Customer Service

To ensure that special group customers enjoy equal rights as other customers and receive convenient and people-oriented services, the Bank sets out the requirements for standardizing the service facilities and processes specific to special customers in the Service Quality Standards Manual for CITIC Outlets. Oriented towards the needs of different customer groups such as the elderly, visually impaired, hearing-impaired, and pregnant women, and based on the general guideline of establishing a long-term service mechanism, the Bank works out a specific service process for various customers, providing "accompanied" guidance and services from customer reception and needs confirmation to business handling and customer farewell, and requires outlets to regularly organize employees to walk through the service process for special customer groups at morning meetings, ensuring that key positions know the key points of service provision.

For customers who are unable to visit the branch premises, the Bank activates a green channel, and offers humanized door-to-door service by adhering to the principle of handling special cases with special methods and taking expeditious action on urgent matters in accordance with relevant regulations, to get closer to customers through extended services.

To care for special customer groups, such as the elderly and visually impaired, the Bank provides the "Happiness+" version of its mobile banking application. Designed with the concept of "simplicity, thoughtfulness, exclusivity and security," this version highlights the core banking functions, features simplified page structure and optimized visual effect, and supports screen-reading function. By designing features that are closer to the real needs of customers, the Bank delivers a better experience for customers to use the APP.

The Bank is working to present a new image of its outlets, which are decorated in a modern and minimalist style to make the lobby space brighter, warmer, and tidier. Open design, diversified scenarios, modular combinations, and mobile devices allow customers to choose their preferred comfortable space to handle their business, giving full expression to the "customer-centric" service philosophy. New outlets have introduced new devices and systems, including various new mobile smart devices, multimedia display screens, integrated device management platform and information release management platform, accelerating the mobile, intelligent, and digital transformation and upgrading of outlets.

In addition, the Bank comprehensively promotes the use of a platform for visualized big data-based site selection, and strengthens digital and lean management of outlets. By locating in areas with dense populations and strong financial demands, the outlets can better meet the financial needs of nearby enterprises and residents, effectively improve the comfortable and convenient experience of visiting customers, amplify the outreach capability of individual outlets, and become a "bank with a human touch."

For the customer services on the mobile banking application, the Bank continues to enhance customer experience with intelligent services, and has introduced intelligent online customer service assistant (AI Manager), an intelligent digital human, and other service models.

The AI Manager is an automated interactive robot created by the Bank using AI technology. It can respond to customers' common questions, function search, and other needs at any time. It offers personalized services such as knowledge recommendation, greeting words, and navigation for frequently used functions. With significantly improved capability to precisely deliver knowledge and more user-friendly interface, it provides customers with more considerate online services.

The Bank has developed "Xiaoxin", an ultra-realistic 3D digital human IP, serving as a digital wealth advisor. "Xiaoxin" can accompany customers in their investment journey, and provide them with intelligent advisory services across the whole process from pre-investment wealth planning, product selection during investment, to post-investment diagnosis and optimization, continuously improving customers' trust and sense of gain in wealth management.

The Bank continues to leverage the advantages of AI outbound call channels, and combines them with human-operated channels. It has established a human-machine collaborative customer contact model featuring "AI + remote human service" and "AI + wealth manager," providing customers with more efficient and human-friendly outbound call services.

The Bank's mobile banking APP, as the main online service platform, has been upgraded to version 10.0, featuring simplicity, concession, visuals, diversity, professionalism, attractiveness, and thoughtfulness. Centering its value proposition, it has developed two major tools for asset allocation, including the "Healthy Balance Sheet" and "Happiness+ Pension Account Book", as well as a 24/7 professional AI-enabled digital wealth advisor, helping users receive professional wealth management advisory services online. The APP extends the reach of service and delivers low-threshold, easily accessible and caring wealth management services, significantly enhancing customer experience.

For personal online banking, the Bank has developed a personal online banking system that supports IE, Chrome, Firefox, Edge, and other mainstream browsers. As an important part of its online channels, it continues to provide safe and convenient financial services for its users.

For remote channels, the Bank continues to provide customers with convenient financial/non-financial services, such as wealth management, pension finance, and activities on rights and interests, through outbound calls, WeChat Work, and other methods.

For its WeChat service account, the Bank's service account provides customers with convenient online financial/non-financial services, such as news and articles, customer service support, and transaction notifications.

The Board of Directors at China CITIC Bank ("CITIC") serves as the highest decision-making body for the protection of consumer rights and interests ("consumer protection"), bearing ultimate responsibility for this mandate. The Board of Directors meets biannually in principle. Its main duties include:

Formulating strategies, policies, and objectives for the consumer protection to ensure consumers are treated fairly, and integrating the consumer protection into the business development strategies and corporate culture.

