Providing Steady Stewardship: Guiding Principles for Bank Board Oversight

The COVID-19 pandemic has produced a range of challenges for bank boards to consider, not in the least paradigm shifts underlying business models and operational transformations to adjust to a remote working environment.  For directors, an effective response to these challenges begins with an understanding of core principles of board governance.  Importantly, these principles should largely endure over time regardless of the circumstances.

During the crisis, bank boards have been taking steps to satisfy themselves that management has adequately evaluated the growing challenges presented by COVID-19 for the bank’s business lines. These challenges include the need to adjust controls for the switch from in-person to remote operations, and to consider the financial hardship experienced by important sectors of the economy from the bank’s perspective.  Also, boards have been asking questions of management and receiving updates on their bank’s participation in and risks relating to emergency lending programs.

While bank boards are appropriately expected to be actively engaged in oversight, there are risks involved with a “bring everything to the board” mentality that tends to take hold in a period of crisis, including distraction from critical strategic and risk-related analysis and board oversight.  Providing the board timely, well-presented and understandable information that relates to critical issues (e.g., information that sheds light on emerging risks or future changes to the business that may materially impact the overall risk profile of the institution) is a precept of effective governance that becomes particularly important where the risk landscape changes rapidly. 

As part of an effort to help clarify responsibilities for bank boards, the Bank Policy Institute has issued an updated “exposure draft” version of its Guiding Principles for Enhancing U.S. Banking Organization Corporate Governance.  The Guiding Principles, originally issued by BPI’s predecessor, The Clearing House Association, in 2012 and then most recently updated in 2015, reflects regulatory developments over the past five years and incorporates further commentary on governance practices and trends.  The focus of the Guiding Principles continues to be the intersection of bank board governance and regulation.[1]  The document provides a governance framework and several recommendations for consideration as bank boards continue to oversee new forms of risks and marketplace challenges in a closely regulated industry.

BPI welcomes public comments on the exposure draft by March 1, 2021.  Please send all comments to:  gregg.rozansky@bpi.com and cheryll.merritt@bpi.com.

The Backdrop Against Which the Updated BPI Guiding Principles Have Been Issued and Matters Addressed at the Board Level

The Guiding Principles was last updated shortly after the release of the OCC’s “Heightened Standards” which establishes guidelines for governance and risk management practices at large national banks.  A key precept of “Heightened Standards” was that transparency promotes effective risk management at any level of an organization including the board level.  Since 2015, we have seen enhanced transparency between management and the board and a focus on how risk information is shared throughout the organization up to the board.  While this trend has promoted effective board oversight, a resulting concern, addressed in the updated Guiding Principles, is the extraordinary amount of information that banking organization boards are expected to review.  In this regard, the Guiding Principles explains that: (i) a “one-size-fits-all” or “checklist” approach to board materials (e.g., based on what an examiner may expect to see in accordance with industry norms) is not appropriate as typically it will not facilitate identification of the key issues for the board to assess, e.g., the actions that management recommends, and it can also obscure important trends and key information; (ii) the board should have flexibility in determining the issues addressed at meetings and the items that will require its  review or approval; and (iii) the board should, in one form or another, articulate an approach for determining what matters should be addressed at the board and committee level. 

However, as boards focus on responding to the effects of the COVID-19 pandemic, we are concerned that the “bring everything to the board” mentality is once again taking hold.  In order to help address the growth in size of board materials and avoid distracting boards, banks should be highly focused on making sure these materials relate to the critical issues.  As addressed in the updated Principles, many boards have also used executive summaries of longer reports to help manage the flow of information to the board and have used presentations and/or annexes of summaries to delve into greater detail.  In some cases, boards have determined to limit presentations and rely more heavily on Q&A.  Over the past five years, boards have also developed thoughtful ways to select and prioritize the types of supervisory communications that are presented to the board and, in many cases, use memos to provide helpful background and context.

The Temptation to Frame Emerging Risks as Transformative for Board Oversight

The 2021 update to the Guiding Principles focuses on aspects of governance that are unique to banking organizations, contrasted with those that are generally applicable.[2]  While this version includes a number of significant updates to the 2015 version, there is a general recognition that the fundamental or “core” oversight functions of the bank board remain constant absent unusual circumstances.  Indeed, even in times of crisis or emergency such as the COVID-19 pandemic, boards continue to have the same overarching fiduciary duties although discharging those duties may require increased frequency of board meetings and enhanced oversight of management’s response to the crisis.

