Observations of a Trend The Blurring of Management and Board Responsibilities. April 28, 2005

Transcription

1 1120 Connecticut Avenue, NW Washington, DC BANKERS World-Class Solutions, Leadership & Advocacy Since 1875 James D. McLaughlin Director Regulatory & Trust Affairs Phone: Fax: April 28, 2005 The Honorable Susan S. Bies Governor Board of Governors of the Federal Reserve System 20 th Street and Constitution Avenue, NW Washington, DC Dear Sue: Thank you again for participating in the inaugural meeting of ABA s Enterprise Risk Management Working Group. Our members valued the opportunity to discuss the variety of issues covered by our agenda. We hope you found the exchange informative. Your insights and observations contributed greatly to our subsequent internal discussions. As we promised, we are following our discussion with this letter to provide insights about a particular trend in supervisory oversight that of forcing management s role onto an already overburdened board of directors and to offer our recommendations for taking steps to redress it. Observations of a Trend The Blurring of Management and Board Responsibilities Prominent among the issues considered at our meeting was the apparent trend that regulators require an increasing level of detailed involvement of boards in fundamental management responsibilities. With each new guidance and embedded in virtually all the recent examinations, is a blurring of the distinction between senior management and the board. While well-intentioned, this regulatory trend diverts the attention of directors from providing strategic leadership and oversight to their institutions by getting them too involved at times unnecessarily or unproductively in an increasing amount of operational and other business-related detail. Requiring too high a level of detail is counterproductive to the goal of enhancing effective corporate governance of banks and bank holding companies. We have collected examples of required actions from members recent examination reports that illustrate this trend. We have included an attachment that demonstrates that these instances are not isolated, but occur frequently across regulators and regions. Here are some Matters Requiring Board Attention that are representative of the problems encountered by our members.

2 Reduce/minimize cash transaction processing errors to ensure currency transaction reports are accurate. This is clearly management s job. Files on the X and Y drives must be reviewed and access assigned to employees based on need. Conceding the substantive appropriateness of this security recommendation, it is a management issue. We recommend that [bank] develop structure around the processes dealing with the development, receipt and implementation of major assumptions: deposit elasticities, core deposit maturities, prepayment assumptions. Such assumptions should receive regular approval by the board or board designated committee... What expertise will directors possess that would allow them to regularly approve these items? The Board s role is to ensure that management puts a governance process in place so that experts evaluate such assumptions and provide transparency. Violations were noted regarding the font size of disclosures contained in various credit card application disclosures. The board must ensure that management revises the application/brochures to comply with regulatory requirements. Technical compliance violations should not belong at the board level unless management has refused to address the issue in a timely fashion. A board should have a policy or approved process in place that articulates bank management and audit function responsibilities for correcting adverse exam findings. Requiring assorted violations to be elevated to the board on an ad hoc basis circumvents this mechanism and absorbs time that should have been used by the board to address important enterprise risk issues. As further illustration, directors are being asked to approve technical policies that are truly in the domain of management. Directors often question how they can be expected to add value by approving technical policies. They believe that this is why management with the requisite technical expertise is employed by the company. New Supervisory Guidance Is Exacerbating This Trend Unfortunately, the development of new supervisory guidance has further exacerbated the tendency of examiners to blur distinctions between board and senior management responsibilities. A reading of the Basel II interagency guidance on operating risk and retail or corporate credit risk reveals that 40 of the 58 references to a bank s board occur when describing a duty or expectation in conjunction with management, as in IRB systems need the support and oversight of the board and senior management or the board of directors and management would be responsible for maintaining effective internal controls over the [bank s] information systems. Although some of the Basel guidance draws a distinction between levels of reporting, too little discussion is contained in these pieces that distinguish 2

