Monday, December 16, 2019

A Culture of Whatever: On the Path to Proper Governance

Posted by OnCourse Staff February 15, 2011 10:26am

Photo Credit: jscreationzs

We knew it would happen eventually.  The FDIC is now seeking to get aggressive in seeking money from the "bad" guys.  Its 2011 budget in fact shows a significant increase in staffing to handle the planned increased litigation.  While we don't know for sure, it is estimated that the FDIC will spend in excess of $50 billion in the closing of failed banks. This is in addition to the approximately $57 billion it has already spent during this crisis.  That's a hefty number. 

The agency has to try to recoup some of this money.  And that it has.   From recent news we know that the Agency has authorized lawsuits totaling $2.5 billion in damages. In November 2010, the FDIC announced that it was suing the Directors and Executives of a Chicago based $230 million bank that failed in February of 2009. Most recently the FDIC announced that it was suing the Directors and Executives of an $1 billion failed Atlanta based bank.

Many say this is just a tip of the iceberg.  Let's do the math.

 

Bank Failures

There will probably be at least 100 more this year.  The number of banks on the FDIC's confidential "problem bank" list is estimated to be around 850. The FDIC has up to three years after the failure of a bank to file a tort claim (a civil suit), and six years for breach of contract.  Since 2008 there have been approximately 314 bank failures, and none of these banks have reached the three year mark as yet.  Obviously these lawsuits will soon become a daily event.

When a bank fails, the regulators generally blame those responsible for running the institution; that is, senior management and directors.  In fact, some who have been associated with a failed bank are often "black listed" by the regulators from working in the industry.  The directors, many of whom go on a board for prestige and a sense of self accomplishment, get slammed with litigation.  Of course, a good D&O policy helps to mitigate some pain but still cannot take away the personal affliction. But then, the D&O policy is only relevant if the shareholders don't intervene and lay claim to it first before the regulators.  Now you've also got financial liability and legal bills. 

Trust me, this scenario is not uncommon when things go bad.

Let's face it - banking is regulated and there is a reason why bank regulations require board and senior management approval of all significant policies, procedures and strategic plans. So we can play the blame game when things go a bit awry.

Unfortunately, in the community banking spectrum, corporate governance does not often get the type of attention it deserves. Board members are not always well informed of banking and corporate governance responsibilities, and it is hard to ensure that they are when such governance is limited to one day a month.  Most board members are members of more than one committee, and therefore have to cram information from ALCO, IT, compliance, credit and even audit all at the same time. Many of these individuals are active community members or local business professionals who have never had any banking background.  Too often they must rely on management's assertions and banking skills without having the tools to adequately assess them.  For the most part, many management teams do a good job of earning the trust of their Board. 

What happens (more than it should) is that the Board inevitably relies on management.  Not possessing any independent tools or appropriate background to assess the effectiveness of bank wide decisions or direction, they rely too often solely on the regulatory exam report as a verification of the adequacy of performance.  But we know from experience that regulatory emphasis is a lagging indicator.  When a bank fails an exam it's too late.  The Board, senior officers and the bank are already in trouble. 

I have been part of countless discussions where a bank believes that a weakness does not exist simply because the last regulatory exam did not identify it.  "The regulators were just here and they didn't say anything," is quite often the justification to not correct or spend money to strengthen inherent weaknesses.   So what does that say about that institution's business culture?  That in fact they have assigned the risk management authority to the regulators. 

Board oversight is too often limited to measuring profitability and ensuring that the regulatory reports are clean. Unfortunately risk management, corporate governance and directional risks are concepts that are given the "mumbo-jumbo - whaaat-ever" treatment.  "We are a very simple bank and we're too small for all that jargon". The reality is that a majority of the bank failures over the past two years are small community banks. The level of scrutiny in recent examinations suggests that regulators are starting to believe that perhaps a small community bank is not the right model for the banking industry.  The thought process assumes that such banks do not possess a cost structure to be able to absorb the required level of risk management and IT infrastructure. Now that sounds like a lot of "mumbo-jumbo" to me.  There are plenty of community banks that do a great job of running strong and healthy. And of course, as with any business, there are those that could improve.

