Our business practices

Governance

Building and maintaining trust for our clients, employees and shareholders is at the heart of governance at Bank of America. Delivering responsible growth requires an experienced, independent board of directors, skilled management, and clear and effective governance practices.

Learn more about our corporate governance on our Investor relations page and in our 2017 Proxy Statement. Additionally, see more about our approach to governance on environmental activities.

Board of Directors

Our 14-member Board of Directors brings a vital independent perspective based on their experience in different organizations and different industries in both the public and private sectors.

Among other things, the Board of Directors is responsible for overseeing that our values and culture of ethical conduct remains a sustained priority. Learn more about our Board and its committees in our 2017 Proxy Statement.

Director independence

While the New York Stock Exchange listing standards require a majority of our directors to be independent, our Corporate Governance Guidelines go even further and require a substantial majority of our directors to be independent. Learn more about Board independence in our 2017 Proxy Statement.

Global ESG committee

Our Environmental, Social and Governance (ESG) approach is fully-integrated into each of our eight lines of business, helping to deliver increased shareholder value while ensuring we are taking ESG factors into account as we make the decisions that drive our business.

Our ESG Committee, led by Vice Chairman Anne Finucane, is comprised of senior leaders from each line of business and support function who lead the focus within their business. The Committee meets quarterly to identify and discuss issues central to our ESG focus — including our human capital management practices, products and service offerings, and investments in creating a sustainable global economy. The Committee also helps to set and monitor the company’s goals in these areas, and reports regularly on the progress to the Board and our investors, as well as to the public through our annual ESG reporting on our website.

We also provide regional ESG oversight through ESG committees in EMEA, and Latin America that focus on region-specific issues and chaired by in-region leaders.

Environmental and Social Risk Policy Framework

In 2016, the committee oversaw the development and launch of the Environmental and Social Risk Policy Framework, which articulates how we approach environmental and social risks across our business, as well as outlines the environmental and social issues most relevant to us. We recognize the impact they can have on our communities, customers, clients, vendors, employees and company, and take our role in managing those risks very seriously.

To learn more about how we manage environmental and social risks visit our Environmental and Social Risk Policy Framework page.

In 2016, the ESG Committee provided guidance on:

  • Joining U.N. Global Compact
  • Submitting first year data for UN - PRI
  • Strengthening ESG-related investor communication
  • Development and launch of Environmental and Social Risk Policy Framework
  • Launched EMEA ESG Committee modeled after Global ESG Committee
  • Adding eight new partners to Catalytic Finance Initiative – bringing total commitment to $8B by nine institutions
  • Issued third corporate green bond (for $1B); #1 underwriter for green bonds in 2016, recognized for the third consecutive year (Bloomberg New Energy Finance) Development and announcement of new environmental operation goals, including becoming carbon neutral and purchasing 100% renewable electricity by 2020
  • Launch of Supplier Sustainability and Diversity Working Group
  • Launch of Affordable Loan Solution and Community Bank Initiative
  • Expanding parental leave from 12 to 16 weeks in U.S.
  • Conducting research on ESG factors and their ability to predict business outcomes and published BAML ESG: good companies can make good stocks

In 2016, these efforts resulted in recognition of the importance of this work, including:

  • Named one of Top 50 Companies Changing the World by Fortune
  • Named as ‘Best Bank for Diversity’ by Euromoney Magazine
  • Listed again on DJSI North America and World Indices; improved MSCI to BB and Sustainalytics to 92nd percentile

Also, BofA Merrill Lynch’s Global Research team chose to conduct research for clients that examines the role of ESG factors in evaluating investments. The report “ESG: Good Companies make Good Stocks” was issued in December and expected to be the first in a series of reports on the topic of ESG.

Key governance topics

Executive compensation
We have a longstanding commitment of aligning executive compensation to performance. We recognize the importance of determining compensation based on a full range of factors that drive short- and long term performance of a company, including those related to ESG.

