In accordance with the Corporate Governance Code, the Bank of China (Malaysia) Berhad (BOCM)’s Whistleblowing Policy (hereinafter referred to as “the Policy”) is hereby established to refine relevant internal systems, strengthen corporate governance, specify the roles and responsibilities of the Board Audit Committee (BAC), as well as to ensure the appropriateness of the whistleblowing management mechanisms of BOCM (referred to as “the Bank” collectively). In particular, the Bank’s staff members and external parties who deal with the Bank (e.g. contractors, consultants, suppliers, interns, customers and members of the public) (referred to as “other stakeholders” collectively) may report to or communicate with BOCM’s BAC for irregularities in the Bank which fall into the scope of the Policy via channels specified in the Policy.

The “whistleblowing” mentioned in the Policy refers to the reporting of the Bank’s staff members or other stakeholders via proper channels and methods on any actual or possible violation of legal and regulatory requirements or improprieties which came to their knowledge in relation to the businesses or other matters of the Bank. The Policy however shall focus on the reporting made by the Bank’s staff members and other stakeholders via the channels specified by the Policy, as well as the reporting referred to the Bank for following up by regulatory authorities.

The “whistleblowing management” mentioned in the Policy refers to the practice that the Bank’s relevant departments shall carry out fair and independent investigation into reporting received in accordance with prescribed procedures and take appropriate further action.

1.    The Bank is committed to upholding and enhancing corporate governance standard and strongly values the ethical conduct and integrity of the employees. In the respect, the Bank welcomes and encourages its staff members and other stakeholders (collectively “the whistleblowers”), in case of being aware of any actual or possible violation of legal and regulatory requirements or improprieties in relation to the businesses or other matters of the Bank/ the Bank’s staff members, to report the incident via channels specified by this Policy. In particular, the scope of reporting under this Policy mainly includes the following:

• Issues concerning the Bank’s financial matters, such as providing false financial data to external parties, using fictitious invoices for reimbursement or other fraudulent behavior;
• Major issues concerning the Bank’s internal control, such as major loopholes in business processes or procedures;
• Issues concerning the Bank’s staff members committing bribery or corruption, such as a staff member being offered bribes or suspected of being offered bribes, being asked to give bribes or suspected of getting involved in an incident of similar nature, or getting involved in any other forms of bribery or corruption activities;
• Issues concerning the Bank’s staff members being suspected of money laundering, terrorist financing, tax evasion, weapons proliferation financing or violation of sanctions requirements;
• Other unethical or questionable practices of the Bank’s staff members that may involve violation of legal and regulatory requirements or improprieties, as well as incidents likely to cause great damage to BOCM’s reputation; and
• Any behavior attempting to conceal the abovementioned misconducts.
  

2.    For reporting falling into the aforesaid scope, the whistleblower should provide detailed information and supporting materials/proof or verifiable link of evidence.

3.    If a staff member becomes aware of another staff member committing any behavior which is in violation of BOCM’s Code of Conduct, he/she shall immediately report to Human Resources Department, in accordance with the relevant provisions of the Code of Conduct. If the underlying issue also fall into the aforesaid scope of whistleblowing as listed in (1), the staff member concerned shall make reporting as required by the Policy at the same time.

4.    For reporting falling into the aforesaid scope received directly, the receiving department/unit concerned shall follow up and investigate into the case in accordance with the line of responsibility. Notice should also be sent to Internal Audit Department in due course, as well as the results of the investigation once completed. If the reporting is related to a staff member’s personal behavior, it can be reported to Human Resources Department.

5.    Whistleblowers can make a reporting within the scope as listed in (1) above to the Head of Internal Audit Department, or directly to the Chairman of the BAC. If the reporting concerns the Head of Internal Audit Department, it could be made directly to the Chairman of the BAC. Alternatively, whistleblowers can report their concerns directly to the regulators or law enforcement agencies, such as Bank Negara Malaysia, Malaysian Anti-Corruption Commission, Royal Malaysia Police etc.

6.    While making reporting, whistleblowers shall provide detailed and accurate information, as well as their identity and contact information wherever possible for following up, over which Internal Audit Department and the investigating unit shall keep the identify of the whistleblowers confidential. In the process, whistleblowers may be required to provide additional evidence to facilitate the investigation, for which, if a whistleblower does not provide contact information, some doubts may not be clarified or further information and evidence cannot be obtained, thus putting the investigation or following up in a difficult position and making it impossible to carry out comprehensive and fair assessment. Nevertheless, if a whistleblower is extremely unwilling to disclose his/her identity, he/she may make anonymous reporting. However, anonymous reporting will not be accepted or processed unless it is accompanied with sufficient evidence.

7.    To make reporting, whistleblowers may complete the “Whistleblowing Form” in Appendix 1 and submit it via channels as specified under this Policy (which include: post or email) as follows:

a)    The Head of Internal Audit Department

b)    The Chairman of the BAC

8.    In the event of whistleblowers making unfounded reporting maliciously or abusing the reporting mechanism for personal objectives, the Bank shall reserve the right to take necessary action against that person, so as to recover any damages or losses caused by the unfounded reporting.

