Earlier this month, the Federal Reserve proposed changes to its guidance on corporate governance for banking organizations. The proposals suggest a new approach to corporate governance that could extend beyond the banking industry; among other things, they suggest that boards should spend more time on more important matters, such as strategy and risk tolerance, than on compliance box-ticking. However, taken as a whole, the proposals strike me as being something of a mixed bag. And some of the positive aspects of the proposals are already being subjected to attacks.
The Good News
The good news is that the Fed seems to be acknowledging that the board’s role is that of oversight and that boards are spending far too much time micro-managing compliance and should focus on big picture items such as strategy and risk. Those of us who speak with board members know that this has been a significant concern since the enactment of Dodd-Frank.
One of the key aspects of the proposals is that, if adopted, they would require most regulatory findings of “Matters Requiring Immediate Attention” and “Matters Requiring Attention” to be sent to senior management rather than the board, as is currently the case. A particular MRIA or MRA would be sent to the board only if it involves corporate governance responsibilities, concerns with board oversight and holding management accountable, or if senior management fails to take appropriate action.
This aspect of the proposals demonstrates the Fed’s apparent recognition the board cannot be the guarantor of a company’s success or compliance. For the last several years, there has been a common assumption that every mistake that a company makes is the board’s fault. It may be perfectly appropriate to ask “where was the board?” when a company is engulfed in scandal, and there are surely cases in which the board is at fault or bears some responsibility for problems. However, the proposals suggest that “guilty until proven innocent” may not be a valid assumption.
The Mixed News
Key “Attributes” of Effective Boards. The proposals identify the five key attributes of effective boards of “large” institutions (i.e., bank holding companies and certain other financial institutions with $50 billion or more in assets):
- setting clear, aligned and consistent direction regarding strategy and risk tolerance;
- actively managing information flow and board discussions;
- holding senior management accountable;
- supporting the independence and stature of independent risk management and internal audit; and
- maintaining “capable” board composition and governance structure.
So far, so good. However, aside from the fact that these items strike me as responsibilities or tasks rather than “attributes”, it seems to me that some critical items are missing. For example, CEO selection or management succession isn’t on the list. While I don’t agree with some governance wonks that CEO selection is the only thing that belongs on the list, it’s still pretty important, and its absence is puzzling. (Item 3, “holding senior management accountable” seems to me to go to another point entirely.)
And what about culture or something along the lines of tone at the top? Boards (and the Fed) may not realize it, but employees at all levels are all too aware of how their boards behave – or not – and it is arguable that some recent scandals are at least partially attributable to a lack of the proper tone or culture that trickles down from the board.
Size Matters. I’m also troubled by the fact that a different set of “attributes” seems to apply to smaller institutions:
- approving overall business strategies and significant policies;
- understanding risks;
- having access to information needed to identify the size and significance of risks;
- providing guidance regarding the level of acceptable risk exposures; and
- overseeing senior management’s implementation of board-approved business strategies and risk limits.
There are certainly major differences between large and small companies, regardless of industry. And it’s arguable that these items and those above for larger institutions have some similarities. But shouldn’t key high-level attributes or tasks be pretty much the same for every company, regardless of size or industry?
What Devils Lurk in the Details? As noted above, so far so good. The proposals seem to be a move in the right direction. However, they are only proposals, and we have certainly seen situations where changes made on the road to adoption are not improvements.
Of equal or greater importance (and possibly concern) is whether and to what extent the Fed fills in the gaps in the high-level principles it has proposed. For example, under the heading of a “capable” board composition and governance structure, will the Fed adopt, or suggest, that a non-executive board chair is the favored approach? Or that a specified percentage of voting power should have the right to call a special meeting?
Lastly, what other actions might the Fed take that could vitiate the apparent progress suggested by the proposals? It has announced that it is going to undertake a comprehensive review of existing guidance on the subject of the board’s role and “attributes”. And it has also announced that it plans to “better align” its rating system for large financial institutions. Both exercises could dilute or wreak havoc with the potential improvements reflected in the proposals.
The Bad News
At least figuratively speaking, the ink had not yet dried on the proposals before critics started bashing them. One commentator, Gretchen Morgenson of the New York Times, stated that the proposals would “very likely…reduce crucial interactions between bank examiners and bank boards”. Ms. Morgenson’s concern is that directing most MRIAs and MRAs to senior management rather than the board would give the former more leeway to ignore problems. She seems to think that unless a board is directly advised by the Fed of each and every regulatory problem, management can be relied upon to twirl its figurative mustache and figure out a way to whitewash it – or worse.
In my experience, boards routinely ask management for – and management routinely provides – reports of calls made to the employee hotline, regulatory inquiries, litigation and other actual and potential areas of concern; the extent to which this information is provided depends upon what the board asks for. In the hotline context, some boards ask for information on every single complaint submitted, while others trust management to weed out the chaff and convey only the wheat. Ms. Morgenson assumes that this type of trust between the board and management is a bad thing, and that only by addressing each and every regulatory issue directly to the board can the Fed hope to achieve even minimal compliance. Anyone who’s worked with boards knows that a lack of trust creates more problems than it can possibly solve.
We have certainly seen abundant instances in which management has demonstrated poor judgement or worse, not only at financial institutions but at companies of all shapes, sizes and industries. Some of these problems occurred at financial institutions under the current rules that Ms. Morgenson professes to prefer. In other words, getting the board involved in every aspect of compliance – to supplant management rather than oversee it – clearly has not worked to prevent compliance and other problems, nor will it do so in the future.