Policies and principles

The Code of Ethics defines the principles governing mutual relations between individuals performing work for the Bank, including relations between Bank employees and persons performing activities on behalf of the Bank, as well as among persons performing such activities. The Bank’s Code of Ethics also sets out the values, principles, standards of conduct, and ethical attitudes applicable in relations with clients, in the Bank’s business activities, and in the Bank’s interactions with its stakeholders. It remains directly linked to the organizational culture adopted by the Bank, complementing it and serving as a tool supporting the promotion and implementation of the Bank’s values.

The values, principles, standards of conduct, and ethical attitudes set out in the Bank’s Code of Ethics apply to all Bank employees, as well as to individuals performing activities on behalf of the Bank, including those carrying out banking activities and factual activities related to banking operations, and persons intermediating in such activities, in particular individuals representing the Bank and acting on its behalf.

The Bank enables employees to report breaches concerning, among other matters, ethical issues, through internal procedures compliant with applicable legal requirements, including the Whistleblower Protection Act. Verification of compliance with ethical standards within the Bank is subject to an annual assessment conducted by the Management Board. Information on the results of the assessment carried out by the Management Board is submitted to the Supervisory Board at least once a year.

The identification of non-compliance with the values, behaviours, and attitudes specified in the Code of Ethics of PKO Bank Polski S.A. is carried out through a multi-faceted approach involving various Bank units, as well as managers within the framework of ongoing employee management. The Bank has established a number of mechanisms and processes ensuring the identification of undesirable conduct, including:

• procedures concerning the prevention of violations of employee rights, including mechanisms for reporting and handling complaints regarding any breach of employee rights defined in generally applicable laws and internal regulations;
• tools supporting the assessment of employees’ fulfilment of assigned responsibilities (including the annual suitability assessment of key management personnel, control mechanisms embedded in the rules for granting variable remuneration, dedicated feedback processes, and information exchange between HR and control units);
• a whistleblowing reporting system implemented under the whistleblower procedure;
• procedures for reporting cases of non-compliance, conflicts of interest, and operational incidents understood as events generating operational losses exceeding the applicable threshold, i.e. greater than PLN 0 in the case of internal and external fraud, or equal to or exceeding PLN 5,000 for other events;
• procedures for managing security incidents (covering all breaches of the Bank’s security, regardless of their financial impact) and identifying their root causes;
• a structured two-tier system for handling customer complaints, requests, and appeals, involving in particular the Customer Ombudsman Office, the Service and Operations Centre within the Services Transformation Division, and the Corporate Customer Service Centre within the Corporate Banking Transformation Division;
• preventive and detective measures carried out by the Procurement Proceedings Validation and Control Office (BWZ), supporting the Bank’s organizational units in complying with the principles of the Code of Ethics, particularly in the area of procurement processes;
• ongoing actions undertaken by BWZ in response to identified adverse information concerning contractors or irregularities in monitored procurement processes, as well as recommendations regarding the optimization of procurement-related activities performed by the Bank’s units.

On 12 August 2025, the Supervisory Board approved the amended Code of Ethics of PKO Bank Polski S.A., under which the Bank’s values were updated as follows:

• We act together – we jointly strive to ensure the best possible experience for customers and employees, building partnership-based relationships founded on mutual respect, openness, and trust;
• We create change – we support customers in their development in an increasingly digital world, proactively respond to change and undertake ambitious challenges, while pursuing our own development and supporting others in theirs;
• We deliver results – we operate effectively, respond to customer needs, and implement changes that generate tangible value, while valuing accountability, responsibility, and commitment.

The revised values place greater emphasis on commitment and responsibility, the courageous and ambitious setting of objectives, and effectiveness in action. Their modification was introduced in response to the challenges arising from the “Bank Strategy for 2025–2027”.

Additionally, the amended Code of Ethics introduced a preamble highlighting the importance of ESG-related matters, including social responsibility, corporate governance, and environmental stewardship. Provisions were also added to emphasize the Bank’s commitment to areas such as supporting the green transition, undertaking social initiatives, implementing responsible investment practices, and strengthening risk management mechanisms.

