Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 5 – A Case Study for Compliance

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I have explored the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration included the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. You can check out the full Everything Compliance episode here. We conclude our series with a summary of lessons learned for compliance and how compliance can use those lessons going forward.

The scandal at BoA involving the excessive hours worked by junior employees highlights a profound crisis in corporate culture that has significant implications for compliance professionals. Despite previous promises of reform following similar incidents, BoA’s failure to address these issues effectively reveals systemic problems that transcend mere policy implementation. The tragedy of junior banker Leo Lukenas, who died after working over 100 hours a week for multiple weeks in a row, underscores the urgent need for stronger internal controls, better communication between management levels, and a culture that genuinely prioritizes employee well-being.

This situation at BoA serves as a critical case study for compliance professionals, illustrating the dangers of a disconnect between senior management’s intentions and the actions of middle management. While senior executives may set policies to limit overwork, middle managers often circumvent these rules, perpetuating a toxic work environment. BoA’s manual control system’s failure, ineffective internal audits, and HR oversight further exacerbate the problem. Compliance professionals must ensure that internal controls are implemented, actively monitored, and enforced to prevent similar issues in their organizations.

A key lesson from the BoA crisis is the importance of addressing the role of incentive structures. In high-stakes environments like investment banking, where bonuses and career advancement are tied to deal closures, there is a significant risk of overwork becoming normalized. Compliance officers must advocate for realigning incentives to balance business goals with ethical standards and employee well-being. This involves addressing the symptoms of such crises and tackling the root causes, such as toxic corporate culture and misaligned incentives.

The BoA scandal highlights the critical role of internal controls in maintaining a healthy and sustainable corporate culture. Relying on self-reporting as a key control mechanism in this high-risk environment proved ineffective, as employees were pressured to underreport their hours. Compliance professionals must recognize that self-reporting should be supplemented with independent verification methods, such as automated time tracking and regular audits, to ensure accurate data collected and controls are effective.

A holistic approach to risk management and compliance must be considered. Internal controls must be integrated into a broader framework, including solid ethical leadership, ongoing employee education, and clear channels for reporting concerns. The failure of BoA’s control environment, monitoring, and remediation efforts allowed a culture of overwork to persist, ultimately leading to repeated tragedies. For compliance professionals, this underscores the need for continuous improvement and active management of internal controls.

The role of the board of directors in overseeing corporate culture is crucial. The BoA crisis demonstrates that board members must go beyond surface-level management reports and engage directly with employees to understand workplace challenges. A proactive approach, including regular reports on employee well-being metrics and internal audits focused on workplace culture, can help prevent such crises. Moreover, creating a culture where employees feel safe to voice concerns is essential for identifying and addressing risks before they escalate.

The Bank of America scandal is a stark reminder of the human cost of a toxic work culture and the vital role that compliance professionals play in safeguarding both employees and organizations. The lessons from this tragedy should guide efforts to create healthier, more sustainable work environments. Compliance is not just about preventing legal and regulatory risks but also about fostering a corporate culture that values integrity, transparency, and the well-being of all employees. By aligning business metrics with these values, companies can achieve sustainable success that benefits their bottom line and people.

Categories
Everything Compliance

Everything Compliance: Episode 139, The Bank of America Episode

In this episode, we take up the recent imbroglio surrounding the Bank of America and its toxic workplace culture of 100+ hour work weeks. We have the full quintet of Matt Kelly, Jonathan Armstrong, Karen Woody, Jonathan Marks, and Karen Moore; all hosted by Tom Fox.

  1. Matt Kelly mines the matter for compliance lessons learned. He shouts out the GOP speakers at the recently concluded Democratic National Convention who bucked their party for the good of the nation.
  2. Jonathan Marks explores how internal controls were in place but not completely disregarded. He shouts out to researchers at the University of Pennsylvania for its work in CAR T cell therapy to treat certain types of cancer.
  3. Karen Moore considers the matter from the perspective of the Board of Directors and what their role should be. She shouts out to her students in the new semester of her class at Fordham Law School.
  4. Karen Woody takes a deep dive into the district court’s recent dismissal of the SEC complaint against Solar Winds. She shouts out the persons who ran the Democratic National Convention for a great Convention.
  5. Jonathan Armstrong reviews the entire matter from his UK perspective. He rants about Elon Musk and hate speech on X.
  6. Tom Fox shouts out to Rick Springfield and his hit song Jessie’s Girl as one of the two most well-known and sung songs from the 1980’s.

