Managing impacts, risks and opportunities [G1-1]

Business conduct policies and corporate culture

Ethics and responsibility form the foundation of how we conduct our business and of our organisational culture. Through our business conduct policies, we commit to complying with the highest ethical, legal and social standards, both in internal and external relationships. Documents such as the Pekao Group Code of Conduct, the Polish Bank Association (ZBP) Banking Code of Ethics, as well as procurement policies and rules for cooperation with suppliers, create a coherent system of values that supports a culture of compliance, transparency and sustainable development. These policies not only define the expected attitudes and behaviours of employees and business partners, but also indicate mechanisms for monitoring, reporting and improving processes. Their purpose is to build trust, strengthen corporate governance, and ensure that decisions made within the Pekao Group are aligned with the principles of integrity, responsibility and respect for human rights.

Our policies and procedures do not constitute policies within the meaning of the Minimum Disclosure Requirements (MDR P). They include specific mechanisms to ensure the identification, assessment and remediation of the effects of negative impacts and risks. The Code of Conduct and the Banking Code of Ethics are supported by mandatory training, periodic reviews and reporting to the Management Board and the Supervisory Board. The breach reporting procedure guarantees secure channels, whistleblower protection and remedial actions. In relations with suppliers, we apply the Procurement Policy, the Supplier Code of Ethics and mandatory ESG Forms. Anti-corruption mechanisms, sector exclusions and metrics (e.g. number of trainings, invoice processing time) confirm the effectiveness of the measures taken and their tangible impact on reducing risks and strengthening positive effects around corporate governance.

Pekao Group Code of Conduct

In 2025, we updated the Pekao Group Code of Conduct (hereinafter: the Code of Conduct). It sets out the principles we follow in our day-to-day business operations. It is also our commitment to act in accordance with the highest standards in our relations with co-workers, partners, customers and the broadly understood environment. The principles of the Code of Conduct define the framework for our activities relating to:

  • conducting activities in compliance with legal regulations, internal regulations, supervisory authorities’ recommendations and generally accepted market standards;
  • creating a working environment based on mutual respect, openness and partnership, in line with ethical principles;
  • building an aspirational organisational culture based on trust and responsibility, empathy and understanding customer expectations, which are the foundation for building trust-based relationships.

In the Code of Conduct, we focus on compliance with the values identified and adopted by the Bank, which guide our day-to-day decisions, define our operating style and shape attitudes consistent with ethical principles. We also underline the importance of corporate governance as a key element supporting sustainable operations, taking into account environmental and social objectives. The Bank undertakes actions with respect for human rights; fulfils the foundations of our social responsibility through programmes supporting local communities; complies with cybersecurity principles by using certified solutions and conducting regular security tests; builds trustworthy and ethical artificial intelligence by applying guidelines on transparency and non-discrimination; and develops competencies in identifying, assessing, controlling and mitigating ESG risks through training and by implementing a system for managing this process.

In implementing the principles of the Code of Conduct, as in shaping an ethical culture, a key role is played by the Supervisory Board, the Management Board and the management staff.

The provisions of the Code of Conduct are binding on both members of the governing bodies and the Bank’s employees; they also apply to subsidiaries of the Pekao Group and are implemented by them, considering the principle of proportionality and the specific nature of their operations.

The Code of Conduct is subject to periodic review carried out by the Compliance Department. Based on information provided by the Compliance Department, the Management Board periodically verifies and assesses compliance with the ethical principles set out in the Code of Conduct to adapt them to changes in the Bank’s internal situation and external environment. Information on the results of this assessment is provided to the Supervisory Board.

Every employee of the Pekao Group is required to familiarise themselves with the Code of Conduct as part of certain mandatory trainings available on the e-learning platform and to confirm this either in writing or in the internal system. In 2025, 13,340 people completed training on the principles of the Code. The training was discontinued on 13 November 2025 due to the adoption of the new Pekao Group Code of Conduct and the launch of the process to develop training covering the new scope

The scope of training on the principles of the Code of Conduct includes:

  • mandatory e-learning platform training for new Bank employees;
  • in-person trainings forming part of the onboarding process for new employees, supporting their integration with the Pekao Group and its shared values from day one.

Employees are informed about updates to the Code of Conduct via dedicated internal communications; in addition, they have ongoing access to its content and related training. The Code of Conduct has been published on the intranet on the page dedicated to the Compliance Department, under the “Compliance Culture” tab, as well as on [our website].

