Since the financial crisis, the supervisory expectations for the directors of financial institutions have grown to the point where the roles and responsibilities of directors and senior management have become blurred.
As a result, in August of last year, the Federal Reserve issued proposed Guidance on Supervisory Expectations for Boards of Directors (“Proposed Guidance”) in large part to clarify the different roles of directors and senior management.
The Proposed Guidance, which is expected to be issued largely unchanged in final form by the fall, describes “effective boards” as those which:
- Set clear, aligned, and consistent direction regarding the firm’s strategy and risk tolerance;
- Actively manage information flow and board discussions;
- Hold senior management accountable;
- Support the independence and stature of independent risk management and internal audit; and
- Maintain a capable board composition and governance structure.
The Proposed Guidance elaborates on each of these five categories of expectations (the “Five Categories”) and provides examples of what “good looks like” for each category. However, these examples largely describe desired outcomes (“Desired Outcomes”) without describing specific practices that would contribute towards achieving those outcomes.
So what are some of the “best” practices that would contribute to the Desired Outcomes?
Based on our experience as Federal Reserve supervisors of large financial institutions, our experience serving in the private sector delivering performance to boards, and now our experience as advisors to multiple boards, we believe we have identified certain practices that would contribute to the Desired Outcomes for each of the Five Categories.
While these are some of the most effective practices we have observed, they represent only a fraction of the total set of practices necessary to achieve the Desired Outcomes.
Setting clear, aligned, and consistent direction regarding the firm’s strategy and risk tolerance
- Directors should ensure they are involved early enough in the strategic planning and risk tolerance-setting processes so that they may choose between various paths and settings proposed by management or suggest alternatives.Directors who thoughtfully consider and debate various options free themselves from the appearance that they are merely reciting or endorsing management talking points.
- Directors should develop and agree on a narrative (ideally written) that explains why they selected a particular strategy and risk tolerance. Going through this exercise is a good way to stress test strategy and risk tolerance for clarity, alignment and consistency.It is also a good way to prepare for discussions with regulators about the selected strategy and risk tolerance.
- Directors should ensure that management proactively decides upon, establishes, models, and enforces whatever institutional culture and values will promote the strategy and risk tolerance set by the board.
Actively manage information flow and board discussions
- Directors should ensure that management effectively distills for them the voluminous source information that supervisors expect directors to receive down to the most problematic issues that warrant discussion, debate, and decisions at board meetings.A particularly good practice in this category is to provide directors with a cover memo that focuses exclusively on the problematic issues that warrant discussion, debate, and decisions at board meetings.
- Directors should sit through very few routine management update presentations (many of which are often just “success theater”). Instead they should receive a succinct update memo well in advance of the meeting that covers routine updates and provides the overall “big picture” state of the firm. The directors should thoroughly study this memo in advance so that they can spend precious meeting time asking questions, debating issues and options, and making decisions.
- Directors should conduct their own independent research and self-education in advance of board meetings to ensure that they grasp concepts so as not to squander precious meetingtime “getting up to speed. ” More than simply following meeting discussions, directors should be informed enough to challenge management views and assumptions.
Hold senior management accountable
- Directors must hold senior management accountable for providing the board with the concise problems and issues identification discussed in the information flow category. Directors should not be surprised by problems or issues that senior management either knew or should have known about and failed to adequately highlight to the directors.
- Directors are responsible for more than merely setting specific performance goals for the company and holding management accountable for their achievement.It is equally important for directors to be aware of “how” management meets the company’s performance goals and to hold management accountable if management’s methods are not consistent with the company’s stated values and desired culture.
- Directors should ensure that management engages in aggressive “lessons learned” reviews of material operational errors, deviations from risk tolerance settings, and ethical or cultural lapses.These reviews must drill down to root causes, which are often leadership failures that directors should hold management accountable for.
Support the independence and stature of independent risk management and internal audit
- Directors should make clear to risk and audit leaders that they are expected to report any material infringements on their independence and stature directly to the Risk or Audit Committees, respectively. Directors should also meet with risk and audit staff, ranging from senior leadership to junior employees, periodically outside of board meetings to get a direct sense of the degree of independence and stature those staff members feel they have.
- Directors should require that risk and audit leaders have material input into the compensation of business leaders based on the business leader’s adherence to established risk tolerances and overall cooperation with risk and audit and respect for their independence.
- Directors should conduct periodic independent assessments of the independence and stature of risk management and internal audit.
Maintain a capable board composition and governance structure
- Boards should maintain a diversity of backgrounds and viewpoints. The degree to which directors have similar backgrounds and “look the same” often leads to “group think” and impairs their ability and willingness to challenge management.
- Boards should obtain a periodic independent assessment of their performance in the Five Categories. Independent board assessments should also be performed in the event of certain triggers, particularly on the occasion of a material decline in the firm’s performance and/or departure from firm strategy.
- Boards should obtain a periodic independent outside assessment of the firm’s culture to ensure it is driving desirable behavior and that management and the board do not have any cultural blind spots.This assessment should interview individuals at all levels of the firm and also third parties who deal frequently with the firm.
As stated above, these practices only scratch the surface of best practices to achieve the Desired Outcomes in the Five Categories, but they are among the most effective practices we have seen. We anticipate writing about others.
Michael Silva is a partner and chair of the financial services regulatory practice of DLA Piper. He joined DLA Piper from GE Capital, where he served as the chief compliance and regulatory affairs officer, leading a 700-person global staff. Prior to GE Capital, Mike had a long career at the New York Fed, where he held many leadership roles, including as chief of staff for Tim Geithner during the financial crisis, a senior supervisory officer for a systemically important financial institution, and lead in-house international counsel.
Paola Ronquillo is a Regulatory & Compliance Policy Advisor in the financial services regulatory practice of DLA Piper. She joined the firm from GE Capital where she served as chief compliance officer of GE Capital's industrial treasury function and previously as leader of GE’s Volcker Compliance program. She also served as a senior bank examiner at the Federal Reserve Bank of New York where she supervised legal and compliance risk at large banks. Paola has spent her career working with financial institutions, mostly banks, both foreign and domestic.
Mike and Paola represent DLA Piper’s Financial Regulation Services Practice which offers assistance to large financial institutions that seek to optimize board effectiveness with solutions ranging from assessments of general board dynamics, communication flows to the board, and proper distillation of board materials, all performed against the guidelines set forth by the Proposed Guidance.