Implementation and governance of Code of Ethics
The “Code of Ethics” reflects the broader vision of our social and environmental responsibilities. It explains the values we espouse and that we have made a commitment to uphold
As a company that operates in compliance with strict ethical norms, we have put in place a number of mechanisms that reveal risks that have previously, due to their nature, remained hidden; these include ethical risks. The purpose of the procedural rules is for victims in ethics cases, who until now have been unable to ask for help, to be able to consult and request advice, before taking action, if needs be, and to do so in an anonymous manner. In every member country the Intesa Sanpaolo Group has established a local ethics ombudsman system which, with a few exceptions, investigates ethics-related reports in the member country concerned, and the decisions are also made locally. To enable us to take local conventions into account, in addition to the ethics ombudsman the CIB Group has also established an Ethics Committee, the chairperson of which, as ethics ombudsman, is the Bank's head of CSR. The Bank sends a notification of every report to the head office in Italy without delay. The Ethics Committee does not impose sanctions, its task is to judge whether the claims made in the report are well grounded, and to take steps to share the lessons learned. If the report is well grounded, the Committee passes the case on to the appropriate professional department for investigation and a decision, and also to the HR department for a possible labour-law investigation.
We wish to achieve our goals while observing, and putting into practice, the principles of sustainable development and responsible operation. Our operation is founded on our seven core values introduced previously. The fulfilment of these requirements is assured by our advanced corporate governance system and decision-making processes (see above in Governance structure).
Ethical company, responsible operation
The “CIB Group Rules of Conduct” set out the rules based on the values manifested in the „ Group's Internal Code of Conduct”. They set out in detail the personal rules of conduct, the details of the operation of the Bank, and the rules of expected model behaviour, specifically discussing anti-corruption measures and gifts. Breaching the “CIB Group Rules of Conduct” may result in disciplinary measures.
The rules ensuring ethical behaviour, with a special focus on corruption-free and non-discriminatory operations, are included in the rules of procedure of the CIB Group as regulations adopted by the Board of Directors, violation of which may have consequences under labour law. Other key areas of corporate governance are the fight against money laundering, the avoidance of conflicts of interest, risk management and internal audit, which are dealt with by specified individuals responsible for these matters.
Integrity in corporate conduct
The CIB Group recognises that compliance with internal and external regulations and codes of conduct is of significant importance, also from a strategic viewpoint, and therefore it acts in the belief that respecting standards and fairness in business are essential elements in carrying out banking operations, which by nature are based on trust and transparency. Indeed, CIB believes that compliance with standards encourages the creation and maintenance of a competitive economic environment and protection of customer rights, which contributes to the development of local areas and communities. CIB also seeks to be a reliable and professional partner for the regulators. In this context, the CIB Group actively adheres to the principles of the United Nations’ Global Compact that envisage the development of policies for combating corruption, protecting human rights and workers’ rights and safeguarding the environment by implementing the internal rules and guidance issued by the Parent Company, Intesa Sanpaolo. Intesa Sanpaolo has defined and implemented a well-structured system of risk assessment throughout the company structures, which is applied according to risk assessment criteria and used by CIB as well. Adherence to the rules and integrity of corporate conduct are also ensured through compliance activities focused on the monitoring of risk in relation to fighting corruption and money laundering, counter-terrorist financing, embargo management, protecting consumers and protecting competition. CIB adheres to the principle of active cooperation in preventing these phenomena, which represent a serious threat to the legal economy.
Fighting against corruption and combating money laundering
The Bank regularly revises and updates its ”Code of Ethics” as well as its regulations on the behaviour expected of its employees, which expressly prohibit corruption. Key regulations of Intesa Sanpaolo such as “Intesa Sanpaolo Group Compliance Guidelines”, “Group Anti-corruption Guidelines” and “Conflicts of interest Management Group Rules” have been adopted by the Bank. The conflicts-of-interest rules adopted by CIB Group are more stringent than the relevant national regulations, i.e., the provisions of Act CXXXVII of 2013 (Credit Institutions Act), Act CXXXVIII of 2007 (Investment Firms Act) and Act I of 2012 (Labour Code). All employees of CIB Group regularly attend e-learning courses on anti-corruption topics such as money laundering and the financing of terrorism, as well as conflicts of interest, via the Bank’s e-learning platform (MultiLearn) accessed through our internal network.
