Building the Board’s Ethical Backbone

An ethical foundation is vital to a healthy, successful financial institution, and it starts with the board of directors.

“Ethics is something that you carry with you every day,” says Samuel Combs III, CEO of the management consulting firm COMSTAR Advisors and the governance committee chair at $2.7 billion First Fidelity Bancorp, based in Oklahoma City. “It begins with the leadership team, of course, [and] boards.”

As a guiding principle for the organization, a code of ethics provides a pathway to govern. And the rise of environmental, social and governance (ESG) initiatives, with their emphasis on customers, employees and communities, puts additional pressure on corporate behaviors. While a bank’s regulators require a certain level of ethical standards, some organizations have taken the lead in driving an ethical approach to banking to garner consumer trust. The board should be at the forefront of these discussions, yet, incorporating an ethical approach to banking does not come with a paint-by-numbers guide. Instead, it’s driven by management, and shaped by the questions and insights boards can bring to the conversation.

Organizations often go wrong with their ethical duty not on the personal level, but due to a systemic breach, says Steve Williams, the president and co-founder of Cornerstone Advisors. “When people get caught up in something, it’s seen as normal when it shouldn’t be,” he adds. “Systemic pressure, that can happen in any place; you have to believe it can happen here, in order to protect against it.”

Board members have a limited opportunity to peer into the day-to-day of the organization and understand how it’s operating from an ethical standpoint. Combs advises directors to look for “signals,” and ask questions about the gray areas of finance and the business’s success.

“To mutually arrive at a standard, the board must set the expectations,” says Combs. “It’s up to the management to live up to those standards.”

When financial reports are produced, if results prove far better than expected or end up very true to estimates quarter after quarter, it’s important to inquire as to how the bank achieved the numbers. It doesn’t mean something has gone awry, but you should ask to ensure liberal accounting tools or untoward sales practices are not being used. Another sign? Maybe there’s a sense that employees’ engagement has dropped significantly. Boards must seek to answer why. It requires asking further questions about sales processes, deposit efforts and the management of the institution. “It’s a signal that you should look further,” adds Combs.

This doesn’t mean that the board needs a separate ethics committee to manage this process. “I believe it should be engrained in all committees,” says Williams. Ethics should be the backbone for all deliberations in the audit, governance, compensation, risk and other committees of the board, informing how members analyze, question and provide guidance.

This thread should also trickle down to how the board makes decisions and evaluates performance. Reevaluating the code of ethics, whistleblower policies and other internal documents should be conducted once a year, and should be done with some “degree of visibility,” says Williams.

What Should a Code of Ethics Address?

Sources: Office of the Comptroller of the Currency, Federal Deposit Insurance Corp.

  • Prohibitions and monitoring relative to conflicts of interest, insider activities and self-dealing
  • Confidentiality of bank, customer and employee information
  • Maintaining accurate and reliable records
  • Compliance with applicable laws and regulations
  • Fair dealing, including the use of privileged information and misrepresentation of facts
  • Protection and use of bank assets
  • Expectations that employees, executives and directors deal honestly with the bank’s auditors, regulators and legal counsel
  • Screening the backgrounds of potential employees
  • Whistleblower policy, which allows employees to safely report concerns about bank practices
  • Periodic ethics training
  • Updating ethics policies to reflect new business activities
  • Consequences that could occur if executives, employees or directors breach the code of ethics or otherwise participate illegal behaviors Process.”

When looking at these documents, hold them up to the board’s actions and performance. How did the board make decisions, based on the code of ethics? When tough issues arose, did the board make the easy decision or take a tougher route that was more in line with the code of ethics? Did the board, in its decision making, represent the bank’s core values? Consider incorporating these questions into the board’s performance evaluation. You may not have a perfect score, but regularly revisiting the board’s deliberating process will ensure that living to the bank’s values becomes second nature, says Williams.

Failing to have this ethical background can lead to a significant backlash against the company, both from a legal perspective as well as harm to its reputation. The board at Wells Fargo & Co., for instance, received significant criticism for not questioning gray areas in its results and sales processes, which led to more than $3.7 billion in fines levied by the Consumer Financial Protection Bureau. Damage to its culture and reputation promises to be longer lasting.

An emphasis on ethics should also be found in how the board evaluates management, and how management evaluates the rank-and-file. Williams says it should even bleed into how a director may compliment an executive on a social site like LinkedIn. Has the director complimented the manager based on reaching some sales target? Or does the compliment reflect that the person lived up to the ethical core of the organization? It’s often telling when ethics isn’t emphasized in what directors publicly acknowledge.