So I thought I would take a stab at identifying a few things that a community bank board may want to strengthen to improve risk awareness. This is where I usually start rambling on and on, so I'll limit it to just five items:

  • Strengthen the training program bank wide and for directors. Think of training expenditure as a utility cost that must be borne.  Too often training is sacrificed or weakened purely for budgetary reasons. Based on my experience there is often a noticeable difference in the knowledge base of management personnel that routinely goes to training events outside of the bank. 
  • Gain a good understanding of certain key ratios relative to operational, financial, credit, interest rate and other risk areas.  Benchmark them against peer group data and monitor their trend. Keep in mind that some ratios are leading indicators and that others are lagging indicators of the direction of the bank's performance.  If the bank cannot provide this internally, there are companies out there that provide this information on a periodic basis.  Treat this as a scorecard that must be reviewed every quarter.  This one is that important. At the risk of sounding too technical, you have to have a way to monitor the directional risk of the bank. Waiting for a regulatory exam or an audit to tell you what's wrong is too late. The OCC has a great book The Role of a National Bank Director.  I really recommend it because highlights some very sound information.  And most of all - it's free! 
  • A strong board independently evaluates management responses to audit, compliance, loan reviews and regulatory exam findings, and ensures that everyone is responsive.  A management's response that says "we will take it in advisement and consider the recommendation," is not exactly very forthcoming.  A board's role is to review and assess the adequacy of responses and, where necessary, arbitrate any disagreements between the examiner and management. And (there is always an "and"), more importantly, ensure that they are being addressed in a timely manner.  To do this, the bank should establish an effective tracking mechanism to prioritize the completion of these issues based on their severity. My experience has found that boards that do well in this regard set a strong tone of accountability and responsibility. 
  • The board minutes should always document the discussions that take place at the various meetings which affect the final decision. Board members are generally held responsible, not necessarily for making the wrong decision, but being negligent and not demonstrating due care in reaching their decision.  So the discussion of all factors should be documented in the minutes.  I cannot tell you how many times a board has been cited by regulators for ineffective oversight simply because the board minutes do not reflect any discussions.  Please write as much as you can in those minutes.
  • A board should maintain a culture which establishes a distinct independence from bank management. What I mean by this is that a board should not rubber stamp every management decision.  A board's primary responsibility is to provide oversight and evaluate and question the decisions being recommended by management. I do empathize with the fact that many members may not be well versed in banking issues and therefore rely on management or vendors.  A board needs tools, especially those that are not well versed in banking to perform their jobs effectively.  Thus, unfortunately, being "penny wise" can have the effect of limiting or restricting the board's ability to perform.  This inevitably results in weakening corporate governance.

There are obviously a lot more items that should be on this list, but we'll visit those another time.  I promised not to ramble so I'll stop here for now.  Oh, one more easy one that won't cost you anything either. Have executive sessions (meeting without the presence of management) with your key service providers.  Finally ask questions.  You don't have to know banking, IT or interest rate risks, but you can ask questions and hold people accountable.

In theory, I believe we all would agree that the risk management costs need to remain commensurate with the growth and size of any institution.  The issue that generally arises is how to define that relationship.  Management that is concentrating too narrowly on the bottom line, and doesn't see an immediate benefit to such costs will minimize its needs ... and a board that relies too heavily on management's decisions will often ignore it.  And when things go wrong, it will be the regulators that step in and define it for us.

At that point, the cost becomes higher, the FDIC "problem bank" list grows further, and there is always another "end".  Oops I meant "and".


Comments

Visitor
Re: A Culture of Whatever: On the Path to Proper Governance Reply #1 on : Tue February 15, 2011, 21:46:51
You hit a lot of issues that are right on target. We need to think about how to strengthen our Board and be more responsive. I'll be calling you soon to get your take.
Reply to this comment Quote this comment

Add a comment

  • Required fields are marked with *.

If you have trouble reading the code, click on the code itself to generate a new random code.



 Image

OnCourse Staff

The OnCourse writing staff work to keep you informed about the most pertinent financial industry news of the moment



