what you think
What To Do With Your Code of Ethics
Why you need a code of ethics? There are a number of excellent reasons. Topping the list is the fact that your regulator expects you to establish ethical standards as a part of compliance risk. Then there is the fact that the Federal Sentencing Guidelines allow for mitigation in sentencing if the bank has a compliance program. This is important because the sentencing guidelines come into play in the kind of actions that involve ethics. The best defense in the event of any investigation or prosecution is to have a code of conduct program that sets standards.
Having a code of ethics is also a means of establishing a clear standard of behavior for the corporation. The United States is not a mono-culture. Our country is founded on diversity. We mix cultures and come up with new results. Because we have a relatively fluid working sociology, we have people entering different workplaces with a wide variety of backgrounds, experiences, and expectations. Faced with this diversity, the workplace itself must have a method of establishing some uniformity, some common ground. An important element of this common ground is a code of ethics.
From the top down
The bank's code of ethics should establish the tone from the top. The directors and the CEO set standards. They determine the context in which the bank does business. The written code of ethics lets employees know what the bank's expected culture and performance are. Two important things should happen here.
First, management sets a tone of ethics expectation. Second, having a written policy makes the policy and expectations clear to all employees.
The code should clarify acceptable behavior in a variety of situations. Ethics deal with the interaction of personal and business interests. These can involve outside activities that may conflict with the bank's work, personal and business responsibilities that create a conflict of interest, and acceptance of gifts ranging from a small meal to an elaborate piece of art.
The code should communicate a clear standard of behavior for bank employees for each of these situations. In fact, it should anticipate ethical and conflict of interest problems to the extent possible. This is where developing the code involves a creative imagination to anticipate the problems, and an ability to design practical standards and solutions for the problems.
The code of ethics is also an opportunity for additional communication of the bank's commitment to nondiscrimination - in the workplace and in the offering of bank products and services. Using the code of ethics as a vehicle can reinforce the message of policies, procedures, and other training. The code of ethics makes a more profound statement about the identity and values of the bank and the people who work in it.
Sue Walters, VP & Manager of Compliance at Bank of America, led BofA's code of ethics development.
She shared her process for developing and implementing the code with the students at ABA's National Graduate School of Compliance Management.
Step 1: Determine who is accountable for the code of ethics. Someone is - or should be - responsible for maintaining the code. Find out who that is.
At BofA, Walters found that responsibility for the code rested in the Human Resources Department. The head of Human Resources wanted an updated and friendlier code. By agreeing to take on the redevelopment of the code, the compliance department got their finger in the mix, putting them in a position to ensure quality. Even more important, their involvement won the early support of the all-important Human Resources Department.
Step 2: Build consensus. The code needs support throughout the bank. It particularly needs support from the top down. The needed support won't be there unless the code is founded on consensus.
Building consensus is done by effective communication, involvement of affected parties, and giving everyone input. Sometimes it involves letting one or more parties air their concerns which can be tedious and time-consuming. However, consensus is essential for the success of the code. In fact, consensus is important to almost any compliance policy or procedure.
Step 3: Create awareness. Once the code is established, it must be circulated. It is not enough to simply have new employees sign a statement that they have received it and read it. Compliance managers already know how well that works from all those consumer disclosures in the file.
Creating awareness means more work. It means regular reminders that the code exists and about its contents. Use your internal newsletters often. Include questions and answers on the code. This should be relatively easy - problems come up all the time. Also be sure to circulate a bulletin from the bank's CEO at least annually. This helps reinforce the message that management supports the code.
Step 4: Documentation. Require employees to sign an acknowledgment that they have read the code of ethics and understand it. Ideally, employees should be asked to renew this statement each year. Some human resources staff get concerned about whether these annual assurances send a negative message to employees. At a minimum, require new employees to sign the statement. Then use renewal statements for any change in structure or content of the code.
Step 5: Training. You can handle training using a variety of formats. With ethics, it is a good idea to mix and match your training and communication techniques. You will have to conduct formal training and keep records of this for your examiner. Be sure to include ethics training for all new bank employees. You can also use employee bulletins or simply memos to staff. Find ways to send the message in other contexts. For example, discussions of RESPA could include a mention of the ethics - just to lend perspective and also serve as a reminder.
As a part of your maintenance and monitoring, communicate regularly with managers in every part of the bank. Ask what questions or concerns have come up and how they were resolved. Then consider whether these should be recycled into the code itself.
Step 6: Document exceptions. Whenever the code is not followed, including situations that are individually approved by designated management, the nature of the situation and the reasons for allowing it should be included in the files.
You should have a procedure for documenting any such activity before the employee undertakes it. You should also have a list of who can approve an exception. This list may be specific to the type of exception involved. For example, sitting on board of a for-profit company should be approved by top management while moonlighting in a store could be approved by a line manager.
Step 7: Monitor compliance. One way to monitor compliance is to conduct an annual survey. If your bank is large, sample your employees. If the bank is small, you can do your survey of all employees. Walters now administers this survey over the bank's website. She asks employees to respond to questions about policy, using specific fact situations or occurrences. The situational questions test how someone would apply the code of ethics to the situation. They can't simply quote back from the code.
In addition to the survey, review everything that is reported under the code. Make sure that all reports are properly resolved and closed out.
Step 8: Enforcement. The code is no good unless it is enforced. It is also important that any enforcement is even-handed. Nothing circulates through the office grapevine faster than ethical problems and inconsistencies in how management may treat the offender. Your code, no matter how well developed, will be no better than its enforcement. Management must be behind it - all the way.
Step 9: Regularly review and update your bank's code of ethics. Review your code whenever there is a change in management. Also, if you are getting a lot of questions about ethics, it may indicate a need to revisit the code and see if it needs updating or clarification.
Copyright © 1998 Compliance Action. Originally appeared in Compliance Action, Vol. 3, No. 10, 7/98
- Find out about your bank's code of ethics? Is it current? Who is responsible?
- If an office other than compliance maintains the code of ethics, is the responsibility effective?
- Are there ways the compliance department could help?
- Review the code of ethics to evaluate whether it is current. If not, set in motion the process for updating it.
- Check the training calendar and files to be sure that training is offered to new employees and that regular training or updates are provided for all employees.
- Review how the code is managed and monitored. If you find weaknesses, study the nine steps above and take action!
[an error occurred while processing this directive]