Sustainability Pages

Governance

Implementation and governance of Code of Ethics 

The Code of Ethics reflects the broader vision of the Bank social and environmental responsibilities. It explains the values the Bank espouse and that CIB has made a commitment to uphold. 
As a company that operates in compliance with strict ethical norms, the Bank has put in place a number of mechanisms that reveal risks that have previously, due to their nature, remained hidden; these include ethical risks. The purpose of the procedural rules is for victims in ethics cases, who until now have been unable to ask for help, to be able to consult and request advice, before taking action, if needs be, and to do so in an anonymous manner. In every member country the Intesa Sanpaolo Group has established a local ethics ombudsman system which, with a few exceptions, investigates ethics-related reports in the member country concerned, and the decisions are also made locally. To enable us to take local conventions into account, in addition to the ethics ombudsman the CIB Group has also established an Ethics Committee, the chairperson of which, as ethics ombudsman, is the Bank's head of CSR. The Bank sends a notification of every report to its head office in Italy without delay. The Ethics Committee does not impose sanctions, its task is to judge whether the claims made in the report are well grounded, and to take steps to share the lessons learned. If the report is well grounded, the Committee passes the case on to the appropriate professional department for investigation and a decision, and also to the HR department for a possible labour-law investigation.

The Group wishes to achieve its goals while observing, and putting into practice, the principles of sustainable development and responsible operation. . Its operation is founded on the seven core values presented earlier in the Executive Summary, and their implementation is ensured by advanced corporate governance systems and decision-making processes.  

Ethical company, responsible operation

	2022	2023	2024
Number of ethical complaints	6	3	2

^{Based on data as of 31 December 2024}

A further decrease in the number of ethical complaints is seen in 2024, while more ethical questions of a general nature were also received from colleagues. One relevant report was received in connection with employee conduct and another in connection with a credit assessment decision.

The Rules of Conduct set out the rules based on the values manifested in the Code of Conduct: they set out in detail the personal rules of conduct, the details of the operation of the bank, and the rules of expected model behaviour, specifically discussing anti-corruption measures and rules on gifts. Breaching the Rules of Conduct may result in disciplinary measures.

The rules ensuring ethical behaviour, with a special focus on corruption-free and non-discriminatory operations, are included in the rules of procedure of the CIB Group as regulations adopted by the Board of Directors, violation of which may have consequences under labour law. Other key areas of corporate governance are the fight against money laundering, the avoidance of conflicts of interest, risk management and internal audit, which are dealt with by specified individuals responsible for these matters.

Integrity in corporate conduct

The CIB Group recognises that compliance with internal and external regulations and Code of Conduct is of significant importance, also from a strategic viewpoint, and therefore it acts in the belief that respecting standards and fairness in business are essential elements in carrying out banking operations, which by nature are based on trust and transparency. Indeed, CIB believes that compliance with standards encourages the creation and maintenance of a competitive economic environment and protection of customer rights, which contributes to the development of local areas and communities. CIB also seeks to be a reliable and professional partner for the regulators. 

In this context, the CIB Group actively adheres to the principles of the United Nations’ Global Compact that envisage the development of policies for combating corruption, protecting human rights and workers’ rights and safeguarding the environment by implementing the internal rules and guidance issued by the Parent Company, Intesa Sanpaolo S.p.A.. Intesa Sanpaolo S.p.A. has defined and implemented a well-structured system of risk assessment throughout the company structures, which is applied according to risk assessment criteria and used by CIB as well. 

Adherence to the rules and integrity of corporate conduct are also ensured through compliance activities focused on the monitoring of risk in relation to fighting corruption and money laundering, counter-terrorist financing, embargo management, protecting consumers and protecting competition. CIB adheres to the principle of active cooperation in preventing these phenomena, which represent a serious threat to the legal economy. 

Fighting against corruption and combating money laundering

The bank regularly revises and updates its Code of Ethics as well as its regulations on the behaviour expected of its employees, which expressly prohibit corruption. Key regulations of Intesa Sanpaolo S.p.A. such as Intesa Sanpaolo Group Compliance Guidelines, Group Anti-corruption Guidelines and Conflicts of interest Management Rules have been adopted by the bank. All employees and the members of the Management Board of the CIB Group regularly attend e-learning courses on anti-corruption topics such as money laundering and the financing of terrorism, as well as conflicts of interest, via the bank’s e-learning platform (MultiLearn) accessed through our internal network. The bank also assesses corruption risks through annual risk analysis and operates controls in anti-corruption areas. Corruption incidents/losses related to operational risk management are being collected and recorded in the Operational Risk Management Database.

