I. INTRODUCTION
The Federal Deposit Insurance Corporation (FDIC) has re-emphasized the importance of a corporate code of conduct. An ethics policy will inform an institution’s directors, officers, employees and agents regarding acceptable and unacceptable business practices.
Corporate governance has received a great deal of attention lately. Appropriate tone-at-the top and a consistent message that those who serve the institution do so with fairness, honesty and integrity are acknowledged as necessary corporate governance practices. A code of conduct can institutionalize these practices. Policies on expected behavior, including prohibitions on conflicts of interest, should be established and communicated throughout the organization.
II. COMPONENTS OF ETHICS POLICY
The FDIC identified the issues set forth below that should be covered by an institution’s ethics policy.
A. Safeguarding Confidential Information
All parties who serve the institution should understand and enforce the data security requirements of the Gramm-Leach-Bliley Act. The institution should have administrative, technical and physical safeguards for sensitive customer information and ensure that the information is not used or disclosed other than for its intended purpose and protected from misuse that could result in identity theft.
B. Ensuring the Integrity of Records
Records and accounting information must be accurate and maintained in a way that ensures reliability and integrity. Policies should prohibit false entries or activities that could lead to false entries.
C. Maintaining Strong Internal Controls Over Assets
Directors, officers, and employees must comply with internal control procedures for safeguarding assets and the proper reporting and disclosure of financial information.
D. Being Candid in Dealing with Auditors, Examiners, and Legal Counsel
Policies should require that directors, officers, and employees deal honestly and candidly with the bank’s external and internal auditors, regulators, and attorneys.
E. Avoiding Conflicts and Acceptance of Gifts or Favors
Guidelines and policies to ensure compliance with the federal bank bribery law (18 U.S. C. 215) should be in place. Directors, officers, employees, agents, and attorneys for the institution should be prohibited from soliciting funds or items of value in return for business, services, or confidential information of the institution and from accepting anything of value from anyone in connection with bank business.
F. Complying with Laws and Regulations
Policies should require that all who serve the institution comply with applicable laws and regulations. Mechanisms should be established to monitor compliance and take action when necessary to correct transgressions. Regulations that management should consider including and policies, when applicable, may be found by going to www.fdic.gov and searching for "Corporate Codes of Conduct."
G. Implementing Appropriate Background Checks
Pre-employment background screening is appropriate in many situations. An institution should develop a risk-focused approach in determining when screening is appropriate or when the level of screening should be increased based on the position and responsibilities of those involved. Institutions should verify that third party contractors use screening procedures similar to those used by the institution when they hire employees.
H. Involving the Internal Auditor in Monitoring the Code
The internal auditor should monitor compliance with the code, identify operational weakness, and ensure corrective action is taken when necessary.
I. Providing a Mechanism to Report Questionable Activity
A hotline or some other whistle-blower type process can be used for the reporting of questionable activity. Employees, agents, customers and third-party servicers should be aware of methods to communicate problems.
J. Outlining Penalties for Code Breaches
Violations of the code should be subject to specific and appropriate corrective action. Institutionalized penalties deter wrongdoing and promote accountability for adherence to the code.
K. Communicating Code Requirement
Information in the code needs to be communicated throughout the institution. Some institutions require a regular written acknowledgement of the code by directors, officers and employees.
III. CONCLUSION
An institution’s code of conduct should be reviewed and updated periodically to ensure that it addresses all key issues, covers new business activities and adapts to changes at the institution.