1. Identification of any corruption risk we may be exposed to through our operations or business activities.
2. Assessment of the corruption risk and severity of the impact.
3. Adoption of preventative and control measures. Executives or supervisors involved with each risk issue will oversee the first three steps on an annual basis. All assessment results and related information will be collected and stored in a corruption risk database for further analysis and reference.
4. Controlling, monitoring and auditing under the “Three Lines of Defense” principle. Responsible persons in business units, as the first line of defense, manage risks pertaining to their units. The Risk Management Division and Compliance Unit, the second line of defense, oversees and monitor corruption risk management. The third line of defense, the Audit and Control Division, independently audits matters related to corruption and reports to responsible management according to the line of command.

In 2024, the Bank had no allegation or complaint about corruption or bribery, or conflicts of interest from the Bank of Thailand, the Office of Securities and Exchange Commission, the Office of the National Anti-corruption Commission, and the Anti-money Laundering Office. We do not support and are not directly or indirectly involved in any activity related to lobbyists, political contributions, political parties, political candidates, or political influencers.

Anti-money Laundering and Counter Terrorism Financing: AML/CFT

Anti-money laundering and combating the financing of terrorism (AML/CFT) has long been a high priority for us. Therefore, we have formulated the Anti-money Laundering and Counter Terrorism Financing (AML/CFT) Policy, which also tackles financing the proliferation of weapons of mass destruction. This provides a framework for our conduct so we can prevent or mitigate the risk of the Bank being used as a channel or a tool for related offences. All directors and employees have the duty and responsibility to strictly comply with the policy We have also put in place Know Your Customer (KYC) and Customer Due Diligence (CDD) processes, which call for varying intensity of scrutiny in accordance with the risk level of customers. For high-risk customers, including Politically Exposed Persons (PEP), the Bank requires Enhanced Due Diligence (EDD) which requires a more in-depth examination to find factual information about the customer and monitors financial account movements in greater detail than usual. We have also developed an internal work system to check customer names against the databases for the designated person, the sanctioned person and the high-risk person as specified by the relevant authorities. Such system accommodates and provides convenience for Bank staff to examine, assess and prioritize the risks of each customer. Monitoring systems for account and financial movements or suspicious transactions are also in place to review and monitor dubious and irregular financial movements and transactions. All related documents and information are filed securely and kept for a period of 10 years. Furthermore, we have set up risk management systems to supervise, audit and monitor the performance of related parties in accordance with the three lines of defense principle. All employees receive regular communication and training to ensure adequate understanding and ongoing vigilance. All of these are to ensure that the Bank's operations comply with the law and government regulations. In 2024, the Bank did not have any allegations or complaints related to money laundering or insider trading.

Financial Fraud Management

Frauds involving scammers deceiving the victims into transferring money via phone networks or online channels are becoming a major problem in Thailand. The Bank has collaborated with relevant agencies to continuously upgrade financial fraud management measures in line with the Bank of Thailand’s policies. The objectives are to block access to scammers, detect and track suspicious transactions or accounts used by scammers to receive and transfer money (mule accounts), and appropriately respond and handle the incidents to assist and relieve affected customers. The following two groups of fraud management measures represent the tightened measures put in place recently.

The management of mule accounts has been tightened from the account level to the individual level. The Bank classifies individuals according to risk and sets measures to deal with those accounts suspected of being used as instruments for committing crimes and their account owners according to risk levels, such as suspending electronic transaction channels, rejecting the opening of new accounts, adjusting the risk level of customers (account owners) to high-risk customers, and conducting intensive investigations to find out information about customers. This is undertaken with the consideration of the following data sources:

1. List of high-risk individuals provided by the Anti-money Laundering Office.
2. List of suspicious individuals involved in financial transactions provided by the Central Fraud Registry, which is the legal information exchange system for financial transactions of the banking sector.
3. Internal list of individuals whom the Bank has investigated and suspected of committing crimes.

We have enhanced the security of our mobile financial and payment services to prevent fraudulent transactions executed by fraudsters impersonating customers, such as providing customers with a lock and unlock account option, namely an option to lock their accounts so that no one can make transactions via electronic channels, together with stringent unlocking methods; requiring facial recognition when the customers want to adjust their personal transfer limit; and limiting the use of Bangkok Bank Mobile Banking services to only one user account per customer, one mobile phone number, and one mobile device per user.