Planning and guiding the consumer protection comprehensively, incorporating the progress of these initiatives into evaluations of corporate governance, and overseeing the effective implementation of the strategies, policies, and objectives.

Monitoring the senior management's adherence to their responsibilities regarding the consumer protection, reviewing related operations, including but not limited to annual plans, progress, significant issues, and information disclosure concerning consumer protection, and making relevant resolutions.

Additionally, the Board of Directors establishes a Consumer Protection Committee, which also meets biannually in principle. This committee reviews reports from senior management and the department responsible for the consumer protection, assesses the progress of the consumer protection, reviews information disclosures related to the consumer protection, and issues specific resolutions regarding the consumer protection.

The Board of Supervisors is tasked with overseeing the performance of the Board of Directors and senior management in the consumer protection. When considering it necessary, it may attend the relevant meetings of the Board of Directors on the consumer protection as a nonvoting delegate and conduct specialized audits to monitor the implementation of the consumer protection initiatives.

In early 2024, CITIC issued the CITIC Plan for the Consumer Protection Training for Employees in 2024, which specified the frequency of training sessions, the number of personnel covered, the target audience, ledger management, and reporting requirements across all business lines and branches. This initiative mandates all branches to actively fulfill their training management roles and increase the allocation of resources towards training for the consumer protection.

In 2023, CITIC developed the CITIC Handbook for Learning and Development of Consumer Protection Management Positions. This handbook details requirements, capability elements, graded capability tags, and behavior descriptions for consumer protection management positions, effectively creating a capability map, learning map, and talent development program. To date, CITIC has introduced 29 specialized courses on topics such as personal customer information protection, complaint handling, as we as rating, review, training, and publicity for consumer protection. Its future efforts will focus on establishing a bank-wide certification system for consumer protection roles to continuously improve the professional skills of these employees.

Throughout 2023, CITIC diligently enhanced its ongoing training initiatives. Firstly, the Bank carried out the training and examination campaign themed "Learning Consumer Rights Protection by All" among all employees, where experts at consumer rights protection were invited to give lectures that covered the Management Measures for Consumer Rights Protection at Banking and Insurance Institutions, the Special Training on Personal Information Protection and the Interpretation of the Regulatory Policies about Consumer Rights Protection, etc. About 58,000 employees attended the training and passed the examination. Secondly, the Bank organized learning and training about the Management Measures for Consumer Rights Protection at Banking and Insurance Institutions among middle and senior management staff and employees in consumer rights protection posts at the Head Office, to ensure regulatory policies to be effectively implemented. Thirdly, the Bank carried out special training among heads of consumer rights protection departments and employees in consumer rights protection posts at branches, and held training sessions for boosting consumer rights protection at branches themed "Collaborating to Promote Consumer Rights protection", with the contents including the Status Quo and Practice of Consumer Rights Protection at Commercial Banks, Management of Sales Appropriateness and Marketing Regulation in Consumer Rights Protection, Requirements on Personal Information Protection and Banking Practice, and Interpretation of the Key Points of Consumer Rights protection Review. The Bank also organized training about improving consumer rights protection services among front line employees across the Bank.

The CITIC Measures for the Management of Financial Literacy Publicity and Education stipulate that the headquarters, branches, and service outlets must prioritize financial education targeted at specific vulnerable groups, including migrant workers, individuals with disabilities, the elderly, and school-going students. The guidelines advocate for the dissemination of financial information in formats accessible to these groups, broadening the awareness of user-friendly banking facilities and tools, and recognizing the diversity and distinctions in the financial needs of these groups. Additionally, the CITIC Plan for Promoting Financial Education and Protecting Consumer Rights and Interests in 2024 mandates that each branch should cater to the real-life financial needs of key segments such as the elderly, youth, and newcomers to urban areas by launching a variety of themed promotional campaigns.

In 2023, the Bank took an active part in a variety of education and publicity activities organized by regulators, including the "3.15 Week of Financial Consumer Protection Publicity", "Publicity Month of Preventing Illegal Fund-raising", "Popularizing Financial Knowledge" and "Education and Publicity Month of Financial Consumer Rights Protection in 2023". Statistically, a total of 12,570 activities were carried out in 2023 for239 million person-times, and the original publicity materials were viewed by more than 33,323,100 times, receiving accolades from both consumers and regulatory bodies.

