Efficient protection of consumers’ data and privacy is a fundamental precondition of credibility of financial service providers. We know how important it is for our clients. Personal data of European Union nationals, including Poles, are strictly protected. mBank respects all rights of its clients according to mBank’s personal data security policy.
The policy is based on the General Data Protection Regulation (GDPR) and incorporates the GDPR provisions and the rights of data subjects. mBank has appointed a Data Protection Office who is available at inspektordanychosobowych@mbank.pl. For details of data protection and enforcement at mBank, visit our website.
mBank follows the law and standards set for financial institutions. We focus in particular on anti-money laundering and counter-terrorism financing. In this regard, we pursue Anti-Money Laundering and Counter-terrorism Financing Policy at mBank.
mBank follows an anti-money laundering and counter-terrorism financing programme which is consistent with national and EU regulations. To prevent money laundering and financing of terrorism, mBank is required by the programme:
- to identify and verify the identity of our clients,
- to identify and verify the identity of beneficial owners of our clients,
- to identify and verify our clients and their beneficial owners according to the criteria of politically exposed persons (PEP),
- to identify the risk of money laundering and financing of terrorism,
- we refuse to work with clients where we identify risks of money laundering and/or financing of terrorism,
- we monitor clients’ transactions to protect mBank from money laundering and financing of terrorism,
- we regularly train our employees. Training is organised and monitored by the Compliance Department.
All mBank employees are responsible for the implementation of the programme. In particular, account managers and client advisors are responsible for regular identification of clients’ identity. The President of the Management Board is responsible, under a resolution of the Management Board, for the implementation of the obligations under the AML Act according to the AML programme. The Chief AML Officer at the Compliance Department is responsible for compliance of the bank, its employees and associates with the anti-money laundering and counter-terrorism financing regulations. Regional AML Officers, AML Officers, and Deputy AML Officers report to the Chief AML Officer.
The policy defines the standards and procedures for the avoidance, identification, and management of conflicts of interest. mBank’s procedures ensure that conflicts of interest are resolved according to the principle of equal treatment of clients and that mBank, its employees and associates do not obtain benefits or avoid losses at the expense of clients.
Reliable conflict of interest management is a part of the corporate culture and a responsibility of mBank employees across all levels of the organisation. In particular, members of the bank’s Management Board and directors of mBank’s units must participate in the identification of conflicts of interest, implementation of measures necessary to prevent conflicts of interest, and management of actual conflicts of interest.
Members of mBank’s supervisory board and Management Board have special responsibilities. They are required to report an actual or potential conflict of interests and to refrain from participating in discussions and voting on matters which could cause a conflict of interest in relations with mBank clients or with mBank.
According to the policy, the Management Board has made the Compliance Department responsible for management of conflicts of interest in the bank. In particular, it is responsible for monitoring internal regulations and IT solutions, consulting services for the organisation, controls, training, and recommendations. The Compliance Department is responsible for reviewing any reported conflict of interest, issuing recommendations concerning the course of action, and monitoring the implementation of recommendations. The Compliance Department reviews the policy to ensure its adequacy and effectiveness at least on an annual basis.
We use information barriers in order to restrict the flow of confidential information, client information and client transactions.
The compliance policy defines the general framework for compliance of mBank with laws, internal regulations, and market standards. All employees of the bank are responsible for implementation of the compliance policy depending on their responsibilities and powers. mBank employees are responsible for the identification, assessment, estimation, controlling, and monitoring of the risk of non-compliance with laws, internal regulations and market standards, and for quarterly risk reporting to the Compliance Department. The internal control system includes three lines of defence. On the first line of defence, compliance is ensured by operations employees. As a second line of defence, compliance risk is monitored by compliance officers and the Compliance Department. The third line of defence is the Internal Audit Department. The Supervisory Board exercises oversight over the effectiveness of the internal control system. The Management Board of the bank is responsible for effective management of compliance risk and for the evaluation of compliance risk on the basis of annual reports presented by the Director of the Compliance Department.
In addition to the responsibilities of the Management Board and the Compliance Department, the directors of organisational units are also responsible for the implementation of the compliance policy. They are responsible for organising their employees in such a way as to ensure compliance with laws, internal regulations, market standards accepted by mBank, guidelines and recommendations of the Polish Financial Supervision Authority (PFSA) and other authorities competent in the area of the given unit.