The Bank’s overarching objective in undertaking disclosure and communication activities is to ensure high standards of communication with capital market participants, reflecting the principles of universal and equal access to information. Responsibility for implementing the information policy in the area of investor relations rests with the Investor Relations Office.

The Bank communicates with investors directly by organizing online-streamed results presentations, participating in numerous investor conferences and bilateral meetings, and actively using its corporate website, within which a dedicated investor relations section has been established. This section contains key information concerning the Bank and its issued securities, including information on the Bank’s strategy, financial statements, presentations, key financial data in a format enabling direct use, contact details, and other information customarily disclosed by listed companies in accordance with relevant recommendations and market standards.

In its communication with the market, the Bank takes into account the interests of all investors, provided that such interests are not contrary to the interests of the Bank. The Bank conducts its information policy in a manner ensuring proper, reliable, and comprehensive access to information for all investors, without granting preferential treatment to any particular investor. Equal access to information for each shareholder is ensured through the Bank’s compliance with applicable legal regulations governing disclosure activities, including in particular the provisions of the Commercial Companies Code, the Market Abuse Regulation (MAR), the Act on Trading in Financial Instruments, the Act on Public Offering, and the Regulation on Current and Periodic Information Disclosure.

The above principles have been formally adopted by the Bank in the “Principles of the Information Policy of PKO Bank Polski S.A. in the Area of Relations with Investors and Clients.” The Bank’s disclosure activities also take into account the enhanced standards set out in the “Best Practice for GPW Listed Companies 2021” and the “Corporate Governance Principles for Supervised Institutions.” Compliance with disclosure obligations is subject to an annual assessment carried out by the Supervisory Board, the results of which are presented as part of the Supervisory Board’s annual activity report.

The ESG area constitutes one of the pillars of the strategy of PKO Bank Polski S.A. for 2025–2027. The Bank’s ESG strategy includes a set of indicators across three sustainability dimensions: environmental, social, and corporate governance. Information regarding the ESG objectives included in the Strategy for 2025–2027 is available on the Bank’s website: Strategy of PKO Bank Polski S.A. for 2025–2027

The Bank’s dividend policy reflects its intention to maintain stable dividend distributions over the long term while adhering to the principles of prudent management of both the Bank and the Bank’s Capital Group.

The objective of the dividend policy is to ensure the optimal shaping of the Bank’s and the Group’s capital structure, taking into account return on capital, the cost of capital, and capital requirements related to growth, while at the same time maintaining adequate capital adequacy ratios and meeting the minimum requirement for own funds and eligible liabilities (MREL).

According to the adopted dividend policy, an additional capital redistribution instrument may include the repurchase of the Bank’s own shares for cancellation purposes. Under the dividend policy, consent for the Bank to acquire its own shares is granted by the General Meeting, subject to prior approval by the Supervisory Board. The General Meeting determines the terms of the acquisition, including the maximum number of shares to be acquired, the authorization period for the acquisition, which may not exceed five years, and the maximum and minimum purchase price for the shares where the acquisition is conducted for consideration.

Any acquisition of treasury shares for cancellation purposes requires the Bank to obtain prior approval from the Polish Financial Supervision Authority (KNF). Share buybacks may also be carried out in circumstances where the book value of the shares is lower than their current market price.

The conditions governing dividend payments by the Bank have been aligned with the requirements specified by the KNF in Recommendation Z. These requirements apply accordingly to the Bank’s repurchase of its own shares.

Further information regarding dividend payment decisions and dividend amounts in individual years is available in the “Shares and Dividends” section.

The Security Policy defines the standards, procedures, and responsibilities of the Bank’s employees relating to the protection of confidential information, in particular the protection of customers’ personal data. Its purpose is to ensure preventive measures in the area of information security and to provide an appropriate response framework in the event of actual or suspected breaches of information security.

The Policy applies to all Bank customers and all individuals whose data are processed by the Bank. Agents and intermediaries cooperating with the Bank under contractual arrangements are required to comply with the provisions of the Policy, as well as with the security procedures and standards defined by the Bank.

The Policy, together with informational and educational materials, is available on the Bank’s intranet. Security training constitutes a mandatory component of onboarding training for all Bank employees. The Bank also conducts ongoing communication activities reminding employees of their obligations in this area. The assessment of personal data protection security is additionally incorporated into the design phase of new products and services.

