Introduction
The attached document sets out a series of corporate governance principles (including the commentary, collectively, the “Guiding Principles”) that the Bank Policy Institute (“BPI”) believes will be useful for U.S. banking organizations to consider in structuring the manner in which the board of directors of the consolidated bank holding company (the “BHC”) carries out its oversight responsibilities.[1] These Guiding Principles were initially published by BPI’s predecessor, The Clearing House Association, in June 2012 and later updated in 2015 with a view to revising them periodically to reflect changes in law, regulation and practice. In 2016, The Clearing House Association also published “The Role of the Board of Directors in Promoting Effective Governance and Safety and Soundness for Large U.S. Banking Organizations” (the “2016 Publication”) to provide further guidance on the core duties of BHC boards.[2] The 2016 Publication also identified hundreds of requirements directed at boards of directors under U.S. federal banking laws, regulations and agency guidance, including examination guidance. This 2021 edition of the Guiding Principles updates the 2015 edition and incorporates concepts from the 2016 Publication. For a more complete list of updates, please refer to Annex A.
These Guiding Principles are structured as a set of general principles, supplemented by commentary.
The commentary includes considerations that banking organizations may want to take into account to determine the manner in which they will implement these Guiding Principles, as well as references to relevant statutes, regulations, case law, supervisory guidance and other source material. The commentary also references academic and supervisory views and various recommendations on corporate governance practices and principles but, unless otherwise noted, BPI is not endorsing the position of these commentators.
Corporate governance in this context refers to the relationships among the board of directors, management, shareholders, and other stakeholders and their respective roles and responsibilities, with a focus on issues unique to banking organizations. In developing these principles, BPI considered the collective experience of the BHC governance professionals who are members of BPI.
Bank holding companies are subject to state laws on corporate governance practices. Additionally, specific to the banking industry, the standards and expectations of bank regulators are expressed in the form of regulations and supervisory guidance (issued both broadly through manuals and publications and specifically in the course of an organization’s own supervisory discussions and reports). Supervisory guidance from bank regulators, in contrast to actual law, rules and regulations, is not binding, and regulators should not criticize or initiate an enforcement action against a banking organization for failure to follow such guidance.[3] When referring to regulatory pronouncements, commentary to these Guiding Principles reflects this distinction between binding laws and regulations, which set “requirements,” and non-binding supervisory guidance, which provides “expectations” or “recommendations.” Nonetheless, banking organizations should consider supervisory guidance carefully in light of their particular businesses and circumstances and the context in which the guidance is provided. Furthermore, although regulations and supervisory guidance about corporate governance at the bank level are not directly applicable for bank holding companies, they often can provide important guidance for the boards of bank holding companies.
Each banking organization and its board of directors should have the ultimate flexibility in developing its own governance practices that are tailored to the banking organization’s strategic objectives, plans, businesses and circumstances. These Guiding Principles are intended to help guide BHCs as they address corporate governance issues, but are not designed to be prescriptive or to set minimum requirements or best practices applicable to all banking organizations. Each banking organization must tailor its governance practices as it deems appropriate for its own situation. Within that context, any number of individual principles may, in whole or in part, be of less significance or may require adaptation with respect to a particular banking organization.
BPI believes that it is important to bear in mind that corporate governance structures and practices facilitate, rather than determine, effective corporate governance. Significant governance failures can occur, and have occurred, even in a context of well-documented and rigorous formal governance policies and structures. Although well-designed corporate governance structures are necessary, they are not sufficient—ultimately, effective corporate governance is determined by the quality, skills, expertise and judgment, individually and collectively, of the members of the board and the management of the banking organization, and the culture of objective and informed oversight, director and management integrity, ethical behavior and performance that those individuals foster. These Guiding Principles should be read and applied in accordance with this fundamental understanding. In addition, it must be recognized that the skills and experience of members of the board appropriate for an institution will vary based on considerations such as an institution’s size, business model, scope of operations, risk profile, and other characteristics that may change over time.
