The typical Code of Conduct is usually deadly boring. Twenty pages of single-spaced Times New Roman, 12 point, one-inch margins. No wonder no one reads it.
Yes, a code of conduct has long been required for public companies. The bank examiner expects you to have one. Maybe, once a year, senior officers sign off on it, and they may even have a vague idea of what it contains. Conflict of interest, right? Something about confidentiality too, perhaps?
Yet it is a critical part of the bank's compliance program.
|Properly put together, your code can be an effective tool for influencing the bank's culture; inspiring and motivating employees; and guiding decision making to mitigate risk.||Board's role in
codes of conduct
Marian addresses the key role of directors and trustees in the process of devising and maintaining codes of conduct in the article in the large yellow box that follows this one.
If you have not updated your code of conduct in the last two years, I suggest you take the opportunity to give it a whole new look, cut out the legalese, and refocus the content on your current risk priorities.
Of course, that will be just the first step in putting some life into the code of conduct.
Keeping it alive will require additional effort.
1. Statement from the CEO. Tone from the top does matter. This statement may be the first--and in larger organizations--the only direct communication employees have from the CEO. Make it count. Include a photograph.
2. Values statement. It's worth devoting a board or senior officer retreat to the exercise of identifying the bank's core values. State them in the code, and at every other appropriate opportunity: the employee handbook, posters in the break room, and on the website. In staff meetings, articulate the link between objectives, policies, and procedures and these core values.
3. Risk-based rules. Identify the ethics and compliance priorities for your organization, and concentrate on them. Is it Gramm-Leach-Bliley issues around confidentiality of financial information? Is it conflict of interest concerns about lending to insiders? It probably isn't the Foreign Corrupt Practices Act, or consumer product safety, so you don't need to cover those issues.
4. The sniff test. If it doesn't feel right, it probably isn't. Your code should empower employees to recognize for themselves when they or others are close to crossing an ethical line, and encourage them to seek guidance.
5. Avoid legalese and define your terms. Not everyone knows what "antitrust" or "insider trading" means. Explain with real-life examples. Write in simple declarative sentences. A sixth grader should be able to read and understand your code.
6. Use learning tools such as scenarios, FAQs, and embedded quizzes. Studies show comprehension is increased by varying the font and format, and using color and graphics. If you don't have the budget for outsourcing design and printing, see what you can achieve with your own desktop publishing software.
7. Scope: Make clear to whom the code applies. All employees, certainly. The board? Contractors? Vendors and suppliers? Some parts of your code, for example, provisions about harassment, may apply to a wider population than just employees.
8. Reporting misconduct. The code must contain ample directions on all the options available for reporting misconduct: the telephone hotline (consider adding web reporting for those Millennials who prefer not to use their smartphone for talking); Human Resources; any member of management; and board members.
9. No retaliation! The bank's commitment to protecting whistleblowers from any form of retaliation for speaking up about perceived misconduct should be up front and in bold. It must be reinforced with management training. Make sure managers understand that failure to prevent retaliation will also not be tolerated. Retaliation is the basis for the most EEOC claims in fiscal 2011. Penalties for companies found to have retaliated under Sarbanes-Oxley and Dodd-Frank are severe, even if the underlying report of misconduct is found to be groundless.
10. An opportunity for branding. What is your bank's particular culture? Perhaps the bank has a special heritage, or serves a unique community. Rather than just a list of "thou shalt nots," the code can inspire and motivate employees positively if it reflects the bank's unique brand.
I hope I've inspired you to update your code of conduct. Now, I want to go back to the beginning and suggest how to get it done.
• Get the board engaged. After all, if bad employee behavior hits the headlines or attracts regulators' attention, the board will own the problem.
• Don't try to go it alone. Pull together a cross-functional team to draft and implement the code. IT needs to be represented, as well as key operational areas. If your branches are geographically dispersed, make sure you get input from them as well.
• Establish a budget, a cadence for meetings, and a timeline for launch. The budget needs to cover ongoing training and tracking as well as the initial rollout.
• Draft, review, redraft. Have fresh eyes (outside counsel, perhaps) take a look. Give the board a preview.
• Plan the timing of the rollout. So that it doesn't conflict with other business events.
A code that sits unread on the shelf is worse than useless--it sends a message that such things needn't be taken seriously.
Instead of being ignored, your code must be reinforced constantly.
It is impossible to over-communicate about your code of conduct.
Communication does not always mean training in the traditional classroom sense.
Think about messages tailored to the time of year. For example, we're heading towards the holidays now. How about a timely reminder about the bank's gift policy?
Encourage two-way communication: discussion groups to give feedback on the relevance of scenarios included in the code. Don't overlook the power of a distilled message on a poster or wallet card.
The key to success often lies with mid-level managers and supervisors. Explain why it is important that they discuss the code with their reports and refer to it as a guide in decision-making.
Above all, make sure they understand the no retaliation policy, and the penalties for violating it.
Brief the Board quarterly to maintain its members' support.
I've written in this space before about building an ethical culture: going beyond mere legal compliance to "that's just the way we do things here."
Your Code of Conduct , while it is an essential compliance tool, can get the bank to that next level.
|THE BOARD'S ROLE IN CODES OF CONDUCT
Whether your bank is a public or private corporation, the board's role in overseeing its compliance program is pivotal, and the centerpiece of the compliance program is--or should be--the code of conduct. The cross-functional team responsible for drafting or revising the code should report to the board at frequent intervals, and the board should sign off on the final version before it is rolled out.
|Don't overlook the fact that the board is also subject to the code, so periodic board training after roll-out is also essential. A brief quarterly report and a longer annual report to the board should cover all the metrics: trainings carried out, reports of violations, and outcomes of investigations, etc.
The board's role actually consists of multiple roles, in the code of conduct area. Some examples:
• Anticipating issues: confidentiality, conflict of interest, and harassment are essential topics to cover. New on the horizon: guidance on communications about the bank, especially through social media, and political contributions. While the bank encourages employees to participate in the democratic process, they must make clear that their views and their contributions are their own, not the bank's.
• Wake-up call: CEOs behaving badly. It is impossible in today's world to keep an executive suite scandal quiet. Even if the conduct that hits the headlines (Twitter, Facebook) is not illegal, it has a devastating effect on the bank's reputation. The board's close oversight of ethical standards is the most effective way to address reputation risk.
• After the crisis--best case scenario: The recent Foreign Corrupt Practices Act case of US v. Peterson is a grand advertisement for top-to-bottom implementation of an effective code of conduct. Morgan Stanley was exempted from any liability for the bribes offered by its "rogue employee" Peterson because it was able to demonstrate that it had appropriate policies in place and they had been thoroughly communicated throughout the bank.
Accountability: Sarbanes-Oxley, Dodd-Frank and all the associated regulations constitute complex and far-reaching legislation with a unifying theme: good corporate governance depends on transparency and accountability. The board bears the ultimate responsibility for ensuring these standards are met. The code of conduct is the board's primary tool in getting the job done.