Our business practices


Building and maintaining trust for our clients, employees and shareholders is at the heart of governance at Bank of America. Delivering responsible growth requires an experienced, independent board of directors, skilled management, and clear and effective governance practices.

Learn more about our corporate governance on our Investor Relations page and in our 2018 Proxy Statement. Additionally, see more about our approach to governance on environmental activities.

Board of Directors

Our 15-member Board of Directors brings a vital independent perspective based on their experience in different organizations and different industries in both the public and private sectors.

Among other things, the Board of Directors is responsible for overseeing that our values and culture of ethical conduct remains a sustained priority. Learn more about our Board and its committees in our 2018 Proxy Statement.

Director independence

While the New York Stock Exchange listing standards require a majority of our directors to be independent, our Corporate Governance Guidelines go even further and require a substantial majority of our directors to be independent. Learn more about Board independence in our 2018 Proxy Statement.

Global ESG committee

Our Environmental, Social and Governance (ESG) approach is fully-integrated into each of our eight lines of business, helping to deliver increased shareholder value while ensuring we are taking ESG factors into account as we make the decisions that drive our business.

Our ESG Committee, led by Vice Chairman Anne Finucane, is comprised of senior leaders from each line of business and support function. The Committee meets quarterly to identify and discuss issues central to our ESG focus — including our human capital management practices, products and service offerings, and capital deployment strategy. The Committee also helps to set and monitor the company’s goals in these areas, and the chair of the committee reports regularly on the progress to the Board and our investors. We report on the work of the ESG Committee and their teams to the public through our annual ESG reporting on our website.

We also provide regional ESG oversight through committees in Asia Pacific (APAC), Europe, Middle East and Africa (EMEA), and Latin America (LatAm) that focus on region-specific issues and are chaired by in-region leaders.

Environmental and Social Risk Policy Framework

In 2016, the committee oversaw the development and launch of the Environmental and Social Risk Policy Framework, which articulates how we approach environmental and social risks across our business, as well as outlines the environmental and social issues most relevant to us. We recognize the impact they can have on our communities, customers, clients, vendors, employees and company, and take our role in managing those risks very seriously.

To learn more about how we manage environmental and social risks visit our Environmental and Social Risk Policy Framework page.

In 2017, the ESG Committee and their teams:

  • Provided counsel on the evolution the company’s ESG reporting practices and continued integration of ESG into shareholder materials, including the proxy and annual report
  • Added ESG metrics to the management team dashboards
  • Established a steering committee to address recommendations from the Task Force on Climate-Related Financial Disclosures (TCFD)
  • Created Supplier Diversity and Sustainability Working Group to strengthen and support the economic growth and development of the communities Bank of America serves by optimizing the use of diverse and small business suppliers. The working group evaluated existing supply chain practices and helped build processes for better sustainable vendor decisions in the future through actions like identifying vendors with high ESG risk and updating vendor engagement documents.
  • Conducted extensive external stakeholder review of the Environmental and Social Risk Policy Framework (ESRPF)
  • Provided ongoing support for the Sustainability Accounting Standards Board (SASB)
  • Continued to expand low-carbon and sustainable financing, which has allowed Bank of America Merrill Lynch to remain the number one underwriter of green bonds globally since 2007 and the leading provider of tax equity investment in solar and wind power since 2015
  • Introduced a socially responsible investment option into our employee 401(k) plans to provide our employees with the opportunity to align their financial goals with a desire to foster advancements in social, environmental, and governance practices
  • Adopted an extended bereavement policy to provide up to 20 days paid time off for the loss of a spouse/partner or child
  • Conducted additional research on ESG factors and their ability to predict business outcomes and published BAML ESG Part II: a deeper dive

    In 2017, these efforts resulted in recognition of the importance of this work, including:

    • Named as ‘World’s Best Bank for Corporate Responsibility by Euromoney Magazine; Recognized as Best ESG Bank in Asia by The Asset magazine
    • Listed again on DJSI North America and World Indices; maintained MSCI to BB and on the CDP “A” List
    • Industry leader in the “Banks” industry category among JUST Capital’s America’s Most JUST Companies
    • Included as one of the leading companies in the Bloomberg Gender-Equality Index, every year since its inception

      Key governance topics

      Executive compensation
      We have a longstanding commitment of aligning executive compensation to performance. We recognize the importance of determining compensation based on a full range of factors that drive short- and long term performance of a company, including those related to ESG.