In terms of responsible banking operation, clearly defining responsibilities, and in certain cases – depending on the relative importance of the given function – creating a separate organisational unit, is of key importance. The bank regards legal compliance – especially with respect to the prevention of market abuse and money laundering – and the appropriate management of the risks arising from its operation as being of particular importance. 

The functions supporting compliance with EU guidelines and legislative requirements ensure responsible operation, and a key part of this is the efforts made to ensure corruption-free operation. 
Second-level controls performed by the Compliance and AML functions ensure the monitoring of compliance with the legal and internal requirements.

A separate team of specialists’ coordinates activities to prevent money laundering and the financing of terrorism. They have the task of checking transactions that are relevant or risky in terms of money laundering and sanctions, authorising the opening of accounts for new customers of high AML risk and reviewing existing high-risk customer relationships, as well as providing training for employees in the prevention of money laundering, forwarding reports to the competent authorities and ensuring the necessary flow of information.

The obligatory Code of Conduct, adopted in 2008 and updated in 2020 and 2024, and the Anti-corruption Regulations issued by Intesa Sanpaolo S.p.A. in 2017 and subsequently updated in 2020, 2022, 2023 and 2024, adopted accordingly by the CIB Group, include a set of rules on the prohibition of corruption. The anti-corruption guidelines of CIB Group have also been published on the website of the bank. As a part of its efforts to combat corruption – in keeping with the relevant guiding principles of Intesa Sanpaolo S.p.A. – the CIB Group does not in any way support politicians or political parties, or organisations with which they are associated. As a matter of course, the zero-tolerance policy towards corruption applies to the bank’s employees and suppliers as well as to other third parties it deals with. 
Internal audit is an independent, objective assurance and consulting activity, the aim of which is to improve the operation and increase the effectiveness of the given organisation. To assist in achieving the organisation’s stated objectives, the Internal Audit function methodically and systematically assesses and improves the effectiveness of the audited organisation’s governance and control procedures.

The purpose of the risk management function is to identify the risks of the given organisational unit, to measure the identified risks and manage them to ensure that they do not jeopardise prudent operation or the fulfilment of business objectives. At CIB Group, it is the Risk Management Department that is responsible for these activities.

It is important for the company to advance ethical behaviour within our industry by exhibiting fair market and competitive conduct, leading by example, and through participation. The bank adheres to the self-regulating approach adopted by the industry and applies this to its own operations, while acting ethically towards its competitors. Fair competitive market conduct serves as the basis for its pricing policy. 

How material topics are monitored

Corporate governance regulations, process requirements, second-level controls and internal training courses ensure that the bank’s employees do not fall victim to or become involved in corruption. Our employees receive training and information on the material topics through ethics training and regular anti-corruption e-learning sessions. The compliance systems ensure that anti-corruption rules are enforced through audits.

Employees take part in distance learning courses and examinations on the prevention of money laundering, anti-corruption, conflicts of interest, security awareness and compliance via the e-learning platform accessible via the intranet, as well as through in-person training courses. 

The controlling of conflicts of interest is performed by the independent Compliance unit.

The Compliance and Anti-Money Laundering Department also performs the controlling of the gifts accepted by employees and monitors the proper maintenance of related records. The key principles governing gifts are zero-tolerance and exceptionality. The acceptance of gifts can, in certain cases, be classified as corruption. The internal regulation on the Rules on Gifts and Entertainment Expenses of CIB Group has been adopted in 2018 and updated in 2021 and 2023.

The Code of Ethics mailbox (etikaibejelentes@cib.hu) and postal address, under the jurisdiction of the Ethics Committee, allowing the reporting of any reports, questions, or comments, represents another guarantee for all stakeholders, which can be used by all to report any rights violations with the bank’s guarantee that any reports made will be treated confidentially and will not result in retaliation. An additional guarantee is provided by the involvement of the Compliance and Internal Audit functions through the email addresses compliance@cib.hu and nevtelenbejelentes@cib.hu, which are available for this purpose as well. 

