Pursuant to their mandate in the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (“Dodd-Frank”), six federal agencies issued a final interagency Policy Statement on establishing joint standards for assessing the diversity policies and practices of the entities they regulate. The Policy Statement became effective upon its publication in the Federal Register on June 10, 2015. The agencies—the Federal Reserve Board, Consumer Financial Protection Bureau (CFPB), Federal Deposit Insurance Corporation (FDIC), National Credit Union Administration (NCUA), Office of the Comptroller of the Currency (OCC) and Securities and Exchange Commission (SEC) (collectively, the “agencies”)—had released proposed standards in 2013 in connection with Dodd-Frank. The agencies are requesting public comments on the information collection aspects of the final joint standards, which are due within 60 days of publication in the Federal Register (August 10, 2015).

Despite the clarification in the Policy Statement that the new standards are “voluntary,” use of the standards will be strongly encouraged by the agencies, and compliance will be viewed favorably both by the public and regulating agencies. Entities regulated by one or more of the agencies, particularly those with agency contracts, should review their current practices on diversity and inclusion, or consider implementing such a policy if one doesn’t exist, in light of the new Policy Statement. Regulated entities should also review their vendor management programs to ensure that their vendors similarly have robust diversity and inclusion programs. As programs are developed, regulated entities should, of course, consider legal issues relating to the structure of such programs and risks associated with employment decisions and the use and assessment of metrics and data encouraged by the Policy Statement.

Background

The stated goal of Section 342 of Dodd-Frank is to ensure “the fair inclusion and utilization of minorities, women, and minority-owned and women-owned businesses in all business and activities of the agency at all levels, including in procurement, insurance, and all types of contracts.”[1] In order to realize this goal, Dodd-Frank requires each of the agencies to establish an Office of Minority and Women Inclusion (OMWI), which will be responsible for “all matters [pertaining] to diversity in management, employment, and business activities.”[2] Each OMWI director is then tasked with developing standards and practices in three key areas: (1) the employment practices of the agency; (2) the diversity policies and practices of the entities with which each agency contracts; and (3) the diversity policies and practices of the entities that the agencies regulate.[3] The Policy Statement is an effort by the agencies to comply with this third mandate for the entities each agency regulates.

The 2013 proposed standards focused on voluntary self-assessments and public disclosure and awareness of the self-assessments, which would allow for regulated entities and the public to better understand and evaluate “diversity policies and practices.” Notably, however, neither Dodd-Frank nor the proposed standards provided definitions of “diversity” or “diversity policies,” nor did they provide the criteria the agencies should use to assess the entities they regulate or prescribe remedial measures if an entity’s diversity policies are found to be deficient.

This final Policy Statement describing best practices is the result of the agencies’ 2013 proposed standards,[4] followed by extensive discussions with industry groups, financial professionals, consumer advocates and community representatives regarding the effectiveness and deficiencies of existing diversity policies and programs and the issues confronting minorities and women in gaining employment and other business opportunities within the financial services industry.

Joint Standards

In response to concerns about the lack of a definition of “diversity,” the Policy Statement provides that diversity refers to “minorities … and women.” “Minority” is then defined as “Black Americans, Native Americans, Hispanic Americans, and Asian Americans,” consistent with the definition in Section 342(g)(3) of Dodd-Frank. The Policy Statement also provides some flexibility for companies in that the definition “does not preclude an entity from using a broader definition with regard to these standards.” This expansive language was meant to allow entities to include persons with disabilities, veterans and lesbian/gay/bisexual/transgender (LGBT) individuals or the categories referenced by the Equal Employment Opportunity Commission (EEOC) in its EEO-1 report.

The Policy Statement also adopts the Government Accountability Office’s (GAO) definition of “diversity management” as its new definition of “inclusion,” meaning a process “to create and maintain a positive work environment that values individuals’ similarities and differences, so that all can reach their potential and maximize their contributions to an organization.”[5] This definition provides a broad and flexible approach for private employers to guide updates to existing policies and programs.

The agencies continued to highlight the same four key areas discussed in the proposed standards that may be included in an assessment of the diversity policies and practices of regulated entities, but they tried to address many of the concerns raised in the comments. In addition, there is now a fifth standard specifically on self-assessment. 

