One Bank’s Approach to Improving Its Culture

Merriam-Webster defines culture as “the set of shared attitudes, values, goals, and practices that characterizes an institution or organization.” These attributes are central to a company’s success.

Corporations with strong cultures tend to have financial performance that matches, according to studies that have investigated the relationship. The corporate review website Glassdoor found in 2015 that the companies on its “Best Places to Work” list, as well as Fortune’s “Best Companies to Work For” list, outperformed the S&P 500 from 2009 to 2014 by as much as 122%. In contrast, Glassdoor’s lowest-rated public companies underperformed the broader market over the same period.

Unlike the financial metrics banks rely on to measure their performance, culture is harder to measure and describe in a meaningful way. How can a bank’s leadership team — particularly its board, which operates outside the organization — properly oversee their institution’s cultural health?

“A lot of boards talk about the board being the center of cultural influence within the bank, and that’s absolutely true,” says Jim McAlpin, a partner at the law firm Bryan Cave Leighton Paisner and leader of its banking practice group. As a result, they should “be mindful of the important role [they] serve [in] modeling the culture and forming the culture and overseeing the culture of the institution.”

Winter Haven, Florida-based CenterState Bank Corp., with $17.1 billion in assets, values culture so highly that the board created a culture-focused committee, leveraging its directors’ expertise.

CenterState wants “to create an incredible culture for their employees to enjoy and their customers to enjoy,” says David Salyers, a former Chick-fil-A executive who joined CenterState’s board in 2017. He’s also the author of a book on corporate culture, “Remarkable!: Maximizing Results through Value Creation.”

Salyers knew he could help the bank fulfill this mission. “I want to recreate for others what Truett Cathy created for me,” he says, referring to the founder of Chick-fil-A. “I love to see cultures where people love what they do, they love who they do it with, they love the mission that they’re on, and they love who they’re becoming in the process of accomplishing that mission.”

Few banks have a board-level culture committee. Boston-based Berkshire Hills Bancorp, with $13.2 billion in assets, established a similar corporate responsibility and culture committee in early 2019 to oversee the company’s corporate social responsibility, diversity and inclusion, and other cultural initiatives. Citigroup established its ethics, conduct and culture committee in 2014, which focuses on ethical decision-making and the global bank’s conduct risk management program — not the experience of its various stakeholders.

CenterState’s board culture committee, established in 2018, stands out for its focus on the bank’s values and employees. Among the 14 responsibilities outlined in its charter, the committee is tasked with promoting the bank’s vision and values to its employees, customers and other stakeholders; overseeing talent development, including new hire orientation; advising management on employee engagement initiatives; and monitoring CenterState’s diversity initiatives.  

The committee was Salyers’ suggestion, and he offered to chair it. “I said, ‘What we need to do, if you want to create the kind of culture you’re talking about, [is] we ought to elevate it to a board level. It needs to get top priority,’” he says. “We’re trying to cultivate and develop the things that will take that culture to the next level.”

As a result of the committee’s focus over the past year, CenterState has surveyed staff to understand how to make their lives better. It also created a program to develop employees. These initiatives are having a positive impact on the employee experience at the bank, says Salyers.

Creating a culture committee could be a valuable practice for some boards, particularly for regional banks that are weighing transformative deals, says McAlpin. CenterState has closed 11 transactions since 2011. In January, it announced it will merge with $15.9 billion asset South State Corp., based in Columbia, South Carolina. The merger of equals will create a $34 billion organization.  

“At the board level, there’s a focus on making sure there is a common culture [within] the now very large, combined institution,” says McAlpin, referencing CenterState. “And that’s not easy to accomplish, so the board should be congratulated for that … to form a [culture] committee is a very good step.”

CenterState’s culture committee leverages the passion and expertise of its directors. Both Salyers and fellow director Jody Dreyer, a retired Disney executive, possess strong backgrounds in customer service and employee satisfaction at companies well-regarded for their corporate culture. While this expertise can be found on the boards of Starbucks Corp. and luxury retailer Nordstrom, few bank boards possess these traits.

Focusing on culture and the employee experience from the top down is vital to create loyal customers.

“The best companies know that culture trumps everything else, so they are intentional about crafting engaging and compelling environments,” Salyers wrote in his book. “A company’s culture is its greatest competitive advantage, and it will either multiply a company’s efforts, or divide both its performance and its people.”

Talking Too Much About Board Diversity

A backlash has emerged in response to diversity and inclusion initiatives.

