Vendor Code of Conduct

Last updated: December 20, 2017

Citizens Business Bank’s Vendor Code of Conduct is a set of standards for business practice and regulatory compliance established to ensure our vendor relationships align with our commitment to integrity, and are in full compliance with the laws and regulations that govern our business activities.

If you are a vendor of Citizens Business Bank and/or CVB Financial Corp., we kindly request that you please our Vendor Code of Conduct.

At Citizens Business Bank (CBB) we are committed to running our business in a manner that benefits our customers, clients, shareholders and communities. Doing business predominantly in California and nearly exclusively with US-based vendors, we firmly believe our vendors and representatives and their actions are an extension of our own actions and reputation and we expect each to demonstrate strong values and ethical practices.

As a publicly traded bank, it is important to Citizens Business Bank that our vendors comply with all applicable federal, state and local laws and regulations, contract terms and this Vendor Code of Conduct. It is the responsibility of each vendor to ensure its employees and representatives maintain a thorough understanding of our expectations as set forth in this document.

Legal and Regulatory Compliance Requirements

Citizens Business Bank is a regulated financial institution and our clients rely on us to safeguard their information. Vendors must understand the requirements and restrictions related to non-public information. The following provisions regarding the use of sensitive information will survive the termination of our vendor’s service and our vendors will remain liable for any unauthorized disclosure.

• Confidentiality

Vendors have a duty to protect confidential information and to comply with all laws and regulations governing the protection, use, and disclosure of CBB proprietary, confidential and personal information. Vendors may only use confidential CBB information to perform work on behalf of CBB and may not disclose this unless it is already in the public domain.

• Privacy

Vendors must be aware of and follow the local laws and regulations regarding the privacy of individuals, including employees and customers. Personal information should never be disclosed to anyone outside of CBB except as required by legal or regulatory process and as permitted by the Vendor agreement.

• Bribery and Anti-Corruption

CBB does not tolerate bribery or corruption in any form. Vendors and those acting on their behalf may not directly or indirectly offer, promise, authorize/recommend or give anything of value to anyone, if it is intended, or could appear as intended to induce or reward improper action or to obtain or retain an improper advantage for CBB, the Vendor, or a third party.

Anything of value may include gifts (including cash and cash equivalents), business hospitality (including travel and related expenses, meals, entertainment), training and conferences, contributions to a charitable or political organization on behalf of another, honoraria and speaker fees, visa letters, offers of employment or other work experience whether paid or unpaid, sponsorships, perks, or discounts.

Vendors are also responsible for knowing and complying with the anti-corruption and bribery laws in the jurisdictions where the Vendor operates.

• Conflicts of Interest

Conflicts of interest affect objectivity and impair proper decision-making. The existence of potential conflicts may also undermine credibility and good judgment.

In order to address such questions, Vendors must disclose all actual or potential conflicts of interest due to either personal or business relationships with customers, Vendors, business associates, competitors of CBB, or CBB employees or directors. If Vendor discovers a potential conflict of interest, it must be reported to the Vendor manager responsible for reporting to CBB.

• Antitrust and Competition Laws

Most jurisdictions have antitrust or competition regulations which prohibit anticompetitive agreements or abuse of a dominant position. This may include activities such as price fixing, bid rigging, allocation agreements, the unlawful exchange of competitively sensitive information, and certain types of predatory or exclusionary conduct. Vendors are required to be aware of and comply with these antitrust and competition regulations in the regions where Vendor conducts business with or on behalf of CBB.

• Workplace Environment

CBB believes that employees are one of the most valuable assets a company can have. A safe and healthy workplace environment which fosters respect and inclusiveness ensures their well-being.

• Non-Discrimination, Non-Retaliation and Diversity

CBB encourages an inclusive and supportive working environment free from harassment and intimidation, where all employees are valued and empowered to succeed. Vendors must comply with all applicable laws relating to discrimination in hiring, employment practices, harassment and retaliation. CBB actively encourages Vendors to embrace diversity in their own business practices by documenting a diversity and inclusion approach that includes ways to identify, measure and improve inclusion and embedding accessibility standards that go beyond minimum compliance.

• Working Conditions, Health and Safety

Vendors must comply with all applicable safety and health laws and regulations in the jurisdictions where Vendor operates. Vendors must comply with all labor laws and employ only workers who meet applicable minimum age requirements in the jurisdiction. Vendors must also comply with all applicable wage and hour labor laws and regulations governing employee compensation, reimbursements, taxes and working hours. Vendors must provide a non-violent, safe work environment, free of threats or intimidation or physical harm that also supports accident prevention and minimizes exposure to health risks.