The members of the Everything Compliance are:

  • Karen Woody – Is one of the top academic experts on the SEC. Woody can be reached at kwoody@wlu.edu
  • Matt Kelly – Founder and CEO of Radical Compliance. Kelly can be reached at mkelly@radicalcompliance.com
  • Jonathan Armstrong –is our UK colleague and an experienced data privacy/data protection lawyer in London. He can be reached at his new law firm Jonathan.Armstrong@puntersouthall.law
  • Jonathan Marks can be reached at jtmarks@gmail.com
  • Karen Moore can be reached at Kmoore51@fordham.edu

The host and producer, rantor (and sometime panelist) of Everything Compliance is Tom Fox the Voice of Compliance. He can be reached at tfox@tfoxlaw.com. Everything Compliance is a part of the award-winning Compliance Podcast Network.

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 4 – A Tale of Metrics and Misalignment: Lessons for Compliance Professionals

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. In Part 4, we consider a misconnection of metrics. This issue is not merely a question of productivity but a fundamental concern about corporate culture, ethics, and long-term sustainability.

In corporate governance and compliance, aligning business metrics and ethical obligations often defines a company’s culture’s success or failure. The recent Wall Street Journal (WSJ) article about BoA and its investment banking metrics sheds light on a crucial disconnect that compliance professionals must address: the disparity between business performance indicators and employee well-being.

At the heart of the issue is the nature of the metrics used to evaluate success in different industries. In investment banking, the primary focus is often on closing deals. The logic is straightforward: deals drive revenue, and revenue drives the bottom line. This singular focus on deal-making creates an environment where the end justifies the means, potentially overlooking the toll it takes on employees.

Conversely, in law firms, the metric of success is often billable hours. Lawyers are compensated and promoted based on the number of hours they bill, which can lead to a different, yet equally problematic, set of behaviors. Over-inflating hours or working excessive hours becomes the norm because that is the path to career advancement.

Both systems create perverse incentives: investment bankers might underreport hours to avoid raising HR flags, while lawyers might overreport hours to enhance their career prospects. These behaviors highlight a crucial point for compliance professionals: the metrics set at the top of an organization inevitably shape the behavior throughout the company.

One of the first steps in addressing these issues is understanding the available data and how it is used. Compliance professionals must ask themselves, “What data do we have, and how can it be used to monitor and manage risks effectively?” By focusing solely on deal closure, companies are potentially neglecting data related to employee well-being, such as hours worked or stress levels.

In contrast, law firms have systems that track the minutiae of an employee’s workday, from time spent on tasks to keystrokes made during document review. This data is invaluable for billing clients and identifying patterns that may indicate overwork or burnout. Compliance professionals in investment banking could learn from this approach, using technology to track hours worked or monitor workload distribution, ensuring that employees are kept within reasonable limits.

The core issue is more alignment between business metrics and corporate culture risks. Compliance professionals must ensure senior management acknowledges overwork as a significant risk and takes proactive steps to monitor and mitigate it. This involves tracking the traditional success metrics and implementing metrics that reflect the company’s values and culture.

For example, if overwork is recognized as a risk, metrics such as average hours worked, employee turnover rates, and employee satisfaction surveys should be regularly monitored and reported. This dual approach allows a company to pursue business success while ensuring its corporate culture remains healthy and sustainable.

The responsibility of aligning these metrics rests not solely with middle management, compliance officers, or senior management; it extends to the board of directors. The board’s oversight role is crucial in ensuring that the company’s culture is preserved in pursuing financial success. For boards everywhere, the recent scrutiny BoA received in the WSJ article serves as a lesson.