In the past several years, activists, institutional investors and some companies — including banks — have advocated for increased diversity and inclusion on their boards and throughout their firms. These groups believe that a diversity of race, gender, age and opinion is good for business and, ultimately, for shareholders.

But two recent studies draw attention to a burgeoning backlash to these efforts. Whether from message fatigue or concern about the board’s focus, companies may need to be mindful about the promotion and communication of their D&I efforts.

Director support to increase gender and racial diversity in the boardroom fell for the first time since 2013 in PwC’s 2019 governance survey. Thirty-eight percent of directors said gender diversity was very important in 2019, down from 46% in 2018. Those who said racial and ethnic diversity was very important fell to 26%, down from 34% the year prior.

Directors seem to be fatiguing of these messages, says Paula Loop, leader of PwC’s Governance Insights Center, who adds she was surprised at the recent trend.

“The way that we rationalized it is that it appears that directors have heard the message and they’re trying to acknowledge that,” she says.

Respondents to PwC’s survey acknowledged that diversity has added value to their discussions and decisions, Loop says, and that it increasingly makes sense from a business perspective. This finding is supported more broadly: Bank Director’s 2018 Compensation Survey found that 87% of respondents “personally believe” that board diversity, either through age, race or gender, has a positive impact on the bank’s performance.

“We have to remember, especially when you’re thinking about boards, they … don’t move necessary as quickly as one might think,” Loop says. “I feel like we’re in an evolution — but there’s been a lot in the last couple of years.”

Interestingly, PwC observed different responses to the survey based on the gender of respondents. A higher percentage of female directors reported that gender and racial/ethnic diversity on the board was “very important.” Male directors were less inclined to report seeing evidence of the benefits of diversity, and more than half agreed that diversity efforts “are driven by political correctness.”

Male directors were three times as likely as a female director to assert that investors “devote too much attention” to both gender and racial/ethnic diversity. Overall, 63% of directors believe investors are too focused on gender diversity, up from 35% in 2018; 58% report the same when it comes to racial/ethnic diversity, up from 33%.

The different responses along gender lines demonstrates why diversity matters, Loop says. The report shows that gender-diverse slate of directors do have a “different emphasis or different way of thinking.”

“It validates why it’s good to have a diverse group of people in a room when you have a conversation about an important issue,” she says.

But even if a bank makes headway on increasing the gender diversity on its board, there is still another group to think about: shareholders. A recent study found that companies that appoint women to the board experience a decline in their share price for two years after the appointment. The study looked at more than 1,600 U.S. companies between 1998 and 2011.

“Investors seem to be penalizing, rather than rewarding, companies that strive to be more inclusive,” wrote INSEAD researchers Isabelle Solal and Kaisa Snellman in a November 2019 Harvard Business Review article about their study.

What we think is happening is that investors believe that firms who choose to appoint women are firms who care more about diversity than about maximizing shareholder value,” writes Solal, a postdoctoral research fellow at the Stone Centre for the Study of Wealth Inequality at INSEAD, in an email interview.

In subsequent research, they found that investors view appointments of female directors with a company’s “diversity motivation.” The association is “not that surprising,” she writes, given that “almost all” press releases feature the gender of the appointee when that person is a woman, and will often include other references to diversity.

“Gender is never mentioned when the director is a man,” she writes.

Solal says that companies should still appoint women to their boards, especially given that the shareholder skepticism dissipates in two years. But companies should be mindful that overemphasizing a director’s gender or diversity may be unhelpful, and instead highlight the “skills and qualifications of their candidates, regardless of their gender.”

FASB Sheds Light On CECL Delay Decision


CECL-8-15-19.pngSmall community banks are poised to receive a delay in the new loan loss standard from the accounting board.

The Financial Accounting Standards Board is changing how it sets the effective dates for major accounting standards, including the current expected credit loss model or CECL. They hope the delay, which gives some banks an extra one or two years, provides them with more time to access scarce external resources and learn from the implementation lessons of larger banks.

Bank Director spoke with FASB member Susan Cosper ahead of the July 27 meeting discussing the change. She shed some light on the motivations behind the change and how the board wants to help community banks implement CECL, especially with its new Q&A.

BD: Why is FASB considering a delay in some banks’ CECL effective date? Where did the issue driving the delay come from?
SC: The big issue is the effective date philosophy. Generally speaking, we’ve split [the effective dates] between [Securities and Exchange Commission] filers or public business entities, and private companies and not-for-profits. Generally, the not-for-profits and private companies have gotten an extra year, just given their resource constraints and educational cycle, among other things.

