Skip to content
BOK Financial

Governance: Systemic Risk Management

“Be known for unwavering integrity” is a core value of BOK Financial and is central to how we mitigate and manage risk.

Risk Management Program

The company’s Chief Risk Officer is responsible for enterprise-wide risk management, information security and ensuring the company’s compliance with government regulations.

Annually, the Executive Leadership Team defines a strategic plan and establishes growth priorities that are consistent with the company’s purpose, values, core competencies and risk appetite. The strategic plan is cascaded to all employees and business units, and functional and employee goals are managed to the overall strategic plan.

Every employee is accountable for speaking up and escalating concerns to management regarding compliance with regulation, policy, proscribed process or ethical standards. In addition, the Risk Committee of the Board of Directors meets regularly with key risk management personnel and the Audit Committee receives regular reports from the company’s independent auditor.

Our efforts and programs help support the United Nations Sustainable Development Goals.

Business Continuity Program

To minimize the impact of a potential outage or interruption of business operations on our clients, BOK Financial’s Business Continuity Management Program sets recovery priorities, maintains recovery plans, regularly exercises recovery capabilities and provides awareness and training. The business continuity policy, standards and procedures incorporate elements of the ISO 22301 international business continuity management standard.

The company’s Emergency Operations Center (EOC) coordinates response, recovery and resumption for any crisis. With oversight from the company’s Chief Risk Officer, the EOC is modeled after the FEMA Incident Command System and encompasses multiple departments to provide the most efficient response possible.

The company’s business impact analysis (BIA) prioritizes recovery of business functions for both recovery time objectives (RTO) and recovery point objectives (RPO). Business processes are evaluated to determine interdependencies between departments, applications, vendors and services. Using an “all hazards” approach, processes are evaluated against five impact risk areas: reputational, financial, legal/regulatory, client experience and workforce impact.

Business and disaster recovery plans undergo regular exercises to validate the response strategies and strengthen the plan execution and documentation. The frequency and complexity of these exercises are based on the criticality of business functions and technology.

The Director of Business Continuity reports to the Chief Risk Officer, and the Risk Committee of the Board of Directors maintains oversight of the business continuity program. Management, recovery team members and stakeholders routinely undergo training on the business continuity program.

G-SIB Score and Capital Planning

SASB: FN-CB-550a 1 and FN-CB-550a.2

BOK Financial is not a globally or domestically systemically important bank, and is not subject to a mandatory and publicly disclosed capital stress testing regime.

The company does have a capital planning process which includes internal capital stress testing and multiple layers of governance. The Risk Committee of the Board of Directors has oversight responsibility for capital planning and capital adequacy, including stress testing. Management committee responsibility includes the Capital Committee and the Asset Liability Committee. The Chief Financial Officer and the Treasurer have responsibility for the management of capital planning and incorporating results into long-term corporate strategy. Capital planning and stress testing are subject to regulatory examination by our prudential regulatory agencies.

Incorporation of Environmental, Social and Governance Factors in Credit Analysis

SASB: FN-CB-410a.1

The company actively manages credit risk by maintaining a diverse portfolio. Detailed information on credit exposure is available in the company’s 10-K.



The company’s 10-K reviews a wide array of company performance factors, including any monetary losses as a result of legal proceedings associated with fraud, insider trading, anti-trust, anti-competitive behavior, market manipulation, malpractice, or other related financial industry laws or regulations.

Our Commitment to ESG

For more than 100 years, we’ve focused on making sure that families and businesses have a trusted, secure source of financial expertise. We’ve been committed to making our communities a better place to live and work. And, we’ve been an employer that values diversity, promotes inclusion and fosters career growth for all of our team members.

Governance: Board Oversight
Governance: Business Ethics
Governance: Customers
Governance: Responsible Investing

Our ESG Commitment