Risk, Risk and More Risk: Federal Reserve Finalizes Its Supervisory Guidance on Board of Directors’ Effectiveness
Client Alert | March 3, 2021
On February 26, 2021, the Board of Governors of the Federal Reserve System (Federal Reserve) issued a Supervision and Regulation letter[1] containing its final supervisory guidance (Effectiveness Guidance) on the effectiveness of a banking institution’s board of directors. The Guidance applies to bank holding companies and savings-and-loan holding companies with total consolidated assets of $100 billion or more, with the exception of intermediate holding companies of foreign banking organizations (IHCs). A separate Supervision and Regulation letter issued the same day revised twelve prior Supervision and Regulation letters touching on the subject and made nine additional prior Supervision and Regulation letters inactive.[2]
In keeping with recent banking agency views on supervisory “guidance” generally,[3] the Effectiveness Guidance, in its final form, is less prescriptive than in the Federal Reserve’s 2017 proposal (Effectiveness Proposal).[4] The Federal Reserve states that the Effectiveness Guidance thus reflects the Federal Reserve’s “observ[ations] over time” regarding the attributes of effective boards of directors and seeks to eschew “standardized” expectations. This said, the Federal Reserve also declares that “[a]s the board effectiveness guidance builds on the principles set forth in the large financial institution ratings framework, the Federal Reserve intends to use the board effectiveness guidance in informing its assessment of the governance and controls at all firms subject to the large financial institution rating system.”[5]
As a result, it is reasonable to conclude that these new principles of board effectiveness, although stated in guidance form, will become an important standard for determining whether, in Federal Reserve assessments, a board of directors of a large financial institution is meeting regulatory expectations with respect to the firm’s governance.
Federal Reserve’s Key Principles of an Effective Board
The Effectiveness Guidance sets forth five principles that it deems important for a board of directors to be effective. These are:
- Setting a Clear, Aligned and Consistent Direction Regarding Firm Strategy and Risk Appetite
- Directing Senior Management Regarding the Board’s Information Needs
- Overseeing and Hold Senior Management Accountable
- Supporting the Independence and Stature of Independent Risk Management and Internal Audit
- Maintaining a Capable Board Composition and Governance Structure
A. Setting a Clear, Aligned and Consistent Direction Regarding Firm Strategy and Risk Appetite
The Effectiveness Guidance emphasizes the importance of the alignment of a firm’s strategy to its risk appetite. The Federal Reserve defines “risk appetite” as “the aggregate level and types of risk the board and senior management are willing to assume to achieve the firm’s strategic business objectives, consistent with applicable capital, liquidity, and other requirements and constraints.” Overseeing such an alignment is a critical board function.
The takeaway on this attribute is that risk management should be an integral part of a firm’s business strategy – the Federal Reserve believes that a business strategy untethered to effective risk management is not a good practice. This point may be seen in the Federal Reserve’s description of appropriately “clear” business strategies: such strategies help to “establish and maintain an effective risk management structure, appropriate processes for each . . . risk management function, and an effective risk management and control function.” So too, when discussing entering into new business lines, the Effectiveness Guidance states that a “clear strategy explains how conducting the business would be consistent with the firm’s risk appetite and changes that would need to be made to the firm’s risk management program and controls.”
An effective board of directors, therefore, regularly evaluates the development of a firm’s business so that risk management keeps up with business goals. This is in addition to required board reviews of capital planning, recovery and resolution planning, audit plans, enterprise-wide risk management policies, liquidity risk management, compliance risk management, and compensation programs.
B. Directing Senior Management Regarding the Board’s Information Needs
In the aftermath of the Financial Crisis, as board oversight became subject to greater regulatory scrutiny, the information provided to regulated institutions’ boards increased substantially. The Effectiveness Guidance notes as an attribute of effective boards that such boards direct senior management to provide sufficient, high-quality information in order to make well-informed decisions, including on “potential risks.”
