Why this is material to us

Strong governance is the foundation of our success. Establishing appropriate control and oversight of business operations is essential to our role as a steward of wealth and value for our customers and society. In line with this view, OCBC’s governance framework enables us to build and maintain trust among stakeholders, creating long-term and sustainable value for them.

Our management approach

We are committed to upholding the highest standards of corporate governance in everything we do, guided by our groupwide Code of Conduct and Group policies. In every jurisdiction that we operate in, we comply with all regulations, codes and corporate governance guidelines.

OCBC’s robust corporate governance structure and policies are underpinned by its core values, LIFRR (Lasting Value, Integrity, Forward-Looking, Respect and Responsibility). The Board Ethics and Conduct Committee is responsible for cultivating and maintaining these core values across the organisation, anchoring the way employees conduct themselves.

OCBC takes a zero-tolerance approach to all forms of bribery and corruption, which is an integral part of the OCBC Code of Conduct. The OCBC Group Policy on Anti-Bribery and Corruption (ABC) sets out its commitment and responsibilities via the ABC compliance programme which comprises:

1. Supporting policies and procedures
2. Risk identification and assessment
3. Training and communication
4. Reporting channel

The compliance programme is reviewed periodically to ensure its alignment with global best practices and standards. OCBC prohibits any political contributions and requires all employees to undergo bi-annual mandatory ABC awareness training and comply with its Gift and Entertainment Disclosure Policy.

Apart from its employees, OCBC also communicates its strong anti-bribery and corruption stance to its service providers and suppliers via the ABC Notification Guidance and Supplier Code of Conduct.

New initiatives and ongoing efforts

OCBC Group Culture and Conduct Programme Framework

• OCBC has a strong governance structure and policies to guide employee conduct.
• In 2021, we launched a programme to streamline and document the Group’s Culture and Conduct Framework via a three-pronged approach.
• It starts with a clear ‘tone from the top’ that cascades down to relevant bank-wide policies, programmes, processes to promote a robust corporate culture among employees, good accountability practices and effective conduct risk management.
• We regularly assess whether these objectives are met via monitoring and reporting mechanisms.

Whistleblowing Programme

• OCBC is committed to the highest level of integrity and ethical standards. Our Whistleblowing Policy aims to provide a safe and anonymous platform for parties to raise fraud and misconduct concerns.
• The policy also governs the reporting and investigation of whistleblowing reports.
• Staff are continually reminded of the policy through the mandatory annual anti-fraud training that include the policy as a key topic, and information that is available internally.

Websites:

• www.ocbcgroup.ethicspoint.com
• www.ocbc.com/group/who-we-are/purpose-values/whistleblowing-programme.html

Hotline:

• 800-110-1967

Sustainable Procurement

• OCBC’s Supplier Code of Conduct sets out our expectations across key areas:
  • Compliance with law
  • Business integrity and ethics
  • Human rights
  • Health and safety
  • Environmental protection
• Suppliers must acknowledge the Code as part of our supplier onboarding process.
• At OCBC, we take ESG criteria into consideration in our procurement evaluation. For instance, our environmental requirements incorporate the use of recycled material, green certification and energy efficiency of equipment, among other criteria.
• Our evaluation process involves a panel of evaluators to ensure fairness and openness.
• The OCBC Code of Conduct is to be adhered to where suppliers and evaluators are to declare any conflict of interest.
• We also conduct Know-Your-Vendor checks prior and during the contract period where vendors are screened against a staff database and sanctions lists, and via internet searches to detect any potential violation of OCBC’s policies.

Why this is material to us

The OCBC Group brand name is synonymous with honesty and integrity. We continue to uphold the trust and confidence that customers place in us by maintaining the highest level of integrity and ethical standards in all that we do. Our brand promise – ‘Simply Spot On’ – underscores our commitment to take a long-term approach in building enduring customer relationships. We seek to act in customers’ best interest by understanding their needs, which enables us to deliver the right advice and solutions.

Our management approach

Fair dealing is a core part of our corporate culture. Our core values of ‘Lasting Value, Integrity, Forward-looking, Respect and Responsibility’ underpin our commitment to always do the right things for our customers. To fulfil this commitment, we:

• provide our customers with clear, relevant and timely information to help them make informed decisions;
• recommend products that are aligned with our customers’ financial objectives and risk profiles;
• deepen our sales employees’ knowledge and competencies so they can give appropriate advice and recommendations;
• address customers’ feedback and complaints promptly and effectively.

We review and improve our practices regularly, striving to go beyond compliance with the Monetary Authority of Singapore (MAS) Fair Dealing Guidelines.

New initiatives and ongoing efforts

Fair Dealing Committee, Framework and Monitoring Programme

• A Monitoring Programme has been put in place to oversee our initiatives and conduct to ensure fair dealing is an integral part of our interactions with customers. The programme aims to measure and monitor our performance against the fair dealing outcomes set out by the MAS using quantitative and qualitative indicators.
• The Fair Dealing Committee, which includes division heads from various business units, uses the findings from this programme to determine the fair dealing performance of the Group. This grading system is a comprehensive and objective approach to identifying gaps quickly and ensuring they are addressed appropriately.
• The programme is reviewed every quarter to improve our practices. In 2021, no adverse issues were encountered in our reviews.

