Code of Conduct
1. Core Philosophy of the Group
-“Creating Value, Enabling Our People and Acting with Integrity”
The Group’s commitment towards ethical values and standard of behaviour are supported by the CIMB philosophy of “Value Creation, Enabling People and Integrity”. The promotion of ethical values and risk management culture within the Group whereby the demand for integrity and honesty is non-negotiable remains the core theme of the Group’s operational risk awareness programme.
The Board recognises its role in establishing ethical values that support a culture of integrity, fairness, trust, forthrightness and pursuit of excellence. The Board not only ensures the Group operates successfully, but achieves sustainable growth over the long term.
Having established Policies and Procedures and best practices, the Board extends its roles further with a view to promoting ethical values and standards amongst employees through various efforts and initiatives.
The Board has responsibility in ensuring stakeholders’ interests are safeguarded at all times and that the business of the Group is conducted in an ethical manner.
All employees of the Group are expected to discharge their respective duties with the highest level of integrity in line with relevant laws and regulations and the Group’s policies, guidelines and best practices.
2. Code of Ethics
The Code of Ethics for all its employees encompasses all aspects of the day-to-day business operations of the Group. The Code of Business Ethics and Employees Code of Conduct states categorically that any form of bribery is not tolerated, including receiving and giving of personal gifts. Employees must not put themselves in an obligated or compromised position in any business dealing. Among others, employees should not accept gifts from principals, vendors, suppliers, contractors, customers and other third parties that may influence or are perceived to be able to influence any decision-making process in the organisation.
3. Anti Bribery and Corruption Policy
With integrity as one of the core values of CIMB, the Group will not tolerate any acts contrary to this value. The Group firmly believes in acting professionally, fairly and with integrity in all its business dealings and relationships.
As the Group continues to participate in more global deals and interactions with global players, the objective of this policy is to show our global clients and partners that the Group has adequate procedures in place in compliance with any anti bribery and corruption legislations. This will also serve as a key statutory defence for the Group.
Amongst the key features of this policy are:
(i) Setting out the responsibilities of employees and its associates in observing and upholding its position on anti bribery and corruption;
(ii) Defining what would be constituted as bribery and other unacceptable practices; and
(iii) Providing the processes for highlighting breaches of the policy to the Management.
4. Group Chinese Walls Policies and Procedures
The Group has in place the CIMB Group Chinese Walls Policies and Procedures (Chinese Walls P&P) which establishes policy and procedures to control the flow of confidential or material non-public price sensitive information within the CIMB Group to minimise the risk of breach of insider trading laws. The Chinese Walls P&P ensures that the possession of confidential information relating to a client of the CIMB Group does not give rise to a risk or perceived risk of conflict between the organisation’s interest and its duty to its client and between its duties that may be owed to its various clients.
The Chinese Walls P&P are applicable to members of management committees, committees established by the Board, particular divisions and all relevant employees within the Group that are most likely to have access to material non-public price sensitive information to manage the risk of breach of insider trading provisions under applicable laws/regulations of the various jurisdictions in which the Group has presence.
5. Group Conflict Management Policies and Procedures
Provision of certain services may result in employees being in possession of confidential or material non-public information/price-sensitive information that relates to clients, suppliers or any third parties.
The Group’s Conflict Management Policies and Procedures (Conflict Management P&P) provides guidance to employees on how to identify, minimize and manage conflict of interest and potential conflict of interest in the course of carrying out the business activities of the Group. Employees are required to refer, in a timely manner, all conflict and potential conflict of interest issues to the Control Room in Group Compliance for resolution.
Every employee is required to maintain the confidentiality of all confidential information that comes to his/her knowledge and possession in the course of his/her employment whether or not such information is material. Employees are not to pass on confidential and material non-public information/price sensitive information to any person, unless in accordance with the Conflict Management P&P and Chinese Walls P&P.
Among others, employees shall not seek to obtain confidential or material non-public information/price-sensitive information, unless:-
(i) The employee require the information to carry out his/her task in accordance with the business purposes;
(ii) Obtaining such information does not violate any confidential arrangement/duty owed to client; and/or
(iii) The employee had followed appropriate policies and procedures in line with the Chinese Walls P&P.
In addition, employees are not to deal in the securities, or enter into an arrangement for or with a view to deal in the securities, or procure others to deal in the securities, of any company listed or pending listing, at any time when he/she is in possession of price-sensitive information about the company, which is not publicly available, and which, if it were so available, would likely to materially affect the price of the securities.
Employees who possess insider information are also prohibited to communicate such information to other parties, unless in accordance with the Chinese Wall P&P.