That said, it’s important for potential directors to consider avoiding certain opportunities, even if the challenge of reshaping a poorly run organization may be an initial draw. Combs says he once considered joining the board of a non-bank entity that had some questionable ethics, which had become public. At the time, he felt he could have the opportunity to change what the organization would look like moving forward.

However, he eventually passed on the role because he wouldn’t have the levers to make change from the board position. “If you like a challenge, it’s fun to do the work,” says Combs. “You have to know [the organization] is willing to do the hard work.”

The same diligence and decision making must occur when the board is presented with possibilities, some that could improve the bank’s bottom line but would be counter to the institution’s ethical framework. It’s in those moments where the decisions made by the board could determine whether the bank experiences an ethical failure down the line.

Sometimes the right decision will be the hard one, even if the easy one is technically legal.

“Regulatory compliance does not cover all our needs for ethics,” says Williams. “Be much broader and active in that reflection.”

Banks Enter a New Era of Corporate Morality

Are we entering a new era of morality in banking?

Heavily regulated at the state and federal level, banks have always been subjected to greater scrutiny than most other companies and are expected to pursue fair and ethical business practices — mandates that have been codified in laws such as the Community Reinvestment Act and various fair lending statutes.

The industry has always had a more expansive stakeholder perspective where shareholders are just one member of a broad constituency that also includes customers and communities.

Now a growing number of banks are taking ethical behavior one step further through voluntary adoption of formal environmental, social and governance (ESG) programs that target objectives well beyond simply making money for their owners. Issues that typically fall within an ESG framework include climate change, waste and pollution, employee relations, racial equity, executive compensation and board diversity.

“It’s a holistic approach that asks, ‘What is it that our stakeholders are looking for and how can we – through the values of our organization – deliver on that,” says Brandon Koeser, a financial services senior analyst at the consulting firm RSM.

Koeser spoke to Bank Director Editor-at-Large Jack Milligan in advance of a Sunday breakout session at Bank Director’s Acquire or Be Acquired Conference. The conference runs Jan. 30 to Feb. 1, 2022, at the JW Marriott Desert Ridge Resort and Spa in Phoenix.

The pressure to focus more intently on various ESG issues is coming from various quarters. Some institutional investors have already put pressure on very large banks to adopt formal programs and to document their activities. Koeser says many younger employees “want to see a lot more alignment with their beliefs and interests.” And consumers and even borrowers are “beginning to ask questions … of their banking partners [about] what they’re doing to promote social responsibility or healthy environmental practices,” he says.

Koeser recalls having a conversation last year with the senior executives of a $1 billion privately held bank who said one of their large borrowers “came to them and asked what they were doing to promote sustainable business practices. This organization was all about sustainability and being environmentally conscious and it wanted to make sure that its key partners shared those same values.”

Although the federal banking regulators have yet to weigh in with a specific set of ESG requirements, that could change under the more socially progressive administration of President Joe Biden. “One thing the regulators are trying to figure out is when a [bank] takes an ESG strategy and publicizes it, how do they ensure that there’s comparability so that investors and other stakeholders are able to make the appropriate decision based on what they’re reading,” he says.

There are currently several key vacancies at the bank regulatory agencies. Biden has the opportunity to appoint a new Comptroller of the Currency, a new chairman at Federal Deposit Insurance Corp. and a new vice chair for supervision at the Federal Reserve Board. “There’s a unique opportunity for some new [ESG] policy to be set,” says Koeser. “I wouldn’t be surprised if we see in the next two to three years, some formality around that.”

Koeser says he does sometimes encounter resistance to an ESG agenda from some banks that don’t see the value, particularly the environmental piece. “A lot of banks will just kind of say, ‘Well, I’m not a consumer products company. I don’t have a manufacturing division. I’m not in the transportation business. What is the environmental component to me?’” he says. But in his discussions with senior executive and directors, Koeser tries to focus on the broad theme of ESG and not just one letter in the acronym. “That brings down the level of skepticism and allows the opportunity to engage in discussions around the totality of this shift to an ESG focus,” he says. “I haven’t been run out of a boardroom talking about ESG.”

Koeser believes there is a systemic process that banks can use to get started on an ESG program. The first step is to identify a champion who will lead the effort. Next, it’s important to research what is happening in the banking industry and with your banking peers and competitors. Public company filings, media organizations such as Bank Director magazine and company websites are all good places to look. “There’s a wealth of information out there to start researching and understanding what’s happening around us,” Koeser says.

