Code of Conduct

Corporate Governance

1. Core Philosophy of the Group

-“Creating Value, Enabling Our People and Acting with Integrity”
 

The Group’s commitment towards ethical values and standard of behaviour are supported by the CIMB philosophy of “Value Creation, Enabling People and Integrity”. The promotion of ethical values and risk management culture within the Group whereby the demand for integrity and honesty is non-negotiable remains the core theme of the Group’s operational risk awareness programme.

The Board recognises its role in establishing ethical values that support a culture of integrity, fairness, trust, forthrightness and pursuit of excellence. The Board not only ensures the Group operates successfully, but achieves sustainable growth over the long term.

Having established Policies and Procedures and best practices, the Board extends its roles further with a view to promoting ethical values and standards amongst employees through various efforts and initiatives.

The Board has responsibility in ensuring stakeholders’ interests are safeguarded at all times and that the business of the Group is conducted in an ethical manner.

All employees of the Group are expected to discharge their respective duties with the highest level of integrity in line with relevant laws and regulations and the Group’s policies, guidelines and best practices.

2. Code of Ethics

The Code of Ethics for all its employees encompasses all aspects of the day-to-day business operations of the Group. The Code of Business Ethics and Employees Code of Conduct states categorically that any form of bribery is not tolerated, including receiving and giving of personal gifts. Employees must not put themselves in an obligated or compromised position in any business dealing. Among others, employees should not accept gifts from principals, vendors, suppliers, contractors, customers and other third parties that may influence or are perceived to be able to influence any decision-making process in the organisation.

All employees are required to acknowledge the Code of Ethics & Conduct on a yearly basis.

For the complete Code of Ethics & Conduct, please view it here.

3. CIMB Group Anti-Bribery And Corruption Policy Statement

CIMB is committed to the highest standards of ethical conduct and integrity in our business activities. We are also fully committed to comply with all laws and regulations which govern our business and operations.

CIMB takes a zero-tolerance approach towards bribery and corruption and is committed to acting professionally, fairly and with integrity in all business dealings and relationships in all jurisdictions in which it operates. We are committed to implementing and enforcing effective measures to counter bribery and corruption which are punishable offences in accordance with the anti-bribery and corruption laws.

CIMB has put in place an Anti-Bribery and Corruption framework which includes the policies, procedures, risk assessments, due diligence on third parties and associated persons, and employee training programme. This policy applies to all associated persons of CIMB which includes CIMB’s directors, partners, employees, consultants, contractors, agency employees, volunteers, agents, sponsors, business partners or any other persons associate with CIMB, no matter where they are located, within or outside of Malaysia.

The CIMB Group Anti-Bribery and Corruption Policy sets out the guiding principles for CIMB to address and manage bribery and corruption risks in all its dealings and related issues that may arise in the course of business. It reiterates our commitment to full compliance by our employees and associated person with the Malaysian Anti-Corruption Commission (MACC) Act 2009 and the MACC (Amendment) Act 2018 and any other local anti-bribery or anti-corruption laws in our respective jurisdictions of operations and business which may be applicable. This Policy complements and should be read in conjunction with CIMB’s Code of Ethics and Conduct and our Whistleblowing Policy, copies of which can be obtained from our website here. 

Gifts, Entertainment And Hospitality 

CIMB has adopted a “No Gift” Policy whereby all employees and their immediate family members are prohibited from, directly or indirectly, receiving or providing gifts. We require our employees to abide by this policy to avoid conflict of interest or the appearance of conflict of interest for either party in on-going or potential business dealings between CIMB and external parties as gifts can be seen as a bribe that may tarnish our reputation or be in violation of anti-bribery and corruption laws.

However, we recognise that the exchange of business courtesies, such as modest gifts, hospitality and entertainment (including meals, invitations to attend promotional events or corporate functions) particularly during festive periods is customary and legitimate to create goodwill, and/or strengthen business and commercial relationships. Such courtesies are allowed if they are not lavish, appropriate and reasonable in the light of accepted business practices of the relevant businesses that the Group operates in and is not intended to improperly influence the decisions of the person involved.

