Ethical Business Conduct

Raising Issues and
Reporting Violations

Regions encourages and expects all associates to raise ethical concerns about matters such as accounting, internal controls, auditing, discrimination and harassment, as well as report violations or suspected violations of laws or regulations, the Code of Conduct, or other Regions policies or procedures. We offer several channels through which associates and others may raise ethical concerns and report associate misconduct: via the HR Connect online portal, telephone or email; to our Office of Associate Conduct (OAC); or anonymously by calling the Report It! Hotline or submitting a Report It! complaint online.

The Report It! Hotline is a toll-free number that is available 24 hours a day, seven days a week, 365 days a year and is highlighted in multiple annual training courses required to be taken by Regions’ associates. Regions uses an outside third party to receive and catalog Report It! complaints.

Regions does not permit retaliation of any kind for good-faith reports of ethical violations or misconduct of others.

We recognize the important role our customers can play in ensuring we are meeting the obligations of our Code of Conduct. The Regions Centralized Customer Complaint Program is used to identify opportunities to enhance our products, services, and the customer experience. This enterprise-wide program helps us ensure that each individual customer complaint is addressed, and it also allows us to identify complaint trends and areas for improvement.

We value our relationships with associates, customers, vendors and the communities where we work and live. In every interaction, Regions must be regarded as trustworthy, honest and fair. By having a strong Code of Conduct, we demonstrate that do what is right is not just a slogan — it is the way we do business.

The Code of Conduct is designed to provide resources and guidance to help ensure, among other matters, that:

Regions and its associates remain in compliance with all applicable laws and regulations.
Regions is a safe and nondiscriminatory place to work and conduct business.
Confidential and proprietary information is protected.
Inappropriate gifts or favors are not accepted or given.
Conflicts of interest are avoided.

The Code of Conduct is about more than compliance; it is about what is expected of each associate and how we maintain trust with those we serve. Associates are required to complete annual Business Conduct and Ethics training and attest they have read and understand the Code of Conduct. The CHR Committee reviews all revisions to the Code of Conduct annually and receives an annual report on the status of Regions’ ethics objectives.

Allegations of associate misconduct are investigated by the Office of Associate Conduct (OAC), with assistance from other business units as appropriate. The OAC, led by our Associate Conduct Officer, serves as the daily oversight function of all matters involving associate misconduct. The OAC provides balanced consultation and effective solutions on associate conduct matters, and the Associate Conduct Roundtable monitors complaints, trends and emerging issues. Investigations protect confidentiality to the extent possible, and remedial action is taken when appropriate.

Our executive-level Ethics Council is responsible for enforcing Regions’ standards of conduct and considering all potential violations of the Code of Conduct that could have a material effect on Regions, including the Sarbanes-Oxley Act of 2002 and SEC reporting violations, internal insider trading policy violations and matters involving significant Code of Conduct violations by executive-level associates. The Council meets on a quarterly basis, or more frequently if necessary, and provides quarterly reports to the CHR Committee on all matters presented, as well as an annual report regarding the overall status of Regions’ ethics objectives.

Anticompetitive Activities

Antitrust laws prohibit agreements among competitors to restrict competition. Regions strictly prohibits associates from conspiring with any of Regions’ competitors to fix prices, allocate markets and customers, or refuse to deal with particular suppliers or customers. When in contact with Regions’ competitors, associates must avoid discussing how Regions conducts its business.

Whistleblower Protections

All associates must abide by the laws, regulations, and policies impacting the financial services industry, as well as other more broadly applicable federal and state laws and regulations, including employment laws, antitrust laws, privacy laws, insider trading laws, and criminal laws governing fraud, embezzlement, anti-corruption and bribery.

Regions provides multiple channels for associates to file complaints and report suspected violations of the Code of Conduct, potentially suspicious behavior or unlawful or illegal conduct by customers, associates or vendors. Two of these channels, the Report It! Hotline and the Report It! website, are administered by a third party and are available 24 hours a day, seven days a week to enable associates to make reports anonymously. Associates may also anonymously report suspected ethical violations or unlawful or illegal conduct by sending a letter directly to the Associate Conduct Officer.

Regions does not require associates to sign mandatory arbitration agreements as a condition of employment or continued employment and does not require associates to arbitrate claims of discrimination or harassment.

