Governance & Ethics

Governance of Sustainability

Sustainability is institutionalised in our business through our Sustainability Governance Framework. The framework is designed with a clear delineation of roles and responsibilities that ensures accountability, transparency and effective execution of our sustainability decisions.

The Board is the highest governance body accountable for CIMB's sustainability strategy and material ESG matters, including opportunities and risks. CIMB’s Board of Directors plays a crucial role in upholding strong corporate governance. Their leadership upholds integrity across the Group, balancing the interests of stakeholders while navigating an ever-evolving business landscape. Guided by CIMB’s Board Charter, the Board provides strategic direction, oversees management and holds the Group accountable for achieving its goals, including advancing our sustainability framework.

• Board Group Sustainability Council
  The Board Group Sustainability Council (BGSC), formerly known as the Group Sustainability and Governance Committee (GSGC) convenes every quarter and assists the Board in fulfilling its responsibilities in advocating and fostering a culture of sustainability, ethical conduct, and integrity in our corporate DNA. The BGSC provides guidance and oversight on the Group's sustainability matters, including but not limited to climate change.
  
  
• Board Risk and Compliance Committee
  Provides oversight and advice to the Board and management in respect of sustainability and climate-related risks, including monitoring of the Group's exposure to high sustainability risk sectors and clients, sustainability risk appetite setting as well as regulatory compliance.
  
  
• Audit Committee
  Supports the Board in ensuring reliable and transparent reporting and a robust internal control system for sustainability-related matters.
  
  
• Group Nomination and Remuneration Committee
  Assesses and builds Board-level climate competency, and oversees the integration of climate-related matters in the performance considerations of top management.

The Group Sustainability Council (GSC), with representatives from countries and business units, is the management committee which is responsible for monitoring the sustainability risk profile of the Group's business activities and ensuring the implementation of appropriate sustainability policies, procedures and controls. The GSC reports to the Group Transformation Committee (GTC) which assists the Group CEO in steering CIMB's overall strategy including sustainability. 

The GTC and GSC play key roles. The GSC, chaired by the CEO of CIMB Bank Berhad, comprises members at the GCEO-1 level, along with regional and cross-functional representatives. It designs and oversees the Group's sustainability and climate change strategy, goals, targets, and action plans. It also establishes portfolio and sector-specific targets aligned with the Group's commitments. The GTC, chaired by the Group Chief Executive Officer, ensures the timely and effective execution of the Forward30 Sustainability Programme, which includes important sustainability and climate-related projects.

Group Sustainability Council (GSC) composition:

• Chief Executive Officer (CEO), CIMB Bank Berhad
• President Director, Indonesia
• Group Chief Sustainability Officer
• Group Chief Risk Officer
• Group Chief People Officer
• CEO, CIMB Islamic and Group Islamic Banking
• CEO, Group Commercial and Transaction Banking
• Regional Head, Group Wholesale Banking Corporate & Investment Banking Coverage
• Regional Head, Group Consumer Banking
• Regional Head, Strategy, Performance and Programme Management
• Head, Corporate Responsibility

The Group Sustainability Division, led by the Group Chief Sustainability Officer, drives implementation of our sustainability strategy along with Business Units and Business Enablers in our key operating markets. Our diverse regional business requires localised sustainability solutions and this is delivered through our Country Sustainability Teams.

Embedded Sustainability Champions and Specialists across the region mainstream and implement the Group’s sustainability efforts, promoting decentralised innovation and a sustainability-driven culture, values and accountability at all levels.

Sustainability Linkages to Pay

Our commitment to sustainability is evidenced by the fact that our Group CEO, top management and all divisions have sustainability key performance indicators (KPIs) in their collective scorecards. Collective scorecards are a team-based performance appraisal system whereby employees are assessed as part of a collective team rather than only as individuals. The KPIs in these collective scorecards reflect our material matters, and their performance against these KPIs are directly linked to the funding of the bonus pool of all divisions, thereby directly impacting the compensation of the executive management and employees in the division.

