Our business practices


Building and maintaining trust for our clients, employees and shareholders is at the heart of governance at Bank of America. Delivering responsible growth requires an experienced, independent board of directors, skilled management, and clear and effective governance practices.

Learn more about our corporate governance on our Investor Relations page and in our 2021 Proxy Statement. Additionally, see more about our approach to governance on environmental activities.

Board of Directors

Our 16-member Board of Directors brings a vital independent perspective based on their experience in different organizations and different industries in both the public and private sectors.

Among other things, the Board of Directors is responsible for overseeing the development and execution of our strategy. Learn more about our Board and its committees in our 2021 Proxy Statement.

Director independence

While the New York Stock Exchange listing standards require a majority of our directors to be independent, our Corporate Governance Guidelines go even further and require a substantial majority of our directors to be independent. Learn more about Board independence in our 2021 Proxy Statement.

Global ESG committee

Our Environmental, Social and Governance (ESG) approach is fully-integrated into our eight lines of business, helping to deliver increased shareholder value while ensuring we are taking ESG factors into account as we make the decisions that drive our business.

Our management-level Global ESG Committee, which is led by our Vice Chairman Anne Finucane, is comprised of senior executives from across the company who are actively engaged in managing our ESG approach and strengthening our ESG governance. The committee engages in dialogue and debate on social and environmental issues that are material to the business, including our human capital management practices, product and service offerings, and investments with the goal of creating a sustainable economy. The committee, which is accountable to the CEO, convenes six times a year and reports regularly to the Corporate Governance Committee.

We also provide regional ESG oversight through committees in Asia Pacific (APAC), Europe, Middle East and Africa (EMEA), and Latin America (LatAm) that focus on region-specific issues and are chaired by in-region leaders.

Environmental and Social Risk Policy Framework

In 2016, the committee oversaw the development and launch of the Environmental and Social Risk Policy Framework, which articulates how we approach environmental and social risks across our business, as well as outlines the environmental and social issues most relevant to us. We are also a signatory member of the United Nations Global Compact, where we participate in global efforts to promote and report sustainable and responsible policies and practices. Additionally, our Code of Conduct, along with our Vendor Code of Conduct, Human Rights Statement and Modern Slavery Act Statement, is grounded in our values and outlines our business practices and policies, as well as professional and personal conduct that all employees are expected to adopt and uphold.

We recognize the impact this work can have on our communities, customers, clients, vendors, employees and company, and take our role in managing those risks very seriously.

In 2018, the ESG Committee and their teams:

  • Deployed $21.5 billion in capital to support low-carbon, sustainable business activities through lending, investing, capital raising, advisory services and developing financial solutions for clients around the world, as part of our Environmental Business Commitment to deploy $125 billion by 2025. Since 2013, we have delivered nearly $105 billion towards this goal.
  • Issued our fourth and largest green bond for $2.25 billion in May 2018, becoming the first U.S. financial institution to issue four green bonds. According to the Environmental Finance green bond database, our company has been the leader in green bond underwriting globally since 2007.
  • Originated $200 million in loans as part of our $1.5 billion CDFI portfolio, which includes 255 CDFIs, also known as local loan centers. Also, we announced a $20 million Veteran Entrepreneur Lending Program to connect veteran business owners with affordable capital through participating CDFIs to help grow their businesses.
  • Launched the Blended Finance Catalyst Pool – a new financing initiative to provide $60 million in capital to support deals that would ordinarily fall outside the scope of our Risk Framework, but by which, through our participation, we can drive significant leverage and impact.
  • Advanced economic mobility in local communities around the world by deploying more than $200 million in philanthropic capital from the Bank of America Charitable Foundation.
  • Demonstrated our commitment to transparency and disclosure through our commitment to TCFD, integrated reporting, and improved ESG ratings.
  • Committed to hiring 10,000 individuals from low- and moderate-income neighborhoods in our Consumer and Small Business division, through our Pathways program, over the next five years.
  • 2018 marked the 15th year of our Neighborhood Builders® program, which advances nonprofit leaders addressing economic mobility and social progress in the communities we serve. We have invested more than $220 million in more than 1,000 nonprofits and provided leadership development to more than 2,000 nonprofit leaders.
  • We held a Global Ambassadors Program in Dublin, Ireland to support women entrepreneurs through mentoring and skills building. Partnering with Vital Voices, 18 programs have taken place since 2012, connecting 150 women mentees from more than 60 countries to share expertise in building their businesses.