In deciding on whether to receive or accept a gift, consideration will be given to the following key guiding principles:

• Value of the gift;
• Purpose for the giving/receipt of the gift;
• Nature of the gift;
• Transparency in the giving/receipt of the gift;
• Perception in the giving/receipt of the gift.

CIMB’s employees or associated person must not give or request favours or offer or accept gifts or any personal benefit or privilege of any kind with a value that could in any way influence (for example, by causing the person to act or fail to act in violation of a legal duty, by causing the person to abuse or misuse their position, by securing an improper advantage, contract or concession, etc.) the judgment of the recipients or a third party in their business dealings with or on behalf of CIMB or any other party.

As a general rule, a reasonable amount of entertainment is allowed for the purpose of business networking, fostering relationships with external parties or showing hospitality and occur sparingly.

The key guiding principles in ensuring the entertainment given or received are appropriate are as follows:

• It is for bona fide purpose;
• The activity will not create any obligation or expectation on the recipient;
• The expenditure will not be seen as intended for or capable of achieving undue influence in relation to a business transaction;
• The value and nature of the expenditure is not disproportionate to the occasion;
• It is not overly frequent;
• The expense will be fully documented including purpose, approvals, attendees.

Facilitation Payments & Kickbacks 

“Facilitation Payments” is defined as payments made to secure or expedite the performance by a person performing a routine or administrative duty or function. “Kickbacks” are typically payments made in return for a business favour or advantage.

CIMB prohibits all its employees from making or accepting facilitation payments or “kickbacks” of any kind. Associated persons must avoid any activity that might lead to a facilitation payment or kickback being made or accepted.

Any request for a facilitation payment must be refused and the matter must be reported immediately to the Group through the Whistleblowing Policy and Procedures.

Charitable Contributions / Donations And Sponsorship 

As a responsible corporate citizen, CIMB is committed to contributing to the wellbeing of the people and nation in countries where it operates. It is however important that all donations and sponsorships are made in accordance with CIMB’s policies and receive prior authorisation by CIMB’s Management or the Board.

Employees must ensure that all sponsorships and donations are not used as a subterfuge for bribery or used to circumvent or avoid any of the provisions on bribery. Due diligence must be performed to ensure that donations and sponsorship are not used to facilitate and conceal acts of bribery and that the donations and sponsorships made are appropriate, legal and ethical under local laws and practices and that it will not result in any conflict of interest.

Generally, all sponsorships and donations must comply with the following:

• ensure such contributions are allowed by applicable laws;
• obtain all the necessary internal and external authorisations;
• be accurately stated in the company’s accounting books and records;
• not to be used as a means to cover up an illegal payment or bribery.

Political Contributions  

As a matter of general policy, CIMB does not make or offer monetary or in-kind political contributions to political parties, political party officials or candidates for political office.

Record Keeping

The Group and the respective business units will keep financial records and have appropriate internal controls in place which will evidence the business reasons for making payments to, and receiving payments from, any person.

Employees must ensure that all expense claims relating to hospitality, gifts or expenses incurred to third parties are submitted in accordance with the payment authority of CIMB’s delegated authority and specifically record the reason for the expenditure. Employees shall further ensure that all expense claims shall comply with the terms and conditions of this policy.

All accounts, invoices, memoranda and other documents and records relating to dealings with third parties, such as clients, suppliers and business contacts, must be prepared and maintained with strict accuracy and completeness.

All employees are reminded that no accounts shall ever be kept “off-book” or considered “off-record” to facilitate or conceal improper payments.

Raising A Concern Or Complaint 

Our success in combating all forms of bribery and corruption hinges on the employees’ commitment to adhere to this Policy. Therefore, it is the responsibility of all employees to promptly report any suspected contraventions of this Policy.

If any employee has any suspicions or concerns regarding conduct to which this Policy applies, or if the employee becomes aware of any action in conflict with this Policy, he must report those concerns or actions to his HOD, or report their concerns, confidentially, by following the procedure set out in the Whistleblowing Policy made available via the Company’s website here.

Any report made will be treated with utmost confidentiality. No employee or associated persons acting in good faith will suffer adverse consequences to his employment or retaliation for reporting or for refusing to engage in prohibited conduct, even if such refusal results in loss of business opportunities to the Group.

