This Viewpoint first appeared in Bank Director magazine’s fourth quarter 2023 issue.
The Federal Reserve’s report on the failure of Silicon Valley Bank, or SVB, noted that “SVB’s senior management responded to the incentives approved by the board of directors; they were not compensated to manage the bank’s risk, and they did not do so effectively.”
This commentary is in contrast to SVB’s proxy disclosure, which referenced risk management and “strong capital and liquidity” as factors impacting payouts. SVB reflects the challenges many banks and compensation committees face in effectively evaluating and incorporating risk into incentive payout decisions.
Regulators sought to address risks resulting from incentive compensation following the 2007-08 financial crisis, which was largely the result of poor credit underwriting. As part of their response, they issued “Guidance on Sound Incentive Compensation Policies” in 2010, which states that incentive compensation arrangements should:
- Appropriately balance risks and rewards in a manner that does not encourage imprudent risk-taking.
- Be compatible with effective controls and risk management.
- Be supported by strong corporate governance, including active and effective oversight by the organization’s board of directors.
During this same time period, Congress passed the 2010 Dodd-Frank Act, including Section 956, which requires U.S. financial regulators to issue rules prohibiting incentive compensation arrangements that encourage inappropriate risk-taking at financial institutions over $1 billion in assets. Regulators have indicated their intent to finally finalize Section 956, including the Securities and Exchange Commission including it on its regulatory flexibility agenda with an April 2024 target date.
Risk Assessment Process
Compensation committees should examine their existing processes for evaluating risk within incentive plans. The following questions may be useful in understanding and improving the current processes:
- When are incentive programs assessed for risk? Is there an ongoing process for periodic evaluation of all plans?
- Do the incentive plan documents explicitly provide the compensation committee or board the authority to adjust for risk and compliance concerns?
- Are there established methodologies and processes for risk adjustments prior to payouts?
- What types of risk are currently considered when reviewing performance?
- Does the chief risk officer and/or board’s risk committee provide input to the compensation committee before payouts are finalized?
- What are the existing controls for the verification of results and payouts? Are there analyses to ensure the bank applies its administrative procedures and mitigates any bias?
- Are the key inputs into incentive decisions well documented?
- Is an appropriate amount of compensation connected to the bank’s long-term performance?
- Are common risk mitigators, such as stock ownership guidelines and clawbacks, in place and at what levels?
Application of Risk Adjustments
Compensation committees can use multiple mechanisms to make adjustments for risk at various stages of the evaluation process. Some examples of these adjustments include:
- Incentive plan gates: Requires maintaining a requisite level of performance on important safety and soundness measures.
- Quality of earnings review: Evaluates how the bank achieved its results, as well as its sustainability.
- Risk scorecard assessments: Provides for reviews of risk across a variety of factors — like credit, capital, operational, liquidity, legal and reputational — with the potential for reductions in pool funding and/or payouts.
- Realized risk: Adjusts incentive payouts downward for realized negative risk events or regulatory issues at the individual, business unit or corporate level.
- Recoupment provisions. Allows the forfeiture of unvested awards or clawbacks of paid incentives for significant negative risk outcomes.
Boards and the compensation committee can improve their understanding and application of risk adjustments to avoid mismatches between incentive rewards and increased levels of risk. This will require examining the existing risk assessment process, making process improvements to incorporate a broader view of risk and ultimately demonstrating a willingness to adjust payouts when risk performance is not sufficient.