In 2018, these efforts resulted in recognition of the importance of this work, including:

  • Ranked No. 1 financial services company and No. 3 overall on Fortune Magazine’s annual Change the World list
  • Named one of America’s most JUST Companies by Just Capital and Forbes
  • Named Euromoney’s World’s Best Bank for Diversity & Inclusion
  • Named Asia’s Best Environmental, Social and Governance (ESG) Bank for 2018 by The Asset magazine for three consecutive years
  • Recipient of the 2018 Momentum for Change award presented by the United Nations Climate Change Secretariat. Recognized for the bank’s leadership in the Catalytic Finance Initiative
  • CDP Climate A List for leadership in greenhouse gas emissions management and reporting
  • Ranked No. 2 on Fortune Magazine’s 50 Best Workplaces for Giving Back in 2018 list

Key governance topics

Executive compensation
We have a longstanding commitment of aligning executive compensation to performance. We recognize the importance of determining compensation based on a full range of factors that drive short- and long-term performance of a company, including those related to ESG.

Our compensation philosophy ties our executive officers’ pay to company, line of business and individual performance over the short and long terms. Our executive compensation program provides a mix of salary, incentives, and benefits paid over time that we believe aligns executive officer and stockholder interests. Each year, our Compensation and Benefits Committee reviews our executive officers’ performance using a balanced and disciplined approach to determine their base salaries and variable compensation awards. In addition to assessing our financial results and the contributions of executives to overall company and line of business performance, Compensation and Benefits Committee evaluates our progress in delivering on our five operating principles and contributions towards driving our strong risk culture and responsible growth strategy. This includes putting our customers at the center of our decision-making, creating a great environment in which to work, and driving a culture of managing risk well. We continually evaluate our compensation policies and practices in light of ongoing developments, regulations, and best practices.

The key features of our executive compensation program can be found in our 2021 Proxy Statement, including the specific compensation practices we have implemented to drive sustainable results, encourage executive retention, and align executive and stockholder interests. In addition, we also identify certain pay practices we have not implemented because we believe they do not serve our risk management goals or stockholders’ long-term interests.

Information security and privacy policies

We’re committed to keeping client personal and financial information protected and secure through responsible information collection, processing, and use practices. As part of that effort, we have comprehensive global information security and privacy programs led by our Chief Information Security Officer and Chief Privacy Officer.
We demonstrate our commitment and accountability to protecting information by implementing robust information security and privacy policies and programs. These policies and programs align with external criteria and incorporate senior management and board of director level oversight, including regular status updates to our board of directors on our information security and privacy programs. In addition, we are subject to ongoing regulatory oversight and examination related to information security and privacy, and an independent Corporate Audit function conducts examinations of our lines of business to ensure compliance with standards and applicable legal requirements.
Bank of America partners closely with industry associations such as the American Bankers Association, the Bank Policy Institute, the Securities Industry and Financial Markets Association (SIFMA), the Financial Services Information Sharing and Analysis Center (FS-ISAC), the National Cyber Forensics and Training Alliance (NCFTA), the Center for Information Policy Leadership, and the Future of Privacy Forum to develop global solutions for privacy and the responsible use of data as well as to identify, prevent and protect against industry or bank targeted cyber events. We are one of eight banks that came together to proactively identify ways to enhance the cybersecurity resilience of the U.S. financial system. The Financial Systemic Analysis & Resilience Center (FSARC) was an outcome of that effort and we continue to play a leading role in its evolution.
In addition, Bank of America has aligned its information security controls to the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework). We incorporated the NIST Cybersecurity Framework into our annual Policy management cycle and have designed and implemented internal risk-based frameworks that align with NIST. Understanding the constantly evolving nature of data protection, we continuously monitor for emerging risks and dedicate significant resources to help ensure clients’ information is protected. We proactively look for ways to build stronger defenses, ensure every step of our technology design process takes cyber risks into consideration and integrate layers of security into everything we do. During the last four years we have not experienced any material losses or other material consequences relating to technology failure, cyber-attacks, or other information or security breaches.
Our Code of Conduct and privacy and security standards and procedures require confidential treatment of client information consistent with applicable laws and regulations and reinforce our commitment to the responsible processing of personal data. Individuals who access bank computer systems and information are required to complete annual information protection and privacy training, and employees in privacy-sensitive roles receive additional training specific to their position. Annual training is supplemented with additional educational content that reinforces desired employee behaviors, creates a heightened level of accountability, and acknowledges good behavior. Vendors are also regularly assessed to ensure they maintain appropriate security and privacy controls.
Bank of America maintains an Enterprise Privacy Office, led by our Chief Privacy Officer, and a Global Information Security organization, led by our Chief Information Security Officer.
The Chief Privacy Officer oversees the effectiveness and implementation of the privacy program in business processes across the company ensuring adequate governance and oversight is in place; changes to applicable laws and regulations and recognized best practices are accounted for; standards and policies are maintained; employee training is developed and administered; and that Bank of America routinely monitors, assesses and measures business operations to ensure that processes and privacy management practices are compliant and in line with our standards.
The Chief Information Security Officer (CISO) develops and executes an enterprise-wide information security strategy that protects Bank of America’s and its clients’ information, complying with applicable legal and regulatory standards. As part of this role, the CISO manages the development, implementation, and maintenance of the information security infrastructure; oversees the protection of Bank of America’s computer-based assets by providing monitoring, detection, analysis, event handling, and containment of security incidents; monitors information security trends internally and externally; and informs senior leadership about information security-related issues and activities affecting the organization.
In accordance with applicable laws globally, the bank provides clients with privacy notices that clearly explain our information collection, sharing, and use practices. Clients can also access privacy notices and additional information about privacy and information security online through our privacy and security web pages. For all but credit card and certain affinity products, we do not share sensitive and/or personal information with unaffiliated third parties unless regulations allow it, such as with a vendor that performs a service on our behalf. Credit card and affinity clients can still exercise control over and limit the sharing of their personal information with a third party outside a statutory exception.
While we do share information between our affiliated companies for our everyday business purposes, clients are offered an opportunity to limit other types of affiliate sharing and/or use. The bank also makes it easy for clients to limit certain types of marketing. Clients can opt out of telemarketing, email, and direct mail marketing, and we provide training to employees on these options and how to guide clients through the process.
Finally, we constantly advance our technology and maintain physical, electronic and procedural safeguards to protect against unauthorized access to client information. This includes providing clients with new security tools that help protect them.