6. Group Anti-Money Laundering/Counter Financing of Terrorism (AML/CFT) Policies and Procedures
The Group Anti-Money Laundering/Counter Financing of Terrorism Policies and Procedures (AMLA P&P) provides information on policies, procedures and controls in order to comply with both internal and regulatory AML/CFT requirements. It stipulates the roles and responsibilities of the employees in ensuring compliance and provides guidance on the procedures necessary to prevent, detect and report on money laundering and financing of terrorism activities. All employees are expected to observe and familiarise themselves with the AMLA P&P and be guided at all times, on the policy and procedures on “Detection and Monitoring of Suspicious Transactions” and “Reporting of Suspicious Transactions”.
All Reporting Institutions (RIs) as defined by Bank Negara Malaysia, within the Group are required to adopt and implement the AMLA Compliance Programme framework which includes the following:-
(i) Establishment of clearly documented policies and procedures on Customer Due Diligence/Know Your Customer (CDD/KYC) as approved by the Board;
(ii) Establishment of clear roles and responsibilities of implementers (e.g. Board of Directors, Senior Management, Heads of Business and Support Units Anti Money Laundering Compliance Officer (“AMLCO”), Designated Compliance and Risk Officer (“DCORO”) and Internal Audit);
(iii) Appointment of an AMLCO;
(iv) Detection, monitoring and reporting of suspicious transactions;
(v) Record keeping requirements;
(vi) On-going employee training;
(vii) Regular updates to Senior Management; and
(viii) Regular independent audit of the internal AML/CFT measures to assess the adequacy and effectiveness of the AMLA Compliance Programme
In ensuring efficient detection of suspected financing of terrorism, the Group has enhanced its consolidated database of names and particulars of listed sanctioned individuals/entities from the UN Consolidated lists, as well as names from regulatory instructions and legal orders, to facilitate the RIs in conducting checks of new and existing customers for potential money laundering and terrorist financing activities.
7. Customer Management
At branch level, all employees are required to know the Group products well and educate customers on individual products including the risks involved as specified in the guidelines by Bank Negara Malaysia.
All employees are constantly reminded of the consequence for breaches of customer privacy and confidentiality of customer information. Any employees found in breach of these laws will be subject to disciplinary action which may include dismissal.
The Group is transparent in handling customer-based complaints and is accessible to customers 24-7 via call centre at 1-300-880900 and via corporate website. Avenues are provided for customers to lodge complaints and feedback in many ways- emails, letters, telephone calls or walk in to any of the branches or centres, as well as through social media channels like Twitter and Facebook.
The Customer Resolution Unit (CRU) assists branches as a second level escalation point of contact for all complaints. CRU’s contact details are made available on the Group’s corporate website, BNM’s weblink and forms such as remittance applications, letters of offers and collection communications.
8. Code of Conduct for Directors, Officers and Employees in the Banking Industry
The Group has adopted the Code of Conduct for Directors, Officers and Employees in the Banking Industry (BNM/GP7) issued by the Bank Negara Malaysia. The BNM/GP7 covers the following:-
(i) Part I: Guidelines on the Code of Conduct for Directors, Officers and Employees in the Banking Industry.
(ii) Part II: Code of Ethics Guidelines on Shares Trading.
(iii) Part III: Guidelines to Prevent Misuse of Bumiputera Names in Public Share Issues.
Part I of BNM/GP7 outlines six principles below. Strict compliance by Directors, officers and employees of the underlying principles are expected, at all time:-
(i) To avoid conflict of interest;
(ii) To avoid misuse of position;
(iii) To prevent misuse of information gained through the Group operations, either for personal gain or for any purpose other than that intended by the Group;
(iv) To ensure completeness and accuracy of relevant records;
(v) To ensure confidentiality of communication and transactions between financial institution and its customers; and
(vi) To ensure fair and equitable treatment of all customers and others who rely on or who are associated with the Group.
New recruits are briefed on the BNM/GP7 upon joining and are required to acknowledge in writing their acceptance and understanding of BNM/GP7. Employees of the relevant business units or divisions are required to acknowledge the CIMB Group Compliance P&P, Conflict Management P&P and Chinese Walls P&P (collectively "P&Ps) within 2 months from the date of employment. Annually, they are also required to reaffirm, in writing a statement confirming compliance with the said P&Ps.
Directors also disclose to the Company information on their related parties for the purposes of monitoring transactions involving related parties.
A well-disciplined and professional workforce is the cornerstone of a successful organisation. To realise the Group vision to be a successful organisation, all employees are expected to be vigilant about any wrongdoings, malpractices or irregularities at the workplace. All employees are to report promptly such instances to the Management for immediate rectification or for other necessary measures in minimising potential financial or reputational loss.
Examples of wrongdoings, malpractices or irregularities include, but are not limited to the following:-
(i) Any unlawful act, whether criminal or civil in nature;
(ii) Breach of policies and procedures;
(iii) Fraud, corruption or dishonesty;
(iv) Actions which can cause physical danger to another person or can give rise to risk of damage to properties/assets;
(v) Forgery or alteration of any documents belonging to the Bank, customers, another financial institutions, or agents of the Bank;
(vi) Pofiteering as a result of insider knowledge;
(vi) Misuse of position or information; and
(vii) Any other similar or related irregularities.