Board members must go beyond the surface level of management reports and delve into the realities of the workplace culture. This requires more than attending board meetings in luxurious settings and listening to pre-prepared presentations. It involves engaging directly with employees at all levels, understanding their challenges, and prioritizing their well-being.

A practical approach could involve the board requiring regular reports on employee well-being metrics, mandating internal audits focused on workplace culture, or even conducting anonymous employee surveys to get an unfiltered view of the corporate environment.

An effective compliance program also hinges on creating a culture where employees feel safe to voice their concerns. A speak-up culture is essential in identifying issues before they escalate into major risks. Management and the board should encourage employees to report inconsistencies between policy and practice and take these reports seriously.

For instance, if employees consistently report working beyond reasonable hours, this should trigger an investigation and subsequent action from the board. Such feedback mechanisms help identify risks and reinforce the company’s commitment to ethical practices.

Lastly, when issues do arise—such as the tragic death of a young employee in the Bank of America case—the board should conduct a root cause analysis. This analysis should not be limited to the immediate cause but should explore deeper systemic issues that may have contributed to the incident.

A comprehensive root cause analysis might reveal that the focus on deal closure at the expense of employee well-being is not an isolated issue but indicative of a broader cultural problem. The board could use this analysis to implement changes across the organization, ensuring that similar incidents do not occur in the future.

The lessons are clear: the metrics that companies use to measure success are powerful drivers of behavior. The challenge for compliance professionals is ensuring that these metrics align with business goals, ethical standards, and employee well-being. This requires a proactive approach, leveraging data to monitor business performance and corporate culture. It also requires a board that is engaged, informed, and committed to understanding the realities of the workplace.

In the end, compliance is not just about preventing legal and compliance risks but about fostering a corporate culture that values integrity, transparency, and the well-being of all employees. By aligning metrics with these values, companies can achieve sustainable success that benefits their bottom line and people.

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 3 – The Role of Internal Controls

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. In Part 3, we will consider the role of internal controls.

Internal controls are often seen as the backbone of an organization’s ability to operate efficiently, ethically, and within the bounds of the law. They serve as the safety net that catches errors deters fraud, and ensures that policies are not just theoretical but are put into practice. However, the recent revelations in the Wall Street Journal (WSJ) surrounding the culture of overwork at a major financial institution, where junior bankers were expected to work excessively long hours, shine a spotlight on a critical failure in internal controls—not in their design, but in their execution and monitoring. This blog post will explore the lessons compliance professionals can learn from this situation, focusing on implementing, actively managing, and enforcing internal controls.

Understanding the Control Environment

The control environment is at the heart of any robust internal control system. This includes the corporate culture, employee attitudes toward internal controls, and the tone set by senior management. It’s the foundation upon which all other aspects of internal control are built. When the control environment is weak or toxic, as in the situation under discussion, the entire control structure can crumble.

In this case, BoA had ostensibly implemented controls to prevent overwork—junior bankers were required to self-report their working hours. If they exceeded a certain threshold, this would trigger a review by HR. However, this control was ineffective because those responsible for enforcing it did not take it seriously. Managers instructed their subordinates not to report excessive hours, bypassing control entirely. Additionally, think about the basic conflict of interest (READ: Absurdity) in having the person the control was supposed to monitor input the information for the control to activate.

For the compliance professional, this emphasizes that your control environment is only as strong as the commitment of those enforcing it. Senior management must set the tone and ensure that it resonates throughout the organization. When internal controls are ignored or undermined, it’s often a sign that the control environment is flawed.

The Role of Monitoring and Remediation

Internal controls are not static; they require ongoing monitoring and, when necessary, fine-tuning or remediation. In the BoA situation, the institution needed to adequately monitor the effectiveness of its controls. Even after the tragic death of a junior banker, which should have been a clear signal that the controls in place were not working, there was no significant overhaul or improvement in the control environment.

Monitoring is a critical component of internal control, as it allows an organization to detect weaknesses and address them before they lead to significant issues. In this case, the failure to monitor and remediate allowed a toxic culture to persist for years, ultimately leading to repeated tragedies.