Sustainability-linked remuneration is an effective way of ensuring that our leadership, business units, and enabling functions remain focused on our sustainability goals. Examples of critical KPIs for our CEO and top management is as below:

Group Sustainability Policy

At the overall organisational level, sustainability risks are managed under the Group Sustainability Policy (GSP). The GSP outlines our overarching principles and approach to sustainability, including sustainability risks. The GSP is implemented across our regional business units and enablers to assess, mitigate and manage sustainability risks within CIMB’s own operations and in our dealings with business relations. The GSP outlines our comprehensive approach to sustainability, detailing our commitment to: 

1. Managing Sustainability Risks

We actively identify, assess, and mitigate sustainability risks embedded in our business activities.

2. Providing Green, Social, and Sustainable Impact Products and Services (GSSIPS)

We offer innovative financial solutions that support a sustainable future and societal well-being. We uphold high ethical and sustainability standards throughout our GSSIPS product development and offerings. We also encourage responsible business practices by offering financing solutions linked to sustainability performance.

3. Ensuring a Systematic Framework for Identifying and Managing Climate Risk from an 'Outside-In' Perspective

We aim to foster a systematic and consistent approach in identifying, assessing, measuring, managing and controlling, as well as monitoring and reporting Climate Risk and their cross-cutting impacts through other risk types to the Group, from an “outside-in” perspective.

4. Achieving Net Zero

We are committed to reducing our environmental footprint and achieving net zero in our operations and in our financed emissions.

5. Ensuring Sustainable Procurement

We embed sustainability considerations into our procurement practices, fostering responsible sourcing and supply chains.

6. Promoting Responsible Sustainability Communications

We actively engage with stakeholders on our sustainability journey, ensuring transparency and accountability.

7. Adhering to Regulatory Requirements

We actively keep up and comply with local and applicable regulatory updates and establish standardised processes and frameworks for the consistent and accurate reporting of sustainability matters.

The Group Sustainability Policy is supported by our other policies such as our Group Sustainable Financing Policy (as outlined in our Sustainable Finance Framework), our Group Human Rights Policy, and our Statement on Biodiversity and Nature.

The Board: Independent, Accountable and Diverse

Our Board of Directors provides leadership in CIMB’s corporate governance, safeguarding the Group’s interests and ensuring that we place our stakeholders’ interests at the top of our agenda. In providing strategic guidance, management oversight and ensuring accountability, the Board is guided by CIMB’s Board Charter, which sets out, among other things, its key roles and responsibilities. The Board approves all policies for application across the Group, including the Anti Bribery & Corruption Policy and Code of Ethics and Conduct.

As at the end of December 2024, the Board was helmed by Tan Sri Mohd Nasir Ahmad, a Non-Independent Non-Executive Director (NINED), who played an instrumental role in ensuring the Board operates effectively and fully discharges its legal and regulatory responsibilities. As the Chairperson, he also led the Board in the oversight of Management and instilled the right culture, values, and behaviours throughout the organisation. Tan Sri Nasir retired from the Board on 19 July 2025 and was succeeded by Datuk Syed Zaid Albar, who was appointed as Group Chairman of CIMB Group Holdings Berhad effective 20 July 2025, following his appointment as an Independent Non-Executive Director on 18 June 2025.

The Chairperson is not a member of the Audit Committee and the Group Nomination and Remuneration Committee. He carries out a leadership role in the conduct of the Board and its relations with shareholders and other stakeholders. To ensure balance of authority, increased accountability, and a greater capacity for independent decision-making, the roles of Chairperson and Group Chief Executive Officer (Group CEO) are distinct and separate with a clear division of responsibilities so that no individual dominates the decision-making process.

We recognise the critical role Independent Directors play in strengthening the Board’s effectiveness. To maintain their independence and integrity, we adhere to strict criteria aligned with regulatory standards as outlined in CIMB’s Board Charter. At least half of the board comprises independent directors, where each of the Independent Non-Executive Directors (INED) is considered to be independent of the Management and free from any significant business or other relationships which can interfere with the exercise of independent judgement or their ability to act in the best interests of CIMB, and one who is described under the INED column in the table below. CIMB Bank meets 7 of the Board Independence requirements by S&P Global CSA, as outlined in the table below.

