March 21, 2013
Having transformed U.S. bank regulation, Dodd-Frank implementation is now reshaping bank corporate governance. Recent rulemakings and proposals by the Board of Governors of the Federal Reserve System (Federal Reserve) point to a far more prescriptive approach to corporate governance for significant bank holding companies and significant foreign banking organizations with U.S. operations (FBOs) than traditionally has been the case. This approach should also be expected to apply to systemically significant nonbank financial companies (Nonbank SIFIs) designated by the Financial Stability Oversight Council.
In addition, Dodd-Frank has allowed regulators to expand their toolkit for dealing with perceived corporate governance failings, and so non-compliance with the new governance requirements may lead to greater supervisory consequences.
Below, we describe the principal new responsibilities that boards of directors and senior management should expect under the Federal Reserve’s new supervisory regime, as well as the increased penalties that may be imposed if those responsibilities are not met.
Implementation of Financial Stability Provisions of Dodd-Frank
Title I of Dodd-Frank seeks to avoid future financial crises by imposing heightened requirements on financial firms of substantial size and interconnections. These requirements include stress tests, capital plans, resolution planning, and enhanced liquidity and risk management standards. In implementing Dodd-Frank’s requirements in these areas, the Federal Reserve has laid out specific responsibilities for boards of directors and other specific governance mandates.
Federal Reserve Stress Test Rule
Under the Federal Reserve’s final stress test rule, the board of directors of a covered company, or a committee of the board, must review and approve the policies and procedures relating to stress testing processes as frequently as warranted by economic conditions or the condition of the company, but no less than annually. Senior management is responsible for establishing a system of controls, oversight, and documentation to ensure that stress testing processes are effective.
In addition, a covered company’s board of directors and senior management must consider the results of stress tests, as appropriate, as part of the company’s capital planning process, including when making changes to the company’s capital structure; when assessing the company’s exposures, concentrations, and risk positions; and when developing recovery and resolution plans.
Federal Reserve Capital Plan Rule
Under the Federal Reserve’s final capital plan rule, the board of directors of a covered company, or a designated board committee, must review the “robustness” of the company’s process for assessing capital adequacy, ensure that any deficiencies in the company’s process for assessing capital adequacy are appropriately remedied, and approve the company’s capital plan.
The Federal Reserve has prescribed the manner in which “robustness” is to be evaluated, which is based on seven elements:
The Federal Reserve has further indicated, with respect to its oversight of the capital planning process, that it would focus on whether boards of directors and senior management conduct periodic reviews of capital goals, assess the appropriateness of the adverse economic scenarios used, review the capital planning process for limitations and uncertainties, and appropriately approve contemplated capital actions.
Basel III’s Advanced Approaches Implementation
Implementation of Basel III is a key complement to Dodd-Frank implementation. The current proposal on Basel III’s advanced approaches, which permit internal models to be used to calculate risk-weighted assets, includes the following governance requirements:
Under the Federal Reserve’s final resolution planning rule, a covered company’s resolution plan must include a detailed description of the company’s governance with respect to the planning process, and must describe:
The fact that specific governance structures must be described in resolution plans, of course, means that examiners will expect those structures to be maintained over time.
Federal Reserve Section 165 Proposals
Prescriptive corporate governance rules are taken even further in the Federal Reserve’s proposed regulations implementing the enhanced prudential standards required by Section 165 of Dodd-Frank, which the Federal Reserve characterized as “provid[ing] a core set of concrete rules to complement . . . existing efforts to enhance the supervisory framework for covered companies.” This “concrete” approach to corporate governance is reflected in the proposals’ requirements on liquidity management and risk management for both domestic covered companies and FBOs, and, for FBOs, in the intermediate holding company requirement.
Domestic Section 165 Proposal
With respect to liquidity management, the Federal Reserve affirmatively stated that the proposed regulation departs from its traditional approach of overseeing liquidity risk management through supervisory guidance. Instead, the proposal lays out a detailed governance structure with responsibilities for the company’s board of directors, risk committee, senior management, and a review function independent of the management functions that execute funding.
The domestic proposal would also require covered companies to have an “enterprise-wide risk committee” consisting of members of its board of directors, chaired by an independent director and having a board-approved formal written charter, as well as a chief risk officer reporting directly to both the enterprise-wide risk committee and the company’s chief executive officer.