Our compensation philosophy ties our executive officers’ pay to company, line of business and individual performance over the short and long terms. Our executive compensation program provides a mix of salary, incentives, and benefits paid over time that we believe aligns executive officer and stockholder interests. Each year, our Compensation and Benefits Committee reviews our executive officers’ performance using a balanced and disciplined approach to determine their base salaries and variable compensation awards. In addition to assessing our financial results and the contributions of executives to overall company and line of business performance, Compensation and Benefits Committee evaluates our progress in delivering on our five operating principles and contributions towards driving our strong risk culture and responsible growth strategy. This includes putting our customers at the center of our decision-making, creating a great environment in which to work, and driving a culture of managing risk well. We continually evaluate our compensation policies and practices in light of ongoing developments, regulations, and best practices.

The key features of our executive compensation program can be found in our 2017 Proxy Statement, including the specific compensation practices we have implemented to drive sustainable results, encourage executive retention, and align executive and stockholder interests. In addition, we also identify certain pay practices we have not implemented because we believe they do not serve our risk management goals or stockholders’ long-term interests.

Information security and privacy policies
We’re committed to keeping client personal and financial information protected and secure through responsible information collection, processing, and use practices. As part of that effort, we have comprehensive global information security and privacy programs led by the Bank’s Chief Information Security Officer and Chief Privacy Officer.

We demonstrate our commitment and accountability to protecting information by implementing information security and privacy policies and programs. These policies and programs align with external criteria and incorporate senior management and board of director level oversight, including regular status updates to our board of directors on our information security and privacy programs. In addition, the bank is subject to ongoing regulatory oversight and examination related to information security and privacy, and an independent Corporate Audit function conducts examinations of our lines of business to ensure compliance with standards and applicable legal requirements.

Bank of America also partners closely with industry associations such as the American Bankers Association, the Financial Services Roundtable, the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Center for Information Policy Leadership, and the Future of Privacy Forum to develop global solutions for privacy and the responsible use of data as well as to identify, prevent and protect against industry or bank targeted cyber events. We are one of eight banks that came together to proactively identify ways to enhance the cybersecurity resilience of the U.S. financial system. The Financial Systemic Analysis & Resilience Center (FSARC) was an outcome of that effort and the bank continues to play a leading role in its evolution.

In addition, Bank of America has aligned its information security controls to the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework). The bank incorporated the NIST Cybersecurity Framework into its annual Policy management cycle and has designed and implemented internal risk-based frameworks that align with NIST. Understanding the constantly evolving nature of data protection, we continuously monitor for emerging risks and dedicate significant resources to help ensure clients’ information is protected. We proactively look for ways to build stronger defenses, ensure every step of our technology design process takes cyber risks into consideration and integrate layers of security into everything we do. During the last three years, to our knowledge, we have not experienced any material losses or other material consequences relating to technology failure, cyber attacks, or other information or security breaches.

Our Code of Conduct and privacy and security standards and procedures require confidential treatment of client information consistent with applicable laws and regulations and reinforce our commitment to the responsible processing of personal data. Individuals who access bank computer systems and information are required to complete annual information protection and privacy training, and employees in privacy sensitive roles receive additional training specific to their position. Annual training is supplemented with additional educational content that reinforces desired employee behaviors, creates a heightened level of accountability, and acknowledges good behavior. Vendors are also regularly assessed to ensure they have appropriate security and privacy controls.

The bank maintains an Enterprise Privacy Office, led by our Chief Privacy Officer, and a Global Information Security organization, led by our Chief Information Security Officer.

The Chief Privacy Officer oversees the effectiveness and implementation of the privacy program in business processes across the company ensuring adequate governance and oversight is in place; changes to applicable laws and regulations and recognized best practices are accounted for; standards and policies are maintained; employee training is developed and administered; and that Bank of America routinely monitors, assesses and measures business operations to ensure that processes and privacy management practices are compliant and in line with our standards.

The Chief Information Security Officer (CISO) develops and executes an enterprise-wide information security strategy that helps protect Bank of America and its clients’ information, complying with applicable legal and regulatory standards. As part of this role, the CISO manages the development, implementation, and maintenance of the information security infrastructure; oversees the protection of Bank of America’s computer-based assets by providing monitoring, detection, analysis, event handling, and containment of security incidents; monitors information security trends internally and externally; and informs senior leadership about information security-related issues and activities affecting the organization.

