Corporate governance & risk management

We are committed to the highest standards of ethical and professional conduct for all Commerce team members, officers, directors and suppliers. We believe governance is a shared responsibility and that we all have a role in protecting sensitive information, maintaining ethical practices, and complying with laws and regulations. To make our corporate governance policies actionable for team members, we maintain the following practices:

• Complaint review: We collect and review complaints from across the company to identify areas where we can improve and mitigate further challenges for customers.
• Anonymous tip line: Team members are encouraged to report any unethical, illegal or unsafe behavior through our secure, anonymous 24-hour phone line maintained by a third-party vendor.
• Consistent, up-to-date training sessions: Training owners review and update their training curriculum each year to incorporate new topics and ensure materials are as up to date as possible.

The Commerce Bancshares, Inc. Board of Directors guides and oversees our strategic decision-making and initiatives. To assist with this oversight, the Board operates and oversees several committees, including the Compensation and Human Resources Committee, the Committee on Governance/Directors, and the Audit and Risk Committee. These committees meet regularly and report updates to the Board to help guide our company’s strategic direction.

You can review the Compensation and Human Resources Committee Charter^[PDF], the Committee on Governance/Directors Charter^[PDF] and the Audit and Risk Committee Charter^[PDF] on our website.

We work diligently to prioritize risk mitigation while serving the needs of our stakeholders in order to continually earn their trust and build long-term value. Our corporate governance standards help ensure compliance with laws and regulations, and we proactively address potential sources of risk to help prevent issues.

For the full overview of our risk management practices, please visit the corresponding section in the latest Commerce Bancshares, Inc. Environmental, Social and Governance Report^[PDF]

Our Policy Management Program

Along with our defined risk governance structure, Commerce has adopted a Policy Management Program. We maintain risk management policies^[PDF] to address liability exposure arising from the company’s activities. Many of these policies are regularly reviewed and approved by the Audit and Risk Committee while others are overseen by the Enterprise Risk Management Committee or one of the other specialized risk committees.

Employee training

All Commerce teammates play a part in the effective management of risk, particularly within the scope of their respective roles and responsibilities. Teammates are required to complete training on a comprehensive list of topics^[PDF] to increase their level of risk awareness on many risk-related policies and topics.

At Commerce, we uphold our responsibility to ensure that Commerce team members are not subjected to unlawful discrimination and/or harassment in any term or condition of employment on the basis of a protected status, which we define as race, color, ancestry, ethnicity, gender, gender identity, gender expression, sex, sexual orientation, disability (including physical or mental handicap), age, veteran status, military status, national origin, religion, pregnancy status, genetic information or any other status protected by applicable federal, state or local law.

Further, the goal at Commerce is to ensure that conduct never reaches the level of unlawful behavior. Accordingly, Commerce prohibits conduct that is inconsistent with our values, whether or not that conduct violates the law. We believe that preventing discrimination is the responsibility of every Commerce team member. Commerce prohibits any unwelcome verbal or physical conduct that maligns or shows hostility or aversion toward a team member because of their protected status. This prohibition applies to all individuals who work for or with Commerce, including officers, managers, supervisors, team members, clients, customers, vendors or suppliers.

Any team member who has a question, concern, or complaint of discrimination or harassment based on a protected status is encouraged to bring the matter to the immediate attention of their management team, the Commerce Bancshares Legal Department, or company management through the anonymous tip line.

Protecting team members from retaliation

Commerce will not retaliate against any individual who in good faith makes a report or complaint. We prohibit retaliation against a team member (as well as those with whom the team member is closely associated) for reporting discrimination or harassment, assisting in making a discrimination or harassment complaint, or cooperating in a discrimination or harassment investigation. No employee, officer or director will be penalized, retaliated against or be made subject to any corrective action as the result of good faith reporting of suspected violations of the Code of Ethics.

As a financial institution, we take our role as stewards of sensitive information very seriously. Commerce has adopted comprehensive information security and data privacy policies, aligned with the National Institute of Standards and Technology and International Organization for Standardization (ISO) standards. We regularly measure our security program’s performance against industry benchmarks. Our security governance framework includes a dedicated information security program detailed in our Environmental, Social and Governance Report^[PDF].

Educating our customers

We believe customers are a first line of defense against security risks. Customers are educated on security concerns so that they are better able to identify and avoid fraud and identity theft. They are encouraged to report phishing or other fraud concerns to the bank.

Protecting customers’ privacy

The security of our customers’ information is a top priority. We continually improve our security policies, standards, reviews and testing to help ensure customers’ personal information and accounts are protected.

The Commerce Privacy Statement serves as a standard for all team members for the collection, use, retention and security of nonpublic personal information and tells customers how they may limit use of their information by Commerce.

Employee training and testing

All Commerce employees are required to take regular training on privacy standards and information security. In addition, we conduct quarterly phishing campaigns to test and educate all employees on how to spot phishing attacks and to measure the effectiveness of our training program.

How we defend against fraud

Today, security threats are ever-increasing in number and sophistication. Getting ahead of emerging fraud schemes is a priority for us. We annually evaluate all applications, databases, information technology infrastructure, service providers and business units that handle sensitive information as part of our information security risk assessment. We also assess any new applications, infrastructure components and service providers before they are integrated with our existing systems.

Commerce contractually requires all service providers, contractors, subcontractors or other third parties that process, transmit, access, or store company or customer data to be in compliance with all applicable laws and to comply with all relevant company policies (including, but not limited to, retention, encryption, transmission and application security policies) and safeguards.

Commerce and its Board of Directors believe diversity of perspective is crucial to doing our best work for our customers and communities. We believe diversity of perspective strengthens our ability to provide long-term value for all our shareholders. Accordingly, Board diversity — including diversity with respect to race, ethnicity, gender, geography and areas of specialty — is an integral component in selecting nominees for Board consideration.

In order to attract and retain top performers, Commerce aims to provide a total compensation program that is competitive in the markets where we operate. We aim to:

• Align the interests of our executive officers with the long-term interests of our shareholders
• Provide reward systems that are credible, consistent with our core values and appropriately structured not to encourage undue risk
• Reward individuals for results rather than seniority, tenure or other forms of entitlement

For more information on executive compensation, please see our Proxy Statement.

Commerce must remain operational, regardless of any event that may affect the company’s team members, facilities or infrastructure. Should operations be threatened by a business disruption, the Business Continuity Management (BCM) program^[PDF] helps to ensure the company’s preparedness and efficient response to maintain operations. The BCM team does this by regularly conducting extensive planning processes to identify risks and proactively take actions to eliminate or mitigate the potential impact of those risks.