A central tenet of good corporate governance is the distinction between the board’s responsibility for oversight of the business and affairs of the BHC and the board’s delegation to management of the responsibility for the day-to-day operations of the BHC. Absent extraordinary circumstances, the board should not involve itself in day-to-day operations, as this likely will reduce efficiency, impair the board’s ability to perform its critical oversight role objectively, and create uncertainty as to roles and responsibilities. Indeed, excessive board involvement in the day-to-day affairs of a banking organization could compromise the board’s independence and its ability to discharge its fiduciary duties, which is a hallmark of sound corporate governance. Similarly, holding directors accountable based on an after-the-fact hindsight assessment of board oversight is in tension with the principles-based approach to corporate governance and the oversight role and core oversight responsibilities of the board,[4]and is contrary to the state law principle that decisions by the board should not be second-guessed. Over the past five years, U.S. regulators have increasingly acknowledged the need for the board to return to a focus on core oversight functions and top-tier strategies (i.e., to move away from devoting substantial time and effort to fulfilling granular supervisory expectations and requirements that, in practice, conflate the roles of the board and management),[5]although this acknowledgement remains to be consistently reflected in the specific language of regulatory pronouncements. BPI agrees with the regulators’ approach to align supervisory expectations with core board functions and supports reflecting this alignment in examinations and supervisory practices. The revised Section 4 in this 2021 edition of the Guiding Principles incorporates concepts from the 2016 Publication and focuses on only those core functions of the board that are fundamental to the safe and sound operation of a banking organization.
The typical structure contemplated by BPI in these Guiding Principles is that of a top-tier public holding company with one or more wholly owned subsidiary banks (and typically non-bank subsidiaries). BPI generally designed these Guiding Principles to be applicable to a banking organization as a whole, but with the understanding that the interplay between the holding company and the subsidiary bank(s) will vary from organization to organization, and that an identical corporate governance approach often will not apply to both a public holding company and a wholly owned subsidiary. In particular, the governance structure of a holding company organization should reflect the critical responsibility of the board of directors of the subsidiary bank to protect the safety and soundness of the bank.
Generally speaking, it should be acceptable for entity-level risk and control functions (including at bank subsidiaries) to be part of an enterprise-wide risk management structure managed at the parent company level, and generally overseen by the parent company board. However, this is the case only to the extent that the system provides for necessary entity-level legal and safety/soundness considerations and board involvement. Although banking organizations should be allowed the flexibility to integrate and coordinate the oversight of risk management within an enterprise-wide structure, it remains critical that boards at the subsidiary level remain cognizant of entity-level considerations. Where the parent company framework is adequate for the subsidiary and the framework allows for the consideration by subsidiary boards of entity-level concerns, any mandating of duplicative structures can create administrative distraction and inefficiency, as well as confusion, and subvert enterprise-wide risk management.
The 2021 edition of the Guiding Principles has been refocused on matters that are of unique relevance for the boards of banking organizations in discharging their oversight duties (e.g., the important role that boards play in overseeing banking organizations’ liquidity risks, capital, recovery and resolution planning, and meeting expectations of prudential supervision). However, the bedrock principles of corporate law that apply to boards of large companies should continue to apply to boards of banking organizations. For example, the same overarching fiduciary duties should guide the boards’ consideration of issues relating to strategy and emerging risks, technological transformation, cybersecurity, management of general operational risks, regulatory compliance and the safety and soundness of the banking organization.
Moreover, even in times of crisis or emergency such as the COVID-19 pandemic, boards continue to have the same overarching fiduciary duties even though discharging those duties may require increased frequency of board meetings and enhanced oversight of management’s response to the crisis.[6] Boards, for example, have been taking steps as appropriate to become satisfied that management has adequately evaluated the growing challenges presented by COVID-19 for business lines of the banking organization and third party bank vendors, including adjusting controls in the context of switching from in-person to remote operations, as well as the financial impact on several sectors of the economy. In addition, where and as appropriate, boards have been asking questions of management, and receiving updates, on the banking organization’s participation in, and risks relating to, emergency lending programs. At the same time, many boards have adapted and modified board practices under the circumstances of the pandemic, including implementing telephonic and/or electronic board meetings to reduce logistical constraints and health risks associated with in-person meetings.[7]
This updated exposure draft of these Guiding Principles was published for public comment in.