Responsibility for the implementation of the Policy in the area of information security rests with the Directors of the Security Department and the Cybersecurity Department. Oversight of the implementation of the Policy is exercised by the President of the Management Board.

The Bank has implemented suitability policies defining the principles governing the selection, appointment, succession planning, including talent pipeline management, and suitability assessment of members of the Supervisory Board and the Management Board.

These individuals are assessed with regard to their competencies, knowledge and skills, experience appropriate to the position, as well as reputation, understood as having a sufficiently unblemished reputation, integrity, and ethical conduct.

The above framework is intended to ensure the appointment of members to the Bank’s governing bodies in a manner enabling the selection of individuals who:

• demonstrate high levels of competence, skills, and experience appropriate to the position entrusted to them;
• provide assurance of the proper performance of their duties through integrity, ethical conduct, independence of judgment, and the ability to devote sufficient time to the performance of their responsibilities.

Pursuant to the adopted regulations, the General Meeting makes decisions regarding the selection and suitability assessment of candidates and members of the Bank’s Supervisory Board, while the Supervisory Board makes such decisions with respect to members of the Bank’s Management Board.

The suitability policies for members of the Management Board and the Supervisory Board are implemented in accordance with the principle of diversity within the governing bodies. This means shaping the composition of these bodies in a manner ensuring access to a broad range of competencies, knowledge, and skills (including proficiency in the Polish language) appropriate to the positions held. This approach ensures that members of the Supervisory Board and the Management Board — individually and collectively as governing bodies — are able to issue independent opinions and decisions across the full scope of the Bank’s activities. Additional criteria supporting diversity within the governing bodies include age and gender.

The suitability policies also establish an objective of ensuring gender diversity within the Bank’s governing bodies, including at least achieving the following minimum diversity levels:

• a representation level as close as possible to 33% for each governing body; or
• a combined representation level for both governing bodies in accordance with the requirements set out in generally applicable legal regulations.

The target minimum diversity levels should be achieved within the timeframe specified by generally applicable legal regulations, and no later than upon the appointment of each governing body for a new term commencing after 31 December 2025. The achievement of these objectives will be supported through the application of equal opportunity principles in the selection of governing body members and by fostering a culture of diversity within the organization.

The primary objective of the Policy on the Selection of the Audit Firm for the statutory audit of the financial statements of the Bank and the Bank’s Capital Group and for the assurance of the sustainability reporting of the Bank’s Capital Group (the “Selection Policy”), as well as the Policy on the Provision of Permitted Non-Audit and Non-Assurance Services by the audit firm conducting the audit and assurance engagement, entities affiliated with such audit firm, and members of the audit firm’s network to the Bank and companies within the Bank’s Capital Group (the “Services Policy”), adopted by the Bank’s Supervisory Board following the recommendation of the Audit Committee, is to ensure that the process of selecting the audit firm and the provision of services by that firm to the Bank and the Bank’s Capital Group comply with applicable legal regulations and KNF Recommendation L. Particular emphasis is placed on ensuring the independence and impartiality of the audit firm, as well as compliance with mandatory rotation and cooling-off period requirements.

The Selection Policy sets out the following rules concerning mandatory rotation and cooling-off periods applicable to the audit firm and the key statutory auditor:

• the maximum uninterrupted duration of statutory audit engagements conducted by the same audit firm, an audit firm affiliated with that audit firm, or any member of the audit firm’s network operating within the European Union, is 10 audited financial years. This period may be extended by two additional years, up to a maximum of 12 audited financial years, subject to approval by the Polish Financial Supervision Authority (KNF), in the event of the simultaneous appointment of more than one audit firm under a joint audit arrangement, provided that the statutory audit results in a joint audit report;
• agreements for the audit of financial statements and for the assurance of sustainability reporting are concluded for a period covering no fewer than two financial years and no more than five financial years, with the possibility of extension for a subsequent period covering at least two financial years;
• upon expiry of the maximum uninterrupted engagement period referred to above, the audit firm may again perform statutory audits of the Bank’s and the Bank Capital Group’s financial statements only after at least four years have elapsed since completion of the previous audit engagement;
• the key statutory auditor may not conduct statutory audits of financial statements for a period exceeding five audited financial years;
• the key statutory auditor may resume statutory audit engagements only after at least three years have elapsed since completion of the last statutory audit of the Bank’s and the Bank Capital Group’s financial statements.

