Supply chain sustainability is a source of business and stakeholder value. Our network of suppliers delivers critical products and services that contribute to our long-term business objectives. Through responsible and sustainable procurement practices, we can reap financial benefits while contributing to socio-economic development and improving the livelihoods of local businesses. On the other hand, weak sustainability performance within the supply chain exposes us to operational and reputational risks, such as regulatory fines, stop-work orders, protests and other disruptions.​



Sustainable procurement practices are managed by Group Strategic Procurement, based on principles set forth in the Group Sustainability Policy. All new suppliers are required to register through the CIMB eProcurement Portal, and comply with all applicable laws, regulations and standards within the geographies in which they operate. Our Vendor Code of Conduct (VCOC) sets out expectations for all current and prospective suppliers, related to ethical and responsible business conduct, human rights and environmental stewardship. ESG issues and risks are integrated into our procurement and risk management processes.​

Basic Sustainability Due Diligence is conducted as part of the vendor onboarding process. If the vendor fails the due diligence, the case will be escalated to Group Sustainability for investigation and recommendation on whether to proceed​ with the onboarding. ​

The Group’s Whistleblowing Policy is an avenue for suppliers to report suspected unethical, illegal, or improper behaviours or activities, confidentially and transparently. The Policy is accessible to all stakeholders through the CIMB Group website and the CIMB eProcurement Portal.​

CSR activities and initiatives across CIMB Group are guided by the Group Corporate Responsibility Policy and Procedure, which institutionalises guiding principles and consistent practices across the Group. It specifies the minimum requirements and standards governing the activities, as well as end-to-end processes to ensure compliance with internal policies and regulatory requirements, and address key risks.​