Foreign Section 165 Proposal
The proposed Section 165 regulation for FBOs would require FBOs with $50 billion or more in total global consolidated assets and $10 billion or more in total consolidated U.S. nonbranch assets to form an intermediate holding company for their U.S. operations. “To help ensure a strong, centralized corporate governance system,” the intermediate holding company would be required to be governed by a board of directors or managers operating in substantially the same manner as a U.S. corporate board. The proposal thus departs from the current concept of a “virtual holding company,” where the U.S. operations of FBOs may be organized under different ownership chains, but there is an overall management structure overseeing those chains.
In addition, FBOs with $50 billion or more in total consolidated U.S. assets would be subject to liquidity and risk management requirements similar to the domestic proposal, with most responsibilities being given to a U.S. risk committee and U.S. chief risk officer, both of which the proposal would require. The U.S. risk committee for such FBOs would be required to have at least one independent member.
The principal responsibilities assigned under the domestic and foreign proposals are described in detail in the accompanying charts.
Increased Sanctions for Governance Failings — Early Remediation Proposals
Under the new supervisory regime, failure to comply with governance requirements may lead to increased sanctions. Traditionally, ineffective governance and risk management could lead to a lowering of supervisory ratings. Under the Federal Reserve’s proposed rules implementing Dodd-Frank’s early remediation requirements, however, board and senior management failings would have additional consequences. Failure to comply with the enhanced liquidity management or risk management standards would lead to level 1, level 2, or level 3 remediation, depending on the severity of the noncompliance. The higher levels of remediation include, among other restrictions, limitations on capital distributions, asset growth, acquisitions, and executive compensation.
For significant financial institutions, a new corporate governance regime — which regulators view as intrinsically linked to satisfactory compliance with Dodd-Frank’s prudential requirements — is being born. The era of flexible structures subject to bank supervisory guidance and recommendations is giving way to an era of codified responsibilities for boards of directors and senior management. Compliance with these new responsibilities should be expected to become the subject of regulatory examinations, which in turn will determine whether particular institutions maintain sound ratings or become subject to supervisory action or early remediation.
Enhanced Prudential Standards — Primary Responsibilities
U.S. Bank Holding Company/Systemically Significant Nonbank Financial Company
Minimum Frequency (Ongoing, unless otherwise stated)
Board of Directors
|Oversee liquidity risk management processes||May be delegated to the Risk Committee|
|Review and approve liquidity risk management strategies, policies, and procedures established by senior management||May be delegated to the Risk Committee|
|Establish liquidity risk tolerance||Annually|
|Review information provided by senior management to determine whether the company is managed in accordance with the established liquidity risk tolerance||Semi-annually|
|Review and approve the company’s contingency funding plan||Annually, and whenever the company materially revises the plan|
Risk Committee (or Designated Sub-Committee)
|Review and approve liquidity costs, benefits, and risks of each significant new business line and each significant new product; consider whether liquidity risk of the new business line or product under current conditions and under liquidity stress is within company’s established liquidity risk tolerance||Before company implements a new business line or offers a significant new product|
|Review approved significant business lines and products to determine whether each line or product has created any unanticipated liquidity risk, and to determine whether liquidity risk of each strategy or product continues to be within company’s established liquidity risk tolerance||Annually|
|Review regulatorily required cash flow projections to ensure that company’s liquidity risk is within the established liquidity risk tolerance||Quarterly|
|Review and approve liquidity stress testing, including stress testing practices, methodologies, and assumptions||Quarterly, and whenever the company materially revises its liquidity stress testing|
|Review liquidity stress testing results||Quarterly|
|Approve the size and composition of the liquidity buffer||Quarterly|
|Review and approve specific limits established to control liquidity risk and review company’s compliance with those limits||Quarterly|
|Review liquidity risk management information necessary to identify, measure, monitor, and control liquidity risk and ensure regulatory compliance||Quarterly|
|Review independent validation of required liquidity stress tests||Periodically|