Product Suitability Committee, Policy and Framework

• This framework governs the approval of new investment products, ensuring suitability for the target customer segments.
• The Product Suitability Committee is responsible for screening the suitability of investment products using OCBC’s Product Suitability Risk Rating Methodology. This methodology considers the risk factors for new investment products and the risk profiles of the target customers. Products are recommended based on the alignment of customers' risk profiles and product risks.
• Additionally, product managers are required to take a test to ensure that they are well-versed in OCBC’s product suitability policy before they can propose new products to the committee.

Why this is material to us

Financial crimes and cyber threats can potentially disrupt banking services and result in financial losses impacting customers, our organisation and the broader economy. The continuous evolution of technology and digitalisation of products and services means that we will continue to face increased risks of cyber-attacks, data breaches, fraud, money laundering and the financing of terrorism. It is pivotal for the Bank to stay resilient against these risks.

Our management approach

We take a holistic approach to managing financial crimes and cyber threats, implementing measures covering risk governance, people, process, and technology.

Our robust processes have helped to protect customers' information and assets from financial crime and cyber threats. We will continue to proactively invest in new technologies to mitigate cyber threats and financial crimes.

The ongoing global pandemic has necessitated continued large-scale remote working arrangements and heightened the need to engage our customers digitally. As a result, our internal controls and risk management processes continue to be progressively strengthened to support the increased volume of digitalisation initiatives to serve our customers better.

OCBC also makes active efforts to strengthen the cyber resilience of the wider community. We partner with industry players to actively gather cyber threat intelligence, as well as collaborate with law enforcement agencies and other financial institutions to collectively combat financial crimes and cyber threats.

New initiatives and ongoing efforts

Anti-Fraud Measures

• In 2021, we continued to raise scam awareness among customers and employees via multiple channels, including internet and mobile banking, social media, direct electronic mails, and webinars.
• In May 2021, we collaborated with the National Crime Prevention Council (NCPC) to launch an online scam quiz for retail customers. We assisted NCPC in broadcasting this to our customers via email, push notification and OCBC website.
• OCBC also partnered with the Singapore Police Force’s Anti-Scam Centre in Project FRONTIER to combat scams through swift interventions and intervene in fake gambling and investment scam cases.
• Internally, we have further deployed fraud surveillance and anti-financial malware system across the Group. This will enhance security for our customers through the monitoring and alerting customers of suspicious transactions.
• The Bank also continuously identifies new fraud risks and implement enhanced internal controls to mitigate the risk of fraud.

Preventing Data Breaches

As most staff worked remotely during the year, data protection is of paramount importance. OCBC has in place comprehensive measures to prevent data breaches.

Our internal controls include the following measures:

• Restrict accesses on a need-to-know basis;
• Incorporate regular monitoring to facilitate prompt detection and follow-up of possible data breaches; and
• Broadcast updates on evolving threats (e.g. phishing and ransomware) to raise staff vigilance.” (Preventing Data Breaches segment).

In addition, we have continued to implement progressive enhancements, such as further strengthening of endpoint data loss prevention controls, to enable adequate data protection in the new norm of remote working.

Anti-Money Laundering (AML) measures

• Since 2019, OCBC Singapore and participating Law Enforcement Agencies (LEA) have collaborated in successful efforts to automate the handling of a production order to reduce turnaround time by 99% to one to two days.
• The initiative, with further enhancements ongoing to processes and retrieval timeline, has helped the LEAs and banks work together to detect and investigate suspicious trends and patterns quickly and effectively. This helps in combating financial crime and mitigate money laundering risks.
• OCBC’s continuous efforts to increase risk awareness among staff have allowed for early detection of money laundering, terrorist financing, and sanctions risks and for swift and proactive risk mitigation actions to be taken.
• In June 2021, the Commercial Affairs Department (CAD) awarded the Community Partnership Award to OCBC for our part in Operation Ringfence; we were recognised for our “detection and proactive intervention resulting in the disruption of large-scale money laundering activities in Singapore”.

Cyber Resilience

• Proactively review and update technology and cyber risk management policies and standards in accordance with an evolving risk landscape and regulatory requirements.
• Review and strengthen OCBC’s preventive, detective, and response capabilities to enhance the Bank’s cyber resilience. We cover several areas such as advanced malware protection, access control management, and management of cyber risks arising from the Bank’s third-party service providers, including cloud services, to better address the evolving cyber threat landscape.
• Perform regular vulnerability assessments and penetration tests of the Bank’s IT systems to continuously review their robustness. Incident response as well as disaster recovery exercises are also conducted to validate the Bank’s cyber resilience.
• Embarked on the next step in transforming people to be the strongest defence with a new Cyber Smart Programme, a sustainable and strategic initiative to elevate employees’ knowledge, skills and demonstrated behaviour in managing risks associated with social engineering, data loss and cybersecurity.