• The organization upholds robust corporate governance practices in corruption prevention and suppression, which meet international standards.
• To develop risk prevention processes and proactively suppress corruption, the organization will implement the Three Lines of Defense

Anti-Corruption Performance

Krungthai Bank places a high level of importance on conducting its business operations with integrity, honesty, respect for others, directness, social responsibility, transparency, and strict adherence to laws and regulations. The Bank has a Zero-Tolerance policy towards corruption in all forms to ensure its sustainable growth. To guide its employees and affiliates, the Bank has implemented an Anti-Bribery and Corruption policy, which prohibits involvement in any bribery or corrupt practices, either directly or indirectly. This policy is an essential part of the Bank's Business Code of Conduct, which provides a framework for its operations and compliance with the relevant anti-bribery and corruption laws in Thailand and other countries where the Bank operates, such as the Organic Act on Anti-corruption B.E. 2561 (2018), the National Anti-corruption Commission (NACC) Guidelines for Prescribing Appropriate Internal Control Measures for Juristic Persons in Preventing Giving Assets or other Benefits to Government Officials, Foreign Government Officials, or Officials of International Organizations, and the NACC Criteria for receiving Property or any other Benefits on Ethics of State Officials. In addition, the Bank has established a policy to prevent money laundering, financing of terrorism, and proliferation of weapons of mass destruction. These activities are considered crimes that pose serious threats to the economy, society, national security, and the global community. Criminals often use banks as a means to commit such offenses, and many countries have cooperated to find solutions to break the cycle of such crimes. At the international level, an organisation named the Financial Action Task Force (FATF) has set up measures for anti-money laundering and countering the financing of terrorism and proliferation of weapons of mass destruction, called the Forty Recommendations, for each country to take as guidelines for their internal legislation. Krungthai Bank recognizes the importance of implementing the law on Anti-Money Laundering and Counterterrorism and Proliferation of Weapon of Mass Destruction Financing (AML/ CTPF). The Bank is committed to ensuring that it is not used as a channel for money laundering and has established AML/CTPF policies and procedures that cover various aspects of its operations. These include money laundering risk assessment, checking the names of specified persons (Sanction Lists), Know Your Customer (KYC), Customer Due Diligence (CDD), Including checking the political status of individuals, both customers who have face-to-face interactions and those who don't, and excluding individuals with no political status. This involves monitoring and tracking customers' financial activities or transactions, reporting transactions, as well as conducting AML/CTPF internal audits and training.

Guidelines for preventing corruption within the organization (First, Second, Third lines of defenses)

To address anti-corruption issues, the Bank has established guidelines within the organisation, which are divided into three categories

1. Operational Level Raising awareness of the roles and responsibilities of employees and executives at all levels has been achieved through the “Retail Market Conduct Communication” project, as well as initiatives such as “Learn to Prevent,” and “Reduce Risks, Avoid Fraud.” These efforts are communicated through various channels, including work instructions, media, infographics, emails, and the ONE Krungthai app. Additionally, each branch conducts weekly huddle meetings to ensure that all employees are informed and cautious regarding corruption issues and policies. Control and review processes are implemented within departments, and “Lesson Learned” sessions were conducted to provide understanding from previous incidents where penalties were also enforced for individuals involved in corrupt activities.

2. Policy/Process/Operational Regulations Level The Bank has reviewed its operational regulations to ensure they are in line with changing economic, social, environmental, and financial technology conditions. This ensures that regulations and solutions are tailored to the specific operational environment

3. System Operation Level The Bank has continually enhanced and refined its systems by collaborating with relevant agencies to comprehend and address potential risks. These proactive measures aim to safeguard the system against fraud, including practices such as implementing bi-monthly password changes and utilizing OTP authentication instead of traditional codes.

Additionally, the Bank has adopted digital technology to address challenges and strategize risk management in alignment with its fraud prevention system. This includes leveraging Robotic Process Automation (RPA) technology to scrutinize branch transactions and identify potentially fraudulent activities.

The Bank has instituted a zero-tolerance policy towards all forms of corruption through the implementation of the “Sustainable Krungthai” project. This initiative aims to foster a positive organizational culture among employees, promoting adherence to rules, regulations, standards, and laws governing various transactions, as stipulated by relevant regulatory agencies. Furthermore, the Bank has developed compliance risk management guidelines to identify and assess risks arising from impacts or changes in various events within the Bank’s business operations. These guidelines serve as a framework for supervising and managing risk compliance in a more efficient and effective manner. Additionally, the Bank has implemented a preventive action plan and a monitoring and testing plan, along with oversight of compliance in other crucial areas, to prevent or mitigate cases in which the Bank may fail to meet regulatory requirements. In 2023, the Bank assessed the risks associated with receiving and giving bribes, as well as corruption. Guidelines were established for evaluating these risks based on their underlying causes including:

1. Buying convenience involves offering bribes to speed up or streamline various services, thereby reducing processing time or steps. Associated risks could include:

• Reduce processing steps, speed up the legal enforcement process, request copies, and copy documents from government agencies.
• Offering money or benefits to Land Office officials to facilitate document searches or inspections.
• Customers are forming close relationships with long-serving bank employees, hoping for preferential treatment in service delivery.
• Customers providing various benefits to accelerate the credit limit setting process or loan disbursement, or to set or relax conditions in favor of the customers.