The Bank’s primary obligations in the area of anti-money laundering (AML) and counter-terrorist financing (CFT) include the analysis and assessment of money laundering and terrorist financing risks associated with each client entering into a relationship with the Bank, the identification and verification of clients and beneficial owners, the determination of money laundering and terrorist financing risk levels, and the monitoring of customer transactions. Where circumstances are identified that may indicate money laundering, terrorist financing, or reasonable suspicion thereof, the Bank undertakes appropriate measures, including the suspension of transactions, account blocking, or freezing of funds.

The system of internal regulations concerning anti-money laundering and counter-terrorist financing (AML/CFT) operating within the Group is based on two key documents: the Group Strategy and the Group Policy. The Strategy defines the fundamental assumptions and guidelines of the Bank’s Capital Group in the area of AML/CFT, ensuring a consistent approach to these matters across all Group entities and enabling the proper fulfilment of obligations arising from applicable legal regulations. The Group Policy complements these guidelines by defining the rules for the exchange and protection of information shared among Group entities for the purposes of fulfilling AML/CFT obligations.

Both documents establish a uniform regulatory framework applicable at the Group level and are addressed to all employees, with particular emphasis on individuals employed by Group entities classified as obliged institutions. Regulations applicable to Bank employees are available on the Bank’s intranet. Responsibility for the fulfilment of obligations arising from legal and internal AML/CFT regulations rests with persons designated in accordance with Articles 6, 7, and 8 of the AML Act, both within the Bank and in other Group entities classified as obliged institutions.

Educational activities constitute an important element strengthening the regulatory framework. Although such activities are not implemented at the Group level, the Bank operates a mandatory training programme for employees, including, among others:

• introductory training – provided to all employees hired under employment contracts as well as civil law contracts (including interns), prior to the commencement of their professional duties;
• basic training – provided without delay to employees and individuals cooperating with the Bank upon commencement of work within a Bank unit covered by the training, as well as to agents and intermediaries prior to entering into an agency or cooperation agreement;
• refresher training – provided before the lapse of 34 months from completion of the basic training and dedicated to employees, cooperating persons, agents, and intermediaries.

The obligation to complete training within the required timeframe applies to all employees whose responsibilities involve increased AML/CFT risk exposure. The Bank monitors compliance with this obligation. In 2024–2025, all individuals to whom the training was made available completed it.

The Principles of Compliance Assurance and the Management of Compliance Risk and Conduct Risk at PKO Bank Polski define the Bank’s compliance policy, which addresses, among other matters, the prevention of unlawful conduct, information security, including the protection of customer data, the preparation of advertising and marketing communications, ethical standards, the prevention of conflicts of interest, and the handling of customer complaints and appeals. The Principles define responsibilities for managing compliance risk and conduct risk and specify the methods for reporting such risks.

When formulating product offering conditions and conducting product sales, entities within the Group make every effort to ensure that products are appropriate to the needs of the clients to whom they are addressed, and that the manner and form in which products are offered are appropriate to their nature. Prior to entering into an agreement and throughout its duration, clients should be provided with information in accordance with legal requirements and market practice. This includes the provision of information that is understandable to the average recipient, reliable, comprehensive, and accurate, particularly with regard to the nature of the product, its structure and contractual terms, as well as the associated benefits, risks, fees, commissions, and other costs related to the conclusion, execution, and early termination of the agreement.

The Bank’s Work Regulations are based on the principle that every employee is valued regardless of gender, age, disability, race, religion, nationality, political beliefs, trade union membership, ethnic origin, denomination, or sexual orientation, as well as regardless of whether employment is for a fixed or indefinite term or on a full-time or part-time basis. The employer undertakes, among other obligations, to prevent discrimination and workplace bullying, ensure equal treatment of employees performing the same work or work of equal value, and apply objective and fair criteria in the assessment of work performance.