No-Harassment Policy

We are confident that we have a strong, positive culture of respect, which is the product of sound policies and practices; however, we recognize we cannot be complacent. Continuing to maintain a culture of respect will require us to remain focused. We believe our culture is the result of a strong “tone at the top” and efforts to create and maintain a robust, effective risk framework that reflects our values, especially the values to put people first and do what is right. Our Code of Conduct and other written guidelines and policies form the foundation of this framework.

Our No-Harassment Policy, which is applicable to associates, customers, and vendors alike, prohibits any form of harassment based on race, sex, national origin, age, disability, religion, sexual orientation, gender identity, pregnancy, protected veteran status, genetic information or any other characteristic that is protected by applicable law. It defines “sexual harassment” and what conduct is prohibited. This policy states Regions’ commitment to providing a work environment that is free from harassment and that fosters our associates’ ability to devote their full attention and best efforts to their jobs. We encourage associates to report harassment of any kind, and we strive to create a culture that empowers associates to come forward when they feel that one of the safeguards we have sought to establish has been breached.

To address the potential risks presented by a consensual relationship between associates, including the risk of sexual harassment, we also have a Personal Relationships in the Workplace guideline that requires associates to report these relationships and provides that an associate may not occupy a position in the same department as, work directly for, or supervise another associate with whom they are personally involved.

We want our associates to understand what our policies prohibit and to feel comfortable reporting violations. Our policies provide multiple examples of what is prohibited at Regions and give associates different avenues to make a report. Associates are annually assigned “Respect in the Workplace” training as a supplement to our annual “Business Conduct and Ethics” training to ensure associates understand our policies and guidelines, as well as the conduct that is expected of them.

No-Retaliation Policy

Regions considers retaliation to be a serious violation of Company values and the Code of Conduct. Regions prohibits retaliation of any kind for good-faith reports of alleged ethical violations or unlawful or illegal conduct. Regions’ No-Retaliation Policy is set forth in the Code of Conduct as well as in other Company policies.

We want associates to be comfortable reporting potential policy violations, and we protect the confidentiality of complaints we receive to the extent possible. Regardless of the method used to report a complaint, the OAC is notified so that harassment and all other associate misconduct complaints are investigated promptly and fairly. Oversight by the OAC helps ensure that our preventive measures, complaint handling and resolution efforts are effective.

At Regions, do what is right is not just a platitude; it is at the heart of all we do. We believe that our actions have yielded positive results in the form of a culture that reflects our values, and we will continue to review our processes and policies to ensure their effectiveness in reinforcing that culture.

Anti-Bribery and Corruption

Our Code of Conduct prohibits associates from engaging in bribery or corruption of any type. The Code of Conduct expressly prohibits associates from giving gifts to or accepting gifts from government officials. Associates who are offered a gift or other item of value that would result in a violation of Regions’ policies are required to immediately report the incident to the Ethics Program Manager.

Regions also has an Anti-Bribery and Anti-Corruption Officer, who reports through Financial Crimes Risk Management. We instituted an Anti-Bribery and Anti-Corruption Policy, which requires associates to comply fully with all applicable anti-bribery laws, including the Bank Bribery Act and the Foreign Corrupt Practices Act. This Policy, which incorporates the guidance contained in our Code of Conduct, establishes Regions’ requirements to conduct business activity in an honest and ethical manner, with a zero-tolerance approach to bribery and corruption.

Vendor Code of Conduct

In early 2019, we adopted a Vendor Code of Conduct, which reiterates the expectation that vendors in our supply chain adhere to all applicable provisions of our Code of Conduct. The Vendor Code of Conduct also sets forth our expectations for working conditions, human rights, ethical business practices and environmental conservation. At a minimum, Regions requires its vendors and their subcontractors to fully comply with all laws and regulatory requirements applicable to their business activities. We emphasize, however, that we seek to do business with vendors that go beyond legal compliance and help us achieve our commitments to environmental and social objectives.

Learn more about how Regions promotes diversity among its vendors and suppliers here

Human Rights Statement

Honoring and affirming protections for human rights is embodied in our values and mission. Regions’ support of fundamental rights is also reflected in our policies and in our everyday interactions with associates, vendors, customers and the communities where we do business.