      Our compensation philosophy ties our executive officers’ pay to company, line of business and individual performance over the short and long terms. Our executive compensation program provides a mix of salary, incentives, and benefits paid over time that we believe aligns executive officer and stockholder interests. Each year, our Compensation and Benefits Committee reviews our executive officers’ performance using a balanced and disciplined approach to determine their base salaries and variable compensation awards. In addition to assessing our financial results and the contributions of executives to overall company and line of business performance, Compensation and Benefits Committee evaluates our progress in delivering on our five operating principles and contributions towards driving our strong risk culture and responsible growth strategy. This includes putting our customers at the center of our decision-making, creating a great environment in which to work, and driving a culture of managing risk well. We continually evaluate our compensation policies and practices in light of ongoing developments, regulations, and best practices.

      The key features of our executive compensation program can be found in our 2018 Proxy Statement, including the specific compensation practices we have implemented to drive sustainable results, encourage executive retention, and align executive and stockholder interests. In addition, we also identify certain pay practices we have not implemented because we believe they do not serve our risk management goals or stockholders’ long-term interests.

      Information security and privacy policies
      We’re committed to keeping client personal and financial information protected and secure through responsible information collection, processing, and use practices. As part of that effort, we have comprehensive global information security and privacy programs led by the Bank’s Chief Information Security Officer and Chief Privacy Officer.

      We demonstrate our commitment and accountability to protecting information by implementing information security and privacy policies and programs. These policies and programs align with external criteria and incorporate senior management and board of director level oversight, including regular status updates to our board of directors on our information security and privacy programs. In addition, the bank is subject to ongoing regulatory oversight and examination related to information security and privacy, and an independent Corporate Audit function conducts examinations of our lines of business to ensure compliance with standards and applicable legal requirements.

      Bank of America also partners closely with industry associations such as the American Bankers Association, the Financial Services Roundtable, the Financial Services Information Sharing and Analysis Center (FS-ISAC), the Center for Information Policy Leadership, and the Future of Privacy Forum to develop global solutions for privacy and the responsible use of data as well as to identify, prevent and protect against industry or bank targeted cyber events. We are one of eight banks that came together to proactively identify ways to enhance the cybersecurity resilience of the U.S. financial system. The Financial Systemic Analysis & Resilience Center (FSARC) was an outcome of that effort and the bank continues to play a leading role in its evolution.

      In addition, Bank of America has aligned its information security controls to the National Institute of Standards and Technology (NIST) Framework for Improving Critical Infrastructure Cybersecurity (Cybersecurity Framework). The bank incorporated the NIST Cybersecurity Framework into its annual Policy management cycle and has designed and implemented internal risk-based frameworks that align with NIST. Understanding the constantly evolving nature of data protection, we continuously monitor for emerging risks and dedicate significant resources to help ensure clients’ information is protected. We proactively look for ways to build stronger defenses, ensure every step of our technology design process takes cyber risks into consideration and integrate layers of security into everything we do. During the last four years, to our knowledge, we have not experienced any material losses or other material consequences relating to technology failure, cyber attacks, or other information or security breaches.

      Our Code of Conduct and privacy and security standards and procedures require confidential treatment of client information consistent with applicable laws and regulations and reinforce our commitment to the responsible processing of personal data. Individuals who access bank computer systems and information are required to complete annual information protection and privacy training, and employees in privacy sensitive roles receive additional training specific to their position. Annual training is supplemented with additional educational content that reinforces desired employee behaviors, creates a heightened level of accountability, and acknowledges good behavior. Vendors are also regularly assessed to ensure they have appropriate security and privacy controls.

      The bank maintains an Enterprise Privacy Office, led by our Chief Privacy Officer, and a Global Information Security organization, led by our Chief Information Security Officer.

      The Chief Privacy Officer oversees the effectiveness and implementation of the privacy program in business processes across the company ensuring adequate governance and oversight is in place; changes to applicable laws and regulations and recognized best practices are accounted for; standards and policies are maintained; employee training is developed and administered; and that Bank of America routinely monitors, assesses and measures business operations to ensure that processes and privacy management practices are compliant and in line with our standards.