The Regulations specify the employer’s obligation to organize work in a manner enabling employees to achieve high levels of efficiency and quality through the appropriate use of their qualifications and abilities, as well as to provide employees with working conditions compliant with occupational health and safety regulations and the provisions of the Labour Code.

The Bank’s Work Regulations also define employee responsibilities, including the diligent and conscientious performance of official duties in accordance with applicable internal regulations, including the principles set out in the Bank’s Code of Ethics. Each employee is required, among other things, to comply with information system security principles and ensure the particular protection of data contained therein, to safeguard entrusted property, and to participate in occupational health and safety training. Employees are also required to identify circumstances in which a conflict of interest involving them may arise or has arisen and to fulfil the obligation to disclose such circumstances to their supervisor and the Compliance Department for further analysis.

Every employee is required to comply with the Bank’s Code of Ethics and to participate in the development and promotion of the organizational culture and the values associated with it.

The Group also applies recruitment principles based on high standards concerning anti-discrimination and personal data protection, supported by modern technologies and IT systems. During the recruitment process, the Bank and entities within the Capital Group uphold human rights and ensure equal opportunities, pursuing the objective of attracting the best external candidates while simultaneously promoting internal talent. This approach enables the employment of individuals with diverse professional experience and competencies.

The Bank undertakes initiatives encouraging employees to participate in internal recruitment processes across the Group as part of their professional development within other business areas. In order to ensure a positive candidate experience throughout the recruitment process, the Bank diversifies communication channels used to reach various groups of job applicants, shortens recruitment timelines, and applies modern selection methods. At the same time, candidate experience surveys are conducted, with the results used to improve activities affecting the recruitment process.

The remuneration policy applicable to employees of the Bank and companies within the Capital Group is designed to ensure a consistent remuneration framework that takes into account the adjustment of remuneration tools and levels to individual job groups, local labour market conditions, and the economic and financial situation of the Bank and Group companies.

The policy ensures a coherent remuneration system through the shaping of remuneration structures based on work performance and employee competency assessments, fostering employee accountability for assigned tasks evaluated on the basis of objective criteria, applying remuneration systems aligned with market trends, determining fixed remuneration based on job evaluation methodologies, and adapting remuneration mechanisms, tools, and levels to the organization’s strategy and objectives.

The policy provides for the parameterization of variable remuneration components in order to take into account the cost of risk, the cost of capital, and the liquidity risk of the Bank and the Group over the long term. It also stipulates that monetary and non-monetary forms of remuneration should not incentivize involved individuals to prioritize their own interests or the interests of the Bank and other Group entities to the detriment of customers.

The Bank’s Supervisory Board is responsible for adopting and updating the policy, in particular monitoring whether remuneration policies and practices are appropriately implemented and aligned with the overall corporate governance framework, corporate culture, risk appetite, and related management processes. The policy is subject to an annual effectiveness assessment conducted by the Supervisory Board. The implementation of the remuneration policy is also subject to an independent internal review carried out by the Bank’s Internal Audit unit. The review report is presented to the Supervisory Board, the Nomination and Remuneration Committee, the Risk Committee, and the General Meeting.

The “Principles for the Organization and Implementation of Development Activities at PKO Bank Polski” define the rules governing the organization and conditions under which development activities are carried out for the benefit of Bank employees.

Development activities are tailored to the specific nature of the Bank and individual entities within the Bank’s Capital Group and are defined in internal regulations. This ensures a flexible approach to development policy. The “Method of Organizing and Implementing Development Activities at PKO Bank Polski S.A.” defines the objectives, directions, and methods applied by the Bank in the area of employee and collaborator development management.

The primary objectives of the adopted training policy are:

• to support the implementation of the strategic objectives of entities within the Bank’s Capital Group and their business goals;
• to facilitate the onboarding of new employees;
• to ensure the continuous improvement of employees’ professional qualifications and the adjustment of their knowledge and skills to the changing requirements of the markets in which a given entity operates;
• to prepare employees for the implementation of new solutions and products offered by entities within the Bank’s Capital Group or for changes introduced to existing solutions and products.