We strive to conduct business in a manner that is consistent with fundamental human rights principles, such as those stated in the United Nations’ Universal Declaration of Human Rights and the International Labour Organization’s Declaration on Fundamental Principles and Rights at Work. We are committed to maintaining a work environment where every associate at every level is treated with dignity and respect, free from discrimination and harassment, and can devote their full attention and best efforts to their job. These same standards apply to our interactions with customers and others with which we do business, including vendors, contractors and subcontractors. Regions expects that the entities with which we do business also respect individual human rights and conduct their business operations free from human rights abuses, such as forced or child labor, human trafficking and slavery.

PRINCIPLES GUIDING REGIONS’ ETHICAL USE OF ARTIFICIAL INTELLIGENCE

Regions believes that there are certain aspects of banking that should never change: Trust. Security. Service. Value. Convenience. At the same time, however, banking should constantly evolve in ways that better meet—and even anticipate—people’s needs. One of the ways that Regions is tackling this dual challenge is through investing in, building and using Artificial Intelligence (AI) tools to help ensure a more consistent, efficient and secure banking experience for our customers. We utilize AI solutions to help us perform multiple important functions, like protecting our customers from fraud, connecting customers with the products and services that will best suit their needs and developing an “AI-ready” workforce.

The importance of these resources only underscores the need to use them ethically. Regions makes it a priority to use AI in a manner that is consistent with our values as an organization, and, as a result, the ethical use of AI receives significant attention at Regions. We are committed to strong AI ethics and AI governance; to demonstrate these commitments, we have developed and adhere to core principles that drive our ethical use of AI:

Values. At Regions, we have a set of core values that drive everything we do: put people first, do what is right, focus on your customer, reach higher and enjoy life. We apply these same values to the building and use of AI at Regions by adopting a people-first, technology-second approach. We view AI as one important tool among many options designed to meet customer needs, and we carefully consider the impact on customers before building or using any AI.
Governance. The development and use of AI tools at Regions is well governed. At the starting point, one of our business units identifies a customer need. Then, an analytical team architects a solution, considering AI as one of many potential components thereof. At that point, risk management evaluates any resulting AI tools for privacy, bias, potential risk, mathematical soundness and other considerations. Throughout the process, our builders and users of AI follow clear guidelines on the ethical creation and use of algorithms. A management-level committee provides oversight of the entire AI lifecycle, from development/acquisition to implementation and monitoring. Together, these strong preventative and detective controls help us keep our focus on the customer while improving services.
Rigorous Testing. Regions is committed to rigorous testing of AI tools, whether developed internally or sourced externally. As an initial standard, Regions will abstain from using any AI unless our risk management function can perform rigorous testing and detect transparency in the AI’s decisioning. We take advantage of advancements in the fields of data science and model risk management, leveraging performance and explainability tools and algorithms to provide insight into how the AI makes decisions. Regions tests model design, data, ongoing monitoring, re-tuning and re-training, hyperparameters, edge-cases and limitations, model stability, implementation and multiple other aspects of all AI tools.
Diverse and Inclusive Teams. It is crucial that AI be built in a thoughtful, fair and reliable manner and evolve to be non-discriminatory. Part of how Regions seeks to achieve these aims is by developing diverse and inclusive analytical teams, reflecting the diversity of the communities we serve. These teams provide clear insights into using AI in a manner that offers consistent benefit throughout our customer base. The teams’ work is supplemented by enhanced training, thorough consideration of customer impact, preventative and detective controls and the ability to address potential issues rapidly.
Continuous Learning. Continuous learning is a cornerstone of Regions’ analytical capabilities. Ongoing training opportunities, which are arranged and offered internally by numerous analytical teams, include Data Science Days, Knowledge Cafes, Analytics Advantage Newsletters, Quant Summits and dozens more. One such training, our Regions Analytics Institute, is a 12-week training program that further enhances our associates’ skills at building algorithms with high levels of transparency, explainability and replicability, as well as how to test algorithms and data for bias. More than 50 data scientists at Regions have been trained on building ethical AI algorithms through the Institute. These ongoing learning events track the evolution of technology, complementing Regions’ overall culture of continuous improvement.

AI can be used to uncover insights from data that can greatly benefit our customers. All consumers should expect that this AI is being implemented in a responsible manner. At Regions, we are committed to meeting this expectation and doing what is right for our customers. In that same vein, Regions envisions the evolution of these principles as time and experience prompt the evolution of AI, both at Regions and in the surrounding environment.