We started a dialogue after the effective date of the revenue recognition standard with our small business advisory committee and private company council about whether one year was enough. They expressed a concern that one [extra] year is difficult, because they don’t necessarily have enough time to learn from what public companies have done, they have resource constraints and they have other standards that they’re dealing with.

We started to think about whether we needed to give private companies and not-for-profits extra time. And at the same time, did we need to [expand that] to small public companies as well?

BD: What does this mean for CECL? What would change?
SC: For the credit loss standard, we had a three-tiered effective date, which is a little unusual. Changing how we set effective dates would essentially collapse that into two tiers. We will still have the SEC filers, minus the small reporting companies, with an effective date of Jan. 1, 2020.

We would take the small reporting companies and group it with the “all-other” category, and push that out until Jan. 1, 2023. It essentially gives the non-public business entities an extra year, and the small reporting companies an extra two years.

BD: How long has FASB considered changing its philosophy for effective dates? It seems sudden, but I’m sure the board was receiving an increasing amount of feedback, and identified this as a way to address much of that feedback.
SC: We’ve been thinking about this for a while. We’ve asked our advisory committees and counsels a lot of questions: “How did it go? Did you have enough time? What did you learn?” Different stakeholder groups have expressed concern about different standards, but it was really trying to get an understanding of why they needed the extra time and concerns from a resource perspective.

When you think about resources, it’s not just the internal resources. Let’s look at a community bank or credit union: Sometimes they’re using external resources as well. There are a lot of larger companies that may be using those external resources. [Smaller organizations] may not have the leverage that some of the larger organizations have to get access to those resources.

BD: For small reporting companies, their CECL effective date will move from January 2020 to January 2023. How fast do you think auditors or anyone advising these SRCs can adopt these changes for them?
SC: What we’ve learned is that the smaller companies wait longer to actually start the adoption process. There are many community banks that haven’t even begun the process of thinking about what they need to do to apply the credit loss standard.

It also affords [FASB] an opportunity to develop staff Q&As and get that information out there, and help smaller community banks and credit unions understand what they need to do and how they can leverage their existing processes.

When we’ve met with community banks and credit unions, sometimes they think they have to do something much more comprehensive than what they actually need to do. We’re planning to travel around the country and hold meetings with smaller practitioners — auditors, community banks, credit unions — to educate them on how they can leverage their existing processes to apply the standard.

BD: What kind of clarity does FASB hope to provide through its reasonable and supportable forecast Q&A that’s being missed right now? [Editor’s note: According to FASB, CECL requires banks to “consider available and relevant information, including historical experience, current conditions, and reasonable and supportable forecasts,” when calculating future lifetime losses. Banks revert to their historical loss performance when the loan duration extends beyond the forecast period.]
SC: There are so many different aspects of developing the reasonable and supportable forecast in this particular Q&A. We have heard time and time again that there are community banks that believe they need to think about econometrics that affect banks in California, when they only operate in Virginia. So, we tried to clarify: “No, you need to think about the types of qualitative factors that would impact where you are actually located.”

The Q&A tries to provide an additional layer of clarity about what the board’s intent was, to help narrow what a bank actually has to do. It also provides some information on other types of metrics that banks could use, outside of metrics like unemployment. It talks about how to do the reversion to historical information, and tries to clarify some of the misinformation that we have heard as we’ve met with banks.

BD: People have a sense about what the words “reasonable” and “supportable” mean, but maybe banks feel that they should buy a national forecast because that seems like a safe choice for a lot of community banks.
SC: Hindsight is always 20-20, but I think people get really nervous with the word “forecast.” What we try to clarify in the Q&A is that it’s really just an estimate, and what that estimate should include.

BD: Is the board concerned about the procrastination of banks? Or that at January 2022, banks might expect another delay?
SC: What we’re really hoping to accomplish is a smooth transition to the standard, and that the smaller community banks and the credit unions have the opportunity to learn from the implementation of the larger financial institutions. In our conversations with community banks, they’re thinking about it and want to understand how they can leverage their existing processes.

BD: What is FASB’s overall sense of banks’ implementation of CECL?
SC: What we have heard in meetings with the larger financial institutions is that they’re ready. We’re seeing them make public disclosure in their SEC filings about the impact of the standard. We’ve talked to them extensively about some of how they’ve accomplished implementation. After the effective date comes, we will also have conversations with them about what went well, what didn’t go well and what needs clarification, in an effort to help the smaller financial institutions with their effective date.