For the compliance professional, the lesson is clear: regular monitoring of internal controls is essential. When weaknesses are identified, they must be addressed promptly and effectively. A failure to remediate control weaknesses leaves an organization vulnerable to risks and can signal to employees that the controls—and the culture—are not taken seriously.

The Flaws of Self-Reporting as a Control

One of the most striking aspects of this case is the reliance on self-reporting as a key control mechanism. While self-reporting can be helpful, it is far from foolproof, especially in environments with significant pressure to conform to unrealistic expectations. In this instance, the control requiring junior bankers to self-report their hours was ineffective because the reporting was neither enforced nor monitored.

The problem with self-reporting as a control is that it places the onus on the individuals being controlled, which can create a conflict of interest. Employees may feel pressured to underreport or falsify their time to meet expectations or avoid repercussions. With independent verification and oversight, self-reporting is likely to be reliable.

For the compliance professional, the starkness of the lesson could not be more profound. Self-reporting should not be relied upon as the sole or primary control in a high-risk environment. It should be supplemented with independent verification methods, such as automated time tracking, regular audits, or cross-referencing with other data sources. This approach ensures that the data collected is accurate and that controls are truly effective.

Automation and Technology in Internal Controls

Given BoA’s size and sophistication, it is somewhat perplexing that more robust, automated controls were not implemented. In today’s technologically advanced world, numerous tools can automatically track employee hours, monitor for signs of overwork, and flag potential issues for review. These tools can remove the burden of self-reporting and provide more accurate, real-time data.

For example, many organizations use software that tracks employee computer activity, monitors login and logout times, and even tracks time spent on specific tasks. This data can then be used to identify patterns of overwork and take proactive measures to prevent burnout or health issues.

For the compliance professional, it is a direct lesson that leveraging technology can significantly enhance the effectiveness of internal controls. Automated systems can provide continuous monitoring, reduce the risk of human error, and offer objective data that can be used to identify and address potential issues before they escalate.

The Importance of a Holistic Approach

Finally, every compliance professional must recognize that internal controls cannot operate in a vacuum. Internal controls must be part of a broader, holistic approach to risk management and compliance. This includes fostering a strong ethical culture, regularly training employees at all levels, and ensuring transparent, accessible channels for reporting concerns.

With BoA, the failure was not just in the specific control related to work hours—it was a systemic failure across the organization. The culture of overwork was allowed to persist because the control environment was weak, monitoring was inadequate, and there was no serious commitment to remediation.

This final lesson learned for the compliance professional is that internal controls are just one piece of the puzzle. To be truly effective, they must be integrated into a comprehensive risk management framework that includes strong ethical leadership, ongoing education, and a commitment to continuous improvement. 

Internal Controls as a Reflection of Corporate Culture

The tragic situation at BoA is a stark reminder of the critical importance of internal controls in maintaining compliance and a healthy and sustainable corporate culture. Internal controls are more than checkboxes—they reflect an organization’s values and priorities. When controls are ignored or undermined, they send a message that compliance, and by extension, employee well-being, is not a priority.

For compliance professionals, the key takeaway is clear: internal controls must be actively managed, monitored, and enforced. They must be part of a broader effort to create a culture of integrity and accountability. Perhaps most importantly, they must be seen as a dynamic system that requires constant attention and adjustment to remain effective. In a world where pressure on employees is greater than ever, robust internal controls are not just a regulatory requirement but a moral imperative.

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 2 – Lessons Learned for Compliance

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. In Part 2, we journey through some key lessons learned for compliance professionals.

In the high-stakes world of investment banking, where deals are won or lost in hours, the pressure to perform can push individuals to the brink. Unfortunately, that brink has meant a premature end to some people’s lives. The recent tragedy at BoA, where a junior banker named Leo Lukenas died after working over 100 hours a week for weeks on end, has cast a harsh light on a decade-long problem. This is not the 2013 scandal revisited; it’s an ongoing crisis, a corporate culture problem that has festered for years. The lessons from this ongoing debacle are critical and chilling for compliance professionals.

