CIMB Whistle Blowing Policy

At CIMB, we expect our employees to conduct themselves with a high standard of professionalism and ethics in the conduct of our business and professional activities.


As part of good corporate governance, CIMB have establish a whistle blowing policy that sets out avenues for legitimate concerns to be objectively investigated and addressed. Individuals will be able to raise concerns about illegal, unethical or questionable practices in confidence and without the risk of reprisal.

So, what is whistle blowing?

Whistleblowing is the voluntary disclosure of inappropriate, unethical or unlawful behaviour and practices by the management or employees. It includes how employees, customers and investors are treated. The following are generally accepted as improper and reportable conduct for whistleblowing, of which the list is not exhaustive:


  • Any unlawful or illegal activities, whether criminal or breach in civil law;
  • Breach of policies and/or procedures;
  • Fraud, theft, embezzlement or dishonesty;
  • Corruption/bribery;
  • Bullying and harassment;
  • Actions which can cause physical danger/harm to another person and/or can give rise to risk of damage to properties/assets;
  • Forgery or alteration of any documents belonging to the Company, customers, another Financial Institution, or agents of the Company;
  • Poor or unethical sales practices, including mis-selling;
  • Profiteering as a result of insider knowledge;
  • Gross mismanagement or dereliction of duties;
  • Conflict of interest;
  • Misuse of position or information; and
  • Any other similar or related irregularities.

Who should raise a concern?

Anyone has the right to whistle blow. This Policy applies to all matters involving the CIMB’s employees (including former employees and irrespective of nature of employment status), customers and any other stakeholders/persons providing services to the Group, including consultants, vendors, independent contractors, external agencies and/or any other party with a business relationship with CIMB.

How to make a disclosure?

We take whistle blowing seriously and your concern matters to us, so we would like to hear from you if any of your disclosure is related to improper practices occurring within CIMB. Any disclosure can be made to any of the following dedicated reporting channels:



Alternatively, the Whistleblower may report directly to relevant government or regulatory authorities and enforcement agencies in Malaysia as prescribed by the Whistleblower Protection Act 2010 such as Bank Negara Malaysia (BNM), Malaysian Anti-Corruption Commission (MACC), Association of Banks Malaysia (ABM), Police, etc.


To facilitate an investigation into the alleged wrongdoing, where possible and applicable, the following information should be included when making a disclosure:


a)         Brief description of the misconduct;

b)         The date and location of the incidence;

c)         The identity of the wrongdoer;

d)         Particulars of witnesses, if any;

e)         Supporting evidence and/or documents;

f)          Other details deemed to be useful to facilitate screening and action to be carried out.


Where possible, the whistleblower is encouraged to disclose his/her personal details to enable the relevant parties conducting the investigation to contact the Whistleblower for further information:


a)            Name; and

b)            Contact details - email address and/or telephone number.


How does the Group handle the information provided by you?

After receiving the report of any alleged wrongdoing, it will be investigated by our Group Corporate Assurance Division and reporting to an Independent Board of Director.


If the outcome results in a proven case of wrongdoing/malpractice and confirms the allegations, disciplinary action shall be instituted against the related employees in accordance with the company’s policy.


Whistleblower Protection

CIMB commits to ensure that all disclosed information, including the identity of the whistleblower shall be treated with strict confidentiality. All personnel, directly or indirectly working relative to a whistleblowing case, shall strictly protect the identity of the whistleblower and witnesses from unauthorized disclosure before, during and after an investigation.


CIMB is also committed to protect the whistleblower from all acts of harassment, retaliation, victimization and recrimination arising from making the disclosure in good faith.


There may be certain circumstances where the identity of the whistleblower may need to be revealed on a need to know basis (e.g. requirement to testify in court). If such a situation arises, the Group shall discuss and seek consent with the whistleblower first before proceeding with the case.


The protection will be removed if it is found that the whistleblower was also involved in the improper conduct, or if the whistleblower is found to have made the disclosures in bad faith.

Responsibility of Whistleblower

   (a)        Whistleblower makes the disclosure in good faith.


   (b)        Whistleblower reasonably believes that the information and allegations are substantially true.


   (c)        Whistleblower is not acting for personal gain. If the case involves the complainant’s personal interests, it

               must be informed at the outset.