      The Chief Information Security Officer (CISO) develops and executes an enterprise-wide information security strategy that helps protect Bank of America and its clients’ information, complying with applicable legal and regulatory standards. As part of this role, the CISO manages the development, implementation, and maintenance of the information security infrastructure; oversees the protection of Bank of America’s computer-based assets by providing monitoring, detection, analysis, event handling, and containment of security incidents; monitors information security trends internally and externally; and informs senior leadership about information security-related issues and activities affecting the organization.

      In accordance with applicable laws globally, the bank provides clients with Privacy Notices that clearly explain our information collection, sharing, and use practices. Clients can also access privacy notices and additional information about privacy and information security online through our privacy and security web pages. For all but credit card and certain affinity products, we do not share sensitive and/or personal information with unaffiliated third parties unless regulations allow it, such as with a vendor that performs a service on our behalf. Credit card and affinity clients can still exercise control over and limit the sharing of their personal information with a third party outside a statutory exception.

      While we do share information between our affiliated companies for our everyday business purposes, clients are offered an opportunity to limit other types of affiliate sharing and/or use. The bank also makes it easy for clients to limit certain types of marketing. Clients can opt out of telemarketing, email, and direct mail marketing, and we provide training to employees on these options and how to guide clients through the process.

      Finally, we constantly advance our technology and maintain physical, electronic and procedural safeguards to protect against unauthorized access to client information. This includes providing clients with new security tools that help protect them.

      • Secure technology: Our fraud prevention and security systems help protect clients with encryption technology and secure email communications. We are a recognized leader in fraud and identity safety, with strong performance in fraud prevention, detection, and resolution, based on industry assessments by Javelin.
      • Debit cards: Our Total Security Protection® package provides defense against theft, loss or fraudulent use when accessing a checking or savings account with a debit card. In addition, bank clients are able to lock and unlock their Consumer and Small Business ATM/debit cards through self-service options in mobile and online banking.
      • Social Security Number Policy: Our Social Security Number Policy protects the confidentiality of Social Security numbers, prohibits unlawful disclosure of Social Security numbers and limits access to Social Security numbers.
      • Identity theft assistance: Our Identity Theft Assistance Center offers resources to help with identity theft recovery, prevention, and education. Our Online and Mobile Banking Security Guarantee covers Bank of America accounts, the security of customer and client information, and the time spent processing payments.
      • Secure access to accounts: Our Security Center offers clients mobile and online banking tools to securely manage their finances, including options for signing into and monitoring activity on their accounts. Clients can manage their digital banking security settings in one place, and can opt in for an extra security feature at sign-in that helps verify the client’s identity with a one-time authorization code sent via text or email each time they sign in.

      Tax strategy and reporting
      Bank of America employs rigorous tax governance and risk management routines across the enterprise to ensure that we comply with all applicable tax laws and regulations. The bank files income tax returns in more than 100 state and non-U.S. jurisdictions each year. The IRS and other tax authorities in countries and states in which the company has significant business operations examine tax returns periodically (continuously in some jurisdictions).

      Internationally, we adhere to the UK Code of Practice on Taxation for Banks. Most of our global business is conducted in locally regulated entities, such that intercompany interaction is subject to regulatory driven arms’-length standards, in addition to the U.S. tax authority’s overarching arms’-length standard.

      While not an exhaustive list, some of the internal routines in place to ensure we comply with tax laws and regulations are Corporate Tax Department Risk Management Forum; Tax Shelter Reporting, List Maintenance, and Disclosure Policies relevant for principal activities and advisory activities; participation in the UK Code of Practice on Taxation for Banks; policies allowing for escalation of any matter to Reputational Risk Forums; Tax personnel participation in various forums throughout the enterprise, including Finance escalation routines and business New Product Review Forums; oversight that can include inquiry into tax practices and risks by various regulators globally; and various Control frameworks, including Sarbanes-Oxley and oversight by our Compliance, Corporate Audit, and Risk functions.