	2022	2023	2024
Proportion of employees who took a distance-learning course and an exam in money-laundering prevention (%):	98.4*	98.3*	97.8
Proportion of employees who took a distance-learning course and an exam in anti-corruption (%):	91.3*	80.0*	78.2
Number of ethics reports on suspected corruption (report):	0	0	0
Number of employees dismissed due to corruption (employee):	0	0	0

^{Based on data as of 31 December 2024
*Due to new data collection process previous year’s data was reviewed and changed.} 
 

Consumer protection

In the current market environment, the protection of customers is of prime importance and is treated as a key objective by CIB. The rapid growth of, and proliferation of new technology in, financial markets and the entry to the market of new service providers and third-party intermediaries, have only increased the risk of fraud, abuse of, and misconduct towards, consumers, especially those with low incomes and limited knowledge of financial matters, and who are therefore in need of greater protection. Consequently, it is of the utmost importance for CIB to manage its relationships with its customers in a transparent and fair manner.

Consumer protection encompasses every aspect of the entire life cycle of banking products and services provided by CIB. Internal policies are in place focusing on the sale processes and on management of long-term relationships between the Bank and its customers, ensuring that:

• the informative and the contractual documents to be provided to the customers are formalised in a clear, understandable and transparent way, 
• the sales staff is aware of the behavioural rules during the pre-contractual stages and the sale process,
• adequate internal governance has been implemented in terms of regulation, controls and training
• special attention is given to the proper management of disabled customers.
• we hold annual training about consumer protection, in the framework of which colleagues with customer relations responsibilities acquire a deeper understanding of the requirements related to serving customers. In 2024, 93.6 % of employees completed the training.

In addition, the bank has begun preparations to comply with Act XVII of 2022 on the General Rules for Compliance with Accessibility Requirements for Products and Services, which will enter into force on 28 June 2025. 

Protection of free competition

The objectives of the Intesa Sanpaolo Group and the CIB Group include ensuring the group’s ability to operate in the market in full compliance with the latest regulations on competition. In the interest of complying with these regulations, the Intesa Sanpaolo Group runs an international competition-law compliance programme, part of which is the “EU Competition Compliance Policy”, which also applies to CIB and has been published and adopted by CIB. Based partly on the local regulatory requirements, the local Compliance Competition Policy has been adopted by CIB to ensure that employees of the CIB Group have sufficient understanding of the competition regulations to enable them to recognise potential infractions of competition law in the course of their work, to observe the competition regulations and to seek legal advice where necessary.

Privacy protection

To ensure that the personal data of the customers of the CIB Group are processed lawfully, in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR) and (Hungarian) Act CXII of 2011 on Informational Self-Determination and Freedom of Information (hereinafter: Info tv.), the CIB Group applies its own Data Protection and Data Security Policy. The policy sets out the basic principles, objectives and legal basis of data processing, data security requirements and data processing rules relating to employment.

In addition to the above requirements, CIB Group also implemented its Parent Company's GDPR guidelines – (GDPR project - guidelines on the protection of personal data of natural persons (applicable in the EU). 

The CIB Group has appointed a Data Protection Officer (DPO). The duty of the officer is to provide information and professional advice to the data controller and employees involved in data processing regarding their obligations under the GDPR and other EU or Member State data protection provisions; to monitor compliance with the GDPR and other EU or Member State data protection provisions, as well as the data controller’s internal rules regarding the protection of personal data, to provide professional advice on data protection impact assessments upon request, and to monitor the performance of impact assessments in accordance with Article 35; cooperates with the supervisory authority and acts as a liaison between the data controller and the supervisory authority.

	2022	2023	2024
Substantiated complaints concerning breaches of customer privacy and losses of customer data:	3	1	0

^{Based on data as of 31 December 2024}

Whistleblowing

The special rules governing the reporting process are detailed in the appendix to the Internal Audit Manual entitled ‘Special Rules for Anonymous Legal Compliance’ and in the CIB Group Code of Ethics. There were no whistleblowing reports received during 2024 and there were no ongoing or pending items from the previous period either. The related procedural protocols are contained in the bank’s internal regulations. In 2024, only two reports were received in connection with CIB Group’s operations, one of which concerned the quality of a bank employee’s service at a branch and the other concerned the rejection of a loan application. Overall, the number of reports of abuse is minimal and has been steadily declining over the past three years. 

	2022	2023	2024
Number of ethics reports	6	3	2

^{Based on data as of 31 December 2024}