This Plate Runneth Over

This past June Bank Director hosted its fourth annual Bank Audit Committee Conference in Chicago, and the event attracted a record turnout. Any director who serves on a bank audit committee probably feels as if they’re lying in a shallow foxhole during an enemy bombardment. Most of those salvos are being fired from Capitol Hill in Washington, D.C., where Congress is considering a massive regulatory overhaul initiative that could become law before the year is out.

I hope this doesn’t sound self-serving, but I think all those people in Chicago came looking for answers. The audit committee has become the governance focal point for much of what happens in a bank or thrift today, and you have to wonder if we have reached the tipping point where committee performance begins to deteriorate because directors simply have too much to do.

The full range of governance requirements that most bank audit committees juggle is absolutely mind-boggling. The Sarbanes-Oxley Act mandated that the audit committee at all public banks manage the relationship with the outside auditor, a best practice that many private institutions have adopted with the encouragement of their federal banking regulators. Sarbanes-Oxley also made the public company audit committee responsible for its company’s internal financial controls, including the integrity of its financial statements. And many bank audit committees have assumed authority for the internal auditor, along with their bank’s regulatory compliance program. But the most daunting task of all is oversight of the risk management function, a duty that falls most often to the audit committee because it is the most qualified of all board committees-or perhaps, it is the least unqualified.

The banking industry is still recovering from the worst downturn in asset quality since the early 1990s. When the submortgage market tanked in 2008 and took the U.S. economy down with it, many institutions found they were far more exposed to the residential and commercial real estate markets than they realized. Or, the exposure had far worse consequences than they ever imagined. It would be unfair to blame the industry’s downturn on the failure of bank audit committees to adequately manage their institution’s credit risk profile. Plenty of very intelligent people were equally blindsided by the mortgage market meltdown, including former Federal Reserve Chairman Alan Greenspan, the (former) investment banking firm of Lehman Brothers, and the credit rating agencies Standard & Poor’s and Moody’s.

Still, there’s no question that bank directors will be focusing more attention on the management of risk in the years ahead. The regulators will require it, and their own survival instincts will compel it. But is the audit committee the best governance vehicle to accomplish that? Because many audit committee members are CPAs, overseeing an outside auditing firm comes naturally to them.

But managing risk in an esoteric endeavor-nearly as much art as science-that is more alien to their professional experience. And for that reason, every bank board ought to be thinking about setting up a separate risk committee.

This is not a new idea, nor is it a panacea. Many large banks have adopted this governance strategy because their risk profiles are so complex. But they also have the resources to attract qualified directors. Community banks will face a much bigger challenge finding competent directors who understand risk management, and might have to substitute training and education for hands-on experience.

Splitting off the governance responsibility for risk management into a separate committee would give the audit committee more time to focus on the familiar terrain of auditing and financial reporting, while giving the management of risk the time and attention it clearly needs. If the ongoing asset quality crisis has shown us anything, it’s that ensuring the survival of the institution through the downward leg of the economic cycle is a bank director’s single most important duty. Assuming that Congress does pass a regulatory overhaul bill-and as of mid-June that seems to be a pretty good bet-the compliance burden on bank audit committees will grow even larger. Asking the audit committee to meet that challenge while also spending more time on risk management issues strikes me as both unfair and imprudent.

Join OUr Community

Bank Director’s annual Bank Services Membership Program combines Bank Director’s extensive online library of director training materials, conferences, our quarterly publication, and access to FinXTech Connect.

Become a Member

Our commitment to those leaders who believe a strong board makes a strong bank never wavers.