HB Ad Slot
HB Mobile Ad Slot
Beware of Downhill Flow of Supervisory Guidance
Thursday, May 20, 2021

On February 26, 2021, the Board of Governors of the Federal Reserve System issued SR21-3/CA21-1, Supervisory Guidance on Board of Directors’ Effectiveness. Although it technically applies to institutions of $100 billion or more, it sets forth the attributes of an effective board of directors:

  1. Set clean, aligned, and consistent direction regarding the firm’s strategy and risk appetite.

  2. Direct senior management regarding the board’s information and needs.

  3. Oversee and hold senior management accountable.

  4. Support the independence and stature of independent risk management and internal audit.

  5. Maintain a capable board composition and governance structure.

In conjunction with the issuance of SR21-3, the Board of Governors revised earlier guidance issued in June 2016 as SR16-11, Supervisory Guidance for Assessing Risk Management (Guidance) to make the Guidance applicable to banks with total consolidated assets of less than $100 billion.

Just as stress testing started with the very largest banks and is now common for even community banks, the foregoing director expectations will flow down to the community bank level. SR16-11 focuses on the six risks — credit, market, liquidity, operational, compliance, and legal risks. However, the Guidance notes that board and senior management oversight is an element of a sound risk management system.

For a community bank organization engaged solely in traditional banking activities and whose senior management is actively involved in the details of day-to-day banking operations, relative basic risk management systems may be adequate. The bank must have internal controls, information systems, and internal audits that are appropriate for the size of the institution and the nature, scope, and risk of its activities. The Guidance notes the board of directors of any bank has the responsibility for establishing the level of risk that the institution should take and the board should approve the institution’s overall strategies and significant policies. Further, the board of directors should ensure that senior management is fully capable of implementing the institution’s business strategies and risk limits.

The Guidance also notes that the board should collectively have a balance of skills, knowledge, and experience to clearly understand the activities and risks to which the institution is exposed. The board should take steps to develop an appropriate understanding of the risks the institution faces through briefings with management and potentially outside experts. The board should ensure that the management information systems provide the board with sufficient information to identify the size and significance of the risks so that the board can provide clear guidance regarding the level of exposure acceptable to the institution. This will allow the board to oversee senior management implementation procedures and controls necessary to comply with approved policies. Thus, even for community banks, this returns us to the five key attributes of an effective board outlined by the board of governors for large banks:

  1. Does the board oversee the development of, review, approve, and periodically monitor the bank’s strategy and risk appetite?

  2. Does the board direct senior management to provide information sufficient in scope, detail, and analysis to enable the board to make sound, well-informed decisions and consider essential risks?

  3. Does the board oversee and hold senior management accountable for effectively implementing the bank’s strategy consistent with its risk appetite?

  4. Does the board through its risk and audit committee assess and support the stature and independence of the firm’s independent risk management and internal audit functions?

  5. Does the board consider its composition, governance structure, and practices in a manner that supports the bank’s safety and soundness and promotes compliance with law and regulation commensurate with the asset size, complexity, scope of operations, risk profile, and other changes that occur over time?

In summary, examiners are expected to assess risk management for an institution and may specifically reference the type and nature of corrective actions that need to be taken by an institution to address noted risk management and internal control deficiencies. The five key attributes of an effective board above are a good starting point for self-assessment.

HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins