The Officer plays a key operational role in the Pekao Group’s anti-corruption system. This function may only be performed by persons with appropriate professional qualifications employed in the Compliance Department – a unit independent from business structures, with the appropriate status in line with Recommendation 12 of the Polish Financial Supervision Authority’s Recommendation H.
Preventing and detecting corruption and bribery [G1-3]
Within the Pekao Group, we take a firm stance against any forms of corruption and situations that could facilitate it. We do not tolerate corrupt conduct, regardless of whether it is undertaken by Bank employees or by persons or entities merely connected with the Bank. This includes offering, promising, requesting, giving or receiving so-called facilitation payments (small, unofficial payments made to expedite routine actions) by employees or other persons.
In the areas identified, the Anti-corruption Policy requires anti-corruption assessments to be carried out for specific events that may bear the hallmarks of corruption. Employees should continuously assess events in which they participate or with which they come into contact for potential corruption risks. Anyone who becomes aware of an attempted act of corruption or conduct bearing the hallmarks of corruption is required to report it to the Anti-Corruption Officer (hereinafter: the Officer).
We identify the main areas of corruption risk as situations and processes where there is an increased likelihood of irregularities or abuses, including:
- receiving/giving gifts;
- using intermediaries’ services;
- using contractors’ services;
- the recruitment process;
- granting/receiving donations and sponsorship;
- the Bank’s participation in public procurement procedures;
- mergers and acquisitions (M&A) transactions;
- significant investments.
In addition, the Bank operates an Anti-corruption Programme, which includes i.a. the development of procedures for high-risk areas (e.g. gifts, intermediaries, contractors, recruitment, donations, public procurement, M&A transactions). It assumes role-based and electronic training, the implementation of control mechanisms and reporting to the Bank’s Management Board. With respect to vetting entities cooperating with our Bank, this includes corruption risk assessments for intermediaries and contractors, verification of beneficiaries of donations and sponsorship, risk assessment in public procurement, and a due diligence procedure in M&A transactions.
As part of preventive measures, we have implemented several rules of conduct, including:
- a prohibition on any corrupt conduct by Bank employees;
- a prohibition on facilitation payments;
- an obligation to assess corruption risk in day-to-day operations;
- protection for employees reporting cases of corruption.
The process for detecting corruption incidents is based on a reporting system and incident analysis. Employees are required to report attempted corruption to the Officer, the Director of the Compliance Department and, in the case of an attempted bribe, to law enforcement authorities.
Employees who refuse to participate in conduct bearing the hallmarks of corruption or who report its occurrence or attempted occurrence by other persons or entities are fully protected, even if their actions expose the Bank to losses. Enforcement of the Anti-corruption Policy is supported by the Compliance Department, including the registration of reports, risk analysis, incident assessment and monitoring of the implementation of recommendations. The Compliance Department provides the Management Board with periodic reports, including the number of reports.
The Officer is responsible for analysing and assessing reports concerning potential corruption incidents, issuing opinions and recommendations, monitoring the implementation of remedial measures and reporting to the Management Board. The Officer cooperates with the Legal Department and the Bank Security Centre but does not report to the units concerned by the report.
Within the scope of their powers, the Officer has the right to access information necessary to perform their tasks, obtain support from employees of relevant organisational units, and request additional explanations or documents from the applicant, which the applicant is obliged to provide.
All reports and requests are registered in the Bank’s dedicated IT system, which centralises anti-corruption-related data and enables management information to be prepared.
Where a corruption risk is identified, the Officer issues recommendations on further actions, and the person responsible for implementing them reports on how those recommendations have been carried out. It is worth noting that the Officer’s remuneration is not linked to the Bank’s financial performance, which further strengthens the Officer’s independence.
The process of identifying corruption events takes place within units substantively responsible for the relevant area, while the explanatory proceedings are conducted by the Officer – in some cases in cooperation with the Bank Security Centre. To ensure objectivity, we have deliberately separated the identification and verification functions.
- incident reports are routed outside the operational structure – to independent units;
- risk analyses are carried out by persons not involved in the processes concerned by the report;
- in the event of a negative opinion from the Officer, only the President of the Management Board may decide to continue cooperation with a given intermediary;
- the Officer oversees the implementation of recommendations.
After detecting an actual corruption incident, we take appropriate actions, including notifying the police or the public prosecutor’s office, notifying the Officer, and cooperating with the Office for Analysis and Counteracting Transaction Fraud.
If a corruption risk is identified after an M&A transaction has been completed, we recommend implementing the mechanisms of the Anti-corruption Policy, the implementation of which is monitored by the Officer.
In the event of a negative opinion from the Officer, only the President of the Management Board may decide to continue cooperation with an intermediary or within public procurement.
In the Anti-corruption Policy, we have defined the procedure for reporting investigation results to administrative, management and supervisory bodies. This procedure is based on the principles of transparency and accountability and includes the following stages:
Reports concerning corruption are registered in the Compeo system maintained by the Compliance Department. Documentation is retained in accordance with the personal data retention policy.
The Compliance Department provides the Management Board with a quarterly activity report, which may include, inter alia, the number of reports, analysis outcomes, implemented remedial measures and systemic risks, where such information is relevant to the given report.
In the case of M&A transactions or significant investments, the team responsible for the transaction prepares a corruption risk analysis report. The report contains an opinion on the corruption risk associated with the transaction and may indicate measures for managing that risk.
Anti-corruption training covers all Bank employees, regardless of position. New members of the Supervisory Board receive basic information about the Bank’s anti-corruption process. New employees participate in training as part of onboarding and then cyclically – every two years.
Training is delivered in the form of:
- role-based training (at the workplace);
- electronic training (e-learning);
- dedicated training tailored to the specifics of organisational units and the subject matter.
The training covers the following topics:
- basic information about corruption, the Corruption Perceptions Index, examples of corrupt conduct, risk management principles, and areas particularly exposed within the Pekao Group;
- use of intermediaries, gifts and entertainment, recruitment processes, cooperation with contractors, donations and sponsorship, M&A transactions, public procurement;
- procedures for actions by public authorities at company premises, criminal liability for corruption offences, standards and good practices, and a knowledge test.
E-learning is delivered once as part of the onboarding process and subsequently in line with the recurring schedule. In addition, in response to needs reported by organisational units, we also organise topical training sessions. In 2025, we updated and launched the anti-corruption e-learning. Anti-corruption training was completed by 13,287 people (in 2024 – 12,869 people), representing 99.5% of the Bank’s employees. At the Bank, we do not differentiate positions in terms of susceptibility to corruption – we recognise that any employee may be exposed to corruption risk.
Moreover, we analyse the need for further changes to the anti-corruption policy and consider making appropriate amendments.
In the case of subsidiaries of the Bank Pekao S.A. Group, their employees are not covered by the Bank’s e-learning. However, the companies receive information about changes to the Anti-corruption Policy together with recommendations for implementation, taking into account the specifics of their operations. The Policy provides for a training obligation and for the relevant application of its provisions in subsidiaries.
We communicate the Anti-corruption Policy in a multi-channel and systematic manner to ensure its accessibility, understanding and effectiveness among those for whom it is relevant. The key provisions of the Anti-corruption Policy are publicly available on [our website]. Employees have access to reporting systems and forms as well as the full text of the document in the internal system. In the event of incidents or doubts, employees may contact the Officer.