If the employee believe that he had suffered any detrimental treatment as a result of refusing to take part in bribery, or because of reporting concerns under this policy in good faith, the employee should raise the matter by following the procedure set out in the Whistleblowing Policy made available via the Company’s website here. 

Training & Communications

Our employees will be provided with regular Anti-Corruption and Bribery compliance training programmes to educate them about the requirements and obligations of anti-bribery and corruption laws and this Policy.

For successful compliance of this policy, we will be responsible to ensure continuous efforts to communicate, train and educate all our employees and associated persons.

Responsibility For The Policy  

The CIMB Management team sets the tone at the top providing leadership and support for the Policy and take responsibility for its effectiveness within our business units. CIMB Management is responsible for the implementation and all communication and training activities to ensure every employee understood and complied with this Policy.

Monitoring, Review And Due Diligence

CIMB recognise that managing an anti-bribery and corruption programme is a continuous process and a systematic review and monitoring process is necessary to ensure its objectives are being met. Internal control systems and procedures will be subjected to regular review to ensure the effectiveness and compliance to the anti-bribery and corruption programme and policy.

Effective Date 

1 July 2024. 

4. Group Chinese Walls Policies and Procedures

The Group has in place the CIMB Group Chinese Walls Policies and Procedures (Chinese Walls P&P) which establishes policy and procedures to control the flow of confidential or material non-public price sensitive information within the CIMB Group to minimise the risk of breach of insider trading laws. The Chinese Walls P&P ensures that the possession of confidential information relating to a client of the CIMB Group does not give rise to a risk or perceived risk of conflict between the organisation’s interest and its duty to its client and between its duties that may be owed to its various clients.

The Chinese Walls P&P are applicable to members of management committees, committees established by the Board, particular divisions and all relevant employees within the Group that are most likely to have access to material non-public price sensitive information to manage the risk of breach of insider trading provisions under applicable laws/regulations of the various jurisdictions in which the Group has presence.

5. Group Conflict Management Policies and Procedures

Provision of certain services may result in employees being in possession of confidential or material non-public information/price-sensitive information that relates to clients, suppliers or any third parties.

The Group’s Conflict Management Policies and Procedures (Conflict Management P&P) provides guidance to employees on how to identify, minimize and manage conflict of interest and potential conflict of interest in the course of carrying out the business activities of the Group. Employees are required to refer, in a timely manner, all conflict and potential conflict of interest issues to the Control Room in Group Compliance for resolution.

Every employee is required to maintain the confidentiality of all confidential information that comes to his/her knowledge and possession in the course of his/her employment whether or not such information is material. Employees are not to pass on confidential and material non-public information/price sensitive information to any person, unless in accordance with the Conflict Management P&P and Chinese Walls P&P.

Among others, employees shall not seek to obtain confidential or material non-public information/price-sensitive information, unless:-

(i) The employee require the information to carry out his/her task in accordance with the business purposes;
(ii) Obtaining such information does not violate any confidential arrangement/duty owed to client; and/or
(iii) The employee had followed appropriate policies and procedures in line with the Chinese Walls P&P.

In addition, employees are not to deal in the securities, or enter into an arrangement for or with a view to deal in the securities, or procure others to deal in the securities, of any company listed or pending listing, at any time when he/she is in possession of price-sensitive information about the company, which is not publicly available, and which, if it were so available, would likely to materially affect the price of the securities.

Employees who possess insider information are also prohibited to communicate such information to other parties, unless in accordance with the Chinese Wall P&P.

6. Group Anti-Money Laundering/Counter Financing of Terrorism (AML/CFT) Policies and Procedures

The Group Anti-Money Laundering/Counter Financing of Terrorism Policies and Procedures (AMLA P&P) provides information on policies, procedures and controls in order to comply with both internal and regulatory AML/CFT requirements. It stipulates the roles and responsibilities of the employees in ensuring compliance and provides guidance on the procedures necessary to prevent, detect and report on money laundering and financing of terrorism activities. All employees are expected to observe and familiarise themselves with the AMLA P&P and be guided at all times, on the policy and procedures on “Detection and Monitoring of Suspicious Transactions” and “Reporting of Suspicious Transactions”.