2. Buying guilt involves bribing individuals to avoid wrongdoing or turn wrongful actions into rightful ones. Associated risks could include:

• Negotiating to keep evidence of guilt from investigation committees.
• Contractors deliver substandard work in violation of the contract and terms of reference (TOR), then bribe inspection committees to ensure regular wage disbursement.
• Delays in court proceedings or debt restructuring processes.

3. Buying work involves bribing to gain a competitive advantage or ensure selection as a contractor. Related risk issues involve:

• Offering gifts or other compensation to persuade customers or their agencies to use the Bank’s products and services.
• The customer offers money or other benefits in exchange for a higher property valuation than the market price.
• Receiving additional advantages during the procurement process.

4. Claiming benefits involves bank employees demanding payments, which creates risks such as:

• Requesting money for personal gain in exchange for disclosing data of the Bank’s customers to third parties.
• Employees arranging loan collateral insurance with the insurance company that they get direct benefit from.
• Employees seeking benefits to expedite debt restructuring approval and delay debtors’ legal proceedings.
• Requesting financial or other benefits related to the procurement process.

The Bank has implemented all 4 types of controls to mitigate risks as follows:

1. Operational Control consists of Standard Operating Procedures (SOPs), guidelines, circulars, or work procedures aimed at reducing or preventing risks
2. Environment Control includes measures to manage various environmental factors.
3. Financial Control refers to the implementation of risk-mitigation measures related to finance.
4. Monitoring Control includes measures pertaining to internal auditing, monitoring results, and/or random auditing.

The Bank has organized a roadshow to disseminate knowledge about newly announced regulations and correct practices, such as the Personal Data Protection Act B.E. B.E. 2562 (2019), password protection techniques, tools for detecting suspicious transactions, and the Emergency Decree on Measures for the Prevention and Suppression of Technological Crime, B.E. 2566 (2023). This decree criminalizes mule account owners and individuals engaged in the acquisition of mule accounts, empowering financial institutions to suspend transactions and freeze accounts promptly to mitigate immediate losses. Additionally, the Bank utilizes a system for exchanging fraud information between banks, known as the Central Fraud Registry, with support from the Ministry of Digital Economy and Society and the Bank of Thailand. This initiative aims to facilitate the exchange of information on suspicious and mule accounts between banks to prevent potential damage.

The Bank has developed various media and disseminated them via emails and ONE Krungthai application. Examples include, Market Conduct scoop, Extra Mission activity in which employees can learn about disciplinary actions and serious disciplinary misconduct as well as signing the acknowledgment of the discipline in ONE Krungthai application, and “Learn to Prevent” column which serves as guidelines for all Krungthai employees to observe market conduct.

The training emphasizes employee discipline, including a review of the disciplinary process and the consideration of appropriate punishments in accordance with current regulations. These measures are implemented to ensure that employees carry out their duties correctly and mitigate risks that may arise from operations. Additionally, training courses are constantly organized to address corruption, risk management, and corporate governance for employees.

In 2023, the Bank organized a total of 78 training courses for employees, covering content such as:

• Third-party risk management
• Auditing guidelines, for example, general IT controls and controls related to Digital ID
• Fraud audit and ethical audit
• Improving the efficiency of internal audit processes, disciplinary action consideration, and appeal process
• Knowledge, comprehension, and investigation of financial crimes, as well as financial and banking investigations
• Preventing errors and misconduct from third parties, as well as preventing the receipt of assets or other benefits that could be considered corruption
• Preparing a report on the results of the readiness assessment for providing digital identity verification and authentication services
• Internal assessment of information security management systems and basic information security for internal auditors
• Internal IT security management system audit and basic IT security for internal auditors
• Implementing your sustainable business risk management strategy (Fundamentals of responsible banking : M3)
• The Emergency Decree on Measures for the Prevention and Suppression of Technological Crimes, B.E. 2566 (2023) and best practices
• COSO and COSO ERM integrated internal control frameworks for internal auditors
• Information security risk management according to ISO/IEC 27005
• Policy guidelines for dealing with financial transaction fraud
• Risk management for modern financial institutions
• Good digital technology governance with COBIT and audit guidelines according to COBI standard procedures
• Commercial banking compliance officer
• Counter-terrorism and proliferation of weapon of mass destruction financing (AML/CTPF)
• PDPA for internal audit

Moreover, the relevant regulatory authorities oversee and examine banks to ensure compliance with laws and related regulations consistently. the Bank has assigned a legal and compliance team to provide advice, answer inquiries, and communicate rules, policies, and regulations to employees in the organization, as well as evaluating their understanding to ensure that they can appropriately apply the Code of Conduct. Individual employees are also assessed using standard indicators, which may affect their compensation, depending on the severity of each case. Employees who engage in a violation of the Code of Conduct or law will face disciplinary action in accordance with the regulations. Salary reductions, suspension of salary increases, and salary cuts are among the 6 compensation-related disciplinary measures.