A third step in the formation process is education. “The [program] champion should start presenting to the board on what they’re finding,” Koeser says. Then comes a self-assessment where the leadership team and board compare the bank’s current state in regards to ESG to the industry and other institutions it competes with. The final step is to begin formulating an ESG strategy and building out a program.

Koeser believes that many banks are probably closer to having the building blocks of an effective ESG program than they think. “It’s really just a matter of time before ESG will become something that you’ll need to focus on,” he says. “And if you’re already promoting a lot of really good things on your website, like donating to local charities, volunteering and supporting your communities, there’s a way to formalize that and begin this process sooner rather than later.”

Questions to Ask About Internal Fraud: A Bank Director’s Guide

internal-fraud-12-7-15.pngAmong the many threats to shareholder value that bank directors must address, the risk of internal fraud is among the most challenging. Virtually all bank directors recognize their obligation to actively oversee the way the bank monitors its employees to mitigate the risk of fraud, but most directors also understand the need to avoid micromanaging day-to-day operations.

Treading the fine line between oversight and overstepping can be difficult. Often it means learning to ask the right questions of the right people, particularly of the bank’s senior management team.

Because every bank’s risk profile is unique, no single list of questions can fit every institution. Nevertheless, it is possible to outline some broad principles and useful questions within three general areas of strategic, board-level concern.

Corporate Governance
Major corporate governance elements related to internal fraud comprise management and oversight of the organization including the bank’s published code of conduct, written ethics policy, fraud policies and procedures, and loss reporting practices. Board members should exercise direct and active oversight of these components and be prepared to ask management a broad range of questions, including:

  • How frequently are our code of conduct and ethics policies reviewed and updated?
  • In addition to introducing our ethics policies during new employee training, how else—and how often—are these policies communicated and reinforced?
  • How are fraud losses identified, tracked and reported to the board? Are board members and executives regularly briefed on current fraud issues and trends by the appropriate managers?
  • Are employees able to report suspicious behavior outside the day-to-day management structure, or are they able to report it only through their immediate superiors?
  • Has the bank established a whistleblower hotline that allows employees to report suspected fraud anonymously?
  • How is hotline activity measured and tracked? How is the program’s effectiveness measured and evaluated?
  • How often is the whistleblower hotline publicized and reinforced in regular employee communications?

The Control Environment
The next broad area of board concern, the control environment, addresses the various tools, processes, and other components that implement the fraud policies prescribed by corporate governance. Issues of strategic-level concern in this area tend to revolve around training, accountability, and equitable treatment, as well as the effectiveness, efficiency and reliability of fraud reporting practices. Useful control environment questions for board members to ask include:

  • How is fraud awareness training being provided throughout the organization? Is awareness training tailored to each line of business?
  • Beyond awareness, do employees receive training on ethics, fair service and honest dealing?
  • Are employees being trained on specific anti-fraud practices and controls? Once trained, are they held accountable?
  • Are fraud policies implemented and enforced consistently and fairly? Are senior-level or revenue-producing personnel subject to the same enforcement as junior or administrative staff members?
  • Are anti-fraud controls consistently monitored and tested as part of the internal audit function?
  • Do employees know how to report fraud?

Incident Management and Response
The board of directors has primary responsibility for seeing that there is a defined structure and process for responding to fraud-related incidents and issues, including clearly defined roles and responsibilities. It is important that incident response protocols are applied consistently across the institution, rather than allowing each line of business to pursue its own course. To carry out this responsibility, directors should be prepared to ask questions such as:

  • Is there a high-level, organization-wide policy regarding incident management? Does it set forth adequate protocols including all relevant legal, reporting and regulatory requirements? Is the policy regularly reviewed and updated?
  • Who is the designated management-level employee with the authority to manage and administer fraud investigations and responses?
  • Has management taken adequate steps to support this employee with an appropriate team involving legal, human resources, internal audit, information technology and other departments?
  • Is there adequate oversight to allow fraud inquiries to proceed without interference from the affected lines of business?
  • Does the board receive regular briefings on material issues of fraud or fraud management?
  • How does the organization learn and evolve based on industry events and previous large incidents of fraud?

The scope of a director’s responsibility extends far beyond these three general areas alone, but starting with these broad topics can help board members maintain their focus at the strategic level while still posing challenging questions. In addition to establishing the appropriate “tone from the top,” such questions can help guide the management team toward more active and effective management of internal fraud risk.