Disciplinary inspection institutions at all levels of China CITIC Bank Corporation Limited (hereinafter referred to as the "Bank") fully protect the rights of leaders and employees to exercise their supervisory duties. The Bank processes complaints and reports in accordance with rules, regulations, and laws, safeguarding legal rights, addressing various concerns, and strengthening the supervision and checks on the exercise of power.

I. Legal and Regulatory Basis

The Bank processes complaints and reports and strengthens the protection of informers in accordance with the Constitution of the People’s Republic of China, the Supervision Law of the People’s Republic of China, the Regulations on the Implementation of the Supervision Law of the People’s Republic of China, the Rules for Handling Reports and Complaints by Disciplinary Inspection and Supervision Authorities and other relevant rules, regulations, and laws, as well as the Implementation Measures for Supervision and Discipline Enforcement, the Implementation Measures for Complaint Reporting, and the Implementation Measures for the Management of Clues.

II. Work Mechanism

The Bank has established a sound mechanism for letters and visits to accept employee and public supervision. In strict accordance with the Work Regulations on Letters and Visits and internally developed procedures, the Bank has set up a joint meeting mechanism to coordinate, advance, and supervise all matters relating to letters and visits. It has also established channels for complaints via letters, phone calls, visits, etc., aiming to advance the acceptation and handling of the complaints in accordance with laws and regulations, solve issues according to laws and policies, and coordinate the handling of reasonable and legitimate demands. It is clearly stipulated that no organization or individual may retaliate against petitioners, ensuring the orderly handling of letters and visits.

III. Reporting Methods

Any organization or individual has the right to submit a complaint or report to the relevant disciplinary inspection institution of China CITIC Bank with the appropriate management authority. The Bank encourages real-name reporting, but anonymous complaints within the scope of the institution's responsibilities will also be processed in accordance with established procedures. For anonymous complaints, it is prohibited to privately investigate the informer’s handwriting, internet protocol address (IP address), or any other identifying information.

IV. Requirements of the Informer Protection Policy

The Bank has clearly defined specific requirements for the protection of informers for the individuals being reported, and disciplinary inspection institutions and staff, and in the process of handling complaints, strengthening the information confidentiality measures.

(I) Requirements for the Individuals Being Reported

An individual being reported must respect the informer and the disciplinary inspection institutions and their staff handling the case. Retaliation is strictly prohibited. If the individual being reported engages in acts of retaliation, including endangering personal safety or damaging the informer’s property or reputation, he/she will be punished in strict accordance with laws and regulations.

(II) Requirements for Disciplinary Inspection Institutions and Their Staff

1. Disciplinary inspection institutions at all levels shall manage real-name reporting materials with strict confidentiality, controlling the circulation of such materials. The informers' information must not be disclosed. During the verification process of real-name complaints, the source of the clues must not be disclosed.

2. Disciplinary inspection staff must take preventive measures when developing, receiving, sending, transmitting, copying, storing, or carrying out clues to prevent loss of management and control of the materials.

3. After leaving their position, disciplinary inspection staff must continue to fulfill their confidentiality obligations and are prohibited from disclosing any information or secrets they became aware of during their employment.

Disciplinary inspection institutions or their staff, who leak informer information or compliant-related contents, or transmit such materials to the reported organization or individual, will be punished severely in accordance with laws and regulations. If their actions involve job-related misconduct or criminal activities, they will face legal consequences. Whoever is found to use reporting materials to seek personal gain or facilitate retaliation against the informer will face more severe penalties.

(III) Requirements in the Process of Handling Complaints

1. In the process of handling complaints, strict confidentiality must be maintained regarding the informer’s name (or organization), employee, address etc., and the contents of the complaint. Reporting materials and informer information must not be transferred to, or shared with, the reported organizations or individuals. Complaints should be accepted and investigations should be conducted in a manner that ensures the informer's identity remains confidential.

2. In the management of clues, each handling personnel must sign off, ensuring no leakage of information. The scope of knowledge should not be unnecessarily expanded. The informer’s information, clue details and handling progress should not be disclosed to the reported without authorization.

3. During the disciplinary review and investigation process, the scope and timing of knowledge of the review and investigation must be strictly controlled. Personnel are prohibited from privately storing, hiding, reviewing, copying, duplicating or carrying case-related materials or clues. Leakage of investigation and review information is strictly prohibited. If necessary, a confidentiality agreement should be signed by all involved in the investigation or review process.