3 between the roles intended for management and those intended for the board. Consequently, using the conjunctive board and senior management will only encourage examiners tendency to blur distinctions between the two when writing future remedial recommendations. In addition to Basel-related guidance, we see this trend reflected in other sources of supervisory oversight such as anti-money laundering compliance and information security oversight. Even expressions of modest board involvement characterized as informing the board imposes on directors a duty of familiarity assigned by supervisory fiat rather than derived from internally-derived risk management analysis and judgment. This Trend Threatens to Hinder Effective Corporate Governance This trend of rising supervisory expectations for board involvement in senior management matters has significant adverse implications for effective corporate governance. First, the independence of the board may be compromised. Second, management has a finite amount of time with board members. If a substantial portion of that time is spent reviewing materials that are best handled by management, then there is less time available for important risk issues that the board needs to understand. This comment is not just coming from management; we are hearing it from frustrated directors as well. Third, the over-specification of board responsibilities tends to convert board service into a compliance exercise of ticking off a checklist of regulatory chores rather than a broad principle-driven dynamic interaction that develops strategic direction and performance expectations tailored to the particular bank and its market. There must be latitude for directors to define their interface with management, giving due consideration to economic circumstances, regulatory standards and complexity of the bank s operations. Recommendations to Address the Problem Because these trends have serious implications for corporate governance if uncorrected, we recommend that the banking agencies take the following initiatives in this area: First, we recommend that the agencies conduct a study of examination reports to evaluate whether examiners are appropriately distinguishing management from board obligations in their exam findings, conclusions and recommendations. In addition to sampling exam reports, we recommend interviewing examiners, field managers, review examiners and senior supervisory personnel to understand better why they choose to mandate specific board attention or action in situations that are usually management responsibility. Is agency guidance being misinterpreted, or are examiners drawing inferences about agency intentions for board participation that are going uncorrected by agency internal supervision? 3

4 Our second recommendation grows from the first: to have the agencies inventory the sources of existing regulatory obligations that examiners rely upon to support their prescriptions that directors undertake more managerial-type responsibilities. An appreciation for the source and scope of these obligations is a necessary predicate to reassessing the burdens accompanying the supervisory expectations that have accumulated over time. Finally, our third recommendation is for the Federal Reserve and other agencies to take a leadership role in convening a Corporate Governance in Banking Forum to foster dialogue focusing on differentiating the roles and supervisory expectations for directors versus senior executives under the enterprise risk management paradigm. Most examiners, through no fault of their own, have never had experience in a real corporate board setting. As a result, their point of view tends to be less practical and more academic. Our bankers can provide insights to help bridge this gap and still preserve good corporate governance. This might be accomplished as part of enhanced training for examiners on the role of the board in today s corporate governance environment. The ABA stands ready to assist in these efforts. Conclusion ABA s Enterprise Risk Management Working Group believes that principle-based ERM holds the key to enabling management and the board to conduct the business of banking in the most efficient and effective manner. We look forward to working with you and your colleagues in making our common aspirations for enterprise risk management and effective governance in the banking industry a reality. Sincerely, James D. McLaughlin 4

5 Examples in Which Regulatory Actions Blur Management and Board Responsibilities The following excerpts come from examination reports and supervisory correspondence illustrating the trend of examiners to require greater involvement in the operational detail of the institution. Those excerpts that do not specifically reference the board were nonetheless listed under exam recommendations labeled as matters requiring board attention. In all cases, the institution in question was considered well-managed. Appropriate assumptions are critical to the success of IRR modeling. These assumptions should be consistent with the company s experience, and should be approved as needed by the board of directors or a board designated committee... We recommend that [bank] develop structure around the processes dealing with the development, receipt and implementation of major assumptions: deposit elasticities, core deposit maturities, prepayment assumptions. Such assumptions should receive regular approval by the board or board designated committee For those assumptions that change more frequently, such as mortgage prepayments, it would be sufficient for the board to approve the process by which such estimates are generated... Management...needs to create a workout policy to ensure accuracy and consistency in the commercial credit workout process. The policy must be reviewed and approved by the Board of Directors. During the review it was noted that inconsistencies exist in the signature process of [Problem Asset Reports (PAR)]. Additionally, PAR s did not meet frequency guidelines. Management and the board of directors need to ensure that PAR guidelines are utilized to provide adequate monitoring of classified and criticized credit relationships. The board must assure that a uniform and systematic approach is maintained for the documentation of the underwriting decision made in extending credit card loans to small businesses. Violations were noted regarding the font size of disclosures contained in various credit card application disclosures... The board must ensure that management revises the applications/brochures to comply with the regulatory requirements. Ensure that policies, procedures and guidelines are consistent and clearly communicated. Files on the X and Y drives must be reviewed and access assigned to employees based on need....monitor integration of the automated AML system to ensure timely implementation of comprehensive suspicious activity monitoring processes across all business lines. Reduce/minimize cash transaction processing errors to ensure currency transaction reports ( CTRs ) are accurate. 5