Ethics, values and compliance

mBank’s Code of Conduct applies to all employees of the banks, including managers and management board members. It establishes the standards applicable in interactions between the bank’s employees and the bank’s business partners. The guidelines relate to allowed and forbidden business practicies, appropriate behaviour at work, fundng fules and social responsibility.

Since three years the Ethics Officers operates at mBank, who:

• co-authors and coordinates ethical standards in the bank
• verifies the bank’s compliance with the ethical standards, including giving opinion to the management board from this perspective

• is responsible for promoting ethical conduct among employees, i.e. via Intranet
• creates guidelines, issues opinions and helps employees solve ethical dilemmas

• is a member of the Anti-Mobbing Committee
• represents the bank in the Ethics Committee of the Polish Banks Association
• Ethics Officer reports directly to the president of the management board and oversees compliance area in the bank.

Ethics officer prepares Lessons Learned, accepted by the management board. They are available to all employees and refer to description of real situations when the banks avoided an ethical mistake or corrected, improving work standards based on the knowledge gained.

Actual or suspected incidents of breaking the law, internal regulations and our ethical standards – can be reported by the employees and the clients anonymously not only to the Ethics Officer, but also lodged anonymously in the mSygnał (whistleblowing) system, which is also available online 24/7 from any computer connected to the internet.

In 2020 we have began to analyse the provision of service to persons undergoing a gender reassignment. In the next year we intend to implement solutions to make our customer service more friendly to this group of clients, including the call center service.

In 2020, we introduced changes to the Policy on counteracting mobbing, discrimination and other unacceptable activities, to improve the protection of the Anti-mobbing Commision’s documentation.

The policy provides guidelines for the identification and mitigation of corruption risks, the key principles of the code of ethics, and related responsibilities. No Management Board member, manager, employee or associate may justify corruption or bribery by invoking mBank’s interest.

mBank follows a policy of zero tolerance for all forms of corruption, including accepting, offering, requesting, granting and giving consent for additional benefits, objects or payments in order to:

• unlawfully influence a decision,

• obtain or secure an illegal business advantage,

• gain personal benefits.

mBank’s Management Board and employees are required to avoid conflicts of personal and professional interest. They are prohibited from offering any undue benefits, in particular to central or local government officials, civil servants, and politicians.

mBank prevents corruption in a system of three lines of defence. The first line of defence is comprised of the bank’s organisational units. The second line of defence is the Compliance Department which is responsible for setting and monitoring standards of compliance with anti-corruption laws and regulations. The third line of defence is the Internal Audit Department, which evaluates the adequacy and effectiveness of the bank’s anti-corruption system.

The bank expects its business partners (vendors, contractors, service providers who work with mBank and with its clients on behalf of the bank) to comply with the policy. Anti-corruption provisions are included in each contract between the bank and a business partner.

We have identified areas particularly at risk of corruption and assigned responsibility to organizational units. We have implemented control mechanisms in business processes which mitigate the risk of corruption. Although we do not monitor the evaluation of corruption risk by organizational units, they undergo internal audits, which include the inspection of adherance to anti-corruption rules.

In 2020, 88% members of the managing bodies have been informed on the binding policy and received training on anti-corruption.

Number of mBank Group employees who recieved anti-corruption training:

We identified no corruption incidents in 2020.

The policy defines who, and how, is responsible for fraud prevention. The bank follows a policy of zero tolerance for all fraud and attempted fraud by the bank’s employees, clients, contractors, and third parties.

mBank’s fraud risk management cycle covers four stages:

mBank has implemented an electronic whistleblowing system, which ensures anonymity of whistle-blowers. It is accessible on all internet-enabled devices: https://client.bkms-system.net/bkwebanon/report/clientInfo?cin=2brebank11&language=pol.

Whistleblowing rules and the procedures for reviewing reports are defined in internal regulations as follows:

• the identity of the whistleblower and the person concerned is strictly confidential: their data must not be disclosed to third parties unless required by law;
• the whistleblower may set up an anonymous inbox to receive updates on actions taken in reaction to the report and/or to provide additional details;
• every whistleblowing report is reviewed by authorised staff to ensure an objective, fair and impartial investigation;
• mBank employees who report suspected fraud in good faith are protected from any form of repression;
• information included in the report as well as received during the explanatory proceedings are subject to regulations on protection of personal data and are classified as condfidential. In particular, the data of reporting person and of persons concerned by the report are protected (Principle of confidentiality).

Reports are initially reviewed by staff of the Compliance Department. Filed in the system or otherwise, reports are investigated by authorised officers, as the case may be: employees of the Employee Development and Organisational Culture Department, employees of the Foreign Branches, the Ethics Officer, and employees of the Compliance Department. If a report is confirmed, the case is escalated according to the law and the bank’s internal regulations.

In 2020, the Fraud Management Section received 76 reported cases.

Each report was investigated, and necessary measures were taken in order to eliminate confirmed irregularities. Among filed reports, in 5 cases the Security Department notified the prosecutor’s office of suspected offence. We prevent recurrence of similar irregularities. We set standards and guidelines in internal regulations. We also organize workshops, issue recommendations on remedial actions and perform inspections. Applied control mechanisms efficiently reduced the abuse risk. We have not recorded internal abuse cases which would result in significant losses for the bank or negatively impact the reputation risk.

The reports are reviewed immediately after receiving. We make a decision on further proceedings. The reports are appraised within not extendible period of 30 calendar days which begins at the day of receiving them in mSygnał or the Compliance Department.

To prevent money laundering and financing of terrorism, mBank is required by the programme:

• to identify and verify the identity of our clients,
• to identify and verify the identity of beneficial owners of our clients,
• to identify and verify our clients and their beneficial owners according to the criteria of politically exposed persons (PEP),
• to identify the risk of money laundering and financing of terrorism,
• we refuse to work with clients where we identify risks of money laundering and/or financing of terrorism,
• we monitor clients' transactions to protect mBank from money laundering and financing of terrorism,
• we regularly train our employees. Training is organised and monitored by the Compliance Department.