9.    Given that all staff members have the duty to safeguard the Bank’s interest and reputation, in the event of any staff member being aware of any irregularity without making prompt reporting, the Bank may take disciplinary action against him/her according to the Administrative Measures for Staff Non-Compliance and Accountability.

10.    In relation to customer complaints, customer’s comment and suggestion on the Bank’s services or products, staff appeal, external fraud and customers or external parties committing money laundering, terrorist financing, tax evasion weapons proliferation financing or violation of sanctions requirements or other violation of legal and regulatory requirements, unless it is within the scope as listed in (1) above, such reporting does not fall into the scope of this policy and shall be transferred to the relevant designated units for following up and handling as appropriate.

1.    Whistleblower should keep his/her reporting confidential, including the facts, subject issues and parties involved, so as to avoid hindering the investigation.

2.    Reporting and its related information are confidential information to the Bank. Anyone handling or having access to the information shall strictly follow the legal requirements to protect the privacy and legitimate rights/interests of the whistleblowers and the parties being reported against. There should not be unauthorised disclosure, or the Bank shall hold the relevant persons accountable.

3.    The Bank might have to disclose the identify of the whistleblowers in the course of investigation. If that happens, the Bank shall wherever possible notify the whistleblower concerned in advance of the circumstance.

4.    In case the investigation becomes criminal prosecution, the whistleblower concerned might have to provide evidence to the enforcement authorities directly and cooperate with the investigation. Besides, under certain circumstance, the Bank is required to refer the reporting to relevant authorities without prior notice to the whistleblower or seeking his/her consent.

1.    This Policy encourages the Bank’s staff members and other stakeholders to make reporting in good faith. The Bank shall conduct fair and impartial, independent, as well as professional investigation and strive to keep the identity of the whistleblowers in strict confidence, protecting their legitimate rights/interests.

2.    In the event of someone retaliating or seeking revenge against any whistleblowers who made reporting according to the Policy, the Bank shall reserve the right to take necessary action against that person.

3.    As long as the reporting is in good faith and on reasonable ground, the staff member making the reporting is assured of protection against unfair dismissal, victimization and unwarranted disciplinary action, even if the reporting turns out to be unsubstantiated, unless it is out of malicious intention or meant to abuse the reporting mechanism for personal objectives.  

1.    Upon receiving reporting that falls into the scope of this Policy, Internal Audit Department shall report to the Chairman of the BAC and Chief Executive Officer and act upon in accordance with their instruction and relevant internal procedures.

2.    Internal Audit Department and members of the investigating unit responsible for the reporting shall conduct fair and independent investigation as per prescribed procedures and make recommendations for improvement to the issues as raised where appropriate. Internal Audit Department shall then report the investigation results to the Chairman and members of the BAC thereafter.

3.    If the whistleblower has provided contact information, Internal Audit Department shall acknowledge receipt of the reporting to the whistleblower. The investigation results may also be provided to the whistleblower upon completion of the investigation where appropriate, to the extent permitted by applicable laws and regulations. In case the whistleblower disagrees with the investigation results, he/she must provide sufficient new evidence and then the investigating unit will assess the need to follow up or not.

1.    Responsibilities of the BAC
The BAC shall regularly review the handling and management of whistleblowing as established and operated by BOCM. Overall, the review shall include:

• The relevance and applicability of the whistleblowing policy and related mechanisms;
• The fairness and independence of the investigation results;
• The confidentiality of the identity and other information of the whistleblowers and the parties being reported against, as well as of the investigation results; and
• The appropriateness of the action taken upon reporting received.

2.    Responsibilities of the Management
BOCM shall promote and encourage the Bank’s staff members to take the initiatives to report violation of legal and regulatory requirements, as well as improprieties in relation to financial matters and internal controls, taking place within the Bank. Besides, the Management of BCOM shall support and assist the execution of the Policy, as well as oversee and monitor the implementation of the improvement measures adopted for issues as raised in whistleblowing.

3.    Responsibilities of Internal Audit Department
Internal Audit Department is the receiving unit for whistleblowing, who shall then coordinate for investigation and reporting.

4.    Responsibilities of Other Departments/Units/Branches
For reporting falling into the scope of the Policy received directly, the receiving department/unit/branch concerned shall promptly follow up and investigate into the case in accordance with the line of responsibility. Notice should also be sent to Internal Audit Department in due course, as well as the results of the investigation once completed. For reporting transferred to the relevant department/unit by Internal Audit Department for following up and investigation in accordance with the Policy, the department/unit concerned shall follow the requirements of the Policy and the BOCM Procedures on Handling of Whistleblowing Complaints. The investigation shall be completed within the time limit as requested and investigation report submitted to Internal Audit Department for further handling and reporting.