Development activities are carried out based on the business objectives of individual Bank units (business development activities), the business objectives of the Bank as a whole (strategic development activities), and the Bank’s obligations arising from generally applicable legal regulations as well as recommendations, guidelines, supervisory expectations for the banking sector, or supervisory decisions issued in relation to the Bank (mandatory development activities).

The Bank offers all employees access to the Training Catalogue — a voluntary and generally available competency development offering. The Catalogue includes a wide range of development formats, including in-person and online workshops (both traditional and using educational games or VR technologies), webinars, video training sessions, and short five-minute video-based knowledge capsules that can be viewed at a convenient time.

The Catalogue is updated monthly and made available on the intranet portal, where employees can easily register for selected activities.

As part of the development offering, employees may also access the LinkedIn Learning platform, supporting both professional and personal development. The platform provides a modern library of more than 25,000 courses delivered by experts from around the world, covering, among other topics, soft skills development, digital competencies, management, and communication. The platform enables flexible learning at any time and pace tailored to individual employee needs, making it easier to integrate development into everyday work routines.

In 2023, the Bank launched the #ESGo development programme. The purpose of the programme is to educate all employees in the area of sustainable development. Building both foundational and expert-level ESG competencies is intended to support the effective ESG transformation of the Bank. Since the programme’s launch, more than 21,000 employees have participated in e-learning training dedicated to sustainability-related issues from the Bank’s perspective. Employees have also had the opportunity to participate in various ESG-related training sessions and webinars. Additionally, in 2025, the Bank launched a dedicated training series focused on building ESG competencies within the financial sector.

The Procurement Policy defines the overarching objectives and principles applicable to all procurement processes carried out within the Bank. Its provisions are further specified in the Regulations for the Procurement of Goods and Services, the Procedure for the Procurement of Goods and Services, and the Code of Ethics for Suppliers and Bidders.

The objectives of the Procurement Policy include, among other matters, ensuring the Bank’s effective and sustainable development, in particular by maintaining an optimal balance between the price and quality of procured goods and services, ensuring efficient and transparent organization of procurement processes in compliance with internal regulations, and supporting the development of the domestic economy in which the Bank operates.

The Policy defines procurement standards, establishes procurement priorities, and sets out good practices applicable to the procurement process.

Accordingly, the Bank’s procurement standards include, among others, taking into account environmental, social, and governance (ESG) aspects in the assessment of bidders and suppliers; ensuring alignment of procurement activities with the Bank’s strategic objectives; applying sustainable supplier selection criteria that take local content into consideration; and ensuring the Bank’s social and economic responsibility in the context of avoiding abuse of purchasing power and recognizing the impact of generated demand on the economy.

The procurement objective defined in the Policy is the optimization of functional requirements while minimizing the lifecycle costs of goods and services. This objective is pursued through the achievement of specific goals, including maximizing the quality of procured supplies and services, improving procurement processes, and integrating the objectives of the Policy with the Bank’s business objectives.

The Procurement Policy also addresses activities supporting the development of uniform procurement standards across companies within the PKO Bank Polski Capital Group.

The currently binding Procurement Policy was adopted pursuant to a resolution of the Bank’s Management Board dated 9 December 2025. Regulations concerning the procurement of goods and services, defining the principles and procedures applicable to procurement activities, are updated on an ongoing basis in line with the evolving regulatory environment and market trends.

The Bank’s Capital Group carries out activities aimed at preventing corruption, nepotism, and cronyism on the basis of its Anti-Corruption Policy, which defines the principles for identifying and avoiding situations that may lead to corruption risk. Under these principles, any suspected case of corruption, nepotism, or cronyism must be reported (either openly or anonymously), directly to the Bank’s Anti-Corruption Officer or through the whistleblowing channels described in the following section.

Additionally, the Bank operates a dedicated email mailbox to which reports, questions, concerns, and observations regarding potential irregularities may be submitted. The Officer, who is the head of the Security Division, conducts a preliminary analysis of each report from the perspective of corruption risk and determines whether further action is required. Contact details for the Anti-Corruption Officer are available on the Bank’s intranet.

The responsibilities of the Anti-Corruption Officer include in particular:

• identifying corruption risks within the Bank;
• identifying units exposed to corruption risk;
• providing Bank units with guidelines concerning anti-corruption activities in order to strengthen preventive measures;
• defining the time scope for the application of such guidelines.