As at the end of December 2024, 7 out of the 11 Board Members of CIMB Group Holdings Berhad are Independent Non-Executive Directors.

With the appointment of the new chairman, Datuk Syed Zaid Albar, on 20 July 2025, the new details, with reference to CIMB’s Board Charter, are in the table below:

Code of Conduct​

Employees deserve to work in an environment that is both safe and secure. The CIMB Code of Ethics and Conduct sets out the standards of conduct expected of all CIMB employees in our engagement with customers, business associates, regulators, colleagues and other stakeholders across the region. The Code covers, among other things, the following:

• Conflict of interests
• Money laundering
• Insider trading
• Confidentiality of information
• Workplace safety
• Whistle blowing 
• Discrimination 
• Anti-Competitive Conduct 
• Anti-Bribery and corruption, including the No Gift Policy

We are committed to achieving this by fostering a culture and governance structure that upholds the highest standards of professionalism, integrity and ethics in every employee’s conduct. These principles are enshrined in our Code of Ethics and Conduct and Sexual Harassment Policy.

Each year, all employees are required to attest their commitment and adherence to our Code. We provide comprehensive training to all our employees on these policies to ensure they are fully aware of our stance regarding The Code of Conduct, including discrimination and harassment in the workplace. Any employee found to be in violation of the Code of Ethics and Conduct and related Group policies will be subject to disciplinary action, which may include termination of service.

We have established procedures for handling breaches of our Anti-Bribery and Corruption Policy requiring employees who suspects contraventions of the policy to report those concerns to their Head of Department or confidentially through the Whistleblowing Policy procedure. All cases of breaches, incidents or suspicious activities will be investigated accordingly.

The Whistleblowing Policy clearly outlines the escalation process not only for instances where employees’ rights are violated but also for all breaches of the Code of Conduct.

We have the following policies in alignment with the Code of Conduct:

• Group Anti Bribery and Corruption Policy 
• Group Chinese Walls Policies and Procedures 
• Group Conflict Management Policies and Procedures 
• Group Anti-Money Laundering, Counter Financing of Terrorism and Targeted Financial Sanctions (AML/CFT and TFS) Policies and Procedures
• Group Whistleblowing Policy
   

We also have separate policies for the following which are made available on CIMB's intranet and are given to all new joiners:

• Anti-corruption and bribery policy 
• No gift policy 
• Whistle Blowing policy 

Whistleblowing Policy

At CIMB, we expect our employees to conduct themselves with a high standard of professionalism and ethics in the conduct of our business and professional activities.

As part of good corporate governance, CIMB established a Whistleblowing Policy that sets out avenues for legitimate concerns to be objectively investigated and addressed. Individuals will be able to raise concerns about illegal, unethical or questionable practices in confidence and without the risk of reprisal.

We provide multiple anonymous channels for employees, business relations, suppliers, clients and the public to report inappropriate, unethical or unlawful behaviour and practices involving the management or employees, including any breaches to code of conduct. Reports can be submitted anonymously, and all details of reports received are kept strictly confidential. Training on the use of the whistleblowing channel is provided to employees via e-learnings in the topic of Anti Bribery and Corruption, which is mandatorily required by employees annually, and is administered to vendors through CIMB’s procurement system. 

CIMB’s Whistleblowing Policy and Whistleblowing mechanisms are jointly owned and managed by the Audit  Committee Chair of CIMB Group Holdings Berhad and the Group Chief Internal Auditor of CIMB Group.

Having a secure and reliable whistleblowing channel ensures that individuals can report unethical or unlawful behaviour without fear of retaliation. CIMB commits to ensuring that all disclosed information, including the identity of the whistleblower shall be treated with strict confidentiality. All personnel, directly or indirectly working relative to a whistleblowing case, shall strictly protect the identity of the whistleblower and witnesses from unauthorised disclosure before, during and after an investigation. CIMB is also committed to protect the whistleblower from all acts of harassment, retaliation, victimisation and recrimination arising from making the disclosure in good faith. 