The Effectiveness Guidance does not, however, stop with management reports. It notes that effective directors actively seek out information in other ways – through special board sessions, outreach to the firm’s chief executive officer and his or her direct reports, and, interestingly, discussions with “Federal Reserve senior supervisors.”
The Effectiveness Guidance also notes that directors of an effective board, “particularly the lead independent director or independent board chair or committee chairs,” take an active role in setting board and committee agendas. Here again, the concern with risk is paramount: the Federal Reserve gives as an example if the topic is growth into a new business, “an effective board typically discusses the firm’s risk management and control capabilities that reflect the views of the independent risk management and internal audit function.”
C. Overseeing and Holding Senior Management Accountable
In the Federal Reserve’s view, an effective board of directors is not limited in the ways in which it holds senior management accountable. There must be sufficient time in board meetings for candid discussion and debate and the hearing of diverse views – particularly around risk. The Effectiveness Guidance indicates that incomplete information, and identified weaknesses, are to be thoroughly challenged before management recommendations can be approved. It also indicates that for effective boards, the following areas demand “robust inquiry”:
- drivers, indicators and trends related to current and emerging risks;
- adherence to the board-approved strategy and risk appetite by business lines; and
- material or persistent deficiencies in risk management or control practices.
The Federal Reserve further states that an effective board reviews reports of internal and external complaints, including “whistleblower” reports.
Another key to appropriate management oversight is sufficiently empowered independent directors. For example, the Federal Reserve notes that where a firm has an executive chair of the board of directors, an effective board may give a lead independent director the power to call board meetings with or without the chair present as a means of counteracting management influence.
For the Federal Reserve, effective boards also carefully consider senior management compensation, including the degree to which management “promot[es] compliance with laws and regulations, including those related to consumer protection.” Performance objectives include nonfinancial objectives for both business line executives (including the chief executive officer) and the chief risk officer and chief audit executive; in the case of the latter two executives, only nonfinancial objectives are considered.
Once again, risk concerns are paramount to the Federal Reserve: “[p]erformance management and compensation systems, when combined with business strategies, discourage risk-taking inconsistent with the firm’s strategy and safety and soundness, including compliance with laws, regulations and internal standards, and promote the firm’s risk management goals.” The Effectiveness Guidance also notes that depending on the size, complexity, and nature of the firm, formalized board succession planning can go beyond planning for the firm’s chief executive officer and include the chief risk officer and chief audit executive, “given the independence of those positions and the control function each serves.” This is an area where the Effectiveness Guidance reflects supervisory experience that goes beyond legal constraints such as the New York Stock Exchange Rules and their CEO-only requirement.
D. Supporting the Independence and Stature of Independent Risk Management and Internal Audit
The Effectiveness Guidance also describes the attributes of effective risk committees and effective audit committees. The Federal Reserve states that an effective audit committee engages in “robust inquiry” into, among other things:
- the causes and consequences of material or persistent breaches of the firm’s risk appetite and risk limits;
- the timeliness of remediation of material or persistent internal audit and supervisory findings; and
- the appropriateness of the annual audit plan.
In the Federal Reserve’s view, an effective audit committee also meets directly with the chief audit executive, supports internal audit’s budget, staffing and internal controls, and reviews the status of actions recommended by internal and external auditors to remediate material or persistent deficiencies.
As for an effective risk committee, the Effectiveness Guidance states that it too engages in robust inquiry about the above subjects and further:
- communicates directly with the chief risk officer on material risk management issues;
- oversees the appropriateness of independent risk management’s budget, staffing, and internal control systems;
- coordinates with the compliance function;
- provides independent risk management with direct and unrestricted access to the risk committee; and
- after reviewing the risk management framework relative to the firm’s structure, risk profile, complexity, activities and size, effects changes that align with the firm’s strategy and risk appetite.
Finally, the Federal Reserve indicates that an effective board of directors steps in when internal audit and independent risk management are unduly influenced by business lines, and if the views of internal audit and independent risk management are not taken into account when management decisions are made.