The Anti-Corruption Policy applies to all areas of the Bank’s operations, Group entities, and Bank employees, in particular in relations with:

• clients or potential clients;
• entities cooperating with the Bank or Group entities, including their representatives, employees, subcontractors, and suppliers;
• entities seeking to establish cooperation with the Bank or Group entities, including their representatives, employees, subcontractors, and suppliers;
• public officials performing official duties relating to the Bank or Group entities.

As part of efforts to strengthen employee awareness, the Bank’s intranet includes a dedicated section containing information on the Anti-Corruption Policy, incident reporting procedures, a knowledge base concerning anti-corruption measures, and the contact details of the Anti-Corruption Officer.

In 2025, similarly to the previous year, no convictions or fines related to violations of anti-corruption regulations were recorded.

In 2021, the Bank’s Management Board adopted, and the Supervisory Board approved, the Bank’s Tax Strategy as an entity operating in a responsible and transparent manner. The Director of the Tax Department is required to review the Strategy at least annually and, where necessary, submit recommendations regarding its update or amendment.

The Tax Strategy defines the following tax objectives of the Bank, together with a brief description of the methods applied to achieve them:

• fulfilment of tax obligations in accordance with applicable regulations;
• acting in line with the legislator’s intent;
• ensuring arm’s length conditions in transactions concluded with related parties;
• active participation in legislative initiatives;
• mitigation of tax risk;
• maintaining high standards in relations with tax authorities;
• use of modern technologies in the fulfilment of tax obligations.

In accordance with statutory requirements, the Tax Capital Group of Powszechna Kasa Oszczędności Bank Polski Spółka Akcyjna (the “Tax Capital Group” or “PGK”), comprising the Bank, PKO Bank Hipoteczny S.A. and PKO Leasing S.A., prepared another annual report on the implementation of its tax strategy for 2024. The Bank’s Tax Strategy, together with the reports on the implementation of the tax strategy for the years 2020, 2021, 2022, 2023, and 2024 prepared by the PGK, are available on the Bank’s website:
Tax Strategy – PKO Bank Polski

Taking into account the above-mentioned documents, the Bank’s activities place particular emphasis on, among other matters:

• implementing and applying internal regulations that ensure the proper fulfilment of tax obligations and appropriate documentation of transactions;
• supervision and control over the performance of tax obligations, including the internal control system.

Management of Tax Obligations within the Bank

1. Supervision over the Finance and Accounting Area, including the Tax Department, is exercised by the Vice-President of the Management Board.
2. The Tax Department, together with other relevant Bank units, is responsible for the fulfilment of tax obligations and ensures the proper performance by other Bank units of activities relevant to the Bank’s tax obligations.
3. The high quality of performed activities is ensured through the specialist competencies of the Bank’s employees, including certified tax advisers.
4. The Bank also uses the services of external tax advisers.
5. The process of fulfilling tax obligations is covered by the Bank’s internal control system.
6. As part of control activities, periodic reviews are conducted within individual Bank units covering matters related to the fulfilment of tax obligations, with the objective of ensuring the proper performance of assigned responsibilities by these units, including the Tax Department.

Tax Risk Management Mechanisms and Principles

1. The Bank regularly analyses and mitigates tax risk using instruments permitted under generally applicable legal regulations, including submitting applications for individual tax rulings and protective opinions.
2. The Bank maintains a low tax risk appetite. The Bank limits the undertaking of activities where tax risk cannot be eliminated using legally permissible instruments.
3. The fulfilment of tax obligations within the Bank constitutes a separate process subject to assessment, including from the perspective of operational risk and compliance risk.

The Bank does not engage in tax planning based on regulations enabling artificial or fictitious reductions of the effective tax burden. Before undertaking a given activity, the Bank analyses the risk of application of the General Anti-Avoidance Rule (GAAR) as well as the Specific Anti-Avoidance Rule (SAAR).

• Promotion of Tax Awareness Among Employees

The Bank provides employees with information regarding applicable tax regulations, planned legislative changes, and interpretations thereof. The Bank organizes specialist training sessions and prepares guidelines for employees, as well as analyses of the tax implications of new products, business processes, investment projects, and agreements.