The remuneration rules for mBank employees are defined in mBank’s remuneration policy. The policy is designed to support strong employee engagement by providing market-based remuneration packages adequate to employees’ contribution; to retain the best employees; and to attract talent to the organisation in traineeship and secondment programmes. The policy defines the rules ensuring protection of rights and interests of clients and preventing conflicts of interest. The Management Board of the bank is responsible for the development and implementation of the policy. The Management Board reviews the implementation of the policy on an annual basis and resents proposed amendments for review and approval to the Remuneration Committee of the Bank’s Supervisory Board. The policy is reviewed at least on annual basis by the Internal Audit Department, which presents its findings to the Supervisory Board of the bank. The Supervisory Board approves the remuneration policy and consults the Remuneration Committee if necessary. Employees in management positions who are the bank’s risk takers are additionally covered by mBank’s risk taker remuneration policy.
In addition to the remuneration policy, mBank also follows mBank’s Employee Remuneration Rules and mBank’s Employee Bonus Rules.
mBank’s work rules define the responsibilities of the employer and employees. In line with labour law, mBank’s work rules govern the organisation of work at the bank and the conclusion of employment agreements. mBank’s work rules define matters relating to full or part-time employment and working hours, work attendance, holidays, remuneration, awards and bonuses, liability for breach of employee’s obligations, occupational health and safety, fire protection, protection of women and minors at work.
The President of the Management Board or a Management Board Member or Managing Director authorised by the President oversees the implementation of the rules at the bank with the support of employees of the Employee Development and Organisational Culture Department and directors of the bank’s units who monitor compliance with the rules in their units on an on-going basis. The work rules apply to all employees of the bank working under employment agreements irrespective of position, full or part-time employment, and term of the agreement. They are required to comply with the rules and need to sign a declaration to that effect no later than the first day of work. mBank’s work rules were implemented and are updated in form of an Order of the President of the Management Board.
mBank employees are represented by the Workers’ Council established under the Act of April 7, 2006, on employee information and consultation. The Workers’ Council is comprised of 7 members elected by all employees for a term of four years. Its responsibilities include consulting the employer on the status quo, structure and expected changes of employment and matters which could cause significant changes to the organisation or the basis of employment. The Workers’ Council operates under an agreement with the bank.
As an employer, mBank strives to create a work environment free of mobbing and other forms of violence caused by superiors and colleagues.
The key focus of the policy is as follows:
- mBank does not tolerate mobbing or any other forms of violence.
- Employees must refrain from any action or behaviour which meets the criteria of mobbing or other forms of violence.
- Anyone who creates conditions that encourage mobbing or resorts to mobbing is in violation of the fundamental employee obligations. In that case, as an employer, mBank may impose sanctions under the labour law and mBank’s work rules.
The policy defines the criteria of mobbing and the reporting process (anonymous or not, at the choice of the reporting employee) for employees who claim that they have been mobbed. Complaints are reviewed by the Anti-mobbing Committee comprised of directors or their substitutes from the Employee Development and Organisational Culture Department, the Compliance Department, the Legal Department, the Marketing Communication Department, and mBank’s Ethics Officer, excluding anyone whose legal or factual relationship with the complainant could affect the objectivity and impartiality of the Committee.
The suitability policy defines transparent and precise procedures for the selection, assessment of suitability, and succession of mBank’s key function holders. It specifies the qualifications required in each position, good repute, and no conflict of interest during employment. The policy sets requirements for succession in key positions and defines the procedure of handling vacancies. The suitability criteria for the Management Board and the Supervisory Board include a comprehensive and diverse membership among others in terms of gender, age, and professional experience. One of the sections in the policy is dedicated to diversity. Regarding gender diversity, the policy sets a joint target of at least 30% women on the Management Board and the Supervisory Board by 2028. It recommends that at least one member of the Management Board should be a woman.
We signed the Diversity Charter in January 2018, joining an international initiative for social cohesion and equality supported in Poland by the Responsible Business Forum. As a member of the initiative, we support diversity and prevent discrimination at work.