Organization commitment to diversity and inclusion

The Policy Statement emphasizes that a regulated entity’s commitment to diversity and inclusion needs to be embedded throughout the organization, including the highest levels of management. In this regard, the Policy Statement suggests the following: (1) the entity should include diversity and inclusion considerations in its strategic plan, especially with respect to hiring, recruiting, retention and promotion; (2) senior leadership should approve and support a diversity and inclusion policy and receive regular progress reports; (3) the entity should conduct regular trainings and educational programs on equal employment opportunity, diversity and inclusion; (4) senior officials should have dedicated resources to oversee and direct the diversity efforts of the entity, including the appointment of a senior level official dedicated to diversity and inclusion efforts; and (5) the entity should take proactive steps to maintain a diverse pool of candidates for hiring, recruiting, retention and promotion, including in its more senior levels. In addition, the Policy Statement added that the senior official responsible for an entity’s diversity and inclusion efforts preferably should have relevant knowledge and experience.

Workforce profile and employment practices

In assessing a regulated entity’s workforce profile and employment practices, the Policy Statement suggests that a regulated entity should address whether: (1) it effectively implements compliant policies and practices on workforce diversity and inclusion; (2) it ensures equal employment opportunities for all current and prospective employees and integrates diversity considerations into its process of looking towards future employment and leadership needs; (3) the policies and practices of the entity create diverse pools of applicants by reaching out to organizations and educational institutions that serve large minority and women populations; (4) the entity uses qualitative and quantitative metrics, such as those contained in annual EEO-1 Reports or Affirmative Action Plans regulated by the Office of Federal Contract Compliance Programs (OFCCP), to evaluate and assess workforce diversity and inclusion efforts; and (5) the entity holds management accountable for diversity and inclusion efforts. For those companies that find the EEO-1 data to be too narrow and limited, the Policy Statement encourages use of other analytical tools that might be more useful given perhaps a broader definition of diversity or a large workforce.

Procurement and business practices—supplier diversity

In assessing a regulated entity’s procurement and business practices, the Policy Statement suggests that an entity should address whether the entity maintains a supplier diversity policy that attempts to provide a fair opportunity for minority- and women-owned businesses to compete in the procurement of business and services, the entity evaluates its supplier diversity through metrics and analytics if possible and it promotes a diverse supplier pool by reaching out to minority- and women-owned contractors or organizations of such contractors and publicizing procurement opportunities. These standards for policies and practices in this regard are the same as those contained in the earlier proposed standards, without substantive changes; however, the agencies clarified that there are no quantifiable targets for supplier diversity.

Practices to promote transparency of organizational diversity and inclusion

The Policy Statement suggests annual publication of the regulated entity’s commitment to diversity and inclusion on its website, which may include the entity’s diversity and inclusion strategic plan and policy on its commitment to diversity and inclusion, its progress toward achieving diversity and inclusion among its employees and suppliers, and opportunities that are available at the entity that promote diversity, which may include current and anticipated employment and procurement opportunities as well as the availability and use of mentorships and developmental programs for employees and suppliers. Despite numerous concerns raised about this topic by companies wishing to avoid publishing such information publicly, the agencies have decided to implement the earlier proposed standards that encourage transparency of diversity and inclusion policies without any material changes.

Entities’ self-assessment

The Policy Statement, incorporating the model self-assessment concepts from the proposed standards, explains that the regulated entity should use the standards to perform a self-assessment of its policies and practices, monitor and evaluate its performance under its policies and practices, disclose the self-assessment and other relevant information to the OMWI of the appropriate agency regulating the entity and share with the public its efforts to comply with the standards. The agencies also clarified that entities should be performing self-assessments annually and monitoring and evaluating their performance on an ongoing basis.

Collection of Information

The agencies are still seeking public comment on the collection of information relating to the fourth and fifth standards. Specifically, the agencies invite comment on whether the information collection will have practical utility and is necessary for the proper performance of the agencies’ functions; the accuracy of the agencies’ estimate of the anticipated burden on regulated entities to comply; ways to enhance the quality, utility and clarity of the information proposed to be collected; ways to minimize the burden on regulated entities, including through the use of automated collection or other technology; and estimated costs of compliance to provide information. Comments are due on or before August 10, 2015.

