By Don Ogilvie, independent chairman of the Deloitte Center for Banking Solutions, and Carol Larson, a partner of Deloitte & Touche LLP
It’s not your father’s boardroom anymore, as anyone close to banking has observed.
We all know that the regulatory burden has become even greater in the past few years. So, in an attempt to assess just how extensive this makeover has been, we met with banking chief executive officers (CEOs) and looked at the changing makeup of board committees at the 20 largest U.S. banks. Our conversations confirmed that increased corporate governance responsibilities and a growing regulatory burden are turning bank boardrooms into de facto centers for compliance. Directors are spending half or more of their time managing risk and coping with government regulation. CEOs are finding it tough to recruit new board members. Boards have little time left to spend on strategic planning and other key oversight activities traditionally expected of a board.
We learned that more and more board members feel they lack enough experience on regulatory matters to take on the increased requirements of hands-on compliance management. As a result, CEOs are spending more time bringing directors up to speed on a growing number of compliance and risk issues. We heard how difficult it is to recruit qualified board members able to commit the time and willing to accept the not-insubstantial legal risks.
Banks are doing their best to cope. Many have set up separate risk committees. We found that more than half of the largest banks have either formed separate risk committees or created joint audit and risk committees to handle the increased workload. Other banks have kept the responsibility in the audit committee, but crafted new responsibilities covering increased risk-management oversight.
The typical risk committee at a bank has many responsibilities, from overseeing all the areas of the bank that deal with risk, to reviewing the bank’s assessment and risk-management capabilities, and raising awareness of possible weaknesses. It’s a big job. One CEO told us his bank’s risk and audit committee meets six to eight times a year, often for many hours, and spends all of that time focused on regulation and compliance. While this may be a common experience among banks, for him it is not a happy one. Another CEO said it was not uncommon for various committees of the board to meet with their own lawyers in different corners of the room. And every CEO expressed real concern over how many management responsibilities are being “kicked upstairs” to the board by banking regulators.
Has the pendulum swung too far? Should the people who are meant to provide oversight at the highest level of a financial institution also be asked to manage risks, sign off on compliance reports and perform the many other regulatory duties increasingly required of directors? Are our officials in Washington asking the right questions about the proper regulatory role for bank directors?
Notably, not one bank CEO told us he was satisfied – or even okay – with the changes taking place in his institution’s boardroom. One CEO even wondered if the new pressures on board members, legal and otherwise, might make directors more risk averse. While banks are keenly attuned to issues of safety and soundness, they also represent a business that must take risks in order to perform their function as a financial intermediary and to grow. Every bank struggles with the need for future growth, and this should be a key area of concern and direction for a bank board. It is certainly an area of concern for investors.
Sure, a board of directors should set the tone and direction for an institution’s risk and regulatory functions. Indeed, the board should be a leader in instituting and overseeing a comprehensive enterprise-wide risk management program at the bank. We think this step is extremely important given the complexity of banking and the nature of risk today. But where does it stop? The banking industry’s record on good corporate governance, careful risk management and compliance with the “rules” of banking is a solid one. They have performed remarkably well given that many of these regulatory compliance issues never got to the board seven or eight years ago.
Yet today they must walk a fine line between what they are hearing they must do from regulators and what their attorneys are advising is both wise and sensible. It’s not uncommon for some boards to go too far in interpreting regulatory guidance. Regulators may merely want to inform, but the reality is that boards take such guidance as additional requirements. Obviously this raises the need for regulators to be especially clear and precise when communicating on matters pertaining to boards of directors.
We count on our boards to look at the broad issues, and to provide leadership, oversight and strategic vision. Senior management should be allowed to take care of the day-to-day compliance and risk management responsibilities, with appropriate board oversight. Boards should be allowed to be boards, directors should direct, and we should stop asking these valued corporate overseers to also be the cops on the beat.
We hear from Washington about steps to lessen the excesses of Sarbanes-Oxley. We hear of an interest in reducing regulations and reforming laws. Now it’s time to act on what everyone knows. Bank boards are struggling to keep up. It really is time to acknowledge that there must be reasonable limits on what is expected of a bank board of directors.
View the article below that appeared in American Banker