The policy provides guidelines for the identification and mitigation of corruption risks, the key principles of the code of ethics, and related responsibilities. No Management Board member, manager, employee or associate may justify corruption or bribery by invoking mBank’s interest.
mBank follows a policy of zero tolerance for all forms of corruption, including accepting, offering, requesting, granting and giving consent for additional benefits, objects or payments in order to:
- unlawfully influence a decision,
- obtain or secure an illegal business advantage,
- gain personal benefits.
mBank’s Management Board and employees are required to avoid conflicts of personal and professional interest. They are prohibited from offering any undue benefits, in particular to central or local government officials, civil servants, and politicians.
mBank prevents corruption in a system of three lines of defence. The first line of defence is comprised of the bank’s organisational units. The second line of defence is the Compliance Department which is responsible for setting and monitoring standards of compliance with anti-corruption laws and regulations. The third line of defence is the Internal Audit Department, which evaluates the adequacy and effectiveness of the bank’s anti-corruption system.
The Management Board and employees report actual or suspected incidents of corruption to the direct superior or the Compliance Department. Reports may be lodged anonymously in the mSygnał system, which is also available online to third parties. We review all reports with due diligence and in confidence. Units involved in a case of non-compliance take steps to clarify all circumstances and to secure evidence. In case of a suspected crime, the director of the relevant unit provides the file to the Compliance Department, which reports to the law enforcement services if the suspicion is confirmed. The Compliance Department maintains records of corruption procedures. Anyone attempting to engage or engaged in corruption is subject to the procedure defined in labour law and mBank’s work rules. The Director of the Compliance Department immediately reports a corruption case to the member of the Management Board responsible for the given area. In case of high reputational risk or where the incident involves a Management Board Member, the Director of the Compliance Department additionally notifies the Chairman of the Supervisory Board. Moreover, the Compliance Department may take independent steps, irrespective of any reports filed by units of the bank, to detect cases of corruption.
The bank expects its business partners (vendors, contractors, service providers who work with mBank and with its clients on behalf of the bank) to comply with the policy. Anti-corruption provisions are included in each contract between the bank and a business partner.
The policy defines who, and how, is responsible for fraud prevention. The bank follows a policy of zero tolerance for all fraud and attempted fraud by the bank’s employees, clients, contractors, and third parties. mBank requires fair and lawful behaviour of all its employees, clients, and business partners.
mBank’s fraud risk management cycle covers four stages:
- fraud prevention – risk assessment, early identification, and clear rules and mechanisms mitigating risk;
- fraud detection – implementation of fraud controls, monitoring systems and reporting channels;
- fraud management – every case of suspected crime to the detriment of mBank or its client is investigated and necessary steps are taken, including legal measures;
- response – clear rules for mitigating loss or damage, corrective mechanisms, lessons learned.
mBank has implemented an electronic whistleblowing system, which ensures anonymity of whistle-blowers. It is accessible on all internet-enabled devices.
Whistleblowing rules and the procedures for reviewing reports are defined in internal regulations as follows:
- the identity of the whistle-blower and the person concerned is strictly confidential: their data must not be disclosed to third parties unless required by law;
- the whistle-blower may set up an anonymous inbox to receive updates on actions taken in reaction to the report and/or to provide additional details;
- every whistleblowing report is reviewed by authorised staff to ensure an objective, fair and impartial investigation;
- mBank employees who report suspected fraud in good faith are protected from any form of repression.
Reports are initially reviewed by staff of the Compliance Department. Filed in the system or otherwise, reports are investigated by authorised officers, as the case may be: employees of the Employee Development and Organisational Culture Department, employees of the Foreign Branches, the Ethics Officer, and employees of the Compliance Department. If a report is confirmed, the case is escalated according to the law and the bank’s internal regulations.
The rules for reporting fraud to the Management Board and the Supervisory Board are also clearly defined. They cover regular and ad-hoc reports.
mBank’s policy concerning presentation and acceptance of gifts (gift policy) sets clear and coherent standards for the presentation and acceptance of gifts by mBank employees.
Gifts, including entertainment, are a lawful customary business practice. However, gifts could also be used to obtain illegal gains. mBank follows a policy of zero tolerance for all forms of corruption. Employees may present and accept gifts only in accordance with the gift policy.