In terms of responsible banking operations, defining responsibilities clearly, and in certain cases – depending on the relative importance of the given function – creating a separate organisational unit, is of key importance. It is particularly important for the Bank to operate in compliance with the law – especially with respect to the prevention of market abuse and money laundering – and the appropriate management of the risks arising from our operations to be of particular importance.
The functions supporting compliance with EU guidelines and legislative requirements ensure responsible operation, and a key part of this is the efforts we make to ensure corruption-free operation.
Second-level controls performed by the Compliance and AML functions ensure the monitoring of compliance with the legal and internal requirements.
A separate team of specialists coordinates activities to prevent money laundering and the financing of terrorism. They have the task of checking transactions that are relevant or risky in terms of money laundering and potential sanctions, authorising the opening of accounts for new customers of high AML risk and reviewing existing high-risk customer relationships, as well as providing training for employees in the prevention of money laundering, forwarding reports to the competent authorities and ensuring the necessary flow of information.
The obligatory code of conduct, which was adopted in 2008 with an update in 2020, and the anti-corruption regulations issued by our Parent Company Intesa Sanpaolo in 2017 and its subsequent update in 2020, which was adopted accordingly in CIB Group, include a set of rules on the prohibition of corruption. The anti-corruption guidelines of CIB Group are published also on the website of the Bank (https://www.cib.hu/en/Maganszemelyek/rolunk/fenntarthatosag/ertekeink.html). As a part of its efforts to combat corruption – in keeping with the relevant guiding principles of Intesa Sanpaolo – the CIB Group does not in any way support politicians or political parties, or organisations with which they are associated. As a matter of course, our zero-tolerance policy towards corruption applies to our employees and our suppliers as well as to other third parties we deal with.
Internal audit is an independent, objective assurance and consulting activity, the aim of which is to improve the operation and increase the effectiveness of the given organisation. In order to assist in achieving the organisation’s stated objectives, the Internal Audit function methodically and systematically assesses and improves the effectiveness of the audited organisation’s governance and control procedures.
The purpose of the risk management function is to identify the risks of the given organisational unit, to measure the identified risks and manage them to ensure that they do not jeopardise prudent operation or the fulfilment of business objectives. At CIB Group, it is the Risk Management -Department that is responsible for these activities.
It is important for the company to advance ethical behaviour within its industry by exhibiting fair market and competitive conduct, leading by example, and through participation. The Bank adhere to the self-regulating approach adopted by the industry and apply this to its own operations, while acting ethically towards the Bank’s competitors. Fair competitive market conduct serves as the basis for CIB’s pricing policy.
Corporate governance regulations, process requirements, second-level controls and internal training courses ensure that our employees do not fall victim to or become involved in corruption. Our employees receive training and information on the relevant topics through ethics training and regular anti-corruption e-learning sessions. The compliance systems ensure that anti-corruption rules are enforced through audits.
Employees take part in distance learning courses and examinations on the prevention of money laundering, anti-corruption, conflicts of interest, security awareness and compliance via the e-learning platform accessible via the intranet, as well as through in-person training courses.
The controlling of conflicts of interest is performed by the independent Compliance unit.
The Compliance and AML Department also performs the controlling and recording of gifts accepted by employees. The key principles governing gifts are zero-tolerance and exceptionality. The acceptance of gifts can, in certain cases, be classified as corruption. The internal regulation on the Rules on Gifts and Entertainment Expenses of CIB Group has been adopted in 2018 and updated last time in 2021.
The code of ethics mailbox (email@example.com) and postal address, under the jurisdiction of the Ethics Committee, allowing the reporting of any reports, questions or comments, represents another guarantee for all stakeholders, which can be used by all to report any rights violations with the guarantee that any reports made will be treated confidentially and will not result in retaliation. An additional guarantee is provided by the involvement of the Compliance and Internal Audit functions through the email addresses firstname.lastname@example.org and email@example.com, which are available for this purpose as well.