Community Bank Succession Planning in Seven Steps


succession-6-25-19.pngSuccession planning is vital to a bank’s independence and continued success, but too many banks lack a realistic plan, or one at all.

Banks without a succession plan place themselves in a precarious, uncertain position. Succession plans give banks a chance to assess what skills and competencies future executives will need as banking evolves, and cultivate and identify those individuals. But many banks and their boards struggle to prepare for this pivotal moment in their growth. Succession planning for the CEO or executives was in the top three compensation challenges for respondents to Bank Director’s 2018 Compensation Survey.

The lack of planning comes even as regulators increasing treat this as an expectation. This all-important role is owned by a bank’s board, who must create, execute and update the plan. But directors may struggle with how to start a conversation with senior management, while executives may be preoccupied with running the daily operations of the bank and forget to think for the future of the bank without them. Without strong board direction and annual check-ins, miscommunications about expected retirement can occur.

Chartwell has broken down the process into seven steps that can help your bank’s board craft a succession plan that positions your institution for future growth. All you have to do is start.

Step 1: Begin Planning
When it comes to planning, there is no such thing as “too early.” Take care during this time to lay down the ground work for how communication throughout the process will work, which will help everything flow smoothly. Lack of communication can lead to organizational disruption.

Step 2: The Emergency Plan
A bank must be prepared if the unexpected occurs. It is essential that the board designates a person ahead of time to take over whatever position has been vacated. The emergency candidate should be prepared to take over for a 90-day period, which allows the board or management team time to institute short- and long-term plans.

Step 3: The Short-Term Plan
A bank should have a designated interim successor who stays in the deserted role until it has been satisfactorily filled. This ensures the bank can operate effectively and without interruption. Often, the interim successor becomes the permanent successor.

Step 4: Identify Internal Candidates
Internal candidates are often the best choice to take over an executive role at a community bank, given their understanding of the culture and the opportunity to prepare them for the role, which can smooth the transition. It is recommended that the bank develop a handful of potential internal candidates to ensure that at least one will be qualified and prepared to take over when the time comes. Boards should be aware that problems can sometimes arise from having limited options, as well as superfluous reasons for appointments, such as loyalty, that have no bearing on the ability to do the job.

Step 5: Consider External Candidates
It is always prudent for boards to consider external candidates during a CEO search. While an outsider might create organization disruption, he or she brings a fresh perspective and could be a better decision to spur changes in legacy organizations.

Step 6: Put the Plan into Motion
The board of directors is responsible for replacing the CEO, but replacing other executives is the CEO’s job. It is helpful to bring in a third-party advisory firm to get an objective perspective and leverage their expertise in succession and search. When the executive’s transition is planned, it can be helpful to have that person provide his or her perspective to the board. This gives the board or the CEO insight into what skills and traits they should look for. Beyond this, the outgoing executive should not be involved in the search for their successor.

Step 7: Completion
Once the new executive is installed, it is vital to help him or her get situated and set up for success through a well-planned onboarding program. This is also the time to recalibrate the succession plan, because it is never too early to start planning.

The Most Effective Bank Directors Share These Two Qualities


director-6-14-19.pngBanks have a slim margin for error.

They typically borrow $10 for every $1 of equity, which can amplify any missteps or oversight. Robust oversight by a board of directors, and in particular the audit and risk committees, is key to the success of any institution.

“At the Federal Reserve Bank of Kansas City, we have consistently found a strong correlation between overall bank health and the level of director engagement,” wrote Kansas City Fed President Esther George in the agency’s governance manual, “Basics for Bank Directors.” “Generally, we have seen that the institutions that are well run and have fewer problems are under the oversight of an engaged and well-informed board of directors.”

This may sound trite, but the strongest bank boards embrace a collective sense of curiosity and cognitive diversity, according to executives and directors at Bank Director’s 2019 Bank Audit & Risk Committees Conference in Chicago.

Balancing revenue generation against risk management requires a bank’s audit and risk committees to invite skepticism, foster intelligent discussion and create a space for constructive disagreements. Institutions also need to remain abreast of emerging risks and changes that impact operations and strategy.

This is why curiosity, in particular, is so important.