  • Secure technology: Our fraud prevention and security systems help protect clients with encryption technology and secure email communications. We are a recognized leader in fraud and identity safety, with strong performance in fraud prevention, detection, and resolution, based on industry assessments by Javelin.
  • Debit cards: Our Total Security Protection® package provides defense against theft, loss or fraudulent use when accessing a checking or savings account with a debit card. In addition, bank clients are able to lock and unlock their Consumer and Small Business ATM/debit cards through self-service options in mobile and online banking.
  • Social Security Number Policy: Our Social Security Number Policy protects the confidentiality of Social Security numbers, prohibits unlawful disclosure of Social Security numbers and limits access to Social Security numbers.
  • Identity theft assistance: Our Identity Theft Assistance Center offers resources to help with identity theft recovery, prevention, and education. Our Online and Mobile Banking Security Guarantee covers Bank of America accounts, the security of customer and client information, and the time spent processing payments.
  • Secure access to accounts: Our Security Center offers clients mobile and online banking tools to securely manage their finances, including options for signing into and monitoring activity on their accounts. Clients can manage their digital banking security settings in one place, and can opt in for an extra security feature at sign-in that helps verify the client’s identity with a one-time authorization code sent via text or email each time they sign in.

Tax strategy and reporting
Bank of America employs rigorous tax governance and risk management routines across the enterprise to ensure that we comply with the letter and spirit of all applicable tax laws and regulations. The bank files income tax returns in more than 100 state and non-U.S. jurisdictions each year. The IRS and other tax authorities in countries and states in which the company has significant business operations examine tax returns periodically (continuously in some jurisdictions).

Internationally, we adhere to the UK Code of Practice on Taxation for Banks. Most of our global business is conducted in locally regulated entities, such that intercompany interaction is subject to regulatory driven arms’-length standards, in addition to the U.S. tax authority’s overarching arms’-length standard.

While not an exhaustive list, some of the internal routines in place to ensure we comply with tax laws and regulations are Corporate Tax Department Risk Management Forum; Tax Shelter Reporting, List Maintenance, and Disclosure Policies relevant for principal activities and advisory activities; participation in the UK Code of Practice on Taxation for Banks; policies allowing for escalation of any matter to Reputational Risk Forums; Tax personnel participation in various forums throughout the enterprise, including Finance escalation routines and business New Product Review Forums; oversight that can include inquiry into tax practices and risks by various regulators globally; and various Control frameworks, including Sarbanes-Oxley and oversight by our Compliance, Corporate Audit, and Risk functions.