Polish Bank Association Banking Code of Ethics

The Polish Bank Association (ZBP) Banking Code of Ethics (hereinafter: the Banking Code of Ethics) is another important business conduct document adopted for use in the Bank by resolution of the Management Board on 27 March 2024. This document sets out ethical principles applicable to the operations of banks, their employees, and the individuals and entities through which banks perform banking activities. The Banking Code of Ethics serves as a guide for conducting business ethically and in line with good practices, while supporting the building of trust in the banking sector and its reputation. It refers to good banking practices, ethical standards applicable in the financial industry and the Sustainable Development Goals (SDGs). It takes into account the needs of key stakeholders – customers, employees, business partners and local communities – providing for analysis of their feedback and the undertaking of remedial actions.

The Banking Code of Ethics was developed by the Banking Ethics Committee at the Polish Bank Association (ZBP) and is publicly available on the ZBP website and on [our website]. The principles of the Banking Code of Ethics were also communicated to the Bank’s employees through internal communications, underlining their importance in the organisation’s day-to-day operations.

The Banking Code of Ethics sets out the fundamental values that a bank should follow reliability, integrity, responsibility and transparency. It forms the foundation of relationships with customers, employees, business partners and other financial institutions. It promotes the idea of responsible banking, support for innovation and the development of modern technologies.

By introducing and applying the Banking Code of Ethics, we strengthen our organisational culture, relationships with customers, partners and local communities, and we also influence service quality by promoting ethical business decisions. The provisions of the document cover all ZBP member banks, their employees and cooperating entities, taking into account the impact of banking activity on local communities and the environment.

Compliance with the Banking Code of Ethics is monitored systematically. The ZBP Banking Ethics Committee prepares periodic reports on banks’ relationships with stakeholders and reviews submitted complaints and claims. In parallel, employee trainings are conducted and the compliance of offered products with the adopted ethical standards is verified.

Responsibility for implementation, oversight and compliance with the principles of the Banking Code of Ethics lies with the Supervisory Board, the Management Board and the management staff, who ensure that ethical values form an integral part of the institution’s day-to-day operations.

The Bank has implemented a comprehensive Procedure for reporting breaches (whistleblowing) at Bank Pekao S.A. (hereinafter: the Whistleblowing Procedure), aimed at enabling whistleblowers to report irregularities safely, confidentially and effectively. This procedure supports an ethical culture, compliance with laws and the Bank’s internal standards, and sets out the rules for reporting breaches and protecting reporting persons.

The Whistleblowing Procedure covers all employees, co-workers, suppliers, persons performing work for the Bank and other natural persons who may obtain knowledge of breaches in a work-related context. The Management Board is responsible for its adequacy and effectiveness, while the Vice-President of the Bank’s Management Board overseeing the Finance Division is responsible for its day-to-day operation, is the recipient of reports, and regularly (at least once every six months) provides the Supervisory Board with information on material reports. The Supervisory Board performs an annual assessment of the effectiveness of the Whistleblowing Procedure. The Compliance Department supports the Management Board in performing these tasks.

Whistleblowers have access to the following independent communication channels enabling confidential reporting of breaches:

  • email: ZglosNaruszenie@pekao.com.pl,
  • post: marked “Confidential” and addressed to the designated member of the Management Board or the Chair of the Supervisory Board (if the report concerns a member of the Management Board);
  • telephone: recorded line +48 22 524 52 98,
  • an in-person meeting with a Compliance Department employee, at the whistleblower’s request.

Reports are verified as follows: the Compliance Department performs an initial assessment of the report, after which designated employee(s) conduct an explanatory investigation. A report is prepared documenting the findings and the course of actions taken. The whistleblower and the person concerned by the report receive feedback on the outcome of the investigation. Where a breach is confirmed, appropriate remedial or disciplinary actions are taken and preventive measures are implemented. Whistleblowers may also report breaches of law within the meaning of Article 3(1) of the Whistleblowers Protection Act to external authorities (e.g. the Ombudsman, CFII, PFSA) and make public disclosures, while retaining protection against retaliation.

Persons who receive and verify reports must hold a written authorisation and undertake to maintain confidentiality, including after termination of employment.

We guarantee the whistleblower:

  • consideration of every report, including anonymous reports;
  • confidentiality of personal data;
  • a timely, diligent and impartial verification procedure;
  • information that the report has been received and information on its outcome.

