Safeguarding Confidential Information
In accordance with the Gramm-Leach-Bliley Act (GLBA) of 1999, financial institutions are required to have administrative, technical and physical safeguards for sensitive customer information. Sensitive information collected by the institution must not be used or disclosed for any reason other than the intended purpose and must be protected from misuse that could result in identity theft.
Ensuring the Integrity of Records
Records and accounting information must be accurate and maintained with reliability and integrity. Transactions must be reflected in an accurate and timely manner. Policies should prohibit false entries and activities that result in false entries.
Providing Strong Internal Controls Over Assets
Employees, officers and directors must comply with all internal control procedures established by the institution for the safeguarding of assets and proper reporting and disclosure of financial information.
Providing Candor in Dealing with Auditors, Examiners and Legal Counsel
All employees, officers and directors should be required to respond honestly and candidly when dealing with the bank's independent and internal auditors, regulators and attorneys.
Avoiding Self-dealings and Acceptance of Gifts or Favors
Policies prohibiting self-dealing should properly address director, officer, employee, customer and supplier relationship issues and should provide guidelines that include the provisions of the Federal Bank Bribery law.
An institution's corporate code of conduct or ethics policy should prohibit any employee, officer, director, agent or attorney of any bank from:
- soliciting for themselves or for a third party (other than the bank itself) anything of value from anyone in return for any business, service or confidential information of the bank, and
- accepting anything of value (other than bona fide salary, wages and fees referred to in 18 U.S.C. 215(c)) from anyone in connection with the business of the bank, either before or after a transaction is discussed or consummated.
Refer to the Statement of Policy, "Guidelines for Compliance with the Federal Bank Bribery Law," dated December 31, 1987, p. 5289.
Observing Applicable Laws
The board of directors should ensure that bank management is cognizant of all applicable laws and regulations. Further, the board should make certain that compliance with all laws and regulations receives a high priority and that violations are not knowingly committed by bank employees. Management should consider including the following regulations in policies, when applicable:
- Section 18(k) of the Federal Deposit Insurance Act (FDI Act)– "Authority to Regulate or Prohibit Certain Forms of Benefits to Institution-Affiliated Parties"
- Part 359 of the FDIC Rules and Regulations – "Golden Parachutes and Indemnification Payments"
- Section 39(c) of the FDI Act – "Compensation Standards"
- Section 32 of the FDI Act – "Agency Disapproval of Directors and Senior Executive Officers of Insured Depository Institutions or Depository Institution Holding Companies"
- Section 19 of the FDI Act – "Penalty for Unauthorized Participation by Convicted Individual"
- Part 349 of the FDIC Rules and Regulations – "Reports and Public Disclosure of Indebtedness of Executive Officers and Principal Shareholders to a State Nonmember Bank and its Correspondent Banks"
- Sections 22(g) and 22(h) of the Federal Reserve Act – "Loans to Executive Officers of Banks and Extensions of Credit to Executive Officers, Directors, and Principal Shareholders of Member Banks"
- The Federal Reserve Board's Regulation O – "Loans to Executive Officers, Directors, and Principal Shareholders of Member Banks"
- Section 337.3 of the FDIC Rules and Regulations – "Limits on Extensions of Credit to Executive Officers, Directors, and Principal Shareholders of Insured Nonmember Banks"
- Part 348 of the FDIC Rules and Regulations – "Management Official Interlocks"
- Section 7(j) of the FDI Act and the Change in Bank Control Act of 1978
- Section 737 of the Gramm-Leach-Bliley Act – "Bank Officers and Directors as Officers and Director of Public Utilities"
- Section 8(e) of the FDI Act – "Removal and Prohibition Authority "
- Section 8(g) of the FDI Act – "Felony Charge Involving Dishonesty or Breach of Trust as Cause for Suspension, Removal, or Prohibition"
Implementing Appropriate Background Checks
Financial institutions should develop a risk-focused approach in determining when pre-employment background screening is considered appropriate or when the level of screening should be increased based upon the position and responsibilities. In addition, institutions should verify that contractors are subject to screening procedures similar to those used by the financial institution. Refer to FIL-46-2005, dated June 1, 2005: "Guidance on Developing an Effective Pre-Employment Background Screening Process."
Involving Internal Auditor in Monitoring Corporate Code of Conduct or Ethics Policy
Internal controls against self-serving practices and conflicts of interest should be monitored with an effective audit program to identify operational weaknesses and to ensure corrective action and compliance with laws, regulations and internal policies.
Providing a Mechanism to Report Questionable Activity
Establishing a hotline is one mechanism available to report questionable activity. For maximum effectiveness of the hotline, institutions should advertise and market the hotline's existence to employees, suppliers, third-party service providers and customers. Refer to FIL-80-2005, dated August 16, 2005: "Guidance on Implementing a Fraud Hotline."
Outlining Penalties for a Breach of the Corporate Code of Conduct or Ethics Policy
Compliance with the policies should be monitored. Any violators should be subject to specific and appropriate actions to deter wrongdoing and promote accountability for adherence to the corporate code of conduct or ethics policy.
Providing Periodic Training and Acknowledgement of Policy
Management should ensure information in the corporate code of conduct or ethics policy is relayed to staff in periodic training. Training will provide staff with resources when questions arise.
Periodically Updating Policies to Reflect New Business Activities
Institutions should update policies frequently to encompass new business activities.