Lukenas was not the first casualty of this toxic culture. In 2013, an intern in Bank of America’s London office, Moritz Erhardt, met a similar fate after enduring a grueling workload. Following that incident, the bank promised to implement policies to prevent such tragedies from recurring. Yet, a decade later, Lucas’s death is a stark reminder that those policies have either failed or were never truly enforced.

The investment banking division at Bank of America has been likened to a “white-collar sweatshop,” a description that, sadly, fits too many high-pressure work environments. While the term “sweatshop” might conjure images of factories in developing countries, overwork and exploitation can happen in plush office towers just as easily. Lucas’s death has brought into sharp relief the human cost of such environments, where the relentless pursuit of profit eclipses the well-being of employees.

What is particularly concerning is that this issue is separate from a single office or even a single country. The WSJ’s reporting has revealed that overwork at Bank of America is a pervasive issue, affecting employees in New York, London, Tokyo, and Latin America. Former employees have cited overwork as a primary reason for leaving the bank, underscoring that this is not a localized problem but an enterprise-wide failure of corporate culture.

This brings us to a crucial question: Where was compliance? Why have the policies and controls put in place to prevent overwork ineffective? The answer lies in a deep-seated cultural issue that transcends mere policy implementation. Middle management has tolerated if not outright encouraged, this culture, which senior management has failed to address with the necessary urgency.

Middle management is often described as the “meat grinder” of corporate culture, where good intentions from the top can get mangled into toxic behaviors at the bottom. In the case of Bank of America, middle managers were reportedly telling their subordinates not to report excessive working hours to HR, effectively bypassing the controls that were supposed to prevent overwork.

This is a classic example of what can happen when senior management fails to engage effectively with middle management. Senior executives may have genuinely wanted to prevent overwork, but their message could have been more focused and addressed by those in the middle tasked with enforcing it. This disconnect is where corporate culture often fails. Compliance professionals understand that policies are only as good as their enforcement, and enforcement is only as good as the people who are responsible for it. For the compliance professional, this means you must directly connect what senior management has laid out as policy and not simply put procedures in place to implement the policy but then monitor the implementation to ensure the policy is being followed. Sadly, that was not the case at BoA.

Another critical factor in this crisis is the role of incentive structures. It is no secret that high-stakes deals and intense pressure to produce results drive investment banking. But the stage is set for disaster when bonuses and career advancement are tied to closing deals, even at the cost of employee health.

This misalignment of incentives is a fundamental issue that any compliance officer must address. If the financial rewards for middle managers are tied to delivering results, irrespective of the human cost, then it should be no surprise that overwork becomes a pervasive problem. Incentive structures must be reexamined and realigned with the organization’s ethical and operational goals.

As compliance professionals, it is imperative not just to address the symptoms of such crises but to dig deeper and identify the root causes. This case’s root cause is clear: a toxic corporate culture prioritizes results over people. But beyond that, it is about senior management’s failure to enforce a healthy work culture and the misalignment of incentives that drives middle managers to push employees to the brink.

Organizations need to examine their culture, management practices, and incentive structures to prevent such tragedies in the future. This is not just a problem for Bank of America; it’s an industry-wide issue that requires a collective response. Compliance officers have a crucial role in advocating for stronger controls, better communication, and a culture that truly values employee well-being.

The ongoing crisis at BoA is a sobering reminder of the human cost of a toxic work culture. For compliance professionals, it serves as a call to action. A culture that values employees as people, not just as cogs in a machine, is necessary for enforcing and supporting policies; having them on paper is not sufficient.

As we progress, the lessons from this tragedy should guide our efforts to create healthier, more sustainable work environments. Compliance is not just about ticking boxes; it’s about ensuring our values are reflected in our organizations’ day-to-day operations. Ultimately, it’s about protecting the organization and the people who make it what it is.