In the current market environment, the protection of customers is of prime importance and is treated as a key objective by CIB. The rapid growth of, and proliferation of new technology in, financial markets and the entry to the market of new service providers and third-party intermediaries, have only increased the risk of fraud, abuse of, and misconduct towards, consumers, especially those with low incomes and limited knowledge of financial matters, and who are therefore in need of greater protection. Consequently, it is of the utmost importance for CIB to manage its relationships with its customers in a transparent and fair manner.
Consumer protection encompasses every aspect of the entire life cycle of banking products and services provided by CIB. Internal policies are in place focusing on the sale processes and on management of long-term relationships between the Bank and its customers, ensuring that:
- the informative and the contractual documents to be provided to the customers are formalised in a clear, understandable and transparent way,
- the sales staff is aware of the behavioural rules during the pre-contractual stages and the sale process,adequate internal governance has been implemented in terms of regulation, controls and training
- special attention is given to the proper management of disabled customers.
- The Bank hold annual training on the subject of consumer protection, in the framework of which colleagues with customer relations responsibilities acquire a deeper understanding of the requirements related to serving customers. The training was completed by 99% of colleagues in 2022..
Protection of free competition
The objectives of the Intesa Sanpaolo Group and the CIB Group include ensuring the group’s ability to operate in the market in full compliance with the latest regulations on competition. In the interest of complying with these regulations, the Intesa Sanpaolo Group runs an international competition-law compliance programme, part of which is the “EU Competition Compliance Policy”, which also applies to CIB and has been published and adopted by CIB. Based partly on the local regulatory requirements, the local “Compliance Competition Policy” has been adopted by CIB to ensure that employees of the CIB Group have sufficient understanding of the competition regulations to enable them to recognise potential infractions of competition law in the course of their work, to observe the competition regulations and to seek legal advice where necessary.
To ensure that the personal data of the customers of the CIB Group are processed lawfully, in compliance with the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter: GDPR) and (Hungarian) Act CXII of 2011 on Informational Self-Determination and Freedom of Information, the CIB Group has drafted and issued its own “Data Protection and Data Security Policy”. The policy describes the principles and the legal basis of data processing, lists the individual cases of data processing, defines the rules regarding the Data Protection Impact Assessment (DPIA) and prior consultation, and sets out the rules on data transfer as well as the rights of data subjects and the means of exercising them.
In addition to the above regulations, CIB Bank has also recognised and implemented the requirements of its Parent Company concerning the GDPR project, i.e. the guidelines on the protection of personal data of natural persons (applicable in the EU).
An independent Data Protection Officer (DPO) has been appointed by the CIB Group whose job it is to monitor compliance with the relevant legal regulations, consult on privacy issues, provide advice, where requested, regarding the DPIA and monitor its performance and to act as a primary point of contact for the supervisory authority.
The special rules of the whistleblowing process are detailed in a separate annex (Special rules on internal systems for reporting violations (whistleblowing)) of Internal Audit Manual.
There were no whistleblowing reports received during 2022 and there were no ongoing or pending items from the previous period either.
Inclusion and diversity management
The Bank’s Organisational and Operational Regulations (OOR) clearly specify the key principles underlying responsible operation. The Bank rejects all forms of discrimination and corruption in its internal and external communications, prohibits any form of discrimination and guarantees the general requirements of equal treatment in accordance with the applicable EU guidelines. The internal regulations governing compliance and risk management activity endorse similar principles aimed at supporting responsible operation. The CIB Group ensures equal treatment and opportunity for its employees in accordance with the Fundamental Law of Hungary and other statutory provisions on the matter, and with the Bank Group’s “Code of Ethics” and the Parent Company’s “Diversity and Inclusion Principles”. This is achieved through the transparency of decision-making processes within the company and the ethics-related training provided to managers and other employees. The investigation of ethics issues associated with this topic and the preventive actions that are taken in response ensure legal and ethical compliance in all areas of the bank’s operation.