In accordance with applicable laws globally, the bank provides clients with Privacy Notices that clearly explain our information collection, sharing, and use practices. Clients can also access privacy notices and additional information about privacy and information security online through our privacy and security web pages. For all but credit card and certain affinity products, we do not share sensitive and/or personal information with unaffiliated third parties unless regulations allow it, such as with a vendor that performs a service on our behalf. Credit card and affinity clients can still exercise control over and limit the sharing of their personal information with a third party outside a statutory exception.

While we do share information between our affiliated companies for our everyday business purposes, clients are offered an opportunity to limit other types of affiliate sharing and/or use. The bank also makes it easy for clients to limit certain types of marketing. Clients can opt out of telemarketing, email, and direct mail marketing, and we provide training to employees on these options and how to guide clients through the process.

Finally, we constantly advance our technology and maintain physical, electronic and procedural safeguards to protect against unauthorized access to client information. This includes providing clients with new security tools that help protect them.

  • Secure technology: Our fraud prevention and security systems help protect clients with encryption technology and secure email communications. We are a recognized leader in fraud and identity safety, with strong performance in fraud prevention, detection, and resolution, based on industry assessments by Javelin.
  • Debit cards: Our Total Security Protection® package provides defense against theft, loss or fraudulent use when accessing a checking or savings account with a debit card. In addition, bank clients are able to lock and unlock their Consumer and Small Business ATM/debit cards through self-service options in mobile and online banking.
  • Social Security Number Policy: Our Social Security Number Policy protects the confidentiality of Social Security numbers, prohibits unlawful disclosure of Social Security numbers and limits access to Social Security numbers.
  • Identity theft assistance: Our Identity Theft Assistance Center offers resources to help with identity theft recovery, prevention, and education. Our Online and Mobile Banking Security Guarantee covers Bank of America accounts, the security of customer and client information, and the time spent processing payments.
  • Secure access to accounts: Our Security Center offers clients mobile and online banking tools to securely manage their finances, including options for signing into and monitoring activity on their accounts. Clients can manage their digital banking security settings in one place, and can opt in for an extra security feature at sign-in that helps verify the client’s identity with a one-time authorization code sent via text or email each time they sign in.

Tax strategy and reporting
Bank of America employs rigorous tax governance and risk management routines across the enterprise to ensure that we comply with all applicable tax laws and regulations. The bank files income tax returns in more than 100 state and non-U.S. jurisdictions each year. The IRS and other tax authorities in countries and states in which the company has significant business operations examine tax returns periodically (continuously in some jurisdictions).

Internationally, we adhere to the UK Code of Practice on Taxation for Banks. Most of our global business is conducted in locally regulated entities, such that intercompany interaction is subject to regulatory driven arms’-length standards, in addition to the U.S. tax authority’s overarching arms’-length standard.

While not an exhaustive list, some of the internal routines in place to ensure we comply with tax laws and regulations are Corporate Tax Department Risk Management Forum; Tax Shelter Reporting, List Maintenance, and Disclosure Policies relevant for principal activities and advisory activities; participation in the UK Code of Practice on Taxation for Banks; policies allowing for escalation of any matter to Reputational Risk Forums; Tax personnel participation in various forums throughout the enterprise, including Finance escalation routines and business New Product Review Forums; oversight that can include inquiry into tax practices and risks by various regulators globally; and various Control frameworks, including Sarbanes-Oxley and oversight by our Compliance, Corporate Audit, and Risk functions.

We provide financial information by region in Note 26 of our 2015 10-K. Included in this disclosure are assets, revenue, income (loss) before taxes, and net income (loss). In addition, many of our subsidiaries in the UK and other countries prepare “statutory accounts,” which consist of financial statements and footnotes that are publicly available in the UK and many other countries. Our 10-K disclosures provide a public explanation as to why our global effective tax rate may differ from the U.S. statutory tax rate. Also, some of the above-mentioned statutory reports contain tax footnotes that reconcile the subsidiaries’ effective tax rates to the relevant statutory tax rates. In addition, we regularly provide information to help investors forecast the company’s tax expense. This includes effective tax rate guidance on earnings calls and information in SEC filings, such as drivers of tax risks and drivers of deferred tax asset carrying values. Please see the 2016 10-K for complete information on the topic.