All Reporting Institutions (RIs) as defined by Bank Negara Malaysia, within the Group are required to adopt and implement the AMLA Compliance Programme framework which includes the following:-

(i) Establishment of clearly documented policies and procedures on Customer Due Diligence/Know Your Customer (CDD/KYC) as approved by the Board;
(ii) Establishment of clear roles and responsibilities of implementers (e.g. Board of Directors, Senior Management, Heads of Business and Support Units Anti Money Laundering Compliance Officer (“AMLCO”), Designated Compliance and Risk Officer (“DCORO”) and Internal Audit);
(iii) Appointment of an AMLCO;
(iv) Detection, monitoring and reporting of suspicious transactions;
(v) Record keeping requirements;
(vi) On-going employee training;
(vii) Regular updates to Senior Management; and
(viii) Regular independent audit of the internal AML/CFT measures to assess the adequacy and effectiveness of the AMLA Compliance Programme

In ensuring efficient detection of suspected financing of terrorism, the Group has enhanced its consolidated database of names and particulars of listed sanctioned individuals/entities from the UN Consolidated lists, as well as names from regulatory instructions and legal orders, to facilitate the RIs in conducting checks of new and existing customers for potential money laundering and terrorist financing activities.

7. Customer Management

At branch level, all employees are required to know the Group products well and educate customers on individual products including the risks involved as specified in the guidelines by Bank Negara Malaysia.

Customer Privacy

All employees are constantly reminded of the consequence for breaches of customer privacy and confidentiality of customer information. Any employees found in breach of these laws will be subject to disciplinary action which may include dismissal.

Customer Complaints

The Group is transparent in handling customer-based complaints and is accessible to customers 24-7 via call centre at 1-300-880900 and via corporate website. Avenues are provided for customers to lodge complaints and feedback in many ways- emails, letters, telephone calls or walk in to any of the branches or centres, as well as through social media channels like Twitter and Facebook.

The Customer Resolution Unit (CRU) assists branches as a second level escalation point of contact for all complaints. CRU’s contact details are made available on the Group’s corporate website, BNM’s weblink and forms such as remittance applications, letters of offers and collection communications.

8. Whistleblowing

A well-disciplined and professional workforce is the cornerstone of a successful organisation. To realise the Group vision to be a successful organisation, all employees are expected to be vigilant about any wrongdoings, malpractices or irregularities at the workplace. All employees are to report promptly such instances to the Management for immediate rectification or for other necessary measures in minimising potential financial or reputational loss.

Examples of wrongdoings, malpractices or irregularities include, but are not limited to the following:-

• Any unlawful or illegal activities, whether criminal or breach in civil law;
• Breach of policies and/or procedures;
• Fraud, theft, embezzlement or dishonesty;
• Corruption/bribery;
• Bullying and harassment;
• Actions which can cause physical danger/harm to another person and/or can give rise to risk of damage to properties/assets;
• Forgery or alteration of any documents belonging to the Company, customers, another Financial Institution, or agents of the Company;
• Poor or unethical sales practices, including mis-selling;
• Profiteering as a result of insider knowledge;
• Gross mismanagement or dereliction of duties;
• Conflict of interest;
• Misuse of position or information; and
• Any other similar or related irregularities.

Any reports on wrongdoings, malpractices or irregularities may be e-mailed to whistleblowing@cimb.com, where the matter will be investigated accordingly.

The Group is wholly committed to ensure strict confidentiality and will not only protect the identity of the complainant but will also protect the complainant from any harassment and victimisation at work due to the disclosure.

Find out more about our Whistle Blowing policy here

9. Fraud Management

a. Fraud Management Policies and Procedures

The Fraud Management Policies and Procedures (Fraud Management P&P) provides guidelines on escalation of any incidence of fraud that is suspected/committed within and against the Group.

