Etik dan Pedoman Tingkah Laku Maybank Indonesia, Program Anti Pencucian Uang dan Pencegahan Pendanaan Terorisme (APU PPT), Penerapan Strategi Anti-Fraud, Sistem Pelaporan Pelanggaran (Whistleblowing) dan peraturan pendukungnya.

[GRI 103-1]

Kode Etik dan Pedoman Tingkah Laku Maybank Indonesia [GRI 102-16]

Maybank Indonesia mengedepankan nilai-nilai T.I.G.E.R, (Teamwork, Integrity, Growth, Excellence & Efficiency dan Relationship Building) dan kode etik sebagai patokan bagi setiap orang dalam berinteraksi satu sama lain, baik secara internal maupun kepada pihak eksternal. Internalisasi kode etik dan nilai-nilai budaya Bank dilakukan oleh setiap manajemen senior melalui pengarahan rutin dan akses e-learning, setiap karyawan juga menandatangani pakta integritas secara periodik sebagai janji untuk menjunjung tinggi nilai-nilai Maybank.

6.965* 6.776

2019 2020

6.580 6.799

2019 2020

6.576 6.785

2019 2020

6.550 6.769

2019 2020

6.439 6.666

2019 2020

6.484 6.494

2019 2020

6.587 6.812

2019 2020

6.597 6.881

2019 2020

Program Anti Pencucian Uang dan Pencegahan Pendanaan Terorisme

Bank telah menerapkan program Anti Pencucian Uang dan Pencegahan Pendanaan Terorisme (APU-PPT) dengan membentuk Satuan Kerja APU PPT dalam Unit Kerja Financial Crime Compliance (FCC). Program-program APU PPT Bank berdasarkan 5 (lima) pilar yang dirangkum sebagaimana berikut.

Penyelenggaraan APU-PPT meliputi

1 2 3 4 5

Pengawasan aktif Direksi dan

Komisaris Kebijakan dan

Prosedur Pengendalian Intern Sistem Informasi Manajemen Sumber Daya Manusia dan Pelatihan Dewan Komisaris dan Direksi

mengawasi secara aktif pelaksanaan program APU-PPT berdasarkan laporan rutin yang disampaikan. Dewan Komisaris dan Direksi juga memberikan persetujuan terkait kebijakan dan prosedur program APU-PPT

Bank menyesuaikan kebijakan dan prosedur yang sesuai dengan peraturan terkini

Pemantauan oleh pihak independen secara berkala. Internal Audit dan Eksternal Audit menguji efektivitas pelaksanaan Program APU-PPT sesuai dengan ketentuan yang berlaku

Pengembangan Sistem Informasi yang dapat memantau, mengidentifikasi, menganalisis dan menyediakan laporan dengan karakteristik transaksi berdasarkan risiko yang dilakukan nasabah.

Dengan demikian, sistem ini dapat mendukung kegiatan pemantauan profil dan transaksi nasabah agar berjalan efektif

Program pelatihan bagi seluruh karyawan di bidang APU-PPT agar sumber daya manusia kami memiliki tingkat keahlian dan pengetahuan yang memadai dalam menjalankan tugasnya

Active Supervision of Directors and Commissioners

Policies and Procedures

Internal Control Information Management System

Human Capital and Training

The Board of Commissioners and the Board of Directors conduct supervision of the APU and PPT program based on routine reports. The Board of Commissioners and the Board of Directors also give approval to the Policy and Procedures of the APU and PPT Program.

The Bank updates Policy and Procedures in accordance with the latest regulations.

Periodic monitoring by independent party.

Internal Audit and the External Audit units assess the effectiveness of the implementation of the APU and PPT Program in accordance with prevailing regulations.

Development of Information Systems that can monitor, identify, analyse, and provide reports of transaction characteristics based on the risks that customers make.

Therefore the system can support the monitoring of customer profiles and transactions.

Training programs for all employees in the fields of APU and PPT to provide them with an adequate level of expertise and knowledge to carry out their duties.

