Skip to content
BOK Financial logo

Governance: Board Oversight and Business Ethics

As a financial services company, we recognize that we’re in a unique position of trust. That’s why unwavering integrity goes beyond a core value to simply being a part of how we evaluate everything we do. Our governance structure, prudent policies and active engagement with our employees underscore our commitment to always acting in the best interest of our clients, employees, communities and shareholders.

Board oversight

The company’s Board of Directors is a diverse group of strong leaders with executive experience that aligns with our organization’s business strategy. Brief biographies for our board members and senior management can be found on the “Our Leadership” section of our investor relations website.

The board oversees the company’s overall strategic and reputational risks and regularly reviews the company’s credit, liquidity and operations, as well as the risks associated with each. Committees of the board focus on specific areas, including:

  • Audit Committee: accounting and financial reporting, internal controls, and whistleblower complaints; also responsible for reviewing the company’s Environmental, Social and Governance Review.
  • Credit Committee: credit and lending strategies and objectives.
  • Risk Committee: risk management strategies, policies and practices that identify, assess, monitor and manage risk.
  • Compensation Committee: compensation policies, programs and incentives.

Related documents

Standards of Conduct
The Audit Committee of the Board of Directors annually reviews and approves the company’s Standards of Conduct on which employees are annually trained and attest to. Each member of the Board of Directors takes an annual Oath of Office prescribed by the Office of the Comptroller of the Currency (OCC) and is bound by the company’s Code of Ethics.


Proxy Statement
The company’s annual proxy statement identifies responsibilities of board committees.


10-K
The company’s 10-K reviews a wide array of company performance factors, including any legal proceedings associated with fraud, insider trading, anti-trust, anti-competitive behavior, market manipulation, malpractice, or other related financial industry laws or regulations.

Business ethics

We provide annual training for all employees on our Standards of Conduct, compliance management requirements, BSA/AML (Bank Secrecy Act/Anti-Money Laundering) processes, physical security, risk culture and internal controls, risk reporting and awareness, and information security awareness.

The Board of Directors is also required to adhere to the company’s Code of Ethics in satisfaction of Section 406 of the Sarbanes-Oxley Act of 2002, the NASDAQ listing requirements and related regulations. As a national bank, each member of BOK Financial’s Board of Directors affirms their commitment to uphold the organization’s standards in its annual Oath of Office.

BOK Financial’s Chief Compliance Officer oversees the enterprise compliance program and reports to the Chief Risk Officer. The compliance program includes policies and procedures, annual training requirements, monitoring and testing, annual risk assessments and a complaint management program.

Compliance staff actively monitor line of business activities and governance to determine compliance with applicable regulatory requirements. Monitoring processes identify, track, and report issues discovered in the lines of business through formal risk assessments.

Independent monitoring and risk assessments inform the scope of testing performed by Corporate Compliance Management and Internal Audit.

Fraud risk management

BOK Financial is steadfast in its commitment to safeguarding our customers' assets from financial crimes related to fraud. Our Fraud Program and Identity Theft Policy are crafted to address the evolving threats posed by criminals intent on committing fraud against our customers. Effective fraud risk management at BOK Financial is anchored by several key pillars:

  1. Board-appointed fraud risk management officer: Tasked with coordinating and overseeing all facets of our fraud program, the Fraud Risk Management Officer ensures compliance with relevant regulations and reports directly to the Chief Risk Officer.
  2. Risk management: We have implemented an extensive array of preventative and detective controls aimed at mitigating fraud risks, thus ensuring a secure banking environment.
  3. Fraud reporting: Comprehensive reporting of fraud incidents—including losses, exposures, and trends—is regularly shared with key stakeholders/forums. Fraud events are reported to pertinent agencies, including Financial Crimes Enforcement Network (FinCEN), OCC, and law enforcement, as required.
  4. Employee training: Annual fraud prevention training is mandated for all employees, with specialized instruction tailored to specific roles. This training encompasses both regulatory requirements and organizational expectations concerning fraud and identity theft.
  5. Collaboration and intelligence sharing: In a concerted effort to stay ahead of emerging fraud trends, BOK Financial actively exchanges information with peer institutions, industry working groups, and law enforcement agencies.

BOK Financial understands the importance of safeguarding our customers and the wider community from fraud. We monitor, detect, and report instances of fraud such as identity theft, vulnerable persons abuse, scams, and check and digital transactional fraud.

  • SASB: FN-CB-510a.2
    The company’s Whistleblower Policy enables anyone to report any suspected illegal or unethical activity without fear of retaliation. The company’s Risk Reporting Hotline is managed by an independent third party and allows 24/7 reporting of concerns about anything that may violate our Standards of Conduct or Code of Ethics. Upon notice of a potential Code of Ethics violation, the Chief Auditor, Chief Risk Officer and Chairman of the Audit Committee are responsible for reporting the matter to the Office of the General Counsel. BOK Financial prohibits intimidation or retaliation against anyone who raises an issue in good faith or assists with an investigation.

  • BOK Financial is committed to detecting and reporting persons engaged in suspicious activity related to financial crimes and fraud. The company complies with all Anti-Money Laundering (AML), Bank Secrecy Act (BSA), OFAC (Office of Foreign Assets Control) and USA PATRIOT Act regulations and aids in providing intelligence to local and federal authorities of activity indicative of a crime.

    Through the following pillars, BOK Financial’s written BSA/AML Policy and Program addresses the ever-changing strategies of money launderers and terrorists who attempt to gain access to the U.S. financial system:

    1. A board-appointed BSA compliance officer: The BSA Compliance Officer coordinates and monitors all aspects of the BSA/AML compliance program and its implementing regulations. The BSA Compliance Officer reports to the company’s Chief Risk Officer.
    2. A system of internal controls: BOK Financial maintains a strong system of internal controls that has been designed to prevent money laundering and terrorist financing, detect and report potentially suspicious transactions, assess risk in an ongoing manner, and monitor customers and transactions for OFAC sanctions.
    3. Independent testing: Annual independent testing evaluates the effectiveness of the BSA/AML program.
    4. Training: BOK Financial provides BSA/AML training to all employees on an annual basis. Training is targeted for specific jobs and covers BSA/AML, OFAC, and USA PATRIOT Act regulations and expectations.

    BOK Financial recognizes the importance of protecting our customers and our communities. We monitor and report instances of suspected human trafficking, elder abuse, proliferation financing, corruption, terrorism, transnational criminal organization activity, drug trafficking, terrorist financing, fraud, and other illicit financial crimes.

  • SASB: FN-CB-230a.2
    The security and privacy risk landscape is constantly changing, and in order to adapt, cyber resiliency is key. We continually invest in our people, process and technology by securing:

    • Clients — Utilizing multi-factor logins, mobile security protection and online fraud detection as well as providing cybersecurity awareness.
    • Our Workforce — Conducting awareness campaigns throughout the year to ensure all employees and contractors understand their responsibilities for protecting and securing data.
    • Computing Environments — Implementing industry-leading cybersecurity technologies and practices whether in the cloud, in our data centers or with our third-party providers.