Acting with integrity
Why this is material to us
Strong governance is the bedrock of our success. Establishing checks and balances enable the Board to have appropriate control and oversight of responsibilities. This is essential to building and safeguarding the trust that stakeholders place in us. Furthermore, fostering good stewardship is key to creating long-term and sustainable value for all our stakeholders.
We are committed to the highest standards of corporate governance and ethical conduct. This means complying with all applicable laws and regulations and also establishing best practices consistently across the OCBC Group.
The expected standards of behaviour for all employees are set out in the OCBC Code of Conduct and our Group policies. These are implemented through a rigorous approach to regular staff communication, engagement, training and assessment.
OCBC has a zero-tolerance approach to any form of bribery and corruption, which is stated in our Code of Conduct. Our anti-bribery and anti-corruption policies have been communicated globally to all our employees.
OCBC also adopts a zero-tolerance policy to fraud. Staff are informed that the Bank will investigate and report all internal fraud to the appropriate authorities.
We regularly review the effectiveness of our policies and practices, ensuring that they are relevant and implemented successfully across our business, with new ones added where warranted.
New Board Ethics and Conduct Committee
First Singapore bank to set up an ethics committee to ensure responsible banking. The Board Ethics and Conduct committee, supported by the Culture and Conduct governance structure, provides oversight to ensure OCBC Group’s core values are strongly embedded in our corporate culture and anchor the way employees conduct ourselves.
Risk Culture Framework
Embeds and reinforces a systematic approach to managing risk at all levels of the Group to ensure awareness, competency and accountability of practices. The framework is underpinned by a rigorous approach to assessment and monitoring.
Employee Conduct Triggers (ECT)
Supports the Group Risk Culture Programme. It comprises a set of indicators that monitor employee conduct which was developed as an integral supplement to the existing suite of human resource management tools. In 2018, we introduced the ECT model for the first time and assessed all employees in Singapore against it. In 2019, we extended the ECT programme to key subsidiaries and continue to review it on a regular basis to include more bank-wide and business-specific indicators where necessary.
Management Control Oversight Rating (MCOR)
Measures risk awareness and control consciousness of Management in discharging risks and controls supervisory/oversight responsibilities. The MCOR is derived based on the score of a set of factors including awareness, aptitude and attitude.
Material Risk Takers (MRT) Framework
Employees identified as having a material influence on the long-term performance of the Group have appropriate incentives set within the remuneration policy to ensure prudent behaviour.
Provides a transparent channel for employees and the public to raise concerns. The channels for reporting include:
Why this is material to us
Our continued success as a financial services group is dependent on our ability to build enduring relationships with our customers. This involves treating our customers with respect and integrity, and consistently dealing with them in a fair and professional manner.
Fair Dealing has always featured prominently in our core values. Specifically, our value of ‘Integrity’ underscores Fair Dealing as the basis of our business.
In line with our pledge to customers to be “Simply Spot On” in meeting their needs, we are committed to dealing with them by:
Providing them with clear, relevant and timely information to help them make informed decisions.
Recommending only products that are aligned with their financial objectives and risk profiles.
Training and certifying our sales employees so that they are equipped to give appropriate advice and recommendations.
Treating customer feedback and complaints seriously, and ensuring that issues are addressed in an effective and prompt manner.
Fair Dealing Committee and Framework
- Oversees strategic initiatives and measurement to ensure Fair Dealing outcomes, including quarterly reviews of the state of fair dealing at the Bank and its subsidiaries.
- To measure and monitor the achievement of the Fair Dealing outcomes, a Monitoring Programme has been put in place. The results of the Monitoring Programme, both quantitative and qualitative aspects form the basis for the committee to ascertain the Fair Dealing performance of the Bank.
- The quantitative components in the Monitoring Programme include the number of misconduct cases reported to MAS, audit results, compensation amount arising from mis-sellings and the MAS Balanced Scorecard results, covering financial, operational and business areas. The final quantitative grade of Green, Amber or Red is ascertained from the numeric results of these components.
- The qualitative assessment of misconduct cases found to be of a systemic nature can affect the final grade.
- The ‘traffic light’ system of measurement is a comprehensive and independent approach to identify gaps quickly and ensure that they are addressed appropriately.
Product Suitability Committee, Policy and Framework
Governs the approval of new investment products, ensuring that they are offered appropriately to the Bank’s target customer segments.
Why this is material to us
Financial crime and cyber threats have the potential to disrupt our banking services and result in financial losses impacting our customers, our organisation and the wider economy. As banks provide greater digital convenience and products, digital platforms will increasingly become a target for cyber-attacks, fraud, money laundering and the financing of terrorism. To uphold the trust of our stakeholders, it is vital for us to be resilient against these risks.
Protecting our customers has always been our priority. We adopt a holistic approach to risk management through ensuring all our products and services have security built-in by design to protect customers’ information and money, while still providing a frictionless banking experience.
We manage the risks relating to fraud, money laundering and financing of terrorism, cybersecurity and data protection across three key areas: physical assets, people and information.
We have in place a comprehensive framework of policies and practices, realised through active corporate risk governance and an extensive programme focusing on cyber defence capabilities, awareness and testing, incident response and crisis management, as well as insurance protection.
To further enhance our cyber resilience through external collaborations, we also actively engage in cyber threat information sharing with industry players via the Association of Banks in Singapore Standing Committee on Cyber Security (ABS SCCS), the Financial Services Information Sharing and Analysis Centre (FS-ISAC), and the Alliance of Public Private Cybercrime Stakeholders (APPACT).
We regularly validate the effectiveness of the safeguards established and promptly remediate any issues that arise. We monitor our networks for cyber threats through a 24-hour Cybersecurity Operations Centre.
Deployed a robust set of security and authentication measures across our Internet and
mobile banking platforms to prevent fraud.
Provided education and advice to our customers and the community through our branch
network, social media, radio and print media.
Deployed a new system which detects compromised devices interacting with OCBC online banking platforms.
Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT)
Member of the Anti-Money Laundering/Countering the Financing of Terrorism Industry Partnership (ACIP).
One of the first Singapore banks to tap on Artificial Intelligence (AI) and machine learning to enhance the detection of suspicious activity.
Cyber Risk & Resilience Policy
Incorporates regulatory requirements and aligns with international industry guidance on cyber risk and resilience. Roles and responsibilities across the three independent lines of defence are clearly defined.
Cyber Risk Awareness & Social Engineering Testing Programme
Educates and tests all staff on cyber threats to continuously improve staff vigilance and cyber hygiene within the organisation. Educates customers through online channels, and outsourced services providers through cyber risk awareness sessions.
Cyber Defence Programme
Capabilities to sustain and enhance defences, and new ones continuously developed and deployed to address evolving and advanced threats. Incident response of people and processes are tested and improved to be more effective against cyber attacks.
Business Continuity & Crisis Management Programme
Ensures minimal disruption of essential banking services during times of crisis, including cyber attacks. Exercises are conducted regularly to improve responses to disruptions due to cyber attacks.
Cyber & Network Security Insurance
Protects the Group using relevant insurance to cover damages due to a variety of cyber-attack situations.