Penerapan Prinsip Know Your Employee

Penerapan Know Your Employee (KYE) telah dilaksanakan oleh Maybank Indonesia meliputi aspek-aspek sebagai berikut:

• Melakukan prosedur penyaringan (pre-employee screening) pada saat penerimaan pegawai baru dalam upaya memastikan profil calon karyawan tidak memiliki catatan kejahatan.

• Pengenalan dan pemantauan profil karyawan antara lain mencakup perilaku dan gaya hidup karyawan.

Penerapan Prinsip Know Your Customer

Maybank Indonesia menerapkan Prinsip Mengenal Nasabah (Know Your Customer/KYC) yang meliputi aspek-aspek sebagai berikut:

• Melakukan identifikasi, verifikasi, screening dan risk assement kepada calon nasabah dalam rangka penerapan Customer Due Diligence (CDD).

• Melakukan pemantauan nasabah untuk memastikan bahwa transaksi yang dilakukan sejalan dengan pemahaman Bank atas nasabah, kegiatan usaha dan profil risiko nasabah, termasuk sumber dananya, dan tidak terkait dengan catatan kejahatan

Anti Money Laundering and Combating the Financing of Terrorism Program

The Bank has implemented the Anti Money Laundering and Combating the Financing of Terrorism (AML-CFT) program AML-CFT Work Unit in the Financial Crime Compliance (FCC) Work Unit. The Bank’s APU PPT programs are based on 5 (five) pillars which are summarized as follows:

The implementation of APU-PPT includes

Implementation of Know Your Employee Principles

Maybank Indonesia has implemented Know Your Employee (KYE), covering the following aspects:

• Conduct pre-employee screening procedures at the time of employee recruitment to ensure prospective employees do not have a criminal record.

• Recognition and monitoring of employee profiles, including employee behaviour and lifestyle.

Implementation of Know Your Customer Principles

Maybank Indonesia has implemented Know Your Customer (KYC) principles which include the following aspects:

• Perform identification, verification, screening and risk assessment of prospective customers in the context of implementing Customer Due Diligence (CDD).

• Monitor customers to ensure that transactions are carried out in line with the Bank’s understanding of customers, business activities and customer risk profiles, including sources of funds, and are not related to criminal records.

• Dalam hal terdapat indikasi mencurigakan/ketidakwajaran terkait tindak pidana pencucian uang atau pendanaan terorisme maka Bank melaporkan Laporan Transaksi Keuangan Mencurigakan (LTKM) ke PPATK sesuai perundang-undangan yang berlaku.

Kejahatan Siber

Sejalan dengan peningkatan produk dan layanan keuangan digital yang terus dikembangkan, Maybank Indonesia memiliki kebijakan, prosedur dan organisasi khusus untuk menangani kejahatan siber, manajemen IT terus berupaya untuk mengimplementasikan teknologi keamanan sistem agar

mampu mengidentifikasi, menangkal dan memonitor setiap potensi risiko kejahatan siber.

Selain itu, peningkatan kepedulian seluruh stakeholder baik karyawan dan nasabah terkait ancaman kejahatan dunia maya juga terus dilakukan secara berkesinambungan. Bank telah melakukan sosialisasi melalui publikasi e-mail dan e-learning mengenai peningkatan kewaspadaan akan serangan siber, termasuk cara pencegahan maupun cara penanganan serangan siber kepada seluruh karyawan. Cyber risk merupakan salah satu risiko yang dikelola secara komprehensif oleh Maybank Indonesia.

Penerapan Strategi Anti-Fraud

Maybank Indonesia memiliki Unit Kerja Financial Crime Compliance & National Anti Fraud untuk mengendalikan risiko terjadinya fraud. Tiga pendekatan: pencegahan, pengawasan dan penindakan. Kegiatan rutin yang dilaksanakan di bidang ini adalah anti-fraud statement, training dan kampanye fraud awareness, identifikasi dan analisis kerawanan, implementasi Know Your Customer (KYC) dan Know Your Employee (KYE).

