Governance: Board Oversight and Business Ethics
As a financial services company, we recognize that we’re in a unique position of trust. That’s why unwavering integrity goes beyond a core value to simply being a part of how we evaluate everything we do. Our governance structure, prudent policies and active engagement with our employees underscore our commitment to always acting in the best interest of our clients, employees, communities and shareholders.
The company’s Board of Directors is a diverse group of strong leaders with executive experience that aligns with our organization’s business strategy. Brief biographies for our board members and senior management can be found on “Our Leadership” section of our investor relations website.
The board oversees the company’s overall strategic and reputational risks and regularly reviews the company’s credit, liquidity and operations, as well as the risks associated with each. Committees of the board focus on specific areas, including:
- Audit Committee: accounting and financial reporting, internal controls, and whistleblower complaints; also responsible for reviewing the company’s Environmental, Social and Governance Review.
- Credit Committee: credit and lending strategies and objectives.
- Risk Committee: risk management strategies, policies and practices that identify, assess, monitor and manage risk.
- Compensation Committee: compensation policies, programs and incentives.
Standards of Conduct
The Audit Committee of the Board of Directors annually reviews and approves the company’s Standards of Conduct on which employees are annually trained and attest to. Each member of the Board of Directors takes an annual Oath of Office prescribed by the Office of the Comptroller of the Currency (OCC) and is bound by the company’s Code of Ethics.
The company’s annual proxy statement identifies responsibilities of board committees.
The company’s 10-K reviews a wide array of company performance factors, including any monetary losses as a result of legal proceedings associated with fraud, insider trading, anti-trust, anti-competitive behavior, market manipulation, malpractice, or other related financial industry laws or regulations.
We provide annual training for all employees on our Standards of Conduct, compliance management requirements, BSA/AML (Bank Secrecy Act/Anti-Money Laundering) processes, physical security, risk culture and internal controls, risk reporting and awareness, and information security awareness.
The Board of Directors is also required to adhere to the company’s Code of Ethics in satisfaction of Section 406 of the Sarbanes-Oxley Act of 2002, the NASDAQ listing requirements and related regulations. As a national bank, each member of BOK Financial’s Board of Directors affirms their commitment to uphold the organization’s standards in its annual Oath of Office.
BOK Financial’s Chief Compliance Officer oversees the enterprise compliance program and reports to the Chief Risk Officer. The compliance program includes policies and procedures, annual training requirements, monitoring and testing, annual risk assessments and a complaint management program.
Compliance staff actively monitor line of business activities and governance to determine compliance with applicable regulatory requirements. Monitoring processes identify, track, and report issues discovered in the lines of business through formal risk assessments. Monitoring results and risk assessments inform the scope of testing performed by Corporate Compliance Management and Internal Audit.
The company’s Whistleblower Policy enables anyone to report any suspected illegal or unethical activity without fear of retaliation. The company’s Risk Reporting Hotline is managed by an independent third party and allows 24/7 reporting of concerns about anything that may violate our Standards of Conduct or Code of Ethics. Upon notice of a potential Code of Ethics violation, the Chief Auditor, Chief Risk Officer and Chairman of the Audit Committee are responsible for reporting the matter to the Office of the General Counsel. BOK Financial prohibits intimidation or retaliation against anyone who raises an issue in good faith or assists with an investigation.
BOK Financial is committed to detecting and reporting persons engaged in suspicious activity related to financial crimes and fraud. The company complies with all Anti-Money Laundering (AML), Bank Secrecy Act (BSA), OFAC (Office of Foreign Assets Control) and USA PATRIOT Act regulations and aids in providing intelligence to local and federal authorities of activity indicative of a crime. BOK Financial’s written BSA/AML Policy and Program addresses the ever-changing strategies of money launderers and terrorists who attempt to gain access to the U.S. financial system through the following pillars of an effective BSA/AML program:
- A board-appointed BSA Compliance Officer – The BSA Compliance Officer coordinates and monitors all aspects of the BSA/AML compliance program and its implementing regulations. The BSA Compliance Officer reports to the company’s Chief Risk Officer.
- A system of internal controls — BOK Financial maintains a strong system of internal controls that has been designed to prevent money laundering and terrorist financing, detect and report potentially suspicious transactions, assess risk in an ongoing manner, and monitor customers and transactions for OFAC sanctions.
- Independent testing — Annual independent testing evaluates the effectiveness of the BSA/AML program.
- Training — BOK Financial provides BSA/AML training to all employees on an annual basis. Training is targeted for specific jobs and covers BSA/AML, OFAC, and USA PATRIOT Act regulations and expectations.
BOK Financial recognizes the importance of protecting our customers and our communities. We monitor and report instances of suspected human trafficking, elder abuse, proliferation financing, corruption, terrorism, transnational criminal organization activity, drug trafficking, terrorist financing, fraud, and other illicit financial crimes.
The security and privacy risk landscape is constantly changing, and in order to adapt, cyber resiliency is key. We continually invest in our people, process and technology by securing:
- Clients – utilizing multi-factor logins, mobile security protection and online fraud detection as well as providing cybersecurity awareness.
- Our workforce – conducting awareness campaigns throughout the year to ensure all employees and contractors understand their responsibilities for protecting and securing data.
- Computing environments – implementing best in class cybersecurity technologies and practices whether in the cloud, in our data centers or with our third-party providers.