      We provide financial information by region in Note 25 of our 2017 10-K. Included in this disclosure are assets, revenue, income (loss) before taxes, and net income (loss). In addition, many of our subsidiaries in the UK and other countries prepare “statutory accounts,” which consist of financial statements and footnotes that are publicly available in the UK and many other countries. Our 10-K disclosures provide a public explanation as to why our global effective tax rate may differ from the U.S. statutory tax rate. Also, some of the above-mentioned statutory reports contain tax footnotes that reconcile the subsidiaries’ effective tax rates to the relevant statutory tax rates. In addition, we regularly provide information to help investors forecast the company’s tax expense. This includes effective tax rate guidance on earnings calls and information in SEC filings, such as drivers of tax risks and drivers of deferred tax asset carrying values. Please see the 2017 10-K for complete information on the topic.

      Bank of America advocates for tax laws that encourage economic growth and helps American companies compete in today’s global economy. Bank of America communicates with policymakers both independently and as part of the Alliance for Competitive Taxation (actontaxreform.com), a group of nearly 40 U.S. companies that has advocated for U.S. tax reform and is now engaged with the Treasury Department on implementation of the Tax Cuts and Jobs Act.

      Stakeholder engagement

      At all times, we’re listening to and engaging with a diverse set of stakeholders who are interested in or directly affected by our company’s business. As part of our stakeholder engagement process, including our shareholder engagement, we listen to the feedback of our constituents to help inform our decisions. Through continual debate and dialogue with all of these groups, we are positioned to make better informed, more balanced decisions. We do this through a variety of ongoing engagement and activity, including through our Market President network and our National Community Advisory Council (NCAC).

      Market Presidents
      Each of our local markets is led by a Market President. The Market President’s role is to work with our different lines of business within the company, sometimes with individual employees, to deliver the full capabilities of our company to our clients and help them achieve their financial goals. They work to make sure our clients have a positive and consistent experience with Bank of America, regardless of how they do business with us.

      The Market President also leads our teams as they partner with local organizations to help strengthen our communities. They guide our efforts to be a responsible corporate citizen, whether through our day-to-day business activities, our employee volunteer programs, or our philanthropic support for organizations that make a positive impact.

      Our market presidents are committed to working with the public, private and nonprofit sectors to improve neighborhoods through volunteerism, financial support of local charitable organizations and other efforts.

      As part of their local leadership role, Market President regularly interact with local influencers, including civic leaders and policy makers, to solicit their feedback and engage on important issues in the community.

      National Community Advisory Council
      Formed in 2005, our National Community Advisory Council (NCAC) advises the bank on community development and consumer policy issues, with a concentration that includes a broad focus on environmental, social and governance (ESG) issues and performance, especially those that Bank of America effects as a business and employer. A diverse group of U.S. nonprofit leaders and economists comprise the council from the areas of civil rights, consumer advocacy, community development, and environment and sustainability. NCAC members are invaluable in sharing their perspective and engaging in routine dialogue with us to work through and how we can help our communities move forward.

      The council meets semiannually to address ways to improve our environmental business initiatives, the evolution of our responsible business practices and our approach to governance, helping to build stronger communities and more stable economies. As examples of its work in 2017, the NCAC is credited with advising on the development of our Community Financial Center strategy, including how we engage our lower income customers around products and tools like SafeBalance Banking®, Affordable Loan Solution™ and Better Money Habits™. Our engagement with NCAC members also led to the piloting of a workforce development program, Latinos in Finance, with UnidosUS focused on training bilingual talent for financial center positions.

      Members of our NCAC include:

      • Brookings Institution
      • Beaulac Associates, LLC
      • CDC Small Business Finance
      • Center for Financial Services Innovation
      • Ceres
      • Chicago Community Loan Fund
      • Consumer Federation of America
      • Clean Air Task Force
      • C2ES
      • Enterprise Community Partners, Inc.
      • Greenlining Institute
      • Harvard Kennedy School’s Corporate Social Responsibility Initiative
      • Hoover Institute
      • The Leadership Conference on Human Rights
      • Liftfund
      • Local Initiatives Support Corporation (LISC)
      • Low Income Investment Fund
      • National Association for the Advancement of Colored People
      • National Community Reinvestment Coalition
      • The National Urban League
      • Nature Conservancy
      • NeighborWorks
      • Opportunity Finance Network
      • The American Enterprise Institute
      • The Pew Charitable Trusts
      • Self-Help Venture Funds
      • UnidosUS
      • Urban Institute
      • U.S. Green Building Council
      • World Resources Institute

      Open Location
      Open How we're involved