Throughout the year, CITIC continually improved its standardized system for financial education. On the offline front, the bank successfully implemented financial education campaigns, including carrying out 1 major campaign titled "Leading a Better Life and Advancing with Warm CITIC", establishing 14 unique financial education hubs across the bank, conducting 143 branch-level promotional events, recognizing 1,285 outlets for their consistent educational efforts, and organizing 17,191 in-person salon events. Online, CITIC's ongoing efforts to promote financial literacy were extensively integrated across all its digital platforms, including its website, official WeChat account, mobile app, video channels, and the CITIC Bank Micro-Life service. The bank articles using case studies to highlight financial risks were frequently featured on consumer review channels; moreover, an original educational video titled "Shouwang" was selected for distribution by the National Anti-Fraud Center and "Xuexi Qiangguo", a Chinese mobile app primarily designed to teach Xi Jinping Thought. In 2023, CITIC was honored as an "Outstanding Organization" at the "Guarding Your Purse and Protecting Your Home" Anti-Illegal Fundraising Short Video Contest and received the "Award of Good Practices for Financial Consumer Protection" from the financial community. For its significant impact in spreading financial knowledge, the bank was awarded the title of "Model Site for Lei Feng Spirit Activities in the Financial System" by the Research Association of Ideological and Political Work of China Financial Institutions and the China Volunteers Association Committee for Carrying Forward the Spirit of Lei Feng.

CITIC continuously enhances its complaint management system, employing a multifaceted approach that includes preventative early-warning measures, ongoing quality and efficiency controls during the process, and retrospective corrections for identified issues. The bank applies stringent early intervention for significant complaints and uses a full-process, tiered, and categorical control strategy to effectively decrease the volume of complaints at all levels.

The Measures of China CITIC Bank for Consumer Complaint Management, explicitly define the complaint handling process, detailing the channels through which complaints are received, hotline numbers, and the timelines for processing. Complaints collected through various channels are assigned based on their nature to the appropriate branch or relevant department at the headquarters for timely resolution and direct communication with the complainant.

The Office of Consumer Rights Protection is tasked with establishing and promoting the application of the bank-wide complaint management system. It refines complaint handling policies and mechanisms, liaises with regulatory authorities, and manages complaints forwarded by regulatory bodies. Furthermore, it develops and implements evaluation criteria for managing complaints, ensuring that all branches and departments address consumer complaints promptly. This office regularly reports on complaint management activities to the Board of Directors, the Board of Supervisors, and the Consumer Rights Protection Committee.

The Customer Service Center within the Wealth Management Department is responsible for addressing complaints initiated through various channels: the 95558 customer service hotline (which includes a dedicated complaint prompt in the voice menu for 24/7 live response), mobile banking, the bank's website, and the official WeChat account.

The Credit Card Center specifically handles complaints related to credit card services that are received through the 4008895558 customer service hotline.

The Consumer Rights Protection Committee, under the auspices of the bank’s Board of Directors, routinely receives and reviews annual summaries of the complaint management activities. The committee engages in detailed inquiries concerning the handling of complaints, particularly insisting that branches with high volumes of complaints conduct in-depth analyses of the root causes and monitor the effectiveness of subsequent corrective actions. The Audit Department in headquarters annually performs specialized audits on the complaint management practices at both the headquarters and branch levels.

CITIC operates distinct customer service centers for debit cards and credit cards, each dedicated to managing telephone complaints related to their specific services. These centers employ robust internal review mechanisms for handling complaint tickets. Quality assurance teams assess complaint handling by randomly monitoring call recordings, and evaluating criteria such as service etiquette, use of appropriate language, clarity of call objectives, accuracy and proficiency in business responses, and operational risk awareness. Each monitoring criterion is scored, and the results are factored into the performance evaluations of the staff involved.

The Consumer Rights Protection Office at the headquarters of CITIC is the principal department responsible for managing consumer rights protection throughout the bank. This office leads the consumer rights review of products and services adhering to a "tiered responsibility and dual-level review" principle. This review ensures that consumer rights protection principles are integrated into the stages of product and service design, development, pricing management, and contractual formulation. It also evaluates whether partner intermediaries and third-party entities meet consumer rights protection standards. Typically, reviews are conducted within three working days after the submission of documentation.

In 2023, CITIC updated its Consumer Rights Protection Review Management Guidelines for New Products and Services (Version 3.0, 2023), which further delineates the responsibilities associated with consumer protection reviews across its various departments and branches. Systematically, the bank enhanced the capabilities of the consumer protection review system through platforms like the SMS Outbound Contact Platform, the Promotional Text Distribution Interface, and the Open Banking Application Portal. These upgrades ensure a comprehensive review coverage of new products and business initiatives bank-wide. On the evaluation front, CITIC has refined its metrics, including the rates of submission for reviews, the acceptance of recommendations, and the effectiveness of implemented corrective measures. Increasing the significance of these reviews in overall evaluations helps enforce standards and maintain stringent consumer protection across the bank.