Grievance Mechanism​

We provide appropriate and safe channels to facilitate employer-employee communication through our grievance settlement process and whistleblowing channels. These channels allow employees to safely raise and address issues concerning their working conditions, supervisors, colleagues or incidences of harassment, discrimination or violence.​

CIMB has also established a grievance mechanism which is open to all stakeholders, which serves as a structured process to raise, address and resolve human rights and environmental concerns, which is laid out here. 

Anti-Bribery and Corruption

We maintain a strict stance against bribery and corruption, guided by our Anti-Bribery and Corruption Policy, which requires all Board members and employees to comply with local laws and promptly report any wrongdoing. All employees must complete anti-bribery and corruption training every two years. ​ ​

​

We have put in place a comprehensive suite of policies to steer our corporate ethics, underscoring our commitment to integrity and responsible business conduct. Beyond mere compliance with regulatory standards, these internal policies shape our organisational behaviour and actively foster trust among stakeholders.

We recently tightened our Group Anti-Bribery and Corruption (ABC) Policy on gifts and entertainment, as well as the implementation of the ABC through the creation of a standardised due diligence checklist as simple guidance for all employees. Building on the Corporate Integrity Pledge signed by the Group CEO and management, all employees are now required to sign and submit their ABC Declaration annually.

Our Group Anti-Bribery and Corruption Policy governs our approach in tackling bribery and corruption within the Bank. From the most senior leadership of the Board to rank-and-file employees, everyone at CIMB must adhere to all local anti-bribery and corruption legislations, and remain vigilant against wrongdoing, malpractice or irregularities at the workplace. All employees are also expected to immediately report any such instances to the management.

Our Integrity and Governance Unit (IGU) oversees our anti bribery and corruption efforts, reporting to the Board monthly. IGU follows the Group Integrity and Governance Framework and integrates anti-corruption measures into our Compliance Risk Assessment Methodology.

Political Contributions

In accordance with our Anti-Bribery and Corruption Policy Statement, CIMB Group prohibits contributions to political parties, political party officials, or candidates for political office. As a result, our political contributions for the year 2024 are zero. Despite this, CIMB Group remains actively engaged in various initiatives spearheaded by industry associations, financial industry bodies, and apex institutions. These engagements may play a role in shaping public policy. Our primary objectives for participating in these initiatives include sharing best practices, transferring knowledge and technical skills, and collaborating with industry peers to address common challenges and devise future solutions. We take proactive measures to advocate for specific issues, facilitate meaningful dialogue, and influence industry actions.

Details regarding our contributions related to these engagements are provided below. The majority of our contributions are in the form of subscription fees.

List of associations under the category "lobbying, interest representation or similar"

Largest contibution in 2024

Our largest contributions in 2024 were to the Thai Bankers' Association (TBA), United Nations Environment Programme - Finance Initiative (UNEP FI) and Perhimpunan Bank Nasional (PERBANAS).

Safeguarding Against Financial Crime​

The Anti-Money Laundering and Counter Financing of Terrorism Policy guides our approach to safeguard the bank against financial crimes. This includes conducting a thorough Customer Due Diligence (CDD) on both face-to-face and online customers. The CDD process involves a watch list screening which strengthens the risk identification process.

We have established procedures to handle, review and monitor Politically Exposed Persons (PEPs). We require our senior management to sign off on PEP customers as well as customers from countries, businesses and products with a higher risk of money laundering and terrorism.

Bank Negara Malaysia (BNM) enforces strict confidentiality regarding Anti-Money Laundering (AML) breaches to prevent "tipping off" and to protect customer information. The Anti-Money Laundering, Anti-Terrorism Financing and Proceeds of Unlawful Activities Act 2001 (AMLA) criminalises the disclosure of information that could alert individuals involved in suspicious activities, as such disclosures may compromise ongoing investigations. BNM's Policy Document on Management of Customer Information and Permitted Disclosures outlines the conditions under which customer information can be disclosed, emphasising the importance of maintaining confidentiality to safeguard the integrity of financial investigations.