1. Corporate Culture and Roles and Responsibilities of the Board of Directors and Senior Management
   The Board of Directors and senior management are responsible for fostering ethical market conduct as part of the Bank’s corporate culture.
2. Product/Service and Channel Development and Client Segmentation
   We develop products and service channels that are suitable for the needs, financial ability and comprehension ability of each target group of customers, with due consideration of our employees’ selling capabilities and knowledge, our work systems and ability to assure quality of sales so that customers receive suitable products with good quality. Furthermore, we recognize that in determining product terms such as benefits, prices and fees, we must consider fairness to customers and associated actual costs, while not joining with other providers to specify terms that are against customers’ interests, nor offering bundled products unless it is justified on the grounds of risk protection of the main product.
3. Remuneration Scheme
   Remuneration and punishment are determined for employees concerned with selling or providing products/services to customers as well as executives who are responsible for monitoring compliance with the market conduct. Key Performance Indicators are clearly defined to prevent irresponsible sales propositions and mis-selling.
4. Sales Process
   Customers must not have their privacy invaded when we are trying to sell products and services to them. Information provided to customers must be complete, not misrepresented or distorted so that customers receive products or services that are suitable for their needs and affordability. Systems to regularly check selling and service quality have been put in place, such as call backs, welcome calls and mystery shopping.
5. Communication and Training
   We regularly communicate with employees to raise awareness and organize training programs to provide knowledge about market conduct to ensure their compliance. This includes providing detailed information about new products or services, guidance on sales approaches using simple language, teaching about the rights of customers, customer care and protection so that employees can conduct themselves properly.
6. Data Privacy
   We protect the privacy of personal customer data by strictly complying with applicable laws. The Bank has designed, developed and tested the work system to ensure data security and has defined the authority and duties of employees who look after data security under the three lines of defense principle.
7. Problem and Complaint Handling
   We have established processes for problem resolution, complaint handling, whistleblowing, as well as remedies that are effective, clear, fast and fair.
8. Three Lines of Defense
   We have established processes for controlling, monitoring and auditing compliance with market conduct requirements to detect risks and anomalies while an after-sale self-monitoring system is in place to ensure compliance with the Bank’s guidelines.
9. Operation and Business Continuity
   We have put in place operating systems and business continuity plans that cover operations in both normal circumstances and emergencies as well as preparing a manual and checklist for employees to ensure that customers’ needs are addressed in an accurate, comprehensive and timely manner and to prevent operational mistakes.

In 2024, the Bank received a total of 298 whistleblowing cases or complaints, with 278 of these investigated, evaluated and closed, consisting of 20 cases from operational mistakes and slow responses from employees, 11 cases from operating system failure, and the remaining 247 cases resulting from customers’ misunderstanding of the Bank’s operations and other causes not related to the Bank’s deficiencies such as the rejection of credit card payments for products and services, and requests to check transactions of a deposit account, opening an account, closing an account, and freezing an account.

Employee Complaint Management

We provide channels for employees to file complaints related to unfair discrimination at work, and other forms of intimidation or harassment, whether it is physical, verbal or sexual harassment. When an incident of unfair discrimination at work, intimidation or harassment takes place, an affected employee can tell the instigating employee to stop the action immediately or, if the instigating employee still continues to behave in such a way, the affected employee can report or consult with his supervisor to find a solution or a mitigation. If the issue is not resolved satisfactorily, a complaint can be filed in writing to the Employee Relations Unit under the Human Resources Department, which then submits it to the Disciplinary and Petition Committee (Employee Relations Unit shall investigate the facts and submit the conclusion of the complaint to the meeting of the Disciplinary and Petition Committee within 60 days from the date of receipt of the complaint). If it is found that there indeed occurred an unfair discrimination, intimidation or harassment which is against the Bank’s rules or the law, the case will be referred to the Audit and Control Division and the division/department in which the violator works to consider appropriate disciplinary action and punishment.

In addition, we organized the 2024 AML/CFT Executive Forum on International Laws on Control and Sanctions on the Proliferation of Weapons of Mass Destruction and Dual-Use-Items for 937 directors, executives and employees. The objective was to inform them of AML/CFT requirements, regulations and trends that affect the Bank’s business operations, as well as how to conduct enhanced due diligence on customers when conducting transactions involving high-risk countries. Besides, the Anti-corruption Executive Virtual Forum on the Role of Executives and Employees in Combating Corruption was organized with attendance by 598 directors, executives and employees of the Bank. The objective was to ensure that the Bank’s employees acknowledge and recognize the importance of compliance with the Anti-corruption Policy and the Code of Conduct and Business Ethics.