The whistleblower, persons assisting with the report and persons connected with the whistleblower are protected. The prohibition of retaliation also applies to unfounded reports, provided they were made in good faith. The burden of proof that actions were not retaliatory rests with the employer.

Examples of retaliatory actions prohibited by the Bank include:

  • termination of employment, reduction in remuneration, being overlooked for promotion;
  • negative performance appraisal, change of workplace, bullying/mobbing, intimidation;
  • restricting access to training, hindering finding employment;
  • infringement of personal rights, including reputation.

We offer numerous support measures for whistleblowers, such as psychological assistance, the possibility of remote work, exemption from the obligation to perform work while retaining remuneration, temporary transfer to another position, or transfer to another organisational unit once the validity of the report has been confirmed.

We provide mandatory whistleblowing training:

  • for new employees – within three months of starting work;
  • for all employees – periodically, at least once every two years.

Training may be delivered in electronic form and is intended to ensure familiarity with the Whistleblowing Procedure, as well as to strengthen awareness of the rights and obligations of whistleblowers and persons involved in the process. In 2025, we trained 13,362 people at the Bank.

When developing the Whistleblowing Procedure, we took into account the interests of key stakeholders by adopting solutions that address their needs, concerns and expectations. The implementation of a transparent and effective Whistleblowing Procedure is an expression of our responsibility and strengthens the Bank’s reputation as an ethical and transparent institution.

The Whistleblowing Procedure refers to external legal acts such as:

  • the Whistleblowers Protection Act – the main legal act governing the rules for reporting breaches and protecting whistleblowers in Poland;
  • the Act on Counteracting Money Laundering and Terrorist Financing – in relation to the obligation to report breaches in this area;
  • the Banking Law Act – regulations on banking activity together with implementing regulations, i.e. the regulation on the risk management system, internal control system and remuneration policy in banks;
  • the Act on Trading in Financial Instruments together with implementing regulations, i.e. the regulation on detailed technical and organisational conditions for investment firms, state-owned banks conducting brokerage activity, banks referred to in Article 70(2) of the Act on Trading in Financial Instruments, and custodian banks, as well as the Act on Supervision of the Capital Market – in the context of compliance with the financial market;
  • the MAR Regulation (Market Abuse Regulation) – EU Regulation No 596/2014 on market abuse.

We make the procedure available on the Bank’s intranet, while information on the Procedure for reporting breaches (whistleblowing) at Bank Pekao S.A. has been made available on our [website]. Natural and legal persons seeking to cooperate with the Bank become familiar with it at the recruitment or negotiation stage.

Guided by the principles of social responsibility and care for employee well-being, we have also implemented an internal Procedure for preventing bullying (mobbing), discrimination, harassment and other undesirable behaviours (hereinafter: the Anti-bullying Procedure). Its purpose is to effectively prevent and eliminate any forms of improper treatment in the work environment, including behaviours that violate personal dignity and undermine a climate of cooperation and mutual respect. This procedure supports the Bank’s organisational culture based on the values: STRAIGHTFORWARDLY, TOGETHER, BOLDLY, RESPONSIBLY, WITH DETERMINATION, OPENLY and HONESTLY, and constitutes an important element of the ethics management and social risk management system.

The document applies to all Bank employees, regardless of position, and applies in all work-related situations, both at the place of work and during secondments or business travel. The procedure provides for no exclusions, which underlines its universal nature and importance for the entire organisation. Responsibility for implementation and oversight of compliance with the provisions lies with the employer, represented by the Director of the People, Organisation and CX Division.

As part of the monitoring mechanisms, the Director of the People, Organisation and CX Division is required to report annually to the Bank’s Management Board on the implementation of the Procedure. Documentation from the work of the committee appointed to review complaints is retained for three years.

The Anti-bullying Procedure fulfils obligations arising from the Labour Code, in particular: Article 94(2b) – counteracting discrimination, and Article 943 § 1 – counteracting bullying (mobbing). It also takes into account the interests of the Bank’s key stakeholders, i.e. employees, by protecting their dignity and ensuring safe channels for reporting complaints, as well as witnesses and committee members, by protecting them against retaliatory actions.

We make the document available on the intranet, and each employee is obliged to familiarise themselves with its content and confirm this by signing a statement.

Previous page
Metrics and targets [S4-5]
Next page
Supplier relationship management [G1-2]

Search results