Vendor Obligations to Citizen Business Bank

Vendors must follow the obligations and requirements set forth below.

• Communications about or on behalf of Citizens Business Bank

Vendors must not communicate publicly about CBB business unless specifically authorized to do so and per the vendor contract. Vendors may not make public announcements on the provision of goods or services to CBB, share information regarding CBB assignments, or circulate pictures or descriptions of CBB facilities or external work events. Exercise caution when discussing any of CBB’s products, services, or programs on social media.

Vendors should not post or seek recommendations or referrals by CBB employees, customers or service providers unless approved.

• Protecting IP and Citizens Business Bank Assets

Vendors must properly safeguard and protect CBB assets from theft, waste, cyber-related attack, or other type of loss. Technology assets, office equipment and supplies, email systems, information assets such as intellectual property, and CBB brand and customer relationships are the property of CBB and should be used for CBB-related business purposes only.

Vendors must have programs in place that meet commercially reasonable standards designed to protect CBB information, which includes ensuring CBB information is not forwarded to an external email address for any non-business purpose or to Vendor personal email accounts for any reason.

• Accurate Records

Vendors are responsible for maintaining accurate and complete books and records and complying with all required controls and procedures for records created as a result of business activities conducted on behalf of CBB. Vendors must be aware of and comply with the legal and regulatory retention requirements that relate to the services being provided to CBB.

• Knowing your Workforce Members

Vendors are responsible for the quality, background and expertise of their employees who are designated or deployed to provide services to or to otherwise assist or support CBB. This includes, among other things, ensuring that (i) recent and timely criminal and (where appropriate) credit background checks have been run on all such employees, (ii) such employees possess and maintain the necessary expertise and diligence in order to properly and efficiently perform the tasks required or requested under such Vendor’s respective contract or engagement with CBB, and (iii) such employees receive regular and comprehensive training and reinforcement of requisite skills and all specific requirements imposed by CBB under this Policy and such Vendor’s respective contract or engagement with CBB.

• Record Maintenance and Retention Requirements

Vendors are responsible for maintaining accurate and complete books and records and complying with all required controls and procedures for records created as a result of business activities conducted on behalf of CBB. Vendors must be aware of and comply with the legal and regulatory retention requirements that relate to the services being provided to CBB.

Vendor Diversity, Labor and Human Rights

Citizens Business Bank is committed to diversity and inclusion of its workforce as well as our vendor partners. We actively encourage vendor diversity through the use of diverse businesses (i.e. women owned, veteran owned, minority-owned). Citizens Business Bank expects our vendors to treat their employees with respect and dignity and to protect their human rights. It is also expected our vendors offer equal employment opportunity to all, not tolerate discrimination or harassment, and support diversity and inclusion. Additionally, it is expected vendors and their subcontractors to abide by labor laws and regulations where they conduct business including those that address child labor, forced labor, human trafficking, equal pay and nondiscrimination in their workforce and not to engage in any practice that could reasonably be considered as employing or encouraging child labor, forced labor or human trafficking.

Compliance with Health and Safety Laws

Vendors will provide and maintain for all personnel and stakeholders a work environment that meets or exceeds applicable municipal, state and federal laws regulating occupational health and safety.

No Creation of Third-Party Rights

This Vendor Code of Conduct does not confer, nor shall it be deemed to confer, any rights on the part of thirdparties, including any third-party beneficiary rights. For example, no employees of any vendor shall have any rights against Citizens Business Bank by virtue of this Vendor Code of Conduct, nor shall such employees have any rights to cause Citizens Business Bank to enforce any provisions of this Vendor Code of Conduct, the decision with respect to any such actions being reserved by Citizens Business Bank in its sole discretion.

Questions About The Vendor Code of Conduct

If you have questions about this Vendor Code of Conduct, including questions regarding a possible violation of this Vendor Code of Conduct, Citizens Business Bank has a variety of resources available to assist you. You are encouraged to work with your primary Citizens Business Bank contact in resolving a business practice or compliance concern. However, Citizens Business Bank recognizes that there may be times when this is not possible or appropriate. In such instances, please contact our Vice President of Vendor Management or our General Counsel at Citizens Business Bank, 701 N Haven Avenue, Ontario, CA 91764 or report any violations to Citizens Business Bank’s Hotline at 877.778.5463 (with an option to remain anonymous).

Citizens Business Bank will not tolerate any retribution or retaliation taken against any individual who has in good faith sought out advice or has reported questionable behavior or a possible violation.

We thank you for your compliance with this important Vendor Code of Conduct and look forward to a mutually beneficial relationship with all of our vendors based on the highest levels of ethical behavior.