Krungthai Bank places a high level of importance on conducting its business operations with social responsibility, transparency, and strict adherence to laws and regulations. The Bank has a Zero-Tolerance policy towards corruption in all forms to ensure its sustainable growth. To guide its employees and affiliates, the Bank has implemented an Anti-Bribery and Corruption policy, which prohibits involvement in any bribery or corrupt practices, either directly or indirectly. This policy is an essential part of the Bank's Business Code of Conduct, which provides a framework for its operations and compliance with the relevant anti-bribery and corruption laws in Thailand and other countries where the Bank operates, such as the Organic Act on Anti-corruption B.E. 2561 (2018), the National Anti-corruption Commission (NACC) Guidelines for Prescribing Appropriate Internal Control Measures for Juristic Persons in Preventing Giving Assets or other Benefits to Government Officials, Foreign Government Officials, or Officials of International Organizations, and the NACC Criteria for receiving Property or any other Benefits on Ethics of State Officials. In addition, the Bank has established a policy to prevent money laundering, financing of terrorism, and proliferation of weapons of mass destruction. These activities are considered crimes that pose serious threats to the economy, society, national security, and the global community. Criminals often use banks as a means to commit such offenses, and many countries have cooperated to find solutions to break the cycle of such crimes. At the international level, an organisation named the Financial Action Task Force (FATF) has set up measures for anti-money laundering and countering the financing of terrorism and proliferation of weapons of mass destruction, called the Forty Recommendations, for each country to take as guidelines for their internal legislation. Krungthai Bank recognizes the importance of implementing the law on Anti-Money Laundering and Counterterrorism and Proliferation of Weapon of Mass Destruction Financing (AML/ CTPF). The Bank is committed to ensuring that it is not used as a channel for money laundering and has established AML/CTPF policies and procedures that cover various aspects of its operations. These include money laundering risk assessment, checking the names of specified persons (Sanction Lists), Know Your Customer (KYC), Customer Due Diligence (CDD), both for customers who build a relationship in person and those who do not have a political status. Additionally, the Bank monitors and tracks customers’ financial movements or transactions, performs transaction reporting, conducts AML/CTPF internal audits, and provides training.

To address anti-corruption issues, the Bank has established guidelines within the organisation, which are divided into three categories

Krungthai Bank has implemented a Zero Tolerance policy called “Krungthai Virtue” to ensure compliance with applicable laws, regulations, and guidelines. This policy is part of the Bank’s Compliance Risk Management program, which aims to establish a corporate culture of compliance among employees. The program includes risk management guidelines to identify and assess compliance risks, a Compliance Program to supervise and manage risks more efficiently, and a Preventive Action plan and Monitoring & Testing plan to reduce the chance of non-compliance. The Bank also conducts compliance supervision in other important areas to prevent or reduce the chance that it will not comply with the rules.

To promote honesty, transparency, integrity among its employees and ensure compliance with the Bank's rules and regulations as well as those of the regulators, the Bank has implemented several communication initiatives. These include distributing practice guidelines through email and the One Krungthai application's "Know Well, Be Aware of Mistakes" column, providing communication guidelines for conducting fair customer service or market conduct, and organizing Extra Mission activities to educate employees on disciplinary action and serious disciplinary offenses. Employees are required to acknowledge and strictly follow the discipline through the One Krungthai application. The Bank also conducts educational tours to teach employees about new regulations and best practices, such as the Personal Data Protection Act B.E. 2562 (2019), password retention, and tools for detecting suspicious transactions, as well as faster legal processes. As of 2022, all Bank employees have signed an acknowledgment of the business code of conduct.

The Bank has implemented various communication initiatives to raise awareness about employee discipline. This includes organizing training courses both in classrooms and online for employees and setting it as a regular agenda item in employee committee meetings across all departments. These initiatives aim to ensure that employees can perform their duties correctly according to the internal regulations, rules set by various regulatory bodies related to the Bank and review the disciplinary process to consider appropriate punishments corresponding to various regulations currently in effect. By doing so, employees can perform their duties correctly and prevent any risks that may arise from their operations. Moreover, the Bank also regularly organizes training courses on corruption, risk management, and corporate governance for employees. These ongoing initiatives aim to provide employees with essential knowledge and skills to handle various challenges and risks that may arise in their roles.

• The Anti-Money Laundering and Counter Terrorism and Proliferation of Weapon of Mass Destruction Financing (AML/ CTPF) Year 2022
• Anti- Money Laundering Regulations for District Office Executives and the Monitoring and evaluation team of the District Office - Data Governance and Personal Data Protection Act B.E. 2562 (2019)
• Milestone Project to reduce Bank Money Laundering Risks
• Knowledge of Credit Information Law Data Management and guidelines to be in compliance with the Personal Data Protection Act B.E. 2562 (2019)
• Relaxation of foreign exchange control regulations under the FX regulatory framework of the Bank of Thailand
• Knowledge of the Information Security Management System (ISMS) according to the ISO / IEC 27001: 2013 standard and Information Security Awareness of BAHTNET system
• Cyber awareness course
• SWIFT Security Awareness for the year 2022
• Knowledge of operational risk (Operation Loss Data) and access to the eGRC system
• Knowledge of discipline, discipline action and laws related to the labor relations
• Investigation guidelines for the Fact Investigation Committee according to the First Line of Defense

The Compliance and Legal Management Group is responsible for providing advice, communicating rules, policies, and regulations within the Bank, and measuring employee recognition and use of the Bank's Code of Conduct. Moreover, the Group oversees employee evaluations and compensation related to business ethics by setting standard indicators for individual employees. The Group also reduces the performance evaluation scores of employees who engage in non-compliance with business ethics or violate regulations. If an employee fails to comply with business ethics, the Bank's operational regulations stipulate disciplinary action. The Bank has established a set of disciplinary actions that include six issues linked to compensation, such as salary reduction, salary increase suspension, and salary cuts.

The Bank has implemented a Whistleblowing Policy that enables stakeholders to report any misconduct by directors, executives, staff, employees of the Bank, or employees of affiliated companies. The policy covers acts of fraud, illegality, violations of banking regulations or regulatory agency rules, and provides various channels for receiving complaints, including channels for executives in Human Resources and Corporate Governance. In the event of complex complaints related to fraud or violations of the Bank's business ethics, the responsible unit will refer the matter to the Internal Audit Division for immediate inspection before forwarding it to the Disciplinary and Employee Relations Management Department for further action.

All business unit heads report any suspicious behavior or breaches of the Code of Conduct to the disciplinary employee committee, which is responsible for disciplinary processes. This committee can also hear breach cases from other channels, including the Internal Audit team, whistleblowing and the HR Center where employees can formally contact the committee about cases related to the Code of Conduct.