Corporate scandals and failures exemplify the need for comprehensive insider policies, including a code of ethics and sound business practices. A corporate culture of ethical and honest behavior, as well as effective board oversight and management supervision, is a bank’s primary defense against insider abuse and fraud. Comprehensive insider policies will help establish this culture by setting a standard of behavior for all insiders. A bank’s board and management must take the lead in demonstrating ethical behavior of the highest order and protecting the bank from conflicts of interest. Such a "tone at the top" emphasizes personal integrity and accountability while acknowledging the importance of an effective control environment. Board members and other insiders should conduct business with the bank according to an established governance structure that recognizes and observes all of the requirements set forth in the bank’s insider policies. Moreover, adherence to these policies should facilitate compliance with all legal and internal requirements for insider relationships.
The policies should focus on the activities of controlling shareholders, directors, officers, and employees at all levels of the bank. They should apply to the bank’s interaction with all affiliated parties. Once policies are developed and approved by the board, the board and management should ensure that the policies are communicated throughout the bank. The bank should also have a process to monitor compliance with those policies.
The insider policies and principles should:
Include a code of ethics that requires the disclosure of actual or potential conflicts of interest. [1]
Identify all insider "related interests," as that term is defined in Regulation O.
Require identification of material interests insiders have in the business of any borrower, applicant, other bank customer, vendor, or supplier.
Include guidelines for insider lending and other transactions, including fees or commissions received from the bank.
Require that transactions with insiders be at arm’s length.
Require the prompt reporting of insider securities transactions [2] .
Prohibit the use of insider information in securities transactions.
Specify the circumstances and conditions under which the bank will make its facilities, real or personal property (e.g., airplanes, cars), or personnel available for insiders’ use.
Specify restrictions on the acceptance of gifts, bequests, or other items of value (e.g., an exchange of "favors," payment for services, etc.) from customers or other persons doing or seeking to do business with the bank.
Require bank employees to report improper or unethical behavior to appropriate parties (bank management, board, auditors, etc.) and to report suspicious activity in accordance with the bank’s suspicious activity report (SAR) policy.
Specify the consequences of breaches of fiduciary duty and unethical conduct.
Include guidelines for reporting all insider and insider related transactions to the board of directors or a committee thereof.
Include recordkeeping requirements established by federal or state law.
The amount of detail in the written insider policies should correspond to the volume and nature of the insider activities the board is willing to accept, and to any applicable legal requirements. The written policies should be sufficiently detailed to enable all affected individuals to fully understand the nature and extent of their responsibilities under the policies. For example, if a bank’s policy prohibits all loans to, and any transactions with, insiders, the written policy needs to clearly state that prohibition. If the policy permits loans to, or other transactions with, insiders, the written policy should identify the types of loans and transactions authorized, dollar or other limits, and the approval processes to be followed.
Management should provide all insiders with copies of the bank’s written policies and any subsequent changes to these policies. Each insider should sign an acknowledgment that they have received the written policies and code of ethics, any subsequent change to the policies, and an agreement to comply with the policies. It is management’s responsibility to maintain a file of these signed acknowledgements at the bank.
To foster compliance with laws, regulations, and insider policies, the bank should develop training and awareness programs covering insider issues. The bank should consider establishing communication channels outside the normal chain of command through which insiders can seek advice on questions about the insider policies, conflicts of interest, or similar concerns. If such support is readily available, insiders are more likely to seek guidance. Management should monitor questions and responses to ensure that answers and interpretations are consistent and conform to bank policy and applicable legal requirements. Educational and training opportunities may be available from local, state, and national trade associations.
1.