Bank of America advocates for tax reform legislation in the U.S. that simplifies our tax laws, encourages economic growth, and helps American companies compete in today’s global economy. Bank of America communicates with policymakers both independently and as part of the Alliance for Competitive Taxation (actontaxreform.com), a group of more than 40 U.S. companies that supports lowering the corporate rate, broadening the tax base, and establishing a modern competitive tax system that aligns with the rest of the world. We are encouraged that a bipartisan consensus is emerging on Capitol Hill that tax reform is urgently needed.

Stakeholder engagement

At all times, we’re listening to and engaging with a diverse set of stakeholders who are interested in or directly affected by our company’s business. As part of our stakeholder engagement process, including our shareholder engagement, we listen to the feedback of our constituents to help inform our decisions. Through continual debate and dialogue with all of these groups, we are positioned to make better informed, more balanced decisions. We do this through a variety of ongoing engagement and activity, including through our Market President network and our National Community Advisory Council (NCAC).

Market Presidents
Each of our local markets is led by a Market President. The Market President’s role is to work with our different lines of business within the company, sometimes with individual employees, to deliver the full capabilities of our company to our clients and help them achieve their financial goals. They work to make sure our clients have a positive and consistent experience with Bank of America, regardless of how they do business with us.

The Market President also leads our teams as they partner with local organizations to help strengthen our communities. They guide our efforts to be a responsible corporate citizen, whether through our day-to-day business activities, our employee volunteer programs, or our philanthropic support for organizations that make a positive impact.

Our market presidents are committed to working with the public, private and nonprofit sectors to improve neighborhoods through volunteerism, financial support of local charitable organizations and other efforts.

As part of their local leadership role, Market President regularly interact with local influencers, including civic leaders and policy makers, to solicit their feedback and engage on important issues in the community.

National Community Advisory Council
Our National Community Advisory Council (NCAC) is a prime example of how we engage with external stakeholders to gain different perspectives and ideas to help drive solutions. Formed in 2005, the NCAC brings us external input to the business and societal challenges of the day. A diverse group of U.S. nonprofit leaders and economists comprise the council from the areas of civil rights, consumer advocacy, community development, and environment and sustainability. While initially charged with providing guidance on our community development lending practices and investment activities, the NCAC’s purview has expanded to include all environment and social issues, especially those that Bank of America effects as a business and employer. In 2016, we witnessed significant social upheaval: civil strife, protest and loss of life in cities around the world. These issues touch each of us at home and at work, and the NCAC members have been invaluable in sharing their perspective and engaging in dialogue with us to work through and how we can help our communities move forward.

The council meets semiannually to address ways to improve our environmental business initiatives, the evolution of our responsible business practices and our approach to governance, helping to build stronger communities and more stable economies. As examples of its work, the NCAC is credited with advising us on the development of our SafeBalance Banking® and Affordable Loan Solution™ mortgage product, as well as the launch of our Better Money Habits™ financial education partnership with Khan Academy and our customer transparency around fees.

Members of the NCAC include:

  • Aeris
  • Brookings Institution
  • Beaulac Associates, LLC
  • CATO Institute
  • CDC Small Business Finance
  • Center for Financial Services Innovation
  • Ceres
  • Chicago Community Loan Fund
  • Consumer Federation of America
  • Clean Air Task Force
  • C2ES
  • Enterprise Community Partners, Inc.
  • Greenlining Institute
  • Harvard Kennedy School’s Corporate Social Responsibility Initiative
  • The Leadership Conference on Human Rights
  • Local Initiatives Support Corporation (LISC)
  • Low Income Investment Fund
  • National Association for the Advancement of Colored People
  • National Coalition for Asian Pacific American Community Development
  • National Community Reinvestment Coalition
  • National Council of La Raza
  • National Foundation for Credit Counseling
  • The National Urban League
  • Nature Conservancy
  • NeighborWorks
  • Opportunity Finance Network
  • The Pew Charitable Trusts
  • Self-Help Venture Funds
  • Urban Institute
  • U.S. Green Building Council
  • World Resources Institute

Open Location
Open How we're involved