Categories
Blog

Bank of America’s Corporate Culture Crisis: Part 1 – A Case Study in Failure

Compliance professionals constantly seek to understand how systemic issues within corporate hierarchies can lead to severe consequences. The recent revelations about Bank of America’s (BoA) persistent workplace culture problems are a powerful reminder of compliance’s critical role in safeguarding employees and the organization.

This week, I will explore the BoA failure around workplace culture from various perspectives articulated by the Everything Compliance gang, including Karen Woody, Jonathan Armstrong, Matt Kelly, Karen Moore, and Jonathan Marks. This exploration will include the failure of internal controls, failures by the Board and senior management, culture failures around highly driven, self-selecting employees, and the cultural miasma that is BoA from a perspective from across the pond. The full Everything Compliance episode will be posted on Thursday, August 29.

In Part 1, we set the stage and then delve into the factors contributing to BoA’s toxic culture, the implications for compliance officers, and the lessons we can draw to prevent similar issues in your organizations.

Bank of America has faced intense scrutiny following a series of harrowing articles, in a story broken by the Wall Street Journal (WSJ), outlining a toxic workplace culture within its investment banking division. This culture of overwork has had tragic consequences, including the death of junior banker Leo Lukenas, who had been working over 100 hours a week leading up to his untimely death. Disturbingly, this is not an isolated incident. A similar event occurred in 2013 when an intern, Moritz Erhardt, who worked in BoA’s London office, also died after working excessive hours. Despite promises for reform, these practices have persisted, indicating deep-seated issues within the company’s corporate culture.

One of the key issues is the disconnect between senior management’s intentions and the actions of middle management. While senior executives at BoA have voiced their concern for the well-being of their junior bankers and have set policies to limit overwork, middle managers have often circumvented these rules. Instead of enforcing the 80-hour workweek cap, they instructed employees to underreport their hours, ignoring internal controls and perpetuating a sweatshop-like environment.

This phenomenon is not simply a BoA problem; it’s a stark example of how middle managers can sabotage well-intentioned corporate policies. It underscores the importance of effective communication and alignment between all levels of management.

A glaring issue in this case is the failure of internal controls. In today’s technologically advanced age, middle management should have responded more to BoA’s manual control system for logging hours. Automated systems for tracking work hours could have prevented such blatant disregard for policies. Moreover, there was a lack of adequate internal audits and HR oversight. This highlights the necessity of robust, automated internal controls and regular audits for compliance professionals to ensure adherence to corporate policies.

Another critical aspect discussed is the culture of retaliation against employees who try to report overwork or seek help. In some instances, employees have been punished for following the rules, such as by having to work on holidays or receiving criticism from their managers. This toxic environment discourages whistleblowers and perpetuates the cycle of abuse.

For compliance officers, tackling this issue involves fostering a culture where employees feel safe to speak up without fear of retaliation. Senior management must impose real consequences for middle managers who violate policies and ensure consistent disciplinary actions to reinforce the importance of compliance.

The long-term implications of such a dysfunctional culture are profound. Junior employees trained in an environment where rules are routinely ignored may carry these attitudes into future roles, potentially spreading unethical practices across the industry. For compliance professionals, it’s essential to address immediate issues and cultivate an ethical corporate culture that will yield trustworthy leaders in the future.

The situation at Bank of America serves as a sobering case study of the importance of comprehensive compliance programs and the need for alignment across all management levels. By understanding and addressing the root causes of such corporate culture failures, we can better safeguard our organizations and foster environments prioritizing ethical behavior and employee well-being. As compliance professionals, we must ensure that the lessons learned from BoA’s crisis are not ignored and that we remain vigilant in building and maintaining robust compliance frameworks.

Let’s hope that in another decade, we are not revisiting this same issue at BoA or elsewhere. Instead, all compliance professionals should strive for systemic improvements that prevent such tragedies and promote a healthier, more ethical corporate culture.

Categories
Compliance Into the Weeds

Compliance into the Weeds: Toxic Workplace Culture at Bank of America

The award winning, Compliance into the Weeds is the only weekly podcast which takes a deep dive into a compliance related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on compliance? Look no further than Compliance into the Weeds!