It is perhaps a natural temptation to consider new risks somehow fundamentally different from existing ones and transformative in terms of board governance.  Increasing cyberthreats and other developments over the past five years present new opportunities and risks.  Examples of these developments include: (i) growing competition from, and alliances with, technology firms; (ii) increasing use of technology to improve and enhance customer offerings (e.g., mobile banking) and/or operations (e.g., the use of blockchain or artificial intelligence to change the way banks collect, access and analyze data); and (iii) the recent move from in-person to remote working environments – including remote board of directors meetings – due to the pandemic.

As technology-related issues that require board attention have expanded, some industry experts have argued that regulators should consider changes in requirements or expectations with respect to the role and composition of the bank board.  Some in this camp believe that boards and individual directors should become more specialized by including experts in technical fields (e.g., in IT security).  In effect, some have argued that the role of the board should be refashioned in order to carry out highly technical responsibilities.  In contrast, the Guiding Principles recognizes and continues to re-emphasize that the fundamental nature of the board’s role should not change even as the industry is reshaped through advances in technology and changes in the marketplace.  In other words, as applied in the context of today’s rapidly changing world of banking, while boards will appropriately place an increasing focus on technology-related issues and risks, the responsibilities of the board and the basic approach to board oversight – which are spelled out in Section 4 of the Guiding Principles – should largely remain constant.

In BPI’s view, and as described in the Guiding Principles, the core functions of oversight are:

  • Function 1: Reviewing and approving the strategic objectives and plans
  • Function 2: Monitoring financial performance and condition across key earnings, capital, liquidity and other important metrics
  • Function 3: Talent management for the CEO and other senior executives as the board deems appropriate and consistent with the organization’s strategy and oversight goals or as required by express statutory or regulatory requirement
  • Function 4: Overseeing the risk management and internal control frameworks, including the risk appetite statement[3] and top-tier policies and plans in areas fundamental to the strategic objectives of the organization
  • Function 5: Reinforcing, demonstrating and communicating the “tone at the top” for the values and culture of the organization and overseeing enterprise-wide approaches/programs intended to promote organizational values, culture and reputation

A new annex to the Guiding Principles maps the attributes identified in the Federal Reserve’s 2017 board effectiveness proposal against these core board functions described in the Guiding Principles.  Boards can use the annex along with the Guiding Principles to reaffirm their understanding of director duties and/or to benchmark their current practices.  As covered in the updated Guiding Principles, there is general consistency between BPI’s core board functions and the five attributes of effective boards in the Federal Reserve’s board effectiveness proposal.  Distinctions principally exist with the application and prescriptiveness of certain of the attributes.

Progress Has Been Made in Recognizing the Critical Distinction Between the Board’s Oversight Role and that of Management, But More is Needed

We applaud recent reports and statements by public sector officials that seek to clarify the important distinction between the role of the board and that of management.  For example, in March 2020, the OCC issued an FAQ to clarify that the board of directors is not required to “approve” contracts with third parties (the OCC had received questions and comments regarding pre-existing OCC guidance that had prescribed the board of directors “approve[s]” contracts with third parties that involve critical activities).

Although certain regulatory requirements appropriately serve to direct board focus toward fundamental issues, several still extend beyond core board functions, requiring or potentially setting expectations of board involvement that could divert from these core board functions.  The Guiding Principles continues to support the Federal Reserve’s efforts (announced in 2017) to review all existing supervisory expectations and regulatory requirements relating to boards of directors and rescind or revise those that do not relate to the board’s core responsibilities or are not aligned with the Federal Reserve’s supervisory framework.  These efforts are consistent with BPI’s approach of periodically revising the Guiding Principles to reflect changes in law, regulation and practice.  Just as the Guiding Principles evolves, so too should guidance and regulations.  BPI accordingly encourages the other banking agencies to review and, as appropriate, rescind or revise their guidance and regulations on corporate governance matters. 

The 2021 version of the Guiding Principles is directed more to examiners than were prior versions because we remain concerned that references to board expectations in supervisory guidance could be conveyed by examiners and/or construed by personnel within institutions in a way that strongly implies that they are not merely “examples.”[4]

Conclusion

We look forward to continued dialogue with and feedback from stakeholders, including bank regulators, that concern issues addressed in the exposure draft of the Guiding Principles – especially how each of the banking and supervisory communities can best strengthen and support the ability of directors of large U.S. banking organizations to effectively perform their core board functions.

