Under pressure from its U.S. regulator, Bank of America has shifted its compliance group from its legal department to its risk oversight group, a source familiar with the matter said.
The move comes as federal regulators have warned big banks to adopt more ethical internal cultures or they could be broken up to make them easier to manage.
Officials with the Office of the Comptroller of the Currency (OCC), which in September finalized "heightened expectations" guidelines for the way large banks manage their risks, discussed the matter with Bank of America officials in December.
Soon after that meeting, the bank decided to switch its compliance group to the risk control area, said the source, who spoke on condition of anonymity citing a lack of authorization to speak publicly on the matter.
The OCC pressed for the move out of a belief that the legal group was focused on minimizing the application of rules, the source said.
Bank of America spokesman Dan Frahm said that it had combined compliance and risk to align all risk management oversight under the bank's Chief Risk Officer Geoffrey Greener.
He said it was part of the bank's efforts to simplify how it operates after largely resolving legacy issues related to the financial crisis.
An OCC spokesman said the regulator does "not talk about the supervision of specific institutions."
A former OCC official said that over the past few years, there has been a shift in thinking in favor of compliance as a risk-management rather than legal responsibility and that this is reflected in the heightened expectations guidelines.
Compliance departments in financial services companies are generally responsible for ensuring that their institutions follow all the laws and regulations that pertain to their business, and serve as a primary contact with regulators. Risk units are responsible for ensuring an institution operates within its established tolerance for financial and other risks.
The OCC's guidelines specify compliance risk as a key function, but do not mandate putting compliance departments in the risk function. The OCC has power to enforce the guidelines.