OnCourse Staff's Posts Subscribe to RSS Feed



Flood Coverage – Still a Hot Regulatory Issue
Interagency Statement on Sharing BSA Resources and Challenges
New Jersey's Corporate Business Tax Legislation: A Look at the Impact for Banks
Correspondent Banking: The Challenges of Data Transparency
Regulation E and Business Account Errors
Controls over Employee and Officer T&E Expenses
Is Regulation CC Put on the Back Burner?
Training – An Investment and Risk Management Tool
Are You Gambling with Your BSA Program?
The Case of Foreign Banks and Heightened Scrutiny
IRS and New Jersey Tax Audits of Banks
State Taxation of Financial Institutions in Today's Environment
Does your 401(k) Plan need an Audit?
De-Risking of Foreign Correspondent Banks
Same Day ACH Credits – Phase One
FinCEN Finalizes Ruling on Beneficial Ownership and Ongoing Customer Due Diligence
Keep an Eye On Your Chip!
Is the IRS Status of your Defined Benefit plan in Jeopardy?
The Dilemma of Banking Medical Marijuana Businesses and Other Indirect Risks
Is your Institution Monitoring Working Capital Lines of Credit?
Financial Reporting and Regulatory Update on the Horizon
BSA/AML Training: Is your program effective?
Planning in a Consolidating Banking Industry
To opt-out or not to opt-out, that is the question – A reminder on March 31, 2015 Call Report, Schedule RC-R, item 3.a
Anti-Money Laundering – The Age of Technology
Top Compliance Topics Discussed at the NJ Bankers Compliance University
Some tips and tricks for dealing with Regulatory Examinations
Updated Regulation E Booklet from the OCC!
Is Flood Disaster Still on the Heat Map?
Have You Implemented Your Plan yet?
FDIC Consumer Newsletter
More Flood Insurance Changes...
Same Sex Married Couples - Ensuring Equal Treatment – Announcement from Consumer Financial Protection Bureau
Truth in Lending (Regulation Z) Annual Threshold Adjustments (CARD ACT, HOEPA and ATR/QM)
FFIEC Releases Revised BSA/AML Examination Manual: So what’s new?
OFAC Consolidates Non-SDN Listings
Coping with HOPA
Coping with the CFPB’s Ability-to-Repay Rule
ABA Survey on Impact of Dodd Frank Compliance
ABA Mortgage Origination Deskbook
Who handles Your Dormant Accounts?
Appraisal Disclosure Rule
Cybercriminals Broaden their Attacks in Social Networks
The Importance of Segregating a Bank’s Credit Function from its Lending Function
Appraisal Management Companies in Regulatory Crosshairs
All About the Home Owners Protection Act
Requesting Current Financial Information
Countdown to Windows XP End of Life and Support: Are you still at Risk?
314(b) Distinct Advantages for Financial Institutions
Where is the Document?
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
The Credit -- Er, IT Crisis?
Keeping the Balance: IT Security and the Org Chart
IT Security: "IT's" About Process
Wag the Dog
Consumerization of Technology and its influence on Information Security
Detective, Reactive and Preventive: Evolving Your IT Security
Do You Know The Security Features of the New $100 Bill?
Segregation of Duties for Wire Transfer Processing
How do you charge Early Withdrawal Fees on Time Deposits?
Do you still offer NOW Accounts?
Policy Changes Required – Do you Wait until Annual Approval?
Summarizing ACAMS White Paper on EDD and AML Risk Assessments (Industry Survey)
ACAMS to provide Free Webinar
ACBB Changes its Name
Who Do You Give Cash to?
ABA Briefing to Help Banks Address Cyber-security Threats
The OCC Issues Booklet: “A Common Sense Approach to Community Banking”
Safe Deposit Box Contents are not insured – But They COULD Be!
Allowance for Loan Loss Tips and Tricks
FDIC Can Review New Products
Let’s Talk About Overdrafts!
Community Banks Slowly Warm Up to Private Student Loans
Has your Bank updated the Adverse Action Notice?
Regulation E and NACHA Rules: When you Want to Stop Payment on a Recurring Debit
CFPB Stands Up Against Poor Debt Collection Practices
Don’t Forget the Small Stuff
Double Endorsed Checks: What is the Risk?
Social Media – Will the Regulators Do Spot Checks?
How Does Your Bank Handle Customer Requested Maintenance Changes?
OCC Releases Booklet on "Common Sense" Community Banking
New SAR Filing Updates
Is your BSA/AML automated monitoring system up to par?
The Importance of BSA Training
Office of Foreign Assets Control (“OFAC”) introduces the OFAC SDN Fuzzy Logic Search Tool
Filing the New CTR Forms: What you need to Know
FFIEC Proposed Risk Management Guidance on Social Media: Beware and Prepare
Solutions to Reducing Dormant Accounts at Your Institution