“OVERVIEW OF 2021 UPDATES”

The 2021 update to the Guiding Principles focuses on aspects of governance that are unique to banking organizations, contrasted with those that are generally applicable, incorporating various legal and regulatory developments and expanding on topics that include the following:

  • The nature of active board oversight and the appropriate ways for a board to provide “credible challenge” to management (Introduction);
  • The importance of the distinction between roles of boards and management, the roles of boards and management in relation to policies and procedures, and the inherent relationship between delegation and oversight (Introduction; Sections 1 and 4);
  • Duties and practices of the boards in emergency situations, such as the COVID-19 pandemic (Introduction, Section 11);
  • The ability of board committees to fulfill the responsibilities of a board (Sections 1 and 5);
  • The interplay between traditional state law fiduciary duties (including emerging subject matters such as cybersecurity and technology that impact the exercise of fiduciary duties) and the obligations imposed on boards by banking statutes, regulations and pronouncements (Section 1);
  • Board composition, including how consideration of factors such as board size and diversity, expertise and tenure of board members factor into composition decisions (Sections 3 and 7);
  • Core board functions, including approving the organization’s strategic objectives, overseeing financial conditions and performance, talent management and succession planning, overseeing risk management and internal control and promoting organizational culture and values (Section 4);
  • The importance of flexibility for boards to determine how responsibilities should be allocated among board committees and techniques to address allocation decisions, including the use of joint committees, joint meetings or overlapping memberships in areas that are within the purview of multiple committees (Section 5);
  • Recognition that banking organizations have differing practices with respect to the role of lead independent directors (Section 10);
  • The ability of boards to review and rely on materials prepared by management or consultants and to determine how board meetings should be conducted effectively (Section 11);
  • Practices and approaches to promote engagement and open, frank discussions during meetings and avoid a chilling effect on discussions (Sections 12 and 14); and
  • Accessibility to and engagement with examiners (Section 14).
Bank Governance
Guiding Principles for Enhancing U.S. Banking Organization Corporate Governance
Introduction  The attached document sets out a series of corporate governance principles (including the commentary, collectively, the “Guiding Principles”) that the Bank Policy Institute (“BPI”) believes will be useful for U.S. banking organizations to consider in structuring the manner in which the board of directors of the consolidated bank holding company (the “BHC”) carries out its oversight …
Read More

[1] The Guiding Principles are intended to provide guidance to banking organizations, but they do not mean to be “best practices,” and there is no “one-size-fits-all” approach.  As a general matter, flexibility is critical, as specific structures will differ for each particular bank’s circumstances – a hallmark of sound corporate governance is that structure and practices should be tailored to the particular institution. 

The Federal Reserve has identified board of directors’ “effectiveness and engagement” as a current examination priority for large banking institutions.  See Federal Reserve Supervision and Regulation Report, November 2020, available at The Fed – Supervisory Developments (federalreserve.gov).

[2] Suggestions that the directors of banking organizations should have fiduciary duties to persons other than just shareholders are beyond the scope of the Guiding Principles.  BPI believes, however, that these suggestions should be approached with caution because of the uncertainty and potential conflicts that such an expansion of fiduciary duties could create and the potential discouragement of qualified individuals from serving on bank boards.  Similarly, the interpretation of recent statements that the purpose of a corporation is to serve a variety of constituencies is beyond the scope of the Guiding Principles.

[3] Especially since the 2008 financial crisis, we have seen an emphasis placed on bank implementation of a robust risk appetite statement. According to the OCC’s “Heightened Standards,” a risk appetite statement is the aggregate level and types of risk the board of directors and management are willing to assume to achieve a bank’s strategic objectives and business plan, consistent with applicable capital, liquidity and other regulatory requirements.

[4] For example, a reference to guidance in the text of a rule could create ambiguity as to the legal status of any expectations articulated in such guidance. E.g., 12 C.F.R. § 7.2010 (“The board of directors should refer to OCC published guidance for additional information regarding responsibilities of directors.”).  In this regard, the OCC recently helpfully clarified that 12 C.F.R. § 7.2010 “only refers boards of directors to OCC guidance for additional information and does not suggest that guidance has the force of law.”  OCC, Final Rule, Activities and Operations of National Banks and Federal Savings Associations (November 16, 2020), available at Federal Register : Activities and Operations of National Banks and Federal Savings Associations.