New FDIC guidance stresses banks’ ethics policies
The Federal Deposit Insurance Corp. recently issued guidance to regulated financial institutions emphasizing the importance of an effective internal corporate code of conduct or ethics policy to promote fair and ethical actions that are a fundamental basis to good business practices.
In FIL-105-2005, “Corporate Codes of Conduct – Guidance on Implementing An Effective Ethics Program,” the FDIC is expressly reminding boards of directors and trustees of the importance of written standards to promote honest and ethical conduct, and compliance with applicable laws and regulations, by all individuals involved with an institution.
The FDIC’s guidance provides a “checklist” of issues that should be addressed in such a code or policy in order to provide clear guidelines to affected persons on acceptable and unacceptable business practices. The guidance recommends that such a policy apply to and be acknowledged in writing by the entire organization, including subsidiaries, and all employees, officers, directors and agents.
Training and compliance monitoring should be integral parts of the code or policy, the FDIC says, and violators should be subject to specific and appropriate actions to deter wrongdoing, compel accountability and promote adherence to the code or policy.
Codes of conduct may take the form of separate statements of ethical principals or standards of behavior for affected persons, supplemented with attachments or by cross-references to relevant policies or procedures designed to help individuals make ethical business decisions in a specific situation.
Every bank should review all of the elements contained in this guidance to ensure that the code or policy addresses the material elements set forth and that the bank’s implementation procedures are structured to best ensure compliance:
• In accordance with the Gramm-Leach-Bliley Act of 1999, financial institutions are required to have administrative, technical and physical safeguards to protect sensitive customer information.
• Internal accounting information and customer records must be accurate and maintained with reliability and integrity. Transactions must be reflected in an accurate and timely manner.
• All affected persons must comply with the internal control procedures established by the institution for the safeguarding of assets and proper reporting and disclosure of financial information.
• All officers, directors and employees should be required to respond honestly and candidly when dealing with internal auditors, independent auditors, regulators and attorneys.
• Financial institutions should adopt guidelines that include the provisions of the Federal Bank Bribery Law and, among other things, prohibit self-dealing and conflicts of interest among directors, officers, employees, customers and suppliers to the financial institution.
• The board should ensure that bank management and relevant employees are aware of all applicable laws and regulations, including those that relate to such persons’ relationships with the bank, including indebtedness to bank and correspondents, management interlocks, “golden parachutes” and related matters.
• Financial institutions are encouraged to develop a risk-based approach in determining when pre-employment background screening is appropriate and the level of screening or review based upon the position and responsibilities of the subject employee.
• The financial institution should create an effective audit program to monitor the operation of internal controls against self-dealing, conflict of interests and other violations of the code of conduct, identify weaknesses and ensure corrective action is taken.
• The FDIC suggests that a financial institution consider establishing a hotline or other avenues to allow employees, suppliers, third-party service providers and customers to report questionable activity to the financial institution or instances where the code is not being followed, and to have their concerns addressed in a confidential manner.
• The code should contain specific and appropriate consequences that would serve to deter wrongdoing and unacceptable business practices, and promote accountability amongst employees and others to the code.
• The code should contain internal requirements for training of staff, the allocation of internal resources to this area, and for the acknowledgment of the code or policy by all affected persons.
• The code should contain internal provisions for periodic review to determine its ongoing viability and applicability. Provisions also should be made for the addition of new sections of the code when circumstances arise, and the re-acknowledgment of the code following any material revision.
Attorney Denis J. Maloney, a shareholder director of the Concord law firm Gallagher, Callahan & Gartrell, represents clients on corporate, securities and banking matters. Susan Nelson LeDuc, a regulatory specialist for the firm, works as a consultant to banks and financial services companies.