Our risk management framework sets out the key risk principles that underpin CIBC’s approach to risk management and sets the tone for desired operational behaviours. The framework follows the three lines of defence model, provides an overview of CIBC’s organizational and governance structure, and highlights the Risk Appetite Statement (RAS), risk policies and limits, risk identification, reporting, and stress testing frameworks.
The RAS is the cornerstone for the Bank’s approach to managing risk and guides risk-taking activities. The RAS is supported by a comprehensive framework of risk limits, policies, standards and procedures, set out by type of risk, and intended to ensure risks are appropriately identified, measured, monitored and controlled in accordance with the risk appetite. Our RAS is defined by management and is reviewed and approved by the Board of Directors at least annually.
CIBC’s reputation is of fundamental importance to us and to our clients, shareholders, employees and communities. Our business is faced with situations that could pose undue risk to our reputation.
We have developed an integrated approach to managing our reputation risks through a framework of corporate-wide policies, procedures and processes – including our Code of Conduct, our Supplier Code of Conduct, our Global Reputation and Legal Risks policy and procedures, and policies related to anti-money laundering and anti-terrorist financing, lobbying, employee health and safety, the environment, and our global hiring practices.
It is CIBC policy to have an effective enterprise-wide regulatory compliance management (RCM) framework to manage and mitigate regulatory compliance risk.
The RCM framework is founded upon CIBC’s regulatory compliance philosophy, which is to manage and mitigate regulatory compliance risk through the promotion of a strong compliance culture within the parameters established by CIBC’s RAS. A strong compliance culture includes a commitment to maintaining an open and candid relationship with CIBC’s regulators and other internal and external governance partners (including CIBC’s internal and external auditors). CIBC’s regulatory compliance philosophy requires and supports the early self-identification of issues giving rise to regulatory compliance risk, as well as the prompt implementation of appropriate measures to manage and mitigate that risk.
The objective of our business continuity program is to ensure an ongoing capability is in place under conditions of interruption or crisis for the continuation of critical business functions and for the restoration of normal operations in a highly effective and efficient manner.
All functions throughout CIBC are required to regularly assess their exposures to business interruption risk, take appropriate measures to minimize them, and develop, maintain and test business continuity plans. The health and safety of CIBC’s employees and clients is considered paramount in all of our planning.
In 2017, 100% of employees completed CIBC Mandatory Training and Testing.
The CIBC Code of Conduct outlines the standards of ethical and professional behaviour expected of CIBC employees and contingent workers.
The Code applies to all employees and contingent workers (i.e., temporary agency workers, contractors and service provider workers) of CIBC, including those employed or retained by its wholly-owned subsidiaries, in all countries where CIBC does business. This includes both regular and temporary employees working either full-time or part-time. As part of CIBC’s Mandatory Training and Testing program, employees and contingent workers must annually complete the training program and attest that they have read, understood and will abide by the Code at all times.
Our Board of Directors is bound by a similar Code.
Key areas and obligations covered by the Code include:
- Acting with honesty and integrity, including upholding the law and preventing corruption, bribery, fraud and financial crime;
- Treating everyone with respect;
- Avoiding conflicts of interest;
- Protecting our brand, clients, investors and the environment;
- Using and safeguarding information and assets; and
- Cooperating with internal and regulatory investigations.
CIBC employees and contingent workers have an obligation to report all actual or potential violations of the Code or violations of a law or regulation. The Code protects employees and contingent workers from retaliation for reporting a violation made in good faith (including where the report is made to a regulator).
We have also established an Ethics Hotline which allows anonymous reporting of suspected contraventions of any of our policies (including the Code of Conduct) in confidence without fear of retaliation. We have a Whistleblower Policy that provides a framework for the investigation, closure and management reporting of concerns raised by employees and external parties.
Potential consequences for violations of the Code include termination of an individual’s employment or assignment without notice, as well as civil, criminal or regulatory action.
CIBC is open and transparent about our political contributions and public policy activities, all of which follow our internal policies and federal and provincial regulations.
In keeping with federal laws, and as stated in CIBC’s Political Donations Policy, CIBC does not contribute to federal political parties, candidates or electoral district associations.
CIBC contributes to political parties in Canadian provinces where legally permitted to encourage and support the democratic process and to demonstrate our commitment to good corporate citizenship. CIBC’s Senior Vice-President, Communications and Public Affairs must approve any contribution made on behalf of CIBC in support of a provincial/territorial political party, cause or candidate. Each political contribution is made public via the websites of provincial election offices. In 2017, CIBC’s provincial political contributions totaled approximately $41,000.
As part of a highly regulated industry, we meet with regulators, officials and elected politicians regularly. These meetings fully comply with federal and provincial lobbying legislation.
Achieving the highest standard of ethical behaviour means that we will not engage, directly or indirectly, in bribery, kick-backs, payoffs, forgery or other fraudulent or corrupt business practices.
If an employee or contingent worker is approached by an employee, contingent worker, supplier, client, government representative or other third party with an opportunity to engage in such activity, they are required to report the incident to their manager, Corporate Security, the Compliance Department or through the confidential Ethics Hotline.
In addition, CIBC’s Anti-Bribery and Anti-Corruption Policy establishes minimum standards of conduct related to gifts or entertainment given to or received from government officials as well as private persons. These standards include a prohibition on gifts or entertainment given or received corruptly and in order to obtain, retain or direct business or to secure an improper advantage (including facilitation payments). Employees and contingent workers learn about this Policy as part of CIBC’s annual mandatory training and testing program on the Code of Conduct and Anti-Bribery and Anti-Corruption module. Employees in certain geographic regions also receive customized periodic communication of the requirements of this Policy.
Processes are in place to ensure bribery and corruption are considered when engaging suppliers, hiring employees or contingent workers, and entering into strategic transactions.
As governed by CIBC’s Fraud Management Policy, CIBC’s Corporate Security department is engaged whenever any internal fraud event is detected or suspected. Corporate Security is responsible for ensuring that CIBC’s approach to internal fraud issues is managed consistently across CIBC. All internal fraud is investigated, recorded, and reported to the CEO, the Executive Committee, the Operational Risk and Control Committee, and the Audit Committee. Corporate Security staff include seasoned investigators and computer forensics and business intelligence specialists who keep current with the evolution of technology and emerging banking requirements domestically and globally. CIBC has a zero tolerance position regarding internal fraud.
The mandate of the Audit Committee of the Board includes oversight of CIBC’s fraud prevention and detection program.
CIBC reports breaches pertaining to bribery, corruption and other ethics-related issues to the appropriate regulatory bodies such as the Office of the Superintendent of Financial Institutions (OSFI) via mandatory reporting. CIBC will also inform its shareholders and the public via press release of any incidents pertaining to bribery, corruption, and other ethics-related issues if deemed material.
CIBC has an enterprise-wide program to protect the safety, soundness and reputation of CIBC by meeting or exceeding the regulatory requirements relating to anti-money laundering and anti-terrorist financing in each jurisdiction in which we operate.
The program helps us detect, deter, and report suspected money laundering and terrorist financing activities.
Our focus is on minimizing the risk that CIBC or our employees will become involved in money laundering or terrorist financing activities, whether inadvertently or otherwise. CIBC has appropriate controls and procedures in place to ensure we are conducting due diligence on new and existing clients, and for performing enhanced due diligence on clients who may pose a potential reputation risk to CIBC. We stay informed about evolving trends and techniques to counter such risk, consult on an ongoing basis with external experts, and provide regular training to help our employees stay abreast of ongoing changes.
As part of our commitment to our clients, CIBC has adopted a number of voluntary codes of conduct and public commitments.