Compliance and Integrity

We at NLB believe that responsible corporate governance is more than just respecting the laws, regulations, and standards. It is also a reliable compliance programme. NLB is committed to assuring compliance and integrity in the different countries where it operates.

At NLB, compliance is integrated into daily operations of the Bank, thus contributing to a strong internal control environment and ensuring the management of compliance risks.

NLB has laid down clear rules and guidelines for our employees in different areas of our operations. By ensuring compliance with the legislation and the other regulatory requirements we make sure that NLB, its shareholders, clients, business partners, and other stakeholders, as well as the employees, are appropriately protected against various risks related to the area of compliance.

We therefore expect that all employees of NLB and the other members of NLB will respect our compliance standards - by acting in a fair, responsible and ethical manner. Our NLB Group Code of Conduct, which is a standardised document for all members of NLB Group, describes the values and lays down the standards of ethical business conduct and serves as the guideline for all our relationships regardless of whether it involves clients, competitors, business partners, state authorities, regulators, shareholders or internal relationships between the employees. At the same time, it is the basis of our values and basic principles of conduct which provide specific conduct guidelines to our employees. The aim of this approach is to ensure compliance with all applicable laws, regulations, and standards.

To promote responsible conduct by the employees, we regularly carry out mandatory training in all areas within NLB Compliance and Integrity.

In NLB, Compliance and Integrity functions independently and separately from the Bank’s operations. The basis of our Compliance Programme is provided in the Integrity and Compliance Policy of NLB d.d. and NLB Group. NLB raises the awareness of the front office and the other organisational units of the Bank regarding the assurance of compliance and integrity with different legislative and regulatory requirements as well as good practices. Compliance and Integrity is thus in charge of:

• providing consultancy services to individual units about the applicable laws, directives, standards and regulations and guidance and support in assuring compliance, which includes assistance in the provision of appropriate internal control mechanisms for the prevention of the conflict of interest (e.g. “Chinese walls”), protection of information, protection of personal data, prevention of abuse of the market in financial instruments,
• monitoring operations, transactions and business processes to establish potential compliance risks,
• development of the principles, standards, and guidelines for compliance, useful in NLB Group (AML/CFT, prevention of fraud, personal data protection, protection of information, code of conduct, applicable regulations, rules, and internal standards),
• maintenance of internal controls and limited lists of the Bank’s projects that require special attention,
• assistance in achieving compliance with the Bank’s internal regulations on confidentiality,
• carrying out all measures arising from the programme for anti-money laundering and combating the financing of terrorism,
• making sure that the events which justify the suspicion of money laundering or terrorist financing and other types of criminal offences are identified and reported to the law enforcement authorities and other competent supervisory bodies (e.g. Office for Money Laundering Prevention of the Republic of Slovenia),
• provision of regular training and education of the personnel in the area of compliance issues (AML/CFT, prevention of fraud, personal data protection, protection of information, general ethics and other rules of the code of conduct, applicable regulations, rules and internal standards, prevention of fraud and other types of harmful conduct),
• monitoring of the management of compliance and integrity risks and identification and assessment of risks at the level of NLB and NLB Group,
• taking care of the relations with the competent supervisory bodies (ECB, Bank of Slovenia) on a daily basis.

NLB constantly builds, strengthens and supports the compliance and due diligence culture in NLB and NLB Group. The operations of the companies in the banking and the other financial sectors are strictly regulated, which makes it more and more complicated. To face these challenges, NLB uses a systematic approach to reducing the compliance risk.  It is important to ensure that the employees and those who make decisions know and understand the purpose and objective of the regulations. Systematic monitoring of the legal and regulatory environment and valuation of its impact on the Bank are thus an important part of its daily operations.

NLB has zero tolerance for all forms of financial crime. Our AML/CFT Programme for fighting money laundering and terrorist financing provides strong support for various international efforts in fighting money laundering, terrorist financing, and other criminal offences.

In the framework of our compliance programme, NLB undertook to fully comply with all local and international laws regulating the fight against corruption and bribery. Our employees and managers are strictly prohibited from accepting, offering, paying or approving bribes or any other form of corruption. Therefore, NLB d.d. and the other members of NLB Group very actively implement the policies and procedures in the area of zero tolerance to any such form of corruption, either in the public or the private sector. We have determined the rules and procedures, guidelines and rules of conduct which are binding for all employees as well as the members of the management of NLB d.d. and the other members of NLB Group. We expect our agents, brokers, consultants, business partners and suppliers related to NLB d.d. and the other members of NLB Group to also uphold these standards. NLB expects transparency, professionalism, and fairness in all business relationships and thus tries to avoid irregular advantages or occurrence of questionable conduct by employees or third parties we do business with.

NLB d.d. and the other members of NLB Group thus use the anti-corruption policy to fight corruption and bribery with:

• appropriate measures aimed at training and raising awareness,
• monitoring compliance and integrity risks and monitoring the implementation of the measures for their mitigation,
• implementing the processes of investigating all types of suspected misconduct,
• recording and accepting gifts, invitations, hospitality, conflict of interest,
• special channels for reporting irregularities in reporting suspicious conduct, either anonymously or not (phone, mail, e-mail, application Whistler),
• risk-adjusted procedures for monitoring third-party operations and preventing all kinds of fraud, abuse, money laundering, and terrorist financing.