Any reports on wrongdoings, malpractises or irregularities may be e-mailed to email@example.com, where the matter will be investigated accordingly.
The Group is wholly committed to ensure strict confidentiality and will not only protect the identity of the complainant but will also protect the complainant from any harassment and victimisation at work due to the disclosure.
Find out more about our Whistle Blowing policy here
10. Fraud Management
a. Fraud Management Policies and Procedures
The Fraud Management Policies and Procedures (Fraud Management P&P) provides guidelines on escalation of any incidence of fraud that is suspected/committed within and against the Group.
It is the responsibility of the management, employees, customers, consultants, vendors, contractors or any other parties who have either direct or indirect business relationships/dealings with the Group to immediately report any fraud or suspected fraud to the relevant authority. Under the Human Resource Policy manual, reports of fraud or defalcation are to be reported within 24 hours from its occurrence or detection.
b. Staff Fraud Investigation
GIAD undertakes investigations of complaints of irregularities and fraud perpetrated by staff as well as allegations of misconduct and unethical practices. GIAD also plays a consultative role in providing feedback on preventive measures and remedial action in enhancing organisational value. It aims at instilling in all staff an awareness of management’s non-tolerance of fraud, unethical practices and irregularities to emphasis the importance of integrity.
c. Fraud Detection
In an effort to ensure that fraud is contained and minimised, the Group constantly monitors new trends and developments on frauds to implement controls and detection tools.
Training is conducted in forensic psychology, sociology and observation techniques from the fraud perspective and on the detection of forgeries. Two ongoing training modules to educate staff on how to identify a fraudster by observation entitled “How to Suspect Staff Committing/Planning Fraud” and another to detect suspicious signatures entitled “How to Detect Forged Signatures/Writings/Prints” are conducted for relevant front line staff.
To further enhance the fraud detection initiatives, a fraud intelligence system has been developed to track suspicious transactions. This is a unique system that does not rely on profiling and fixed Key Risk Indicators (KRIs). The KRIs evolve according to international banking fraud trends.
d. Reporting to Regulators and Supporting Public Policy
Frauds and defalcations, robberies and burglaries, breaches of Code of Ethics, regardless of amounts are being reported to the Regulators in line with the applicable laws and guidelines, within the stipulated timeframe.
The Group shall ensure full compliance with applicable laws and regulations. At all times the Group shall not harm the relationship with government offices or departments. Employees are expected to commit to and co-operate with requests for information from government agencies and regulators.
11. Roles of Group Compliance
Group Compliance facilitates, advises, monitors and educates the Business and Support Units/ entities to act in accordance with legislations, laws, regulations and guidelines.
All staff, including probationary and contract staff are required to comply with the relevant legislations, laws, regulations, guidelines and the Group’s internal policies and procedures. Compliance with the Group’s Policies and Procedures (P&P) are mandatory.
12. Human Resource Policies and Procedures and Training
The Human Resources Policies and Procedures (HRPP) across the organisation cover all aspects of management of human resource within the Company, including termination of employees. The HRPP are reviewed constantly to keep it current and effective and all changes are communicated to employees via email or memoranda. The revised policies and procedures are placed in the intranet as well so that employees can refer to the updates easily and at their convenience.
The development of e-learning focusing on areas of operational risk awareness and compliance promotes and strengthens ethical values and integrity in the course of work.
Topics and training programmes pertaining to fraud detection are available for all employees to provide employees with in-depth understanding of fraudulent acts and promotes integrity through the practices of ethical principles in the course of their duties.
Training on Anti-Money Laundering/Counter Financing of Terrorism is carried out regularly to emphasise the Group’s view on non-tolerance to fraud and is made mandatory for all employees within the Group.
Employees are periodically reminded on the value of integrity within the organisation, on the relevant policies via e-mail or memoranda and also through relevant training sessions.
Fraud Alert from Government agencies, Global Fraud Report, Articles and News pertaining to fraud are disseminated to all employees via the Group intranet. This serves as a warning to employees that fraud, non-compliance and unethical conduct are not tolerable and the Management will not compromise and hesitate in taking action against the fraudsters.
New recruits are briefed on the Code of Ethics upon joining and are required to acknowledge in writing their acceptance and understanding of the code. Further reinforcement on the code is also done during the Group Orientation Programme. Directors and employees are expected to observe high standards of integrity and fair dealing in relation to customers, staff and regulators in the communities within which the Group operates.
15. Disciplinary Actions and Offences
Prompt investigations on reported fraud cases involving employees are conducted and swift and stern action are taken against the offenders. The action taken includes termination of employment services and filing of civil suit for recovery of losses against the employees.
These firm actions send a clear message to all employees that the Group views fraud very seriously. Violations of the laws and guidelines as well as the Group’s P&P are grounds for disciplinary actions up and including termination of employment.