[GRI 103-2]

Dalam rangka antisipasi kejadian fraud baik yang berasal dari internal maupun eksternal Bank, manajemen telah melakukan tindak lanjut dan perbaikan atas kelemahan-kelemahan yang ada dan memperkuat sistem pengendalian internal.

Efektifitas program anti-fraud dievaluasi oleh Unit Kerja Financial Crime Compliance & National Anti Fraud dengan melakukan proses pemantauan, evaluasi, dan tindak lanjut atas laporan yang diterima dan penerapan strategi anti-fraud untuk disampaikan dalam laporan ke Direksi dan Komisaris. [GRI 103-3]

Sistem Pelaporan Pelanggaran

Dalam rangka mitigasi fraud, Bank menerapkan prosedur dan mekanisme Whistle Blowing (WB) sebagai sebuah sistem pelaporan pelanggaran, yang merupakan sarana komunikasi efektif dalam mendeteksi praktik fraud dan penyimpangan lainnya melalui Short Message Service (SMS), WhatsApp, E-mail, maupun surat tertutup, dan bank memberikan perlindungan

• In the event that there are suspicious/irregular indications related to the crime of money laundering or terrorism financing, the Bank shall report a Suspicious Financial Transaction Report (LTKM) to the PPATK in accordance with the applicable laws.

Cyber Crimes

In line with the continuous improvement of digital financial products and services, Maybank Indonesia has specific policies, procedures and organizations to deal with cybercrime. The IT department implements system security technology to enable the Company to identify, prevent and monitor any potential risk of cybercrime.

Increasing the awareness of all stakeholders, both employees and customers, regarding cybercrime threat is also continuously carried out. The Bank has conducted a socialization program through e-mail and e-learning publications regarding increased alertness of cyberattacks, including preventing and handling cyber-attacks to all employees. Cyber risk is one of the risks that Maybank Indonesia manages comprehensively.

Implementation of Anti-Fraud Strategy

Maybank Indonesia has established a Financial Crime Compliance

& National Anti Fraud Unit to control the risk of fraud. Three approaches: prevention, surveillance and enforcement. In this regard, routine activities are anti-fraud statements, training and fraud awareness campaigns, identification and analysis of vulnerabilities, implementation of Know Your Customer (KYC) and Know Your Employee (KYE). [GRI 103-2]

To anticipate fraud occurrences, both internal and external to the Bank, the Bank’s management has followed up and corrected existing weaknesses and strengthened the internal control system.

The anti-fraud program’s effectiveness is evaluated by the Financial Crime Compliance & National Anti Fraud Unit by conducting a process of monitoring, evaluation, and follow-up on reports received and implementing anti-fraud strategies to be submitted in reports to the Directors and Commissioners.

[GRI 103-3]

Whistleblowing System

To mitigate fraud, the Bank implements Whistle Blowing (WB) procedures and mechanisms as a violation reporting system, an effective means of communication in detecting fraudulent practices and other irregularities through Short Message Service (SMS), WhatsApp, E-mail, and closed letters. The Bank protects the reporter.

Rekapitulasi Pelaporan Pelanggaran

Perihal Pengaduan (Kasus) 2020 2019 2018 Complaint Subject (Case)

Kode Etik 32 22 25 Code of Ethics

Pelanggaran Hukum & Regulasi Law and Regulation Violation

Fraud 1 Fraud

Lainnya 48 1 7 Others

Jumlah 81 23 32 Total Number

Diselesaikan Resolved

Rincian pelaksanaan tata kelola dan manajemen risiko Maybank Indonesia dapat dibaca dalam Laporan Tahunan Bank Maybank Indonesia Tbk tahun 2020, di bagian Laporan Tata Kelola Perusahaan.

Recapitulation of Violation Reporting

Details of the implementation of governance and risk management of Maybank Indonesia can be read in the Annual Report of Bank Maybank Indonesia Tbk for 2020, in the Corporate Governance Report section.