NLB is bound to only offer products and services that create value for our clients and the shareholders, and meet the client’s needs. The processes for approving new products comprise a preliminary review required for achieving these goals. We wish to make sure that the clients can have full confidence in our products.

The procedures of approving products and services apply to all new product offers, as well as various existing products. The key control functions must be involved in the process of product development and monitoring, including the compliance function, since it is important that every product is compliant with the requirements of the regulations, inter alia, in the area of consumer protection, personal data protection, and prevention of money laundering and terrorist financing. The Committee for Existing and New Products in NLB is in charge of approving and monitoring products while also focusing on risks related to the product and the method of managing those risks.

At NLB Group, data privacy is more than a compliance checkbox—it’s a key priority and a cornerstone of our relationship with clients, employees, and partners. Our data protection policies set a standard for transparency, security, and respect for individual rights across all our operations.

A clear organizational structure and task distribution have been established in the area of personal data protection. The bank’s Management Board is responsible for setting up an appropriate organizational structure and appointing a Data Protection Officer (DPO) and its deputies. The DPO advises management and employees on compliance with legislation, monitors the implementation of rules, cooperates with supervisory authorities, and oversees internal compliance with laws and internal regulations. However, personal data protection is not solely the responsibility of the DPO, but of all employees, who are also bound by various internal regulations. This ensures that responsibilities and authorities regarding privacy are clearly defined at all levels of the organization, enabling effective management and control over personal data protection.

At NLB Group, we recognize that clarity is the foundation of compliance with legal requirements and the bank’s internal rules. That is why we maintain comprehensive records of personal data processing activities, clearly defining the purposes of processing, types of data, legal bases, retention periods, and other mandatory information. These records are not merely a legal requirement—they form the basis for responsible handling of personal data and for strengthening the trust of our clients.

We believe that trust is earned through responsible data handling. Every piece of personal data we collect—whether it’s identification, contact details, or service usage—is processed strictly for legitimate, clearly defined purposes. From delivering banking services to fulfilling regulatory obligations, we ensure that data is processed in accordance with its intended purpose.

Retention matters. Data is stored only as long as necessary, in line with rigorous retention schedules and legal requirements. Once the purpose is fulfilled, information is securely deleted or anonymized.

Security is at the heart of our approach. We deploy advanced technical and organizational safeguards, including encryption, pseudonymization, regular security testing, and robust disaster recovery planning. Our commitment extends to our service providers, who must meet the same high standards—ensuring that data entrusted to us is protected throughout its lifecycle.

We have a comprehensive and well-defined personal data breach notification protocol in place. In the event of a personal data breach, all employees are required to immediately notify the Data Protection Officer. We prioritize swift and effective management of any incident, ensuring that the alleged breach is investigated and affected individuals and relevant authorities are informed in accordance with legal requirements. Our procedures are designed to minimize risks, contain breaches, and support transparent communication throughout the process.

We protect the personal data we process with the utmost care and never disclose it to unauthorized third parties. Data is shared with third parties only on the basis of a lawful legal ground – for example, with regulatory authorities or contractual processors who must ensure the same level of data protection as provided by the NLB Group.

Transparency is essential. We openly communicate what data we collect, how it’s used, and with whom it may be shared—always based on a lawful legal basis. Data subjects have straightforward access to their data, with rights to correction, erasure, restriction, portability, objection and withdrawal of consent. Our data protection officers are readily available for questions, and our complaint mechanisms are designed to be simple and accessible. We provide clear, accessible channels for raising concerns about data privacy, and we respond promptly to data subject requests. Our processes are designed to put control in the hands of data subjects, reflecting our commitment to user-centric privacy.

Formal privacy reporting is an integral part of our governance. The company’s management board regularly receives comprehensive reports on privacy and data protection matters, ensuring oversight, accountability, and continuous alignment with best practices and regulatory requirements.

Regular privacy awareness is a vital part of our company culture. At NLB Group, we ensure that our employees are kept up to date with the latest privacy requirements, best practices, and responsibilities through ongoing communications, training sessions, and awareness campaigns. These initiatives help foster a strong privacy mindset across the organization, empowering every team member to actively contribute to the protection of personal data and to recognize the importance of privacy in daily operations.

Continuous improvement drives us forward. We conduct regular privacy impact assessments, risk analyses, internal and external audits, and operational reviews to ensure ongoing compliance and to adapt to new challenges.

Our data protection policies apply to all operations, which include processing of personal data - whether that of clients, employees, or others - ensuring a consistent approach to data protection across all business units and processes. We also require our service providers to maintain the same high standards, embedding privacy into every partnership.

At NLB Group, we believe that data protection policies should evolve with the world around us. That’s why we regularly update them to reflect changes in legislation, shifts in the business environment, and internal organizational needs.

Ultimately, data privacy at NLB Group is a promise—a commitment to safeguarding your information, respecting your rights, and building lasting trust. 

All important suspected violations or misconduct (such as abuse, fraud, including suspected bribery or any form of corruption) must be reported and handled. NLB maintains such an environment that encourages the employees to set questions which can be discussed with their managers or other employees in the Bank, including the experts in compliance, money laundering prevention, fight against bribery and corruption, or with lawyers or HR managers. Employees also have access to different channels through which they can anonymously report potentially non-ethical or inappropriate business practices. We use a strict policy of whistleblower protection against retaliation measures and assurance of anonymity.