We provide financial information by region in Note 26 of our 2019 10-K. Included in this disclosure are assets, revenue, income (loss) before taxes, and net income (loss). In addition, many of our subsidiaries in the UK and other countries prepare “statutory accounts,” which consist of financial statements and footnotes that are publicly available in the UK and many other countries. Our 10-K disclosures provide a public explanation as to why our global effective tax rate may differ from the U.S. statutory tax rate. Also, some of the above-mentioned statutory reports contain tax footnotes that reconcile the subsidiaries’ effective tax rates to the relevant statutory tax rates. In addition, we regularly provide information to help investors forecast the company’s tax expense. This includes effective tax rate guidance on earnings calls and information in SEC filings, such as drivers of tax risks and drivers of deferred tax asset carrying values. Please see the 2019 10-K for complete information on the topic.

Bank of America advocates for tax laws that encourage economic growth and helps American companies compete in today’s global economy. Bank of America communicates with policymakers both independently and as part of the Alliance for Competitive Taxation (actontaxreform.com), a group of nearly 40 U.S. companies that has advocated for U.S. tax reform and is now engaged with the Treasury Department on implementation of the Tax Cuts and Jobs Act.

Stakeholder engagement

At all times, we’re listening to and engaging with a diverse set of stakeholders who are interested in or directly affected by our company’s business. As part of our stakeholder engagement process, including our shareholder engagement, we listen to the feedback of our constituents to help inform our decisions. Through continual debate and dialogue with all of these groups, we are positioned to make better informed, more balanced decisions. We do this through a variety of ongoing engagement and activity, including through our Market President network and our National Community Advisory Council (NCAC).

Market Presidents
Each of our local markets is led by a Market President. The Market President’s role is to work with our different lines of business within the company, sometimes with individual employees, to deliver the full capabilities of our company to our clients and help them achieve their financial goals. They work to make sure our clients have a positive and consistent experience with Bank of America, regardless of how they do business with us.

The Market President also leads our teams as they partner with local organizations to help strengthen our communities. They guide our efforts to be a responsible corporate citizen, whether through our day-to-day business activities, our employee volunteer programs, or our philanthropic support for organizations that make a positive impact.

Our market presidents are committed to working with the public, private and nonprofit sectors to improve neighborhoods through volunteerism, financial support of local charitable organizations and other efforts.

As part of their local leadership role, Market President regularly interact with local influencers, including civic leaders and policy makers, to solicit their feedback and engage on important issues in the community.

National Community Advisory Council

Formed in 2005, our National Community Advisory Council (NCAC) advises the bank on community development and consumer policy issues, with a concentration that includes a broad focus on environmental, social and governance (ESG) issues and performance, especially those that Bank of America effects as a business and employer. A diverse group of U.S. nonprofit leaders and economists comprise the council from the areas of civil rights, consumer advocacy, community development, and environment and sustainability. NCAC members are invaluable in sharing their perspective and engaging in routine dialogue with us to work through and how we can help our communities move forward.

The council meets semiannually to address ways to improve our environmental business initiatives, the evolution of our responsible business practices and our approach to governance, helping to build stronger communities and more stable economies. As examples of its work in 2018, the NCAC is credited with advising on Better Money Habits® resources, which as of 2018 are now available in Spanish; our workforce development program for Consumer & Small Business called Pathways, designed to help increase skills among individuals in LMI communities and connect them to sustainable career pathways; and how we engage with lower income customers around products like our Advantage Banking portfolio™.

Members of our NCAC include:

  • Brookings Institution
  • CDC Small Business Finance
  • Center for Financial Services Innovation
  • Center for Responsible Lending
  • Ceres
  • Chicago Community Loan Fund
  • Consumer Federation of America
  • Clean Air Task Force
  • Center for Climate and Energy Solutions (C2ES)
  • Enterprise Community Partners, Inc.
  • Greenlining Institute
  • Harvard Kennedy School’s Corporate Social Responsibility Initiative
  • Hoover Institute
  • Interfaith Center on Corporate Responsibility
  • The Leadership Conference on Civil and Human Rights
  • Liftfund
  • Local Initiatives Support Corporation (LISC)
  • National Association for the Advancement of Colored People (NAACP)
  • National Community Reinvestment Coalition
  • The National Urban League
  • Nature Conservancy
  • Opportunity Finance Network
  • The American Enterprise Institute
  • The Pew Charitable Trusts
  • Self-Help Venture Funds
  • UnidosUS
  • Urban Institute
  • U.S. Green Building Council
  • Wade Henderson LLC
  • World Resources Institute

Open Location
Open How we're involved