Responsible Disclosure

Reporting NWB Bank’s ICT system vulnerabilities
If you happen to identify a weak spot in one of NWB Bank's ICT systems, we would like to hear from you so that any necessary measures can be taken swiftly. NWB Bank wishes to work together with you to further improve the security of our ICT systems. With this objective in mind, NWB Bank observes the procedures in the policy below for dealing with any vulnerabilities identified by you in NWB Bank's ICT systems. You may hold NWB Bank to these procedures if you encounter a weakness in one of the ICT systems and report it to us.

We ask that you:
• E-mail your findings to info@nwbbank.com. Encrypted if possible, to prevent the information from falling into the wrong hands.
• Provide enough information to reproduce the problem, so that NWB Bank can resolve it as soon as possible. The IP address or URL of the system in question and a description of the problem is usually sufficient, however more complex vulnerabilities may require additional information.
• Provide your contact details, so that NWB Bank can get in touch with you in order to work together on a secure result. Please provide at least an e-mail address or telephone number.
• Report the vulnerability to NWB Bank as soon as possible after discovering it.
• Do not share information on the vulnerability with others until the problems have been resolved.
• Act responsibly with your knowledge of the vulnerability by not performing any more actions than are necessary in order to demonstrate the vulnerability.

In any event, please refrain from the following:
• Installing malware.
• Copying, modifying and/or deleting data in any systems (or, alternatively, making a directory listing of a system).
• Modifying systems in any way.
• Repeatedly gaining access to the system or sharing access with others.
• Using 'brute-force' attacks to gain access to systems.
• Using denial-of-service or social engineering.
• Exploiting the vulnerability more than is necessary to establish its presence.
• Repeatedly gaining access to the system or sharing access with others.

What to expect:
• If you find and report a vulnerability in one of NWB Bank's ICT systems in accordance with the conditions above, NWB Bank will not associate any legal consequences with this report.
• NWB bank will handle reports confidentially and not share personal information with third parties without the reporting party's permission, unless required by law or by a court ruling.
• If you desire, and subject to mutual consultation, NWB Bank may report your name as the discoverer of the vulnerability.
• NWB Bank will send you a confirmation of receipt within three days of receiving your report.
• NWB Bank will respond to a report within 7 days with an assessment of the report and an expected solution date.
• NWB Bank will keep the reporting party up-to-date on progress towards a solution to the problem.
• NWB Bank will resolve the vulnerability in an ICT system as quickly as possible, but within a maximum period of 60 days. Meetings can be scheduled to discuss whether, and if so how, the problem will be publicly reported on following its resolution.
• If the vulnerability is difficult or impossible to solve, or if the solution would necessitate a disproportionate quantity of resources, NWB Bank may decide to accept the vulnerability and prohibit further publication on the matter.
• In consultation with the reporting party, NWB Bank may agree to inform the wider ICT community of the vulnerability, if it seems likely that the vulnerability may also be present elsewhere.
• NWB Bank may issue a reward or token of appreciation for your help. Any such reward or token of appreciation will be based on the severity of the vulnerability and the quality of the report, but must involve a serious vulnerability previously unknown to NWB Bank.

Other provisions:
• Do not publicly announce the vulnerability, but get in touch with us and give us the time to resolve the issue.

Corporate Social Responsibility

Besides a strong financial position and efficient business operations, we attach great value to social responsibility.