“It’s critical for audit committee members to have curiosity and a critical mind,” says Sal Inserra, a partner at Crowe LLP. “You need to ask the tough questions. The worst thing is a silent audit committee meeting. It’s important to be inquisitive and have a sense of curiosity.”

Board members who are intellectually curious can provide credible challenges to management, agrees John Erickson, a director at Bank of Hawaii Corp.

Focusing on intellectual curiosity, as opposed to a set of concrete skills, can also broaden the pool of individuals that are qualified to sit on a bank’s audit and risk committees. These committees have traditionally been the domain of certified public accountants, but a significant portion of audit committee members in attendance at the conference were not CPAs.

Robert Glaser, the audit committee chair at Five Star Bank, sees that diversity of experience as an advantage for banks. He and several others say a diversity of experiences, or cognitive diversity, invites and cultivates diversity of thought. These members should be unafraid to bring their questions and perspectives to meetings.

Having non-CPAs on the audit committee of Pacific Premier Bancorp has helped the firm manage the variety of risks it faces, says Derrick Hong, chief audit executive at Pacific Premier. The audit committee chair is a CPA, but the bank has found it “very helpful” to have non-CPAs on the committee as well, he says.

Audit and risk committee members with diverse experiences can also balance the traditional perspective of the CPA-types.

It’s important [for audit committee members] to have balance. Bean counters don’t know everything,” says Paul Ward, chief risk officer at Community Bank System, who self-identifies as a “bean counter.”

“Some of the best questions I’ve seen [from audit committee members] have come from non-CPAs,” Ward says.

However, banks interested in cultivating intellectual curiosity and cognitive diversity in their audit and risk committees still need to identify board members with an appreciation for financial statements, and the work that goes into crafting them. After all, the audit committee helps protect the financial integrity of a bank through internal controls and reporting, not just reviewing financial statements before they are released.

Executives and board chairs also say that audit and risk committee members need to be dynamic and focus on how changes inside and outside the bank can alter its risk profile. Intellectual curiosity can help banks remain focused on these changes and resist the urge to become complicit.

I’ll be the first to admit that qualities like curiosity and cognitive diversity sound cliché. But just because something sounds cliché, doesn’t mean it isn’t also true.

One Strategy to Improve Board Performance


performance-4-19-19.pngDoes greater diversity improve the performance of corporate boards, or is it just an exercise in political correctness?

Cognitive diversity—also called diversity of thought—has particular relevance to bank boards of directors, which are overwhelmingly made up of older white men with general business backgrounds.

This is not an indictment against older white men per se, but rather a recognition that a group of people with similar backgrounds and experiences are more likely to think alike than not. The same could be said about other homogenous social groups. For example, a team of older Latinas or younger black men might also be subject to groupthink.

“We’re only going to get the right outcomes if we have the right people around the table,” says Jayne Juvan, a partner at Tucker Ellis who is vice chair of the American Bar Association’s corporate governance committee and frequently advises corporate boards on governance matters.

It would be a mistake to dismiss board diversity as a political issue pushed by feminists, LGBT advocates and progressive Democrats. Even some of the world’s largest institutional investors think it’s a good idea.

In his annual letter to chief executive officers in 2018, BlackRock CEO Larry Fink said the investment company would “continue to emphasize the importance of a diverse board” at companies BlackRock invests in. These companies are “less likely to succumb to groupthink or miss threats to a company’s business model,” he wrote. “And they are better able to identify opportunities that provide long-term growth.”

State Street Global Advisors, another big institutional investor, announced in September of last year that it will update its voting guidelines in 2020 for firms that have no women on their boards and have failed to engage in “successful dialogue on State Street Global Advisor’s board diversity program for three consecutive years.”

As part of the new guidelines, State Street will vote against the entire slate of board members on the nominating committee of any public U.S. company that does not have at least one woman on its board.

There is, in fact, a strong business case for cognitive diversity. Studies show that diverse groups or teams make better decisions than homogenous ones.

Companies in the top quartile for gender diversity of their executive teams were 21 percent more likely to experience above-average profitability than companies in the bottom quartile, according to a 2017 study by McKinsey & Co. The study also found that companies in the top quartile for ethnic and cultural diversity were 33 percent more likely to outperform companies in the bottom quartile. Both findings were statistically significant.

“On the complex tasks we now carry out in laboratories, boardrooms, courtrooms, and classrooms, we need people who think in different ways,” wrote University of Michigan professor Scott Page in his book “The Diversity Bonus: How Great Teams Pay Off in the Knowledge Economy.”