In this episode, Tom Fox and Matt Kelly take a deep dive into the toxic workplace culture at Bank of America (BoA) around hours worked by junior employees, in spite of senior management saying the right things.

BoA’s investment banking division has long been plagued by a toxic work culture, characterized by overworked junior employees and severe health crises, despite repeated assurances of reform. Tom Matt discuss these pervasive issues within BoA’s work environment. Fox highlights the tragic consequences of this toxic culture, such as the deaths of junior employees, and criticizes the company’s failure to implement effective reforms, attributing this to a lack of accountability and ethical leadership. Kelly echoes this sentiment, emphasizing the necessity for senior management to set clear expectations and consequences for middle managers who perpetuate unethical behavior. Both stress the need for senior management to address the deep-seated cultural dysfunction, impose consequences, and foster a healthier, rule-abiding workplace to prevent further tragedies and promote employee well-being.

Key Highlights:

  • Toxic Workplace Culture at Bank of America
  • Proactive Controls for Preventing Employee Overwork
  • Consequences of Middle Managers in Corporate Culture
  • Cultural Impact: Negative Attitudes in Organizations

Resources:

Matt in Radical Compliance

How Bank of America Ignores Its Own Rules Meant to Prevent Dangerous Workloads, by Alexander Saeedy in the WSJ

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn

Categories
Compliance Tip of the Day

Compliance Tip of the Day: Bank of America, Culture and Internal Controls

Welcome to “Compliance Tip of the Day,” the podcast where we bring you daily insights and practical advice on navigating the ever-evolving landscape of compliance and regulatory requirements.

Whether you’re a seasoned compliance professional or just starting your journey, our aim is to provide you with bite-sized, actionable tips to help you stay on top of your compliance game.

Join us as we explore the latest industry trends, share best practices, and demystify complex compliance issues to keep your organization on the right side of the law.

Tune in daily for your dose of compliance wisdom, and let’s make compliance a little less daunting, one tip at a time.

Today we look at the recent report from the WSJ on Bank of America managers instructing junior employees to lie about the hours they work to avoid the 80-hour limit.

For more information on the Ethico ROI Calculator and a free White Paper on the ROI of Compliance, click here.

To check out The Compliance Handbook, 5th edition, click here.

Categories
Blog

Bank of America Enforcement Action and Using Data Analytics

Data analytics has become an essential tool in the field of compliance and risk management. It allows compliance officers to assess the effectiveness of their programs and identify potential risks before they escalate into major issues. In a recent episode of the podcast “Compliance into the Weeds,” Tom Fox and Matt Kelly, discussed not only the importance of having data analytics in a compliance program but actually using the data in a risk management strategy.

The Consumer Financial Protection Bureau (CFPB) recently fined Bank of America $12 million for mishandling data analytics, specifically around accurate data about home mortgage applications. The bank had all the necessary data to assess its compliance risks, but it failed to maintain continuous monitoring, leading to compliance issues. This case serves as a reminder of the need for ongoing data analysis for proactive risk management.

The CFPB found that Bank of America violated the Home Mortgage Disclosure Act, a law on the around since the time I graduated from High School, that being 1975. The law itself requires mortgage lenders to collect demographic data about home loan applicants and report that data to various federal agencies. Bank of America settled the matter without admitting nor denying the allegation and agreed to the aforementioned $12 million fine.

As Matt noted in his Radical Compliance blog post, “Dig into the details of the settlement order, and you can see how data analytics, auditing, and monitoring all play a crucial role in assuring compliance with a regulation like this. Given that so many other business sectors have similar obligations to collect and report lots of data to regulators, maybe this case isn’t so obscure after all.”

The enforcement action drives home the clear lesson that data analytics is not a one-time tool to determine violations or identify risks. It should be used as a monitoring device that runs continuously to provide early warnings when risks enter the red zone. Bank of America’s mistake was treating data analytics as a one-time solution to a problem, rather than a long-term monitoring tool. They implemented analytics in 2013, found the error, introduced a control to correct it, and then switched it off when the problem seemed to be solved. However, the problem recurred, leading to the CFPB penalty.