Proactive Initiatives to Fight Human Trafficking

Human trafficking is one of the largest criminal industries in the world, and as a financial institution, we play a role in helping to recognize and report suspicious activity. Our efforts span a variety of initiatives. Some are part of our daily operations that monitor unusual banking activity, such as the use of funnel accounts in which a deposit is made in one market and then multiple withdrawals occur in other markets.

Certain of our efforts are specifically designed around combating human trafficking. Knowing how to identify the methods used by traffickers requires specialized training. To better equip our associates on how to spot victims of, and participants in, human trafficking, we have partnered with Hope for Justice, a Nashville-based nonprofit that works to end human trafficking. Over the past two years, more than 400 Regions associates — from the Executive Leadership Team to our Corporate Security and Compliance teams — have completed Hope for Justice training. We also have required training for approximately 8,700 frontline associates in our branches.

In addition, we have worked with a cyber forensics third party to investigate suspicious accounts. This team scours the internet to compile news articles, online advertisements, social media posts and public records, including business licenses and arrest records, into intelligence reports that can be used to further our own internal investigations.

Recognizing the increased risk for human trafficking activity associated with large events, Regions joined with other banks to work with the Deliver Fund, a nonprofit, anti-human trafficking organization, before, during and after the 2019 and 2020 Super Bowls. This partnership enabled participating banks to receive alerts from federal, state and local law enforcement officials to enhance vigilance in efforts to reduce human trafficking activity around these high-profile events.

While uncovering any type of fraudulent financial activity is a critical aspect of our compliance functions, going the extra mile to help combat human trafficking is of particular importance for our compliance team and associates.

Compliance Training

Regions strives to remain a leader in the banking industry, and for us, leadership and learning go hand-in-hand. Continuing education is a critical component of our culture, and we help associates reach higher by providing them with opportunities to learn more about the business of banking; staying aware of the risks Regions faces; and better understanding our responsibilities to protect our customers and comply with laws and regulations.

In addition to job-specific training, we require that associates complete six Mandatory Annual Compliance (MAC) training courses. Additional MAC courses are required for many associates based on their business units, roles and functions. All of Regions’ MAC online courses are revised in response to regulatory changes, industry events, and evolving risks. Completion of MAC training is a condition of continued employment at Regions; new hires must complete this training within 30 calendar days of their start date, and then again annually. In 2019, Regions associates completed 238,337 total hours of MAC training.

The following course descriptions provide the major topics contained within the six MAC courses required of every Regions associate.

Business Conduct and Ethics emphasizes every associate’s responsibility and accountability in the areas of conflicts of interest, insider trading/insider information, incentive program ethics, fair and consistent treatment and discrimination and harassment prevention. Associates are also required to certify that they have read and understand the Regions Code of Conduct and the General Policy on Insider Trading.

Fair and Responsible Banking explains the importance of providing Regions’ customers with a fair and responsible banking experience, including, among other things, fair billing. Associates are provided with the tools to identify and apply key aspects of fair and responsible banking regulations and policies and to understand their effects on Regions and our customers. The course also provides guidelines for avoiding discrimination and unfair, deceptive or abusive acts or practices and for properly reporting customer complaints through the Centralized Customer Complaint Database.

Fundamentals of Risk Management reminds associates how sound risk management affects our ability to serve our customers and protect Regions. The course explains the three lines of defense concept, the importance of a strong risk culture and how shared value helps build that culture.

Financial Crimes Corporate Bank Secrecy Act/Anti-Money Laundering (BSA/AML) and Office of Foreign Assets Control (OFAC) Compliance covers the purpose of the BSA, the USA PATRIOT Act and Customer Due Diligence requirements as they relate to recognizing, reporting and reducing money laundering and other financial crimes. In addition, the course covers OFAC’s requirements, how to comply with OFAC and Regions’ OFAC compliance strategy.

Information Security provides associates with training and information on Regions’ information security and protection strategy. The course explains user identification and passwords, personal computers, mainframe, e-mail, internet and intranet, remote access and business recovery.

Privacy explains Regions’ Privacy Pledge and when to provide it to our customers, as well as the associate’s responsibilities related to customer data privacy and security preferences, which includes how and when we communicate with consumers. In addition, this course discusses the red flags for potential identity theft and appropriate associate responses.