Therefore, public disclosure of AML breaches is generally prohibited to comply with legal requirements and to ensure the effectiveness of AML measures. Financial institutions are expected to handle such matters internally and report them directly to BNM or relevant authorities, adhering to established protocols to prevent unauthorised.

In addition, all employees undergo yearly training on safeguarding the Bank and our customers.

Responsible Tax Management ​

CIMB Group complies with tax laws and pays all taxes legally due in all jurisdictions in which we operate. We are committed to timely and accurate registration, filing of tax returns by their due dates and payment of taxes, appropriate documentation and tax reporting. 

We apply professional due care when adopting any tax technical positions on areas of uncertainties, including seeking written opinions from third party advisors/legal counsels or ruling/confirmation from tax authorities where necessary to ensure that any position taken is supportable and defendable in a tax audit.

​We manage our relationships with tax authorities and regulators in a transparent and professional manner. CIMB Group contributes to the development of tax policy and legislation, typically through direct engagement with tax authorities, public consultation processes or in our role as a member of an industry group.​

​

The Board of Directors formally reviews and approves the CIMB Group’s Tax Policy, whenever there are required changes. This is triggered upon a review by Group Tax of the said Policy, which takes place at least once in every two years. Subject to the degree of risks or nature of the transactions involved, tax related decisions will be referred to the relevant Board of Directors or Delegated Authority for approval and guidance.​

​

CIMB Group employs an Enterprise-Wide Risk Management (EWRM) framework with Three Lines-of-Defence model as a standardised approach to effectively manage our risks and opportunities including tax risks. The system of internal controls is designed to mitigate these risks by identifying and assessing, measuring, managing and controlling, monitoring and reporting risks, including operational tax risk.​

​

CIMB Group Tax also works together with business units and business enablers to provide advice and guidance on tax related areas in strategic implementations or changes, significant business transactions, new products, implementation of new tax laws etc as part of efforts to ensure that the implementation of the said Policy is embedded into the organisation.​

​

Tax is considered part of relevant business decisions and we only engage in tax planning or utilize tax incentives that supports a genuine business purpose and commercial activity and in line with the intended policy objectives of the Governments which introduced the incentives. We do not enter into transactions whose sole purpose is to minimise or reduce tax cost. Similarly, we do not promote products to our customers where the tax treatment is contrary to the intent of the law. We are committed not to use secrecy jurisdictions or so-called “tax havens” for tax avoidance. We fully support and will always comply with tax laws aimed at preventing the facilitation of tax avoidance and fraud.​

Transactions between group entities are priced on an arm’s length basis, reflecting the economic reality of the transaction in accordance with international standards and local government law. We pay our share of taxes in each jurisdiction in accordance with the relevant laws and regulations. We adhere to the OECD transfer pricing guidelines in accordance with local and international tax law and prevailing standards. We do not artificially divert profits to low tax jurisdictions. To further enhance tax transparency, the Group has also been filing its Country-by-Country-Report (CbCR) annually with aggregate data on the global allocation of income, profits, taxes paid and economic activities among tax jurisdictions in which we operate. This CbCR Report is shared with tax administrations in these jurisdictions for use in high level transfer pricing and tax risk assessments.​

​

We also support tax authorities in their efforts to tackle tax evasion by complying with client tax information regimes such as FATCA and the Common Reporting Standard. Our reported tax data are subject to independent external verification as part of the annual financial audits. 

In 2024 to 2025, we are implementing e-invoicing to streamline tax processes, reduce business costs and support the Malaysian Government’s

economic goals. From 2025, the Group will also comply with the Global Minimum Tax Pillar 2 requirements in line with Malaysia’s implementation. This initiative, introduced under the OECD/G20’s Base Erosion and Profit Shifting (BEPS) project, establishes a minimum effective tax rate of 15% on business profits for multinational enterprises, reinforcing measures against tax avoidance and promoting a fairer tax system.