“And not in arbitrarily diverse ways,” he continued. “Effective diverse teams are built with forethought.”

Page differentiates cognitive diversity from “identity” diversity, which is defined by demographic characteristics like race, gender, ethnicity, sexual orientation and national origin. But striving for identity diversity, through characteristics such as race and gender, and the different life experiences and perspectives that result, can help boards and organizations cultivate cognitive diversity.

Yet, Juvan says boards also need to gain insight into how potential directors think and process information, which they can do by appointing them to advisory boards or working with them in other capacities. Banks that have separate boards for their depository subsidiaries, for instance, could use those as a farm system to evaluate candidates for the holding company board.

“I think it’s about creating a pipeline of candidates well in advance of the time that you actually need them, and really getting to know those candidates in a deeper way … as opposed to thinking a year out that we’re going to have an opening and … [working] with a recruiting firm,” she says. “I don’t think it’s something that, even if you work with a recruiting firm, you should fully outsource to somebody else.”

Why Your Board’s Risk Committee Structure Matters


committee-4-18-19.pngCommunity bank boards have a lot of regulatory leeway when it comes how they oversee the critical risks facing their organizations, including cybersecurity. Because of this latitude, many boards are working to find the best way to properly address these risks, congruent with the size and complexity of their institution.

“We’re evolving, and I think banks our size are evolving, because we are in that grey area around formal risk management,” says Robert Bradley, the chief risk officer at $1.4 billion asset Bank of Tennessee, based in Kingsport, Tennessee. “There’s no one way to approach risk management and governance.”

As a result, some banks govern risk within a separate risk committee, while others opt for the audit committee or address their institution’s risks as a full board.

And governance of cybersecurity is even more unresolved. Most oversee cybersecurity within the risk committee (27 percent) or technology committee (25 percent), according to Bank Director’s 2019 Risk Survey. A few—just 8 percent—have established a board-level cybersecurity committee.

“Those that have formed a cyber committee, whether they’re small or big, I think it’s an indication of how significant they believe it is to the institution,” says Craig Sanders, a partner at survey sponsor Moss Adams.

Does a bank’s governance structure make a difference in how boards approach oversight? It might. Our analysis finds a correlation between committee structure and executive responsibilities, communications with key executives and board discussions on risk.

The majority of respondents say their bank employs a chief information security officer, though many say that executive also focuses on other areas of the bank. Whether a bank employs a dedicated CISO tends to be a function of the size and complexity of the bank’s cyber program, says Sanders.

Banks that govern cybersecurity within a risk committee or a cybersecurity committee are more likely to employ a CISO.

CISO.png

The reporting structure for the CISO varies, with a majority of CISOs reporting to the CEO (32 percent) and/or the chief risk officer (31 percent). However, the reporting structure differs by committee.

Banks with a cybersecurity committee seem to prefer that their CISO reports to the CEO (36 percent). However, 27 percent say the CISO reports to the CRO, and a combined 27 percent say the CISO reports to the chief information officer or chief technology officer. Similarly, if cybersecurity is overseen in the technology committee, the CISO often reports to the CEO (33 percent) and/or the CIO or CTO (a combined 29 percent).

However, the CISO is more likely to report to the CRO (49 percent) if cybersecurity is governed within the risk committee.

Interestingly, the audit committee is most likely to insert itself into the CISO’s reporting structure when it governs cybersecurity. Of these, 32 percent say the CISO reports to the audit committee, 37 percent to the CEO and 32 percent to the CRO.

Sanders believes more CISOs should report to the relevant committee or the full board. “I view that position almost like internal audit. They shouldn’t be reporting up through management,” he says.

Establishing a dedicated committee is a visible sign that a board is taking a matter seriously. Committees can also provide an opportunity for directors to focus and educate themselves on an issue. So, it’s perhaps no surprise that the few bank boards that have established cybersecurity committees are dedicating more board time to the subject, as evidenced in this chart.

cybersecurity.png

Risk and audit committees are tasked with a laundry list of issues facing their institutions. It’s hard to fit cybersecurity into the crowded agendas of these committees. However, it does make one question whether cybersecurity is addressed frequently enough by these boards.

Governance structure also seems to impact how frequently cybersecurity is discussed by the full board. With a cybersecurity committee, 46 percent say cybersecurity is part of the agenda at every board meeting, and 27 percent discuss the issue quarterly. Boards that address cybersecurity in the risk or audit committee are more likely to schedule a quarterly discussion as a board.

review.png

When boards take responsibility for cybersecurity at the board level—rather than assigning it to a committee—almost half say cybersecurity is on the agenda twice a year or annually. With this structure, 31 percent discuss it at every board meeting.