Pandemic Preparedness: Are you testing your Pandemic Plan?
Regulation E Foreign Remittance Rules
FFIEC issues revised “Supervision of Technology Service Providers” booklet
Expiration of Unlimited Deposit Insurance for NIBTAs
Is Your Institution's Marketing UDAAP Compliant?
What is Enterprise Risk Management?
New OCC Guidance Released on Investor Owned Properties
Electronic Work Papers - Why acxell Made the Switch
OCC to Toughen Exams in Response to United States Senate Permanent Subcommittee On Investigations
Clarifying Regulatory Obligations Regarding Continuing Activity SAR Filings
Federal Regulatory Agencies Proposal New Rule
Risk management - Smaller institutions and the benefits of ERM
Strengthening Your Loan Maintenance Monitoring
New Lending Proposal from CFPB
FDIC Reaches Settlement on Overdraft Fees
FRB Guidance on Foreclosures
Loan Denials and Withdrawals – Tips to Sure Up your Process
Regulation O – 5 Easy ways to avoid violations
The Summer of CFPB Proposals
Community Lenders Seize Market Share From Big Banks by Using Advanced Online Lending Technology
Dodd-Frank Rule to Change Legal Lending Limit Monitoring Requirements
The ABCs of a TDR
Supreme Court ruling for the Freeman, et al. v. Quicken Loans, Inc case
New FinCEN Guidance for CTR Aggregation for Businesses with Common Ownership (FIN – 2012 –G001)
Senior member of House of Financial Services Committee Introduces Overdraft Protection Act
FinCEN is looking to streamline the financial institution reporting process by issuing mandatory E-filing reporting requirements.
Curry: Operational Risk Now OCC’s Top Concern
JOBS Act Client Alert - Rules 506 of Regulation D
New Rules Proposal for Servicers Coming from the CFPB
Wall Street Receives Volcker Rule Clarity
De-stressing with stress testing
Banks Participate in Information Sharing to Battle Online Theft
IT security: Is your program still effective?
Banking Solutions: ALLL and GAAP in Agreement
How are the most recent regulatory enforcement trends that banks are facing today affecting internal audit? Why?
What are the most recent regulatory enforcement trends that banks are facing today?
Mobile banking: How do we get there?
UBS further struggles with $2 Billion loss by Rogue Trader
Capital One Becomes Dodd-Frank Test as Nation’s Fifth Largest Bank
Community Banks to receive US Funding for Small Businesses
FDIC fields questions about overdraft guidance
Negligent Hiring – A mistake can cost more than just money!
Regulatory Burden – Managing the Pain
From Embezzlement to Imprisonment: Former Citigroup employee faces charges with $19.2 million in bank fraud
TDR or Not to TDR …Much Ado about Nothing?
Finding the Right Hire
Model behavior: Is your ALM model capturing your bank’s risks?
ALLL best practices: Pay attention to qualitative factors
Abandoned Property Law, and its new New York State of Mind
Consumerization of Technology and its influence on Information Security
FDIC releases Provisions on Dodd-Frank to help Community Banks
Social Media in the Employment Arena – It Gets Funky!
The Proof is in the Pudding: Affects of Dodd-Frank on Community Banks
Banks and Businesses get "swiped" over Fees
A little bit of this, and a little bit of that: Fed Unveils list of Banks Helped during Financial Crisis of 2008
IT Security: "IT's" About Process
To Test or Not to Test; That is the Question
2011 Failed Bank List Hits 25
Wag the Dog
Committee on Financial Services to Hold Hearing on the Effects of Dodd-Frank on Small Biz and Banks Today
2011 Failed Bank List up to 18
A Culture of Whatever: On the Path to Proper Governance
The Test Drive: Leasing or Buying a HR IT Platform
Detective, Reactive and Preventive: Evolving Your IT Security
Cracking the ALLL Code: How to Develop the Right FAS 114 Methodology
Double Digits: Bank Closings up to 11 in 2011
FCIC Releases Report on the Causes of the Financial Crisis
Part of the In Crowd: Thoughts on the Dodd-Frank Act
Another One Bites the Dust: Regulators Close 4 Banks
Keeping the Balance: IT Security and the Org Chart
On Notice: FDIC Issues Rule for Temp Unlimited Deposit Insurance
2011 Failed Bank List Up to 3
Welcome to OnCourse
Stick 'Em Up!
Time for a Tune-Up: The Necessity of a HR Audit
Visa Instituting Two-Tiered Debit Card Interchange Structure
The First Failed Banks of 2011
The Credit -- Er, IT Crisis?
Painting a Masterpiece: The Art of the ALLL Reserve
The Law on Your Side: Understanding HR Regulations in 2011
Building a Better Hen House
Ready the Ramparts! : IT Security and the Modern Bank
No Respite from RESPA