According to the policy, mBank employees are allowed:
- to accept and present small corporate gifts customary in business relations up to predefined limits;
- to participate in conferences organised by business partners. Event topics must be consistent with the participating employee’s professional responsibilities. mBank covers the cost of transport and accommodation at such events.
According to the policy, mBank employees are not allowed:
- to accept and present gifts in the form of cash or cash equivalents;
- to present or accept any gifts to/from other mBank employees if such gifts could be considered a form of influence over their due execution of relevant processes;
- to accept gifts from mBank’s business partners;
- to present gifts to central and local government officials in connection with their functions.
The Compliance Department maintains records of accepted and presented gifts. The Compliance Department regularly monitors compliance with the gift policy and reports on the implementation of the policy to the bank’s Management Board and Supervisory Board as a part of its compliance risk management reporting.
mBank identifies its clients and monitors persons and entities participating in transactions in accordance with sanction lists of the European Union, the United States, and the United Nations in order to ensure compliance with the applicable laws imposing special restrictions. The Compliance Department provides guidelines and instructions, informs other departments and subsidiaries about business policy restrictions imposed by sanctions, provides advice, and monitors compliance. We comply with sanction regulations by identifying clients and beneficial owners, and by identifying and refusing to execute transactions violating sanctions. We inform clients about sanction regulations and train the bank’s employees accordingly. Every employee of the bank is required to read and strictly comply with the policy.
mBank closely monitors existing business relations in sanction countries and takes necessary measures, up to termination of relations.
mBank has implemented the requirements imposed among others under the Act on Trading in Financial Instruments, MAR, and the Act on Public Offering.
We comply with the disclosure requirements because:
- we are a public company, that is, an issuer of securities admitted to trading on the regulated market;
- we carry out brokerage activities;
- we carry out custodial activities;
- we carry out activities referred to in Article 70(2) of the Act on Trading in Financial Instruments.
According to the law, information concerning certain events relating to mBank’s activity is classified as inside information. In such cases, we file a mandatory current report with the Polish Financial Supervision Authority (PFSA), the Warsaw Stock Exchange (GPW), and the Polish Press Agency (PAP). The same concerns certain other events which are not classified as inside information. We are required to file reports with PFSA concerning events relating to brokerage activities, custodial activities, and investment activities. Each unit of mBank concerned by or aware of such event is required to report it to the Compliance Department.
Failure to report, late reporting, and undue reporting generate the risk of financial penalties for mBank. In that case, the risk of financial penalties also affects:
- the persons providing information for a report;
- the members of the Management Board responsible for the given area.
mBank keeps records of persons discharging managerial responsibilities within the meaning of MAR.
mBank’s vendors and suppliers are required to comply with the law, labour law, human rights law, to protect the environment, to avoid discrimination, and to comply with anti-corruption law.
mBank pursues its business according to ethical and responsibility standards defined among others in the Universal Declaration of Human Rights, the International Labour Organisation standards, and the OECD guidelines (in particular, anti-corruption guidelines).
Every supplier participating in procurement or performing a contract with mBank is required to comply with the guidelines and ensure compliance by its subcontractors.
The guidelines in particular include:
1) the Universal Declaration of Human Rights;
2) the International Labour Organisation standards;
3) the OECD guidelines (in particular, anti-corruption guidelines);
4) the Rio Declaration on the Environment and Development – Agenda 21;
5) the United Nations Convention against Corruption;
6) international trade sanctions and embargoes, including sanctions which may apply under resolutions of the UN Security Council according to Chapter VII of the UN Charter, or any sanctions imposed by the European Union;
7) acts of national law implementing the above, as well as rules and regulations, in particular conflict of management rules and regulations.
The policy imposes restrictions on the provision of services to companies in socially controversial sectors which are in breach of the Ten Principles of the UN Global Compact.
Such restrictions concern opening of accounts as well as lending in the case of companies, including existing clients of mBank, whose activities:
- involve child labour or forced labour or result in other manifest violations of human rights;
- focus on economic exploitation of valuable natural areas;
- pose a risk to the global cultural heritage.
We do not establish business relations with any entities operating in countries, on which UN imposed sanctions.
In its relations with operators in the defence industry, mBank takes into consideration political, social, ethical, and environmental factors which could affect its reputation. In the defence industry, mBank in general accepts transactions with public entities: government agencies, state-owned companies, etc.