Supplier Code of Conduct

1.    Purpose

This Code of Conduct sets out the standards of behaviour, ethics, and compliance that the Group expects of all third-party suppliers, service providers, and contractors (“suppliers”). It ensures that our suppliers operate with integrity, comply with applicable laws and regulations, and uphold the Bank’s commitment to safety, soundness, and responsible business conduct.

2.    Scope

This Code of Conduct applies to:

• All suppliers, vendors, contractors, consultants, and their sub-contractors engaged by the Group.
• All services, whether material or non-material, including intra-group arrangements.

3.    Core Principles

3.1    Ethical Conduct

• Act with honesty, integrity, and professionalism in all dealings with the Group.
• Avoid conflicts of interest and disclose any actual or potential conflicts promptly.
• Prohibit bribery, corruption, fraud, facilitation payments, or improper advantages.
• Compete fairly and avoid anti-competitive practices.
• Suppliers are expected to consider and uphold ethical, sustainable, inclusive, and accessibility-related standards within their own supply chains. This includes ensuring that subcontractors and third-party partners reflect the principles outlined in this Code of Conduct.
• Disclose any actual or potential conflicts of interest that may arise during the engagement.
• Where a supplier is unable, for any reason complete the required due diligence activities (such as risk assessments or materiality questionnaires), they must proactively notify the Group and provide equivalent and appropriate independent reports and or assurances to demonstrate compliance with the standards set out in this document.
  
  

3.2   Compliance with Laws and Regulations

Suppliers must comply with all applicable laws, regulations, and regulatory expectations in the jurisdictions in which they operate. In addition, where services are provided to or on behalf of the Group, suppliers must also comply with relevant UK legal and regulatory requirements.
This includes, but is not limited to:
Ensuring that your actions do not put the Group into breach of any UK Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) rules, where relevant.

• Data protection laws (UK GDPR, Data Protection Act 2018).
• Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) regulations.
• Modern Slavery Act 2015 and human rights standards.
• Health and safety laws and good practice.

You should notify the Group immediately of any breaches of law or regulation.

3.3   Information Security & Data Privacy

• Protect the Group data (including customer data) with robust security controls.
• Comply with the Group’s information security policy, including encryption, secure transmission, and access controls.
• Notify the Group immediately of any data breaches or security incidents.
• Ensure subcontractors also comply with equivalent standards.

3.4   Business Continuity & Resilience

• Maintain effective & tested business continuity and disaster recovery (BCP/DR) arrangements to ensure service continuity.
• Services that support the Groups Important Business Services will be identified and alignment of service continuity and resilience standards are expected.
• Participate in testing of continuity plans, as required by the Group.
• Promptly communicate incidents that could affect delivery of services.

3.5   Responsible Business Practices

• Uphold fair labour standards and respect worker rights.
• Avoid child labour, forced labour, or exploitative working practices.
• Promote diversity, equality, and inclusion in the workforce.
• Minimise environmental impact and align with sustainability best practice.

3.6   Governance & Transparency

• Maintain accurate records and make them available for the Groups audit/review if required under agreed contracts.
• Co-operate openly and constructively with the Groups, its auditors, and regulators.
• Escalate issues, breaches, or misconduct without delay.

4.    Prohibited Practices

Suppliers must not:

• Offer or accept bribes, gifts or hospitality intended to secure improper advantage.
• Engage in fraudulent, misleading, or unethical conduct.
• Discriminate based on race, gender, religion, age, disability, or any other protected status.
• Use the Groups name, brand, or confidential information without prior written approval.
  

5.    Prohibited Practices

• The Groups reserves the right to monitor compliance with this Code through audits (where contractually agreed), certifications, or assurance reports (e.g. ISO 27001, SOC 2) where available.
• Suppliers must provide evidence of compliance (policies, certifications, test results) upon request.
• Breaches of this Code of Conduct may result in corrective actions, suspension, or termination of the relationship.

6.    Reporting Concerns

Suppliers and their staff should report concerns about unethical, illegal, or unsafe behaviour via the Groups whistleblowing channels. Reports will be treated confidentially and without retaliation.

“Whistleblowing” refers specifically to disclosures that fall within the scope of the Public Interest Disclosure Act 1998 (PIDA). These are concerns that, in the reasonable belief of the worker, are made in the public interest

For further information or to raise a concern, please visit:
https://www.bankofengland.co.uk/whistleblowing

7.    Acknowledgement

By entering into an agreement with the Groups, the supplier acknowledges and agrees to abide by this Supplier Code of Conduct and to promote its principles within their organisation and supply chain.

• The supplier confirms that it currently meets the expectations set out in this Code.
• The supplier agrees to notify the Bank immediately if it becomes unable to meet any part of this Code due to a change in circumstances, business practices, or compliance status.

7.    Document Governance

For the avoidance of doubt if there is a conflict between the requirements within this Code and any written agreement the Group has negotiated with the Supplier then the written agreement takes precedence.