How frequently should boards be talking about cybersecurity?

“More is better, right?” says Sanders. “The requirement, from a regulatory standpoint, is that you only report to the board annually. So, anybody that’s doing it more than annually is exceeding the regulator’s expectation,” which is a good approach, he adds.

Few banks have cybersecurity committees, and it’s worth noting that boards with a cybersecurity committee are more likely to have a cybersecurity expert as a member. That expertise likely makes them feel better equipped to establish a committee.

Community bank boards have long grappled with how to govern risk in general. For several years following the enactment of the Dodd-Frank Act in 2010, risk committees were only required at banks above $10 billion in assets. Now, following passage of the Economic Growth, Regulatory Relief and Consumer Protection Act in 2018, that threshold is even higher, at $50 billion in assets.

But if it ain’t broke, don’t fix it: The 2019 Risk Survey confirms that boards aren’t suddenly dissolving their risk committees. Forty-one percent of banks—primarily, but not exclusively, above $1 billion in assets—have a separate board-level risk committee.

The survey indicates there’s good reason for this.

Ninety-six percent of respondents whose bank governs risk within a board-level risk committee say the CRO or equivalent meets quarterly or more with the full board. Audit committees are almost on par, at 89 percent. But interestingly, that drops to 79 percent at banks who oversee risk as a full board.

Bank of Tennessee’s audit and risk committee meets quarterly, and Bradley says that getting a handle on the bank’s overall risk governance is a priority for 2019. That includes getting more comprehensive information to the board.

“The board has all the right governance and oversight committees for ALCO, for credit, for all of those kinds of things, but we haven’t had a one-stop-shop rollup for [the overall risk] position of the bank, and that’s one of the things I’m focused on for 2019,” Bradley says. “Going forward, what I would like to do is [meet] with the risk committee at least quarterly, and with the full board, probably twice a year.”

Bank Director’s 2019 Risk Survey, sponsored by Moss Adams, reveals the views of 180 bank leaders, representing banks ranging from $250 million to $50 billion in assets, about today’s risk landscape, including risk governance, the impact of regulatory relief on risk practices, the potential effect of rising interest rates and the use of technology to enhance compliance. The survey was conducted in January 2019.

For additional information on the responsibilities of a bank’s risk committee, please see Bank Director’s Board Structure Guideline titled “Risk Committee Structure.”

2019 Risk Survey: Cybersecurity Oversight


risk-3-25-19.pngBank leaders are more worried than ever about cybersecurity: Eighty-three percent of the chief risk officers, chief executives, independent directors and other senior executives of U.S. banks responding to Bank Director’s 2019 Risk Survey say their concerns about cybersecurity have increased over the past year. Executives and directors have listed cybersecurity as their top risk concern in five prior versions of this survey, so finding that they’re more—rather than less—worried could be indicative of the industry’s struggles to wrap their hands around the issue.

The survey, sponsored by Moss Adams, was conducted in January 2019. It reveals the views of 180 bank leaders, representing banks ranging from $250 million to $50 billion in assets, about today’s risk landscape, including risk governance, the impact of regulatory relief on risk practices, the potential effect of rising interest rates and the use of technology to enhance compliance.

The survey also examines how banks oversee cybersecurity risk.

More banks are hiring chief information security officers: The percentage indicating their bank employs a CISO ticked up by seven points from last year’s survey and by 17 points from 2017. This year, Bank Director delved deeper to uncover whether the CISO holds additional responsibilities at the bank (49 percent) or focuses exclusively on cybersecurity (30 percent)—a practice more common at banks above $10 billion in assets.

How bank boards adapt their governance structures to effectively oversee cybersecurity remains a mixed bag. Cybersecurity may be addressed within the risk committee (27 percent), the technology committee (25 percent) or the audit committee (19 percent). Eight percent of respondents report their board has a board-level cybersecurity committee. Twenty percent address cybersecurity as a full board rather than delegating it to a committee.

A little more than one-third indicate one director is a cybersecurity expert, suggesting a skill gap some boards may seek to address.