The Bank firmly opposes all forms of discrimination, intolerance, and other behaviours that are inconsistent with the organization’s values, while promoting attitudes based on mutual respect among employees. Any behaviours that may indicate workplace bullying (mobbing) are not tolerated.

The Bank operates various reporting channels enabling employees to report violations in a safe and confidential manner. These channels apply both to reports submitted under whistleblower protection regulations and to reports concerning violations of employee rights and interpersonal conflicts in the workplace.

Where violations of the diversity, equal treatment, and mutual respect policy are identified, employees may submit reports in the following forms:

• electronically, from the employee’s official named email account to a dedicated email address established for such reports;
• electronically, from the reporting person’s private email account, provided that the identity of the reporting person and the authenticity of the report can be verified;
• in writing, by correspondence addressed to the Director of the HR Division or the Director of the HR Partnership Department.

Reports concerning violations of employee rights are treated individually; therefore, the optimal timeframe and method for handling each case are determined separately. As a general rule, however, the process should not exceed 60 calendar days. In cases where irregularities are identified, appropriate remedial measures are implemented.

All relevant parties, including the employee submitting the report, are informed of the outcome of the proceedings. In situations requiring further oversight, progress monitoring activities are also conducted in cooperation with the involved individuals. The purpose of these activities is to verify whether, and to what extent, agreed corrective actions are being effectively implemented. Where additional difficulties are identified, discussions are undertaken with supervisors in order to implement further remedial measures.

On 17 March 2025, the Management Board of the Bank adopted a resolution introducing the “Diversity, Equal Treatment and Mutual Respect Policy in the Bank and the Bank’s Capital Group” (the “Policy”). The Policy constitutes a declaration of the Bank’s commitment to creating a workplace in which all employees feel needed, heard, and treated equally. The provisions of the Policy serve as guidance on the principles aimed at fostering respect for diversity and eliminating all forms of discrimination.

In particular, the Policy highlights the following issues as essential from the perspective of building a culture of diversity, respect, and equal treatment:

• cooperation in an atmosphere of openness, respect, and inclusiveness translates into valuable professional experiences that form the basis for developing potential, trust, and job satisfaction, while also enabling the development of the best solutions for clients, contractors, and other stakeholders;
• basing activities on the values established within the Bank makes it possible to combine cooperation founded on mutual respect and care for relationships with accountability for work results;
• every person employed within the Bank’s Capital Group benefits from the rights guaranteed under applicable laws, particularly in the areas of non-discrimination, anti-bullying measures, and the protection of personal rights;
• equal treatment and diversity, both as values and as practical principles, are embedded in the organizational culture, initiatives undertaken, and adopted internal regulations, policies, and processes;
• creating a workplace free from conflicts and any violations of law is pursued through building awareness and competencies among leaders and employees, enabling them to foster a positive work atmosphere and respond appropriately to irregularities.

In 2025, the Bank implemented a number of initiatives promoting a culture of respect, diversity, and equality. A key initiative was the #JestemUSiebie programme, which included communication activities and workshops supporting the creation of an inclusive work environment. The programme, addressed to all employees, emphasized the benefits arising from diversity within teams. As part of the programme, nearly 30 workshops were conducted on topics including neurodiversity, intergenerational cooperation, unconscious bias, anti-discrimination measures, and empathetic communication. This represented a significant increase compared to the previous year, when 18 such workshops had been organized.

In 2025, the Bank also continued the implementation of the recurring #RotundaRóżnorodności initiative, constituting one of the key elements of activities aimed at building an inclusive culture. As part of the initiative, six educational events were organized focusing on tolerance, anti-discrimination measures, breaking stereotypes, and creating a friendly and safe working environment. By comparison, seven such events had been delivered during the previous edition of the programme.

At the beginning of 2025, the Women’s Bank initiative (“Bank Kobiet”) was launched with the objective of developing a supportive community helping women achieve their professional goals. During the year, the initiative included a number of dedicated online events, the publication of four newsletters, and the launch of the first Bank-wide mentoring programme for female leaders.