Vendor Code of Conduct

SCOTIABANK BUSINESS CONDUCT: VENDOR CODE OF CONDUCT

Purpose & Applicability of Vendor Code of Conduct

This policy describes business conduct considerations particularly applicable to dealing with Service Providers, Vendors and other third parties providing goods and services to Scotiabank and provides sources of assistance. Responsible business practices, responsible treatment of individuals, environment, record keeping and code compliance and monitoring are discussed in this policy.

The Scotiabank Guidelines for Business Conduct describes the minimum standards of conduct required of directors, officers and employees of Scotiabank and its subsidiaries. The Business Conduct: Vendor Relations policy is to educate and remind persons responsible for ongoing Service Provider/Vendor relationships or involved in bid and tender situations regarding the kinds of conduct issues which may arise, and Scotiabank’s expectations in dealing with those issues. The Vendor Code of Conduct discusses the principles of Scotiabank and the expectations as to how Service Provider/Vendors, who supply goods and services to Scotiabank, including their representatives and employees, are to conduct business with Scotiabank.

Scotiabank is committed to its shareholders, clients, employees and the larger community. Scotiabank’s core values include integrity, respect, commitment, insight, spirit, community, collaboration and the environment. As a result, Scotiabank strives to provide exceptional services to clients in accordance with its core values and expects Service Provider/Vendors to operate in accordance with similar ethics and business standards.

Responsible Treatment of Individuals:

  • Respect and Diversity: Service Provider/Vendors will maintain professional work environments that are characterized by professionalism, with respect for all employees and the individuals with whom their employees interact. This includes respect for differences such as race, gender, age, sexual orientation, disability, religion and ethnic origin. Harassment, discrimination, violence and other disrespectful and/or inappropriate behaviour must not be tolerated by Service Provider/Vendors.
  • Employment Practices: Service Provider/Vendors must adhere to all applicable employment standards, labour, non-discrimination and human rights legislation. In cases where laws do not prohibit discrimination, Service Provider/Vendors are expected to still be committed to non-discrimination principles. In their workplace, Service Provider/Vendors must demonstrate that child labour is not used, discrimination/harassment is prohibited, employees are able to raise concerns without fear of reprisal, appropriate background checks (i.e. criminal records, valid work visas) have been completed to ensure employee integrity and employment standards meet or exceed legal and regulatory requirements. Service Providers/Vendors will notify Scotiabank immediately if they have been in breach of any Canadian Human Rights, employment standards (legal and regulatory) or immigration laws.
  • Health and Safety: Service Provider/Vendors must provide healthy and safe workplaces that are compliant with relevant health and safety laws. Service Provider/Vendors are expected to provide all employees with adequate information and instruction on health and safety concerns to ensure the maintenance of a healthy and safe workplace.

Responsible Business Practices

  • Privacy and Information Security: Service Provider/Vendors must comply with Scotiabank’s Guidelines for Business Conduct and Business Conduct: Vendor Relations policy. They must use information obtained through their relationship with Scotiabank only for the purpose defined to them. Service Provider/Vendors must have appropriate information security policies and procedures in place to ensure secure access to Scotiabank’s information. Service Provider/Vendors must immediately notify Scotiabank of any suspected or actual security or privacy breaches or loss of information.
  • Business Resumption and Contingency Planning: The Service Provider/Vendor will have appropriately developed business continuity and disaster recovery plans; maintained and tested in accordance with applicable regulatory, contractual and service level requirements.
  • Outsourcing and Subcontracting: If the contractual agreement allows, the Service Provider/Vendors may need to use subcontractors in the performance of services. However, Scotiabank has the expectation that Service Provider/Vendors will not subcontract services they are required to perform for Scotiabank or to outsource activities that directly impact the delivery of goods and services to Scotiabank without the specific written consent of Scotiabank. To obtain consent, Service Providers/Vendors will be required to make available/disclose to Scotiabank the specific contractual arrangement with the sub-contracted party. In these situations, Scotiabank must be informed of the locations where this work is being performed and how the outsourced parties are involved in providing services. Service Providers/Vendors will not hire foreign workers from outside of Canada when performing services on behalf of Scotiabank, where a worker eligible to work in Canada is available and able to perform the service.
  • Environmental Sustainability: Scotiabank has the expectation to work with vendors who will support environmental sustainability. This can be achieved by conducting business in an environmentally responsible way, offering or using environmentally responsible products and services and assisting in reducing Scotiabank’s Environmental Footprint.

Record Keeping

  • Service Provider/Vendors must not destroy records that may be relevant to any pending or threatened legal or regulatory proceeding. Service Provider/Vendors must maintain adequate internal records to ensure proper compliance with their obligations to Scotiabank.

Code Compliance and Monitoring

  • In certain situations, Service Provider/Vendors may be required to provide written confirmation to Scotiabank of adherence to the requirements of this Code.
  • Scotiabank must be able to monitor and audit a Service Provider/Vendor’s control environment.
  • Service Providers/Vendors will not implement any material change to the way services are provided to Scotiabank which constitutes a breach of our policies and the Vendor Code of Conduct.