Our business practices

Risk management

A culture of managing risk well

Managing risk well is foundational to our purpose and values – and to delivering responsible growth. It contributes to the strength and sustainability of our company for the future, and it supports the work we do today to serve our clients, communities, shareholders and employees. This relies on the intellectual curiosity and sound judgment of every employee across the company. When each employee takes ownership of risk management, we can deliver on our purpose to make financial lives better through the power of every connection.

Throughout the year, employees receive coaching on their performance and opportunities for development. Over the last few years, we have enhanced the training and development we provide to not only help employees achieve their own professional goals, but also help them be more effective at managing risk well. In 2018, our employees logged nearly 10 million training hours, taking advantage of thousands of courses offered through our employee learning curriculum. Courses span our business practices, regulatory matters, and risk management. We continued to enhance our enterprise Risk Framework training in 2018, which was delivered to over 290,000 employees and contractors, to help reinforce our culture of managing risk well and ensure learners better understand their role in managing risk.

We are committed to the highest principles of ethical and professional conduct and, as part of our ongoing work to drive responsible growth, we have defined our approach to managing conduct across the company to ensure effective conduct risk management. All employees are required to complete annual training on our Code of Conduct, which outlines business practices and professional and personal conduct that everyone is expected to follow. The Code of Conduct, which is grounded in our values, guides how we meet our responsibilities and manage risk for clients, shareholders, and each other.

Our Ethics and Compliance (E&C) Hotline, established in 2004, enables and encourages employees who witness unethical activities to report them in a confidential manner.

We will not retaliate, and we prohibit employees from retaliating, against any employee who in good faith reports suspected unethical conduct or violations of laws, regulations, or company policies. We will not terminate employment, demote, or otherwise discriminate against an employee for calling attention to suspected unethical acts, including providing information related to an investigation. Allegations of retaliation are investigated, and anyone found responsible for retaliating against an employee who reported to the E&C Hotline is subject to disciplinary action, up to and including termination of employment and possible legal action. Each E&C Hotline complaint is assigned to an internal group who is responsible for determining the appropriate course of action and resolving the reported issue. Our Ethics Oversight Committee and Board of Directors are regularly updated regarding whistleblower-related matters and Code of Conduct violations.

Risk Management Sub-section: Environmental and Social Risk Policy Framework

At Bank of America, our purpose is to make financial lives better for those we serve through the power of every connection we can make for them. That focus has guided us over the past several years to make our company simpler, more straightforward, stronger and better.

As part of delivering on that purpose to customers and clients, we understand the importance of managing risk well and are committed to responsible, sustainable growth through fair, ethical and responsible business practices. Strong risk management – including of environmental and social risk – is an important part of our values, our operating principles, and our Code of Conduct.

Our Environmental and Social Risk Policy Framework articulates how we approach environmental and social risks across our business, as well as outlines the environmental and social issues most relevant to us. We recognize the impact they can have on our communities, clients, vendors, employees and company, and take our role in managing those risks very seriously. Our Environmental and Social Risk Policy Framework provides clarity and transparency on our approach to environmental and social risks, including how we identify, measure, monitor and control these risks as part of our company’s risk framework.

This commitment is underscored by Bank of America’s governance of environmental and social issues. Our Global Environmental, Social and Governance Committee – which is accountable to the Chairman and Chief Executive Officer and provides regular reports to the Board of Directors – includes leaders from across our company who help identify, raise and oversee the bank’s response to emerging environmental, social and governance risks and opportunities. The Environment and Social Risk Policy Framework is reviewed and approved by this Committee at least every two years or more frequently as material issues develop.

To learn more about how Bank of America manages environmental and social risks or to view a specific issue area, read the Environmental and Social Risk Policy Framework.

To learn more about our broader corporate Environmental, Social and Governance (ESG) initiatives, please read our 2019 Annual Report.

Open Location
Open How we're involved