China CITIC Bank ("CITIC") attaches great importance to the management of information security and the protection of customers’ personal privacy. It has established a relatively comprehensive customer information security protection management mechanism. Regular campaigns are conducted to raise awareness about the protection of customer privacy information. Moreover, we reinforce our commitment to privacy and data security through risk assessments and external evaluation certifications. Further details are as follows:

CITIC rigorously adheres to the requirements of the Cybersecurity Law of the People's Republic of China, the Data Security Law of the People's Republic of China, and the Personal Information Protection Law of the People's Republic of China. We have developed numerous internal management systems and standards concerning the protection of customer information and data security management, prioritizing the protection of customer rights and respecting customer intentions. We clearly specify security management requirements for every phase of the customer information and data lifecycle.

CITIC has established a well-rounded information security management mechanism, focusing on 1) enhancing security management across all stages of customer data life cycle—collection, transmission, storage, and usage; 2) implementing comprehensive emergency plans, risk management, and incident reporting mechanisms to mitigate data and personal information security risks; 3) regularly conducting security assessments, testing, and inspections to ensure compliance with established standards and to safeguard the personal information of customers when purchasing and using financial products and services.

CITIC has developed a systematic, normalized deep-defense network security system, along with a platform-based, intelligent security operations system. This allows us to conduct security control across endpoints, hosts, networks, and data, and to detect and address various abnormal behaviors and external attacks in real time. Through external penetration tests and security monitoring services, we achieve real-time global monitoring and rapid response to counterfeit apps, phishing websites, and sensitive information involving the bank, effectively safeguarding our internet applications and customer rights. We continuously enhance our capabilities in internet threat monitoring, management, and tracing to effectively mitigate cyber risks and ensure the secure, stable operation of our information systems.

CITIC has established a comprehensive emergency plan and incident reporting mechanism covering all facets of information systems including networks, data centers, security, and data. These plans are consistently updated and revised in accordance with system changes. We have devised various drill plans and developed realistic training scenarios covering typical cyber threats such as external attacks, malicious emails, and data breaches. Each year, we organize internal and external attack-and-defense exercises to significantly bolster our overall security defense capabilities.

To elevate awareness of information security, CITIC routinely organizes training and educational sessions for the public, all bank employees, and the internal IT department: 1. Public outreach initiatives are implemented to bolster the public's defenses against cyber fraud and to enhance their awareness of personal information protection; 2. compliance warning education and customer data protection training are provided to all employees via online courses, aiming to elevate the collective security consciousness across the bank; 3. security-specific training sessions are conducted for IT department staff, focusing on both managerial and technical aspects to develop and improve the professional skills of personnel in security roles.

Our mobile banking and the Mobile Card Space App, along with other applications, undergo rigorous testing and certification reviews, successfully obtaining the "Fintech Product Certification" and is registered with the National Internet Finance Association of China under the "Mobile Financial Client Application Software Record". Annual reviews and recertification are carried out according to these standards, signifying that our self-developed mobile financial apps are recognized by national authoritative bodies. They meet quality standards and are controllable in terms of client software security, barcode payment security, and the protection of customer personal information. In December 2023, CITIC was awarded the title of "Demonstration Institution of the Security Management of Mobile Finance Customer APP" by the National Financial Technology Certification Center (Beijing). In the same month, our mobile banking app successfully passed the Personal Information Protection Certification of the China Cybersecurity Review, Certification and Market Regulation Big Data Center (CCRC) ("Mobile Internet Program Security Certification").

In accordance with the Cybersecurity Law of the People's Republic of China and the national requirements for cybersecurity level protection (referred to as "Multi-Level Protection Scheme", MLPS), our bank conducts annual security evaluations on its online banking and other critical information systems. These evaluations are based on MLPS assessment criteria and cover multiple domains, including physical, network, and application security. The objective is to comprehensively enhance the security defenses of our systems and reduce the risks of cyber-attacks.

The Credit Card Center of CITIC first passed the ISO 27001 Information Security Management System certification in 2010. The scope of the certification includes credit reporting, card issuance, authorization, billing, collections, and adjustments related to our bank’s credit card services, as well as the system development, system operation, and IT planning of the organization. The ISO 27001 certification is renewed annually, and the system has been operating well up to the present.

We have developed and disseminated the E-Banking Privacy Policy on China CITIC Bank, adhering strictly to its mandates. In line with the "minimum necessary" principle, the bank collects, uses, and retains customer personal information solely to the extent necessary. The policy clearly stipulates that any sharing or transfer of customer data must be predicated on obtaining express consent and authorization from the customer. The bank pledges to enforce legal security measures to safeguard customer personal information effectively. The privacy policy grants users definitive control over their personal data, including rights to access, correct, and update their information, as well as to alter the scope of the consent given. It outlines specific scenarios and methods of operation, thereby ensuring the robust protection of customer personal information rights.