E. Maintaining a Capable Board Composition and Governance Structure
The final attribute of an effective board is maintaining a capable composition and governance structure – including “a process to identify and select potential director nominees with a mix of skills, knowledge, experience and perspectives.” In an addition from the Effectiveness Proposal, the final Guidance states explicitly that a diverse pool of nominees “includ[es] women and minorities.” Other aspects that support an effective governance structure are appropriate committees and management-to-committee reporting lines. Finally, an effective board engages in evaluating on an ongoing basis its own strengths and weaknesses, including the performance of board committees, and, specifically, the audit and risk committees.
Conclusion
For those who have followed developments in bank governance, the Effectiveness Guidance does not contain many surprises. The Federal Reserve’s view – which holds true with respect to its approach to senior management as well – is that the constraints imposed by general corporate law and stock exchange requirements do not necessarily appropriately balance business goals with prudent risk taking, and therefore other checks on the profit making function are necessary to further safety and soundness. Although a firm’s independent risk management and internal audit are helpful in this regard, those functions need continual reinforcement from a well-informed board and well-informed board committees that keep all forms of risk at the forefront of their consideration and robustly challenge management.
As a result, although firms subject to the Effectiveness Guidance may be judged somewhat particularly given their size and risk profile in supervisory assessments, those firms should not take individualized examination consideration to mean that they should ignore the principles that the Federal Reserve has articulated. Indeed, to the extent that particular policies and practices at a covered firm do not take into account and reflect these principles, a firm may wish to consider the reasons for taking a different approach and determine whether its current practices achieve the Federal Reserve’s overall goal of effectively overseeing risk.
____________________
[1] Federal Reserve, SR Letter 21-3/CA 21-1: Supervisory Guidance on Board of Directors’ Effectiveness (February 26, 2021), available at https://www.federalreserve.gov/supervisionreg/srletters/SR2103.htm.
[2] Federal Reserve, SR Letter 21-4/CA 21-2: Inactive or Revised SR Letters Related to the Federal Reserve’s Supervisory Expectations for a Firm’s Boards of Directors (February 26, 2021). The purpose of the revisions was to align statements made about boards of directors with the Effectiveness Guidance. The letters rendered inactive were generally described as providing outdated guidance on their subjects.
[3] See, e.g., Joint Press Release, “Agencies propose regulation on the role of supervisory guidance” (October 29, 2020).
[4] Federal Reserve, “Proposed Guidance on Supervisory Expectation for Board of Directors,” 82 Federal Register 37,219 (August 9, 2017).
[5] Such “large financial institutions” include the firms subject to the Effectiveness Guidance, as well as greater than $50 billion asset IHCs.
The following Gibson Dunn lawyers assisted in preparing this client update: Arthur Long and Elizabeth Ising.
Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following members of the firm’s Financial Institutions or Securities Regulation and Corporate Governance practice groups:
Financial Institutions Group:
Matthew L. Biben – New York (+1 212-351-6300, [email protected])
Michael D. Bopp – Washington, D.C. (+1 202-955-8256, [email protected])
Stephanie Brooker – Washington, D.C. (+1 202-887-3502, [email protected])
M. Kendall Day – Washington, D.C. (+1 202-955-8220, [email protected])
Mylan L. Denerstein – New York (+1 212-351- 3850, [email protected])
Arthur S. Long – New York (+1 212-351-2426, [email protected])
Jeffrey L. Steiner – Washington, D.C. (+1 202-887-3632, [email protected])
Securities Regulation and Corporate Governance Group:
Elizabeth Ising – Washington, D.C. (+1 202-955-8287, [email protected])
Lori Zyskowski – New York (+1 212-351-2309, [email protected])
Cassandra Tillinghast – Washington, D.C. (+1 202-887-3524, [email protected])
© 2021 Gibson, Dunn & Crutcher LLP
Attorney Advertising: The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.