As noted, is the high level of importance around surveillance and monitoring in the banking and financial services industry. These sectors have extensive monitoring and surveillance practices, recording every email and phone call to prevent improper messaging and manage risk. While this level of monitoring may seem draconian to other industries, it has proven effective in ensuring compliance and preventing fraud in those arenas.

The Bank of America case demonstrates that compliance officers often already have the necessary data for analysis; they just need to identify which information to study. In this case, the bank had all the data it needed to assess the compliance risk of information not provided in home loan applications. They implemented a monthly report to crack down on the abuse, resulting in a significant drop in the information not provided group. However, when they ceased the report in 2016, the rate started to increase again, ultimately leading to the violation and penalty.

The use of data analytics to monitor the effectiveness of controls was also a key lesson from the enforcement action. When Bank of America instituted monitoring to determine who was filling out the reports, they obtained significant information and saw a drop in the information not provided group. This strategy raises the stakes around the question of whether being watched or monitored can influence individuals to follow controls and do the right thing.

Data analytics should not only be used to analyze the effectiveness of compliance programs but also to analyze overall activity within an organization to identify compliance risks. Compliance officers should strive for analytics that run continuously, providing insights into the state of affairs over the long term. This approach allows for early detection of risks and enables business units to manage their own risks effectively.

The Bank of America case serves as a valuable lesson for compliance officers in any industry. It highlights the importance of ongoing data analysis, continuous monitoring, and the need to consider data analytics as a long-term risk management tool. By leveraging data analytics effectively, organizations can proactively identify and mitigate compliance risks, ultimately avoiding costly penalties and reputational damage.

Data analytics plays a crucial role in compliance and risk management. It enables compliance officers to assess program effectiveness, identify potential risks, and monitor activities for early warnings. The Bank of America case underscores the importance of continuous data analysis and monitoring in proactive risk management. By embracing data analytics as a long-term risk management tool, organizations can enhance their compliance efforts and safeguard against potential violations.

Categories
Compliance Into the Weeds

Compliance Into The Weeds: Data Analytics, BoA and DOJ Pronouncements

The award-winning, Compliance into the Weeds is the only weekly podcast that takes a deep dive into a compliance-related topic, literally going into the weeds to more fully explore a subject. Looking for some hard-hitting insights on sanctions compliance? Look no further than Compliance into the Weeds! In this episode, Tom and Matt take a deep dive into data analytics and highlight the Bank Of America CFPB enforcement action for failures in a data analytics program.

Data analytics is a powerful tool in the realm of compliance and risk management, providing invaluable insights that can help organizations identify potential risks and assess the effectiveness of their compliance programs. Tom emphasizes the importance of continuous monitoring using data analytics, citing a case where Bank of America was fined $12 million due to poor use of data analytics. He advocates for the use of analytics algorithms as ongoing monitoring tools and encourages business units to take an active role in managing their risks. Matt underscores the significance of data analytics in identifying and managing compliance risks. He echoes Fox’s sentiments on the need for continuous monitoring and the involvement of business units in risk management.

They also note that both the DOJ and SEC are ramping up their focus on data analytics for corporate compliance, setting higher expectations, especially for larger corporations. This shift is not only transforming the landscape of corporate compliance but also reshaping the way companies approach self-disclosure of misconduct. Join Fox and Kelly on this episode of the Compliance into the Weeds podcast as they delve deeper into the implications of the DOJ and SEC’s increasing focus on data analytics for corporate compliance.

Key Highlights:

  • The Importance of Continuous Data Analytics
  • Bank of America’s Compliance Risk Management
  • Effective Monitoring and Surveillance in Financial Services
  • DOJ’s Expectations for Corporate Data Analytics
  • Uncovering Fraud Through Data Analytics

Resources:

Matt’s blog posts in Radical Compliance

A $12M Lesson on Data Analytics

Some Vague Hints on Analytics, FCPA 

 Tom

Instagram

Facebook

YouTube

Twitter

LinkedIn