Corporate governance and an ethical approach to business

In line with the ESG Strategy, the Bank strives to maintain the highest standards of corporate governance and develops an ethical approach to business. The purpose of corporate governance is to create tools that support effective management, efficient supervision, respect for shareholder rights and transparent communication between the company and the market.

In 2021, the Management Board of Bank Pekao S.A. passed a resolution on the adoption by the Bank of the Code of Best Practice for WSE Listed Companies 2021 (hereinafter: “Best Practices”) issued by the Warsaw Stock Exchange The Best Practices have replaced the Best Practices of WSE Listed Companies 2016, which the Bank was applying until June 30, 2021. The Code of Best Practice is a set of corporate governance principles which have been binding on issuers of shares listed on the WSE Main Market since 2002 under the Warsaw Stock Exchange Rules. The Best Practices take into account the current legal status and the latest trends in corporate governance, as well as the demands of market participants interested in increasingly better corporate governance in listed companies. The Best Practices also include requirements related to the ESG area, such as sustainable development, diversity in the composition of company boards and equal remuneration.

The Best Practices are an important element in building the competitive position of companies and significantly contribute to strengthening the attractiveness of the Polish capital market. The Bank makes every effort to ensure that The Best Practices are applied in full. In accordance with the requirements of the WSE Rules, information on the current state of application of the corporate governance rules is published, including explanations of the reasons for not applying the rules in accordance with the comply or explain rule. The benefit resulting from the implementation of the Best Practices was the improvement of standards and transparency of the Bank’s operations.

The Pekao Group operates in accordance with applicable law and market standards, and promotes ethical behavior in business, i.e. acting based on the adopted values and principles. The Code of Conduct of the Pekao Group (next: „Code of Conduct”) includes the most important principles that should be followed by all employees of the Pekao Group, regardless of their position or basis of employment.

In the Code of Conduct, the Pekao Group expresses its support for sustainable economic and social development as well as activities for environmental protection and counteracting climate change. The Code of Conduct refers to the adopted ESG Strategy, which summarizes the approach and priorities in the field of the environment, society and corporate governance

The Code of Conduct contains the most important principles of conduct for employees of the Bank and Pekao Group or any other reference setting dating to Bank Pekao Group, in relation to an employment relationship or other control that applies to similar brands as regards the statutes of the Bank or other groups of the Group in their relations with stakeholders: clients, business partners, representatives of local communities, business environment and colleagues. They are unambiguous and apply to all areas of the Bank’s and other Pekao Group entities’ activities so as to ensure the highest standards of service provision.

Compliance with the Code of Conduct is the basic duty of every employee of the Bank and every employee of other entities of the Pekao Group. Newly hired employees are required to familiarize themselves with the contents of the Code of Conduct and confirm it in writing or via the information system before starting work and performing their duties.

The Code of Conduct obliges employees to act ethically, respect the values that shape the organizational culture of the Pekao Group entities, to honesty and integrity, professionalism. Its provisions indicate the need to:

People managing employees are expected to take all possible steps to ensure compliance of the activities of the employees of the structure they manage with the applicable provisions of law, recommendations of supervisory bodies, internal regulations and accepted standards of conduct. The Code of Conduct shapes the attitude of an employee aware of the fact that his or her conduct, both in the course of performing his or her duties and in his or her free time, may affect the way the Pekao Group is perceived. Everyone should act in a way that will not expose the Pekao Group to reputational risk – while performing official duties, representing companies or referring to employment in them.

The Code of Conduct includes examples of acceptable and unacceptable behaviour and actions (case studies) based on the Recommendations of the Banking Ethics Committee of the Polish Bank Association.

Pekao Bank strongly fights against any signs of corruption or situations that could encourage it. The Bank does not tolerate corrupt activities carried out by Bank employees, or by other persons or entities having any relations with the Bank. Employees who refuse to participate in corrupt activities, and those who disclose that such activities have been performed or attempted by other persons/entities, are fully protected. In addition, the Bank does not accept the offering, promising, requesting, giving or accepting of any facilitation payments by Bank employees or other persons or entities having a relationship with the Bank. The bank does not operate in tax havens.

