The Bank is committed to act professionally, fairly and with integrity in all its dealings. We have a zero tolerance approach to bribery and corruption and have a well-defined Anti-Bribery and Anti-Corruption policy articulating the obligations of our employees in these matters. We continuously focus on the effectiveness of our financial controls and assess compliance with all regulatory requirements. All the key policies of the Bank are regularly reviewed and enhanced to ensure relevance, adherence to regulations and adoption of best practices on an ongoing basis. We aim to maintain a strong compliance and ethics culture. Our Board-approved Group Compliance Policy lays down the compliance framework with emphasis on ensuring that our products, customer offerings and activities conform to rules and regulations and adheres to the ethos of 'Fair to Customer, Fair to Bank'.
We made amendments to the ICICI Group Code of Business Conduct & Ethics which articulates the values, principles and standards guiding the conduct of employees of the Bank. Broad changes to the policy included enhancing the definition of conflict of interest and recusal provisions and defining the periodicity of conflict of interest disclosure by employees to the Compliance Group. In addition, changes were made to align with the Reserve Bank of India’s circular on Compliance Functions in Banks and role of the Chief Compliance Officer, further enhancing the principles for managing conflict of interest. A new reporting tool was launched during the year for reporting/seeking clarifications on conflict of interest and for submitting the annual conflict of interest declaration by the leadership team. Apart from this, periodic training sessions and information mailers are sent to employees on a frequent basis. We are committed to constantly reviewing our governance practices and frameworks, with a focus on staying updated and responsive to the dynamic and evolving landscape, and acting in the best interest of our stakeholders.
We have a well-defined framework to monitor key customer service metrics. The Customer Service Committee of the Board and the Standing Committee on Customer Service meet on a regular basis. These forums deliberate on issues faced by customers and the initiatives taken by the Bank to enhance customer service.
The Bank complies with the 'Customer Rights Policy' which enshrines the basic rights of our customers. These rights include Right to Fair Treatment; Right to Transparency, Fair and Honest Dealing; Right to Suitability; Right to Privacy; Right to Grievance Redress and Compensation.
We seek to treat our customers fairly and provide transparency in our product and service offerings. Continuous efforts are made to educate customers to enable them to make informed choices regarding banking products and services. The Bank also seeks to ensure that the products offered are based on an assessment of the customer’s financial needs.
Our grievance redressal mechanism is well-defined and comprehensive, with clear turnaround times for providing resolution to customers. All complaints received by the Bank are recorded in a Customer Relationship Management (CRM) system and tracked for end-to-end resolution. The Bank also has an escalation matrix built in the CRM system to ensure that customer requirements are appropriately addressed within stipulated timelines. Further, as recommended by the Reserve Bank of India, we have appointed senior retired bankers as the Internal Ombudsmen of the Bank. The Customer Service Committee of the Board, the Standing Committee on Customer Service and the Branch Level Customer Service Committees monitor customer service at different levels.
ICICI Bank is committed to protecting the privacy of individuals whose personal data it holds, and processing such personal data in a way that is consistent with applicable laws. It is important for employees and businesses to protect customer data and follow the applicable privacy laws in India and overseas locations to ensure safety and security of data. We believe that the data privacy framework should be in line with the evolving regulatory changes and digital transformation.
The Bank has a presence in several overseas jurisdictions including Hong Kong, Singapore, the United States, the United Kingdom, Canada, China, Dubai International Financial Centre and Bahrain. We are committed to ensuring compliance with applicable laws across these jurisdictions. We have an integrated and centralised strategy for achieving data privacy compliance across all jurisdictions. A set of principles have been defined with respect to handling customer data. There is a mechanism in place for reporting any form of personal data incident which is accessible to all employees in the Bank. The Personal Data Incident Handling Forum (PDIHF) comprises of the Data Protection Officer and senior members from the Information Security Group, Operational Risk Management Group, Fraud Management Group, Human Resources, Compliance and the Legal team. Any kind of personal data-related incidents reported through the service request undergoes a detailed investigation and report of same is presented to PDIHF on a monthly basis.
On account of the changes in data protection laws and regulations, in fiscal 2021 the Bank updated its Personal Data Protection Standard to cover the personal data protection regulatory requirements for the Bank and its overseas offices. The Personal Data Protection Standard of the Bank has been reviewed by an international law firm.
Privacy regulations require the personal data of customers to be protected throughout its entire lifecycle. Accordingly, we have undertaken several comprehensive measures such as categorising all personal data and sensitive personal data as ‘Confidential Information’, keeping record of all its processing activities, entering into non-disclosure and confidentiality agreements with employees and third parties who are privy to customers' personal data and providing customers the option to exercise various rights which they enjoy under applicable data protection regulations and incident handling procedures.
There are e-learning modules specifically on personal data and its protection to build awareness among our employees.
We have a dedicated Data Privacy team headed by a Data Protection Officer (DPO), which oversees all privacy related developments for the Bank as a data processor for international banking business and as a data controller for NRI and remittance businesses. Various data privacy awareness initiatives and periodic trainings are conducted by the Data Privacy team. A Privacy Steering Committee meets every quarter, and oversees various privacy-related initiatives. Further, the Bank’s Code of Business Conduct and Ethics covers guidelines on customer privacy and confidentiality of data.