and have a positive impact on society, but we also ensure they help protect the environment and mitigate climate change.

We comply with competitive business practices and engage with our customers through responsible marketing and conscious sponsorship.

Responsible Marketing

Through responsible marketing, we ensure that our customers are clearly informed about our products and services. This marketing is aligned with our sustainable culture and our social and environmental activities. We also strive to ensure our marketing is responsible for society, companies and the context within which we operate.

During 2021, we implemented the following measures:

  • 1. Reduction in the amount of printed advertising at branches.
  • 2. Suppliers of outdoor advertising use biodegradable inks.
  • 3. Focus on using digital billboards rather than traditional printed ones.

We also rolled out an institutional campaign entitled the Dreams Campaign to consolidate Santander’s position, communicating to our customers that whatever is important to them is taken seriously by the Bank. At a creative level, the campaign uses a very recognizable visual resource – balloons – to represent the dreams of our customers.

Social Media

Thanks to social media, we are able to communicate directly, constantly and effectively with our stakeholders. Through Facebook, Twitter, LinkedIn, Instagram and YouTube, we share content with information that is interesting to the different audiences we interact with, such as videos, infographics, social campaigns, virtual talks and news related to financial education, education and data protection to help avoid fraud, among others.

Campaigns and Sponsorship

We have participated in campaigns and coordinated sponsorship agreements to generate added value for our stakeholders through a range of activities, such as cultural, sporting or entertainment events. We have achieved this by actively listening to and meeting the needs and interests of our customers.

New Product Marketing and Transparency

We are aware of the importance of ensuring transparency in our communication and keeping our customers informed of the benefits and possible drawbacks of our products. This is why we have a Local Marketing Committee (CLC) that is tasked with activities related to the marketing of our products. It focuses on evaluating and mitigating any conduct, reputational and operational risks that may exist during the design, sale and after- sales processes for product marketing, as well as guaranteeing that the products and services comply with market requirements and customer needs.

In order to improve our customers’ experience when using our products, we have worked on a number of programs to offer them the opportunity to become involved in the creation of new products and services. We listen to our customers and analyze their needs with regard to improvements of products that already exist or products that they would like the Bank to offer.

In addition to the information stipulated in the contract, customers are informed of any fees, exclusions, total annual costs, total annual earnings, and advertising terms and conditions for each of the Bank’s products and services.