It is the responsibility of the management, employees, customers, consultants, vendors, contractors or any other parties who have either direct or indirect business relationships/dealings with the Group to immediately report any fraud or suspected fraud to the relevant authority. Under the Human Resource Policy manual, reports of fraud or defalcation are to be reported within 24 hours from its occurrence or detection.

b. Staff Fraud Investigation

GIAD undertakes investigations of complaints of irregularities and fraud perpetrated by staff as well as allegations of misconduct and unethical practices. GIAD also plays a consultative role in providing feedback on preventive measures and remedial action in enhancing organisational value. It aims at instilling in all staff an awareness of management’s non-tolerance of fraud, unethical practices and irregularities to emphasis the importance of integrity.

c. Fraud Detection

In an effort to ensure that fraud is contained and minimised, the Group constantly monitors new trends and developments on frauds to implement controls and detection tools.

Training is conducted in forensic psychology, sociology and observation techniques from the fraud perspective and on the detection of forgeries. Two ongoing training modules to educate staff on how to identify a fraudster by observation entitled “How to Suspect Staff Committing/Planning Fraud” and another to detect suspicious signatures entitled “How to Detect Forged Signatures/Writings/Prints” are conducted for relevant front line staff.

To further enhance the fraud detection initiatives, a fraud intelligence system has been developed to track suspicious transactions. This is a unique system that does not rely on profiling and fixed Key Risk Indicators (KRIs). The KRIs evolve according to international banking fraud trends.

d. Reporting to Regulators and Supporting Public Policy

Frauds and defalcations, robberies and burglaries, breaches of Code of Ethics, regardless of amounts are being reported to the Regulators in line with the applicable laws and guidelines, within the stipulated timeframe.

The Group shall ensure full compliance with applicable laws and regulations. At all times the Group shall not harm the relationship with government offices or departments. Employees are expected to commit to and co-operate with requests for information from government agencies and regulators.

10. Roles of Group Compliance

Group Compliance facilitates, advises, monitors and educates the Business and Support Units/ entities to act in accordance with legislations, laws, regulations and guidelines.

All staff, including probationary and contract staff are required to comply with the relevant legislations, laws, regulations, guidelines and the Group’s internal policies and procedures. Compliance with the Group’s Policies and Procedures (P&P) are mandatory.

11. Human Resource Policies and Procedures and Training

The Human Resources Policies and Procedures (HRPP) across the organisation cover all aspects of management of human resource within the Company, including termination of employees. The HRPP are reviewed constantly to keep it current and effective and all changes are communicated to employees via email or memoranda. The revised policies and procedures are placed in the intranet as well so that employees can refer to the updates easily and at their convenience.

The development of e-learning focusing on areas of operational risk awareness and compliance promotes and strengthens ethical values and integrity in the course of work.

Topics and training programmes pertaining to fraud detection are available for all employees to provide employees with in-depth understanding of fraudulent acts and promotes integrity through the practices of ethical principles in the course of their duties.

Training on Anti-Money Laundering/Counter Financing of Terrorism is carried out regularly to emphasise the Group’s view on non-tolerance to fraud and is made mandatory for all employees within the Group.

12. Communication

Employees are periodically reminded on the value of integrity within the organisation, on the relevant policies via e-mail or memoranda and also through relevant training sessions.

Fraud Alert from Government agencies, Global Fraud Report, Articles and News pertaining to fraud are disseminated to all employees via the Group intranet. This serves as a warning to employees that fraud, non-compliance and unethical conduct are not tolerable and the Management will not compromise and hesitate in taking action against the fraudsters.

13. Acknowledgement

New recruits are briefed on the Code of Ethics upon joining and are required to acknowledge in writing their acceptance and understanding of the code. Further reinforcement on the code is also done during the Group Orientation Programme. Directors and employees are expected to observe high standards of integrity and fair dealing in relation to customers, staff and regulators in the communities within which the Group operates.

14. Disciplinary Actions and Offences

Prompt investigations on reported fraud cases involving employees are conducted and swift and stern action are taken against the offenders. The action taken includes termination of employment services and filing of civil suit for recovery of losses against the employees.

These firm actions send a clear message to all employees that the Group views fraud very seriously. Violations of the laws and guidelines as well as the Group’s P&P are grounds for disciplinary actions up and including termination of employment.