In the Bank, in accordance with the guidelines of the „Policy of counteracting corruption in Pekao S.A. Bank Group” (hereinafter: “Anti-Corruption Policy”), the „Anti-Corruption Programme” was adopted. It consists of the following components:

1. Policies and Procedures for:
   • cooperation with intermediaries,
   • gifts and entertainment,
   • recruitment process,
   • cooperation with contractors,
   • donations and sponsorships (including donations to political parties),
   • mergers and acquisitions,
   • significant investments,
   • the Bank’s participation in the public procurement procedure,
2. Anti-corruption training and information programs for Bank employees,
3. The process of designing, supervising the implementation of anti-corruption control mechanisms, applying them independently and monitoring their compliance by other organizational units of the Bank, in accordance with the Bank’s internal regulations,
4. Compliance risk assessment for the „Anti-corruption” process,
5. Ensuring safe and easily accessible communication channels by means of which the Bank’s employees or other persons can confidentially report corruption attempts or actions that have the hallmarks of corruption,
6. Reporting to the Bank’s Management Board – as part of the quarterly report on the activities of the Compliance Department on the status of implementation of the Anti-Corruption Programme,
7. Accurate and honest recording of all transactions in the Bank’s books and documents and avoidance of undisclosed or unrecorded accounts, funds, assets or transactions.

Anti-Corruption Officer

An Anti-Corruption Officer has been appointed in Pekao Bank’s Compliance Department to whom information on attempted corruption or activities with the hallmarks of corruption should be reported. The Anti-Corruption Officer is authorized to investigate suspected or actual corrupt activities, including requesting and reviewing documents from the person suspected of corrupt activities and reporting such cases in accordance with the prescribed procedure. Detailed tasks of the Anti-Corruption Officer, including developing, implementing and supervising an effective Anti-Corruption Programme, carrying out the legislative process on the Bank’s internal regulations on anti-corruption are defined in the „Anti-Corruption Policy”.

In 2021, the corruption risk was analyzed both at the Bank and Pekao Group companies. Bank Pekao has defined the main areas of corruption risk related to its business activity, which are:

Corruption risk analysis in the main corruption risk areas, complements the Bank’s procedures for assessing other risks (due diligence) in these areas.

In terms of anti-corruption, the subsidiaries are guided by the Code of Conduct and the same principles as the Bank. The vast majority of companies have appropriate anti-corruption regulations tailored to the size and specific nature of their business. Some companies have specialized coordinating positions or teams responsible for anti-corruption activities. The following were identified as potential corruption risk areas: cooperation with intermediaries and contractors, entering and renewing contracts with contractors, the process of handing gifts and invitations, the recruitment process, donations and sponsorships, merger and acquisition transactions and participation in public procurement procedures. No significant corruption risks were identified in the six subsidiaries.

No corruption cases were reported in the Pekao Group in 2021.

The existing Whistleblowing Policy of Bank Pekao S.A. is an expression of commitment of Pekao Bank to promote a corporate culture that supports ethical behaviour in compliance with laws, procedures and ethical standards binding at the Bank. Its purpose is to provide secure channels for reporting observed practices at the Bank that are inconsistent with applicable laws, internal regulations, unfair or unethical, or reasonably suspected of occurring, and to ensure that reported concerns are received, investigated and appropriately managed, and that the person reporting them in good faith is protected from retaliation.

Early detection of a breach and the consequent remedial actions lead to a reduction or complete elimination of the Bank’s reputation risk. A culture of openness and honesty, as opposed to a „culture of silence,” leads to increased confidence in the Bank’s transparent operations and sends a clear message of zero tolerance for behaviour that is not in compliance with the law or ethical standards.