|Establish procedures governing content of senior management reports on liquidity risk profile and other regulatorily required information|
|Oversee the operation of an appropriate enterprise-wide risk management framework commensurate with company’s capital structure, risk profile, complexity, activities, size, and other appropriate risk-related factors|
Chief Risk Officer
|Oversee the allocation of delegated risk limits and monitoring compliance with such limits|
|Oversee implementation of, and ongoing compliance with, appropriate policies and procedures relating to risk management governance, practices, and risk controls|
|Oversee development of appropriate processes and systems for identifying and reporting risks and risk-management deficiencies, including emerging risks, on an enterprise-wide basis|
|Oversee management of risk exposures and risk controls within the parameters of the company’s risk control framework|
|Oversee monitoring and testing of risk controls|
|Oversee reporting of risk management deficiencies and emerging risks to enterprise-wide risk committee|
|Ensure that risk management deficiencies are effectively resolved in a timely manner|
|Establish and implement strategies, policies, and procedures for managing liquidity risk, including overseeing development and implementation of liquidity risk measurement and reporting systems, cash flow projections, liquidity stress testing, liquidity buffer, contingency funding plan, specific limits, and monitoring procedures|
|Report to risk committee or designated subcommittee on the company’s liquidity risk profile and provide information to the board of directors (or risk committee) to facilitate oversight of the liquidity risk management process|
Independent Review Function
|Review and evaluate adequacy and effectiveness of company’s liquidity risk management processes||Annually|
|Assess whether company’s liquidity risk management complies with applicable laws, regulations, supervisory guidance, and sound business practices|
|Report regulatory noncompliance and other material liquidity risk management issues to the board of directors or the risk committee in writing for corrective action|
Enhanced Prudential Standards — Primary Responsibilities
Foreign Banking Organization
(Ongoing, unless otherwise stated)
Board of Directors (or Enterprise-Wide Risk Committee)
|Concur in the approval of liquidity risk tolerance for FBO’s combined U.S. operations||Annually|
U.S. Risk Committee
|Review and approve liquidity risk tolerance for FBO’s combined U.S. operations||Annually|
|Review and approve risk management practices of FBO’s combined U.S. operations|
|Oversee operation of an appropriate risk management framework for FBO’s combined U.S. operations commensurate with capital structure, risk profile, complexity, activities, and size of combined U.S. operations and consistent with enterprise-wide risk management policies|
|Meet and fully document and maintain records of its proceedings, including risk management decisions||Quarterly|
U.S. Chief Risk Officer
|Review and approve liquidity costs, benefits, and risks of each significant new business line and each significant new product; consider whether liquidity risk of new business line or product under current conditions and under liquidity stress is within FBO’s established liquidity risk tolerance for its combined U.S. operations||Before the FBO implements a new business line or offers a significant new product through its combined U.S. operations|
|Review significant business lines and products offered, managed or sold through combined U.S. operations to determine whether each business line or product has created any unanticipated liquidity risk, and to determine whether liquidity risk of each strategy or product continues to be within FBO’s established liquidity risk tolerance for its combined U.S. operations||Annually|
|Review and approve contingency funding plan for FBO’s combined U.S. operations||Annually, and when the FBO materially revises its contingency funding plan either as a whole or for its combined U.S. operations|
|Review cash flow projections required to ensure that liquidity risk of FBO’s combined U.S. operations is within the established liquidity risk tolerance||Quarterly|
|Review and approve liquidity stress testing practices, methodologies, and assumptions for FBO’s combined U.S. operations||Quarterly, and whenever FBO materially revises its liquidity stress testing|
|Review liquidity stress testing results for FBO’s combined U.S. operations||Quarterly|
|Approve size and composition of liquidity buffer for FBO’s combined U.S. operations||Quarterly|
|Review and approve specific limits to control liquidity risk and review compliance with those limits||Quarterly|
|Review liquidity risk management information for FBO’s combined U.S. operations necessary to identify, measure, monitor, and control liquidity risk and to ensure regulatory compliance||Quarterly|
|Establish procedures governing content of reports generated within FBO’s U.S. operations on the liquidity risk profile of the combined U.S. operations|
|Review strategies and policies and procedures for managing liquidity risk established by senior management of FBO’s combined U.S. operations|
