Effective June 2010, regulators covering the majority of banks in the U.S. jointly issued guidance requiring institutions to comprehensively review their compensation programs and ensure they do not motivate unnecessary risk taking. Emerging regulations under Dodd-Frank, due to be finalized later this year, will place even greater pressure on banks, particularly those over $1 billion in assets. There will be increased expectations that banks ensure proper board oversight, implement enhanced controls and policies, improve documentation and revise their incentive plans to consider risk mitigation strategies. To comply, bank directors, and in particular the compensation committee, must be fully involved, well-informed and possess an in-depth understanding of not just executive incentive arrangements, but incentives for all employees.
To determine whether the bank’s current risk assessment process is adequate to comply with regulations, directors should ask a few key questions regarding their bank’s current programs and processes:
Do we have a process to identify and document covered employees? Most banks already have identified a small number of executive and highly-paid employees, but that may no longer be enough. Banks also are expected to develop processes to identify and define employees whose incentive arrangements might, if not properly structured, pose a threat to the institution’s fiscal safety and soundness.
Do we have defined processes to identify, assess and document the risks considered in the compensation programs? Banks should have a systematic and documented approach to identify the full range of risks that could compromise the safety and soundness of the institution.
Do incentive plans incorporate risk adjustment features? While there is no "one-size-fits-all," banks should consider for each role/function what type of risk adjustment features are most appropriate. Some approaches include:
- Using quantitative and/or qualitative risk information to adjust incentive pools and/or awards. For example, where a lending officers’ production was based on a higher risk portfolio, payouts may be adjusted. If a bank felt earnings were a result of a higher risk profile, the overall incentive pool might be reduced.
- Including risk-based performance measures such as risk adjusted return on capital, capital and/or asset quality factors. For example, lending officers may have a portion of their incentive paid (or deferred) based on the quality of the loan portfolio.
- Deferring a portion of the incentive until long-term performance success (or failure) is known and reducing or eliminating the payout downward if performance is not sustained.
- Using multi-year performance goals to reward performance to better align rewards with the time horizon of the risk.
Are risk-management and control personnel involved in the risk assessment process? To ensure effective risk assessment, these employees should be involved in the review as well as the design and monitoring of short and long-term incentives. Additionally, their own incentive arrangements should ensure objectivity and not be tied directly to the business units they monitor. The chief credit officer shouldn’t get paid incentives tied to the volume of loans, for example.
Do we have proper documentation? This is a key weakness of many banks where complete and clear documentation of all programs, policies, monitoring procedures and governance protocols is lacking. Banks should seek to document all incentive plans as well as monitoring and control procedures. Where discretion is applied, documentation of rationale should be included. Committee minutes should reflect discussions and considerations of risk relative to plan designs and payouts.
Have internal communications with the board and/or compensation committee changed? While the risk review is important, risk-related information must be shared between board committees and management to ensure proper oversight during discussions of incentive plan designs, goal-setting and award payouts.
As bank risk assessment standards evolve, their effectiveness will depend heavily on the quality of the risk assessment process used, the actions taken to reduce risk in the compensation programs, and the commitment of directors to strong governance of the process.
What Level is Your Risk Assessment Process?
Level 0 – No Assessment Process – Virtually all financial institutions are now required to conduct a risk review process and assess relative to the guidance provided in 2010 by all major bank regulators. If you haven’t yet started to review and document your plans, it is critical to start now.
Level 1 – Conduct Basic Review of Incentive Plans – The bank has reviewed incentive plans relative to the June Agency guidance at a high level and feels there is limited need to adjust programs. Documentation may be in process but not comprehensive.
Level 2 – Rigorous Process, Documentation and Oversight – The risk assessment process documents not only the programs, but also all covered employees, controls and risk mitigation techniques. Formal risk accountabilities and a review process have been defined. The board or its designated committee has oversight and some programs have been redesigned to mitigate/adjust for risk.
Level 3 – Comprehensive and Holistic Risk Assessment Framework – The board or its designated committee is actively engaged in overseeing risk. Risk assessment and mitigation is integrated into many compensation-related processes and risk management personnel play a vital role in ensuring compensation arrangements do not promote undue risk. Compensation programs have been adjusted to account for risk.