April 1, 2021
April 1, 2021
Recently, the US Board of Governors of the Federal Reserve System (FRB) issued guidance for certain financial institutions regarding a board’s role in sustaining financial and operational resilience. While specifically applicable to domestic bank holding companies and savings and loan holding companies with total consolidated assets of $100 billion or more, as well as systemically important nonbank financial companies designated by the Financial Stability Oversight Council for FRB supervision, the guidance is being used to inform assessments of governance and controls. The guidance is significant because it reinforces the existing lexicon concerning minimum expectations for boards. Its focus applies to the board’s role in maintaining a firm’s safety and soundness and responsibility for sustaining financial and operational resilience, as noted above. As resilience has proven to be a key differentiator in separating the market’s winners and losers over the past year, the FRB’s principles-based guidance on the key attributes of effective boards merits consideration by boards in sectors beyond financial services.
The guidance outlines the five below resilience principles for boards.
1. Oversee the development, review, and approval of the firm’s strategy and risk appetite and periodically monitor execution and progress. The board advises management in formulating strategy, which articulates a company’s objectives for its various lines of business while also establishing an effective risk-management structure; an effective risk-management and control function; and appropriate processes and resources for implementing the strategy. The strategy should align with a clear risk appetite that is articulated in sufficient depth to enable the firm’s chief risk officer (CRO) and independent risk-management function to set firm-wide risk limits that will constrain risk-taking to an acceptable level. An effective board reviews and approves significant policies, programs, and plans based on the organization’s strategy, risk appetite, risk-management capacity, and structure (e.g., the firm’s capital plan, recovery and resolution plans, liquidity risk-management policies).
2. Direct senior management regarding the board’s information requirements. The board should provide direction to senior management regarding the sufficiency, quality, timing, reliability, and structure of information and data that directors need to make well-informed decisions. The board should also seek information through channels other than management about the business and its activities, ongoing and emerging opportunities and risks, personnel, compensation, and other matters. Finally, the lead independent director or independent board chair and committee chairs should take an active role in setting board and committee meeting agendas.
3. Hold senior management accountable for results. An effective board oversees and holds senior management accountable for appropriately implementing the firm’s strategy, consistent with its risk appetite. To facilitate accountability, the board should allocate sufficient board meeting time to candid and open discussions that encourage diverse views. The board should regularly evaluate senior management performance and compensation and consider whether and how compensation programs implemented by senior management promote the company’s risk-management goals and do not incent inappropriate risk taking. An effective board also oversees the development and execution of CEO and other C-suite leaders’ succession plans.
4. Support the independence and stature of independent risk management and internal audit. The lines of business should not unduly influence either of the two functions. The risk or audit committee should inquire into the causes and consequences of material or persistent breaches of the organization’s risk appetite and risk limits, the timeliness of the remediation of material or persistent internal and external audit and regulatory findings, and the appropriateness of the annual audit plan. The risk or audit committee should communicate directly with and offer the CRO (or other C-suite leader who oversees the risk function) unrestricted access to it on significant risk-management issues and advise them on the independent risk-management function’s budget and staffing. An effective audit committee also meets regularly with the chief audit executive regarding the audit function’s plan, staffing, and organizational and industry concerns.
5. Maintain a capable board composition and governance structure. Based on factors such as the company’s asset size, complexity, scope of operations, risk profile, and changes over time, an effective board establishes a process to identify and select potential director nominees with a mix of skills, knowledge, experiences, and perspectives. This process should consider a potential nominee’s expertise, availability, integrity, and potential conflicts of interest, and be open to a diverse pool of potential nominees, including women and underrepresented minorities. An effective board also has the capacity to engage third-party advisers, when appropriate, to support its decision-making. On an ongoing basis, the board should evaluate its committees’ performance and adapt its committee structure and practices to address identified deficiencies over time.
So, what is the takeaway? The FRB guidance does not break new ground, but boards should, nonetheless, pause for reflection. The five principles above allow the board the flexibility to operate according to each organization’s circumstances, complexities, and needs with an emphasis on building resiliency into strategic plans, balance sheets, and business models. Boards need to think about their role in setting strategy, establishing risk boundaries and limits, clarifying accountability for results, supporting risk management and internal audit, and periodically evaluating board composition and governance structure in a changing, disruptive market.
NACD: Tools and resources to help guide you in unpredictable times.