Impact on Regulated Entities

In addition to finalizing the standards themselves, in the Policy Statement the agencies responded to concerns about the intended legal effect of the Policy Statement, clarifying that “[i]t does not create new legal obligations” and that “[u]se of the Standards by a regulated entity is voluntary.” This includes the standards for annual disclosures of self-assessments to the agencies and the general public. The standards are therefore written as aspirational best practices, rather than using mandatory “must” or “shall” language.

While compliance with the standards is not mandatory, regulated entities should still be aware that the agencies have the authority to examine their regulated entities pursuant to these standards. This authority also extends to vendors of regulated entities, such that regulated entities should ensure they have a robust vendor management program in place.

Moreover, for those entities with agency contracts, Section 342 of Dodd-Frank gives the OMWI directors the additional power to make a referral to the agency administrator that an agency contractor has not made a good-faith effort to include minorities and women in its workforce. Such a referral could result in the contractor having its relationship with the agency terminated.[6] This section of Dodd-Frank is not directly addressed in the Policy Statement but is applicable to “all contracts of an agency for services of any kind” under Dodd-Frank and thus has a broad reach, though it appears only to apply to agency contractors and subcontractors, not all regulated entities.[7] 

Alston & Bird Observations

Despite the clarification in the Policy Statement that the new standards are “voluntary,” use of the standards will be strongly encouraged, and compliance will be viewed favorably both by the public and regulating agencies. As a result, employers regulated by one or more of the agencies would be well-advised to implement a thorough and serious policy and program to promote diversity and inclusion and to ensure that the policy is used and followed in actual practice. While many companies likely already have some diversity-related policies in place, an important first step in implementing the new standards will be for companies to reexamine their policies, procedures and programs by defining the type of “diversity” they wish to encourage and cultivate for their particular businesses. This will help to lay the foundation for policies and procedures to better achieve their stated goals and to put companies in a better position to assess their future progress and success. It will also provide meaningful context for any public disclosure implemented to comply with the goals of the final interagency standards. Finally, companies should embrace the flexibility of the standards being “voluntary” in determining what kinds of information to disclose publicly, with a focus on creating a positive effect on consumer and regulatory relations.

The Policy Statement continues to emphasize “metrics,” as the agencies “believe that quantitative data is valuable for evaluating diversity and inclusion.” When considering whether and how to use metrics as a part of diversity efforts, companies must bear in mind that, as a practical matter, simple numeric diversity does not necessarily ensure effective inclusion of individual viewpoints or improved business performance. It is therefore important for companies to identify at the outset the intended purpose of collecting and analyzing diversity metrics and to ensure that their data collection and analysis policies and practices remain consistent with those objectives.

Companies should also be mindful of the legal risks associated with collecting diversity-related data and performing assessments of such data or other diversity program results. Assessing diversity metrics inevitably requires collection of data not otherwise required to be developed or maintained, and such data can create substantial risk of employment discrimination claims, particularly when the data is not collected in a complete, accurate and thoughtful way. Such data and self-assessment results can become key evidence used by plaintiffs and enforcement agencies in such claims. As a result, companies should work with counsel to decide whether to use such metrics, which data and metrics to collect, how to perform any self-assessment and whether or how to document the results of any self-assessment. Companies also should involve counsel to ensure that data is collected and maintained in an appropriate and accurate manner and to establish processes for compiling and reviewing metrics and self-assessments under the protection of the attorney-client privilege. Additionally, companies should be careful to avoid making any specific employment decisions on the basis of any protected characteristic (such as race or gender), as it is unlawful to make decisions on such bases, even if the decision favors minority or other “protected” candidates. Similarly, companies may not use hiring or promotion quotas and should not set standards in such a way that they may be interpreted as quotas or as encouraging hiring or promotion based upon race, gender or other protected characteristics. Put another way, notwithstanding a company’s efforts to increase diversity, it must still make employment decisions solely on the basis of legitimate, nondiscriminatory factors.