BPI recognizes that governance practices are not immutable. Although the distinction between the role of the board versus that of management remains a core precept for effective governance, governance practices evolve over time in response to market and industry practice, the regulatory and supervisory environment and the collective experiences of market participants. BPI expects to continue to revisit these Guiding Principles from time to time to assess whether further changes or updates are appropriate. Readers of these Guiding Principles should bear in mind that this document speaks as of its date and should consider the impact of any subsequent developments.
These Guiding Principles were prepared under the auspices of BPI’s Corporate Governance Committee with the assistance of BPI’s special counsel, Sullivan & Cromwell LLP.
[1] These Guiding Principles are principally designed for U.S. banking organizations because non-U.S. banking organizations (including their U.S. subsidiaries and other U.S. operations) are generally subject to a different set of governing laws, regulations and relationships presenting certain unique issues and considerations not addressed in these Guiding Principles.
[2] The 2016 Publication is available at https://www.theclearinghouse.org/-/media/action%20line/documents/volume%20vii/tch_report_the-role-of-the-board-of-directors-in-promoting-governance.pdf.
[3] Interagency Statement Clarifying the Role of Supervisory Guidance (September 11, 2018) (affirming that supervisory guidance should not have the force of law); OCC, Federal Reserve System, FDIC, NCUA & CFPB, Role of Supervisory Guidance, 85 Fed. Reg. 70,512 (Nov. 5, 2020). BPI continues to recommend that the agencies take steps to modify existing guidance as and where necessary to avoid suggesting that guidance has the force of law. For example, a reference to guidance in the text of a rule could create ambiguity as to the legal status of any expectations articulated in such guidance. E.g., 12 C.F.R. § 7.2010 (“The board of directors should refer to OCC published guidance for additional information regarding responsibilities of directors.”). The OCC recently clarified that 12 C.F.R. § 7.2010 “only refers boards of directors to OCC guidance for additional information and does not suggest that guidance has the force of law.” OCC, Activities and Operations of National Banks and Federal Savings Associations, 85 Fed. Reg. 83,686 (Dec. 22, 2020).
[4] The Model Business Corporation Act (May 2019 Revisions), Official Comment to §8.31 (“Boards of directors and corporate managers make numerous decisions that involve the balancing of risks and benefits for the enterprise. Although some decisions turn out to have been unwise or the result of a mistake of judgment, it is not reasonable to impose liability for an informed decision made in good faith which with the benefit of hindsight turns out to be wrong or unwise. Therefore, as a general rule, a director is not exposed to personal liability for injury or damage caused by an unwise decision and conduct conforming with the standards of section 8.30 [which describes processes in oversight efforts and decision-making] will almost always be protected regardless of the end result.”); In re Citigroup Inc. Shareholder Derivative Litig., 964 A.2d 106, 131 (Del. Ch. 2009) (“Oversight duties under Delaware law are not designed to subject directors, even expert directors, to personal liability for failure to predict the future and to properly evaluate business risk.”).
[5] E.g., Federal Reserve System, Proposed Guidance on Supervisory Expectation for Boards of Directors, 82 Fed. Reg. 37,219 (August 9, 2017) (“Board Effectiveness Proposal”). Annex C contains a list of the Federal Reserve supervisory guidance identified in the Board Effectiveness Proposal as being considered for possible rescission or revision. BPI continues to support the Federal Reserve Board’s efforts to review all existing supervisory expectations and regulatory requirements relating to boards of directors and rescind or revise those that do not relate to the board’s core responsibilities or are not aligned with the Federal Reserve Board’s supervisory framework. These efforts are consistent with BPI’s approach of periodically revising these Guiding Principles to reflect changes in law, regulation and practice. Just as these Guiding Principles evolve, so too should guidance and regulations. We accordingly encourage the other banking agencies to review and, as appropriate, rescind or revise their guidance and regulations on corporate governance matters. In addition to addressing their guidance, BPI also recommends that the agencies review and revise their approach to allocating responsibilities to the board and management in enforcement actions. Enforcement actions often provide for a board to be inappropriately and granularly involved in remediation projects, which, like much existing guidance, does not appropriately reflect the distinct oversight role of a board.
[6] It is the same level of duties as described in greater detail in Section 4.
[7] See Section 11 (discussing board remote meetings).