The policy applies to:

• all persons who are in an employment relationship with the Bank or in any other legal relationship of a similar nature, including members of the Bank’s statutory bodies – regardless of the matter reported,
• entities/persons performing activities for the Bank, regardless of the type of agreement between the Bank and a given entity/person – regarding the reporting of actual or potential violations of anti-money laundering and terrorist financing regulations.

In the event of reasonable suspicion that a breach has occurred, or if you have information about a possible breach, you should immediately contact the designated member of the Management Board, and in special cases (e.g. when the report concerns a member of the Management Board) with the Supervisory Board. Reports can be made verbally, electronically, or in writing through dedicated communication channels such as an anonymous telephone hotline, a dedicated email box, or traditional correspondence. All applications shall be treated with utmost care by the Bank and shall be subjected to the procedure prescribed in the Policy. Reporting of a breach may be made in an anonymous form or with the disclosure of the identity of the reporting person.

If the identity of the reporting person is disclosed, this data is protected. Information regarding the submitted application is classified as „Confidential” and is stored with due security measures, in accordance with applicable law and the Bank’s rules of classification and management of information.

The Policy of managing conflicts of interest in the Pekao Group out the rules for managing conflicts of interest and defines the circumstances causing or likely to cause a conflict of interest in the Bank’s operations.

The Bank uses a conflict of interest management methodology that enables it to identify, assess the compliance risk associated with a conflict, select appropriate measures to ensure that conflicts of interest are prevented, their adverse effects minimized or extinguished, and monitored.

The Bank defines the circumstances in which conflicts of interest are most frequently identified, taking into account both the areas potentially exposed to the risk of a conflict of interest and the types of relationships concerning the Bank, its employees, Pekao Group entities and third parties, in particular the Bank’s clients and counterparties.

The types of conflicts of interest identified and the measures to manage those conflicts that should be followed by Employees identifying conflicts of interest are included in the Conflicts of Interest Matrix.

Conflict of interest management measures used by the Bank in the event of a potential conflict of interest include measures based on:

1. organizational structure and consisting of:
   • establishing information barriers (the so-called Chinese walls),
   • introducing the division of tasks taking into account the physical and competence separation of various organizational units of the Bank and the Group’s entities in activities which may result in a conflict of interest, in particular the separation of the Bank’s organizational units,
   • introducing structural independence consisting in assigning specific competences to each organizational unit of the Bank, description of methods, types of activities and operational behaviours enabling independent decision-making and supervision over the Bank’s employees,
   • preventing the simultaneous or subsequent involvement of the Bank’s employees in the provision of services, if such involvement may adversely affect the effectiveness of managing conflicts of interest,
2. internal regulations introducing rules for remuneration of the Bank’s employees, consisting in defining:
   • remuneration principles so that they do not have a negative impact on the interests of the Stakeholder and eliminate direct relationships between the variable part of the remuneration and business goals,
   • entering into own transactions, introducing procedures to prevent abuses related to carrying out own transactions on financial instruments, consisting in setting restrictions on the execution of transactions on the employee’s or the Bank’s own account,
   • transferring the Bank’s employees to other positions in the event of a business subordination between relatives.
3. introducing and observing the principles of ethics and corporate culture by employees and conducting appropriate training.

Where, despite all possible measures to manage conflicts of interest, there is a risk of damage to the interests of the stakeholder to whom the conflict relates or there is a significant reputational risk, the conflict of interest shall be disclosed to the stakeholder. Each disclosure shall include a description of the conflict of interest giving rise to the disclosure, adapted to the stakeholder’s knowledge and experience, enabling the stakeholder to make an informed decision regarding a specific service and information on the measures applied by the Bank to manage the conflict of interest in order to mitigate the risks associated with the conflict of interest. Disclosure of a conflict of interest does not relieve the Bank of its obligation to apply all possible measures to manage the conflict of interest.