Prevention and incident identification processes

The „Pekao Group Code of Conduct” is a set of principles and standards aimed at fostering a transparent and responsible organization. It defines key values that establish the standard of conduct within Bank Pekao and its subsidiaries. To promote the development of an ethical corporate culture, mandatory training is conducted for newly hired employees.

The „Pekao Group Code of Conduct” is publicly available on the Bank’s website. Additionally, all employees are required to familiarize themselves with its content through mandatory e-learning courses.

The Code complements the „Banking Ethics Code of the Polish Bank Association.” This document constitutes a set of principles related to the activities of banks, defining standards of conduct for banks, their employees, as well as individuals and entities acting on their behalf. The Code serves as a guideline for conducting business in an ethical manner and in accordance with good banking practices, aiming to build trust in the banking sector and its reputation. It applies to Bank Pekao, bank employees and individuals or entities through which Bank Pekao performs banking activities.

The principles contained in the „Code of Ethics” form the foundation for building an effective internal governance system within the Bank, and the rules of conduct developed based on them shape responsible and ethical attitudes among employees. Every Bank employee is obliged to be familiar with the provisions of the „Code of Ethics,” apply them in daily operations, and actively respond to any suspected violations. The Bank’s Management Board is responsible for shaping awareness of ethical business conduct and, through its actions and behavior, promotes the adopted high ethical and professional standards, including, in particular, awareness of the importance of risk in the Bank’s operations and risk culture. The management staff is responsible for promoting, implementing, and ensuring compliance with ethical principles. Through their attitude, they create the Bank’s value system and organizational culture, influencing the dissemination of best practices and applied standards both among employees and stakeholders of the Bank.

The entities of the PZU Group have implemented anticorruption policies and programs (the policies and regulations in this area are specified in the section „Policies Related to Business Conduct and Corporate Culture”), which define the principles for managing corruption risk, including its identification, mitigation, and monitoring. The programs and policies cover, among other aspects:

• regulations defining the responsibilities of individual organizational units;
• transparent rules for recruitment, promotion, and remuneration, aimed at eliminating corruption risks in HR processes;
• conflict of interest management, including procedures for avoiding situations that could lead to misconduct, as well as strictly regulated and reported rules on accepting and giving gifts;
• incorporation of corruption risk into contract processes with business partners, through systematic contractor analysis and the inclusion of anticorruption clauses in agreements.

The PZU Group has implemented mechanisms ensuring anonymous reporting of corruption and bribery cases.

The Group follows a process for reporting corruption incidents to the administrative, management, and supervisory bodies, which is carried out at the level of individual PZU Group companies. As part of this process, compliance units in each entity prepare regular reports on the results of investigations, identified irregularities, and compliance risks.

These reports are submitted to the management and supervisory boards of the respective companies, as well as to other relevant bodies, such as risk committees, depending on the nature and type of reported information. Reports concerning corruption incidents or irregularities are presented to the Management Board and Supervisory Board upon completion of the investigative process.

In line with the PZU Group’s established principles, individuals conducting investigations related to corruption or bribery operate independently from the management structures responsible for prevention and detection of such activities. Within the PZU Group’s structure, investigative procedures are carried out by dedicated individuals or teams, such as those within the Compliance Office, which functions as an independent organizational unit.

PZU Group employees receive information about new or updated anti-corruption documents via email. The policies are also available on the internal intranet network and published on the PZU website to inform clients, suppliers, and other partners. Additionally, as part of operational risk training, procedures for reporting irregularities are discussed.

Employees of the PZU Group undergo training programs aimed at familiarizing them with anti-corruption procedures and policies. These trainings cover all employees, from new hires to long-term staff.

Onboarding training for new employees covers basic topics related to compliance, including accepting and giving gifts, conflict of interest management, and the procedure for reporting irregularities. This training introduces employees to the principles of preventing corruption and bribery.

E-learning training is mandatory for all employees and includes information on corruption risk, principles of corruption prevention, conflict of interest management, and procedures to follow when identifying corruption risks.

The training also covers procedures related to accepting and giving gifts, donations, sponsorships, and public procurement. The training is supplemented by periodic reminders about applicable procedures, which are available in intranet systems and in the form of multimedia presentations. Upon completion of the training, knowledge assessment tests are conducted to verify the acquired knowledge.

In most companies within the PZU Group (exceptions listed below), members of the Management Board and Supervisory Boards are also included in anti-corruption training.

Separate training approaches include in particular: PZU Finanse – the Management Board is not subject to training; Supervisory Board of Bank Pekao – not included in anti-corruption training; Supervisory Boards of Armatura Kraków and Tower Inwestycje – not included in the training program but receive applicable documents and guidelines and confirm their knowledge of the procedures; Lietuvos Draudimas – Estonian branch – training for Management Board and Supervisory Board members is the responsibility of Lietuvos Draudimas, as it is a branch and does not have separate governing bodies.

Types of anti-corruption and anti-bribery training in the PZU Group*)

The PZU Group has not established a definition of functions at particular risk of corruption. All employees, regardless of their function, are covered by anticorruption training. Internal rules defining such functions are applied only at Armatura Kraków and BALTA. Both of these entities have covered 100% of functions at risk with anti-corruption training.