|Review information provided by senior management of FBO’s combined U.S. operations to determine whether FBO is complying with the established liquidity risk tolerance for the combined U.S. operations|
|Report to the FBO’s U.S. risk committee and enterprise-wide risk committee (or designated subcommittee) on the liquidity risk profile of the company’s combined U.S. operations||Semi-annually|
|Provide other information to U.S. risk committee and enterprise-wide risk committee relevant to compliance with the established liquidity risk tolerance for the U.S. operations|
|Oversee implementation of, and ongoing compliance with, appropriate policies and procedures relating to risk management governance practices and risk controls of FBO’s U.S. operations|
|Oversee development of appropriate processes and systems for identifying and reporting risks and risk-management deficiencies, including emerging risks, on a combined U.S. operations basis|
|Oversee management of risk exposures and risk controls within the parameters of the FBO’s risk control framework for the combined U.S. operations|
|Oversee monitoring and testing of risk controls for the combined U.S. operations|
|Ensure that risk management deficiencies are effectively resolved in a timely manner|
Independent Review Function
|Review and evaluate adequacy and effectiveness of FBO’s liquidity risk management processes within combined U.S. operations||Annually|
|Assess whether FBO’s liquidity risk management of its combined U.S. operations complies with applicable laws, regulations, supervisory guidance, and sound business practices|
|Report regulatory noncompliance and other material liquidity risk management issues to U.S. risk committee and enterprise-wide risk committee for corrective action|
 In each case, there are additional stress testing requirements for covered companies whose asset size is $50 billion or more. National banks, federal thrifts, and state nonmember banks that have total consolidated assets of $10 billion or more are subject to their regulators’ stress testing requirements, which are similar to those imposed by the Federal Reserve.
 Similarly, for national banks and federal thrifts, the Office of the Comptroller of the Currency has noted that “a robust capital planning process is an integral and significant part” of the governance process and that “[e]xaminers should consider the quality of the bank’s overall corporate governance of the bank’s risk taking activities, including senior management and board oversight, when assessing capital adequacy.” Upon taking over supervision of savings-and-loan holding companies, the Federal Reserve charged examiners with assessing the level of board and senior management involvement in capital planning, including documenting capital planning assessments in board and committee meeting minutes.
 Under the domestic proposal, to be independent, the director would be required: (i) not to be an officer or employee of the company (and not to have been an officer or employee during the previous three years); (ii) not to be a member of the immediate family of any person who is, or has been within the previous three years, an executive officer of the company; and (iii) either to be an independent director under Item 407 of SEC Regulation S-K or to be demonstrated to the Federal Reserve’s satisfaction as qualifying as an independent director under the listing standards of a national securities exchange if the company were publicly traded on a national securities exchange.
 Under Section 165(h) of Dodd-Frank, bank holding companies with $10 billion or more, but less than $50 billion, in total consolidated assets must have a risk committee if they are publicly traded. The Federal Reserve has proposed a U.S. risk committee requirement in the case of publicly-traded FBOs with $10 billion or more in total consolidated assets.
Gibson, Dunn & Crutcher’s Financial Institutions Practice Group lawyers are available to assist in addressing any questions you may have regarding these areas. Please contact any member of the Gibson Dunn team, the Gibson Dunn lawyer with whom you normally work, or the following:
Arthur Long – New York (212-351-2426, firstname.lastname@example.org)
Chuck Muckenfuss – Washington, D.C. (202- 955-8514, email@example.com)
Kimble Cannon – Los Angeles/Washington, D.C. (202–887–3652, firstname.lastname@example.org)
Alex Acree – Washington, D.C. (202-887-3725, email@example.com)
Colin Richard – Washington, D.C. (202-887-3732, firstname.lastname@example.org)
Please also feel free to contact the following members of the firm’s Securities Regulation and Corporate Governance Practice Group:
John F. Olson – Washington, D.C. (202-955-8522, email@example.com)
Brian J. Lane – Washington, D.C. (202-887-3646, firstname.lastname@example.org)
Ronald O. Mueller – Washington, D.C. (202-955-8671, email@example.com)
Amy L. Goodman – Washington, D.C. (202-955-8653, firstname.lastname@example.org)
James J. Moloney – Orange County, CA (949-451-4343, email@example.com)
Elizabeth Ising – Washington, D.C. (202-955-8287, firstname.lastname@example.org)
Gillian McPhee – Washington, D.C. (202-955-8201, email@example.com)
© 2013 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.