Principles of Ethical Conduct

The financial services industry is based on the principle of trust, tracing its roots to the founding of the Medici Bank in Florence in 1397. While the industry is rich in history, it does not operate under a uniform series of industry norms grounding the principle of trust, whether prescriptive or principles based. Given the increased focus on industry issues emanating from the Great Recession, it is time for the industry, acting through RMA, to promote Principles of Ethical Conduct. The following principles are intended to encourage honest conduct, fair dealing, proper handling of conflicts of interest, full disclosure and compliance, and the protection of institutions’ legitimate business interests.

The Principles of Ethical Conduct are “rules of reason” as opposed to prescriptive, conduct-based rules written in the imperative. Accordingly, the principles are framed in a discretionary manner through the use of the term “should” rather than the mandatory terms “must” or “shall.” Each person has the discretion to exercise his or her professional judgment. The principles are printed in italics. The comments that follow each principle do not add obligations to the principles but are intended to provide guidance or illustration.

1. You should act with integrity. You should follow all applicable laws, rules, and regulatory orders of every jurisdiction in which your institution operates. You should acquire appropriate knowledge of the requirements relating to your duties to enable you to recognize potential dangers and know when to seek legal or other appropriate advice.

2. You should report wrongdoing. An ethical person does not stand idly by in the face of wrongdoing. You should report any instance of wrongdoing to the appropriate governance forum in accordance with your institution’s escalation procedures.

3. You should be dedicated to serving your institution’s stakeholders. Your institution is dedicated to creating value for its shareholders, who have shown confidence in your institution by investing in it, and to serving its other stakeholders, including clients and regulators that have placed their trust in your institution. You are obligated to enhance and protect your institution’s assets and ensure their efficient use. That means you should vigilantly protect your institution’s tangible, intangible, intellectual, and other proprietary property or information, including trade secrets. In addition, you should use your institution’s assets only for legitimate business purposes.

4. You should not make or solicit any gift or other payment that has an improper purpose under any applicable law, and you should avoid any actual or perceived conflicts of interest and the appearance of impropriety. You should ensure that your private activities and interests do not violate applicable anti-bribery or corruption laws and do not interfere with your responsibilities to, or the interests of, your institution. Many situations may arise where your personal interest may conflict, either actually or in appearance, with the interests of your institution. A conflict of interest occurs when one’s personal interest interferes in any way—or even appears to interfere—with the interests of the institution as a whole. Conflicts of interest can arise when you or a member of your family receives improper personal benefits due to your position at your institution.

5. You should accurately and fairly report and disclose information. You should report all transactions accurately and fairly in all material respects. You should report the existence of any inaccurate or incomplete reports in your institution’s accounting and other records. You should make full, fair, accurate, timely, and understandable disclosures.

6. You should maintain the confidentiality of all proprietary and other nonpublic information about your organization, clients, and other companies. Others must be able to interact with you in the knowledge that the content of their communications and records will be kept confidential and private as appropriate. 

  • You should maintain the confidentiality of information entrusted to you by your institution, its customers, and other third parties, except where disclosure is authorized or required in order to comply with the requirements of any law, regulation, administrative action, or order.
  • You should ensure that you exercise reasonable measures to protect confidential and proprietary information, and you should only disclose information which you reasonably believe to be accurate.
  • You should not use confidential information in violation of the terms under which it was disclosed for any reason, and you should not allow any third party to obtain such information in violation of such terms.
  • You should be aware that the improper acquisition, possession, or use of confidential information of a third party may also be improper and can, under certain circumstances, be illegal: for example, insider trading.
  • If you know or have any reason to know that confidential information was wrongfully obtained from the owner of the information or was obtained from a third party who was under a confidentiality obligation to the owner, you should not use such information.

7. You should compete through fair and honest business practices. You should observe high standards of ethical conduct in all of your dealings and relationships with your institution’s customers, employees, competitors, and markets in which your institution operates. You should compete vigorously and effectively, but fairly, and you should comply with all applicable antitrust laws and other laws and regulations, governing competition and business practices.

8. You should promote a diverse, respectful, inclusive, and collaborative workplace. You should not engage in discriminatory conduct, nor should you engage in unlawful discrimination or harassment, including sexual harassment or the creation of a hostile working environment.

9. You should seek the advice of legal counsel if you are unsure whether any action or omission is illegal or violates your institution’s code of conduct, code of ethics, or applicable policies. It is your responsibility to be informed about the legal and ethical standards pertaining to the appropriate discharge of your responsibilities to your institution and its stakeholders. 

Figure 1

“Conduct Risk” definition

Conduct risk is the risk of loss1 to an institution, or the harm to an institution’s customers or other stakeholders2, resulting from any willful act or omission by 1) an institution’s employee or independent contractor, or 2) an employee or independent contractor of an institution’s affiliate or third party, such as:

  • The offering, giving, receiving, or soliciting of something of value for the purpose of influencing the action of any official or person in the discharge of his or her public or legal duties.
  • The willful failure to comply with, or the willful circumvention of, any applicable law, regulation, or generally accepted industry standard.
  • The willful breach of the institution’s Code of Conduct, including any policy relating to ethics or conflicts of interest.
  • The willful breach of the institution’s policies or procedures or circumvention of any internal control.
  • Any action or omission taken with the intent to deceive any person or to defraud or misappropriate the property of any person.
  • The failure to report in a timely manner any act or omission that may constitute a violation of the Code of Conduct or be illegal or unethical.
  • The willful act or omission to conceal any of the foregoing.
Figure 2


  1. The term “loss” includes damages, amounts paid in settlement, regulatory fines and penalties, and damage to the institution’s reputation.
  2. The term “stakeholders” refers to an institution’s customers, shareholders, employees, affiliates, third parties, and regulators.