Additional Findings

  • Three-quarters of respondents reveal enhanced concerns around interest rate risk.
  • Fifty-eight percent expect to lose deposits if the Federal Reserve raises interest rates by more than one hundred basis points (1 percentage point) over the next 18 months. Thirty-one percent lost deposit share in 2018 as a result of rate competition.
  • The regulatory relief package, passed in 2018, freed banks between $10 billion and $50 billion in assets from stress test requirements. Yet, 60 percent of respondents in this asset class reveal they are keeping the Dodd-Frank Act (DFAST) stress test practices in place.
  • For smaller banks, more than three-quarters of those surveyed say they conduct an annual stress test.
  • When asked how their bank’s capital position would be affected in a severe economic downturn, more than half foresee a moderate impact on capital, with the bank’s capital ratio dropping to a range of 7 to 9.9 percent. Thirty-four percent believe their capital position would remain strong.
  • Following a statement issued by federal regulators late last year, 71 percent indicate they have implemented or plan to implement more innovative technology in 2019 to better comply with Bank Secrecy Act/anti-money laundering (BSA/AML) rules. Another 10 percent will work toward implementation in 2020.
  • Despite buzz around artificial intelligence, 63 percent indicate their bank hasn’t explored using AI technology to better comply with the myriad rules and regulations banks face.

To view the full results of the survey, click here.

Balancing the Relationships of Constituents


investor-1-16-19.pngOftentimes, as supporters of community banks, we can perceive an inquiring shareholder might not favor the bank remaining independent. But there are times when this perception might be warranted.

Shareholders, in the end, are still people. Though they align into different groups with different interests, people are ultimately in charge. Often, it is a misunderstanding of the role of management and the board, the bank’s role, the shareholder’s role, and the goals and objectives of each that cause distractions.

Here are several points to consider.

Management and the board
Management must understand that they work for the board. The board works for the shareholders. The amount of influence any board can have is directly correlated to its collective ownership of the company. Without a meaningful stake, outside investors will have the most say. If the board doesn’t own 100 percent of the stock, it has a fiduciary duty to the other shareholders. This seems an elementary concept, but if the board and management team don’t really understand the legal and practical implications of ownership and reporting, it can precipitate a communication breakdown and misalignment of interests.

Insiders must align independent shareholders’ interests with their own and avoid setting themselves up for a lifetime job to only serve themselves.

Transparency and communication
Banking is one of the most transparent industries in the U.S., so communicate often with your shareholders. A lack of communication and transparency leads to mistrust and misalignment of interests. If the bank is private, then a quarterly newsletter with summary financials should be included, along with book value per share and market value per share, if known or done by a third party. At minimum, book value per share should be provided.

Market for stock
If the bank is public, this is not much of an issue, but privately-held banks need a market of some kind. The bank should get a valuation once a year, and engage a third party to make a market in the stock or facilitate communication between shareholders with knowledge of last trades.

Pricing is important. If you have your private bank stock selling for tangible book or less, an enterprising shareholder may seek to put the bank in play for control value.

If the private bank stock is selling at 1.5 to 2 times tangible book value, it makes it much more difficult to put it in play, and most shareholders feel thankful for the rich minority valuation. Valuation can be very important as a strategy for independence.

Types of shareholders
When adding shareholders during a capital raise, consider their investment horizon, type, and propensity for involvement and activism. An ongoing assessment of these qualities is very important.

Generational transfers can change all these goals, and if the bank’s management and board are not prepared for these different investment goals, it can be a shock.
Private equity funds are short term, focused on internal rate of return (IRR) and controlling, or at least heavily involved, as investors. Some institutional investors are passive and long term. Some are very familiar with long-term community bank investing, and some are not.

Local, long-term community-based individuals can make wonderful investors but can present problems as well. A good investment banking advisor will categorize these diverse investor types and offering type situations, and analyze them with the bank.

Inquiring shareholders
When a shareholder asks about performance, liquidity or selling the bank, your first reaction is key to setting the tone. You should always take a meeting, listen and politely consider your response.

This will probably be a two-meeting process. Two things to make certain: Don’t bring your lawyer and investment banker to the initial meeting, and certainly don’t ignore the shareholder.

Bringing the bank’s lawyer and investment banker, and ignoring the shareholder are two responses by management teams and boards that have things to hide. Attorneys and investment bankers may provide you counsel and advice but need not participate in the initial meeting.

The bottom line
Hold an annual or semi-annual meeting at your bank to address potential shareholder issues. Frequently, too little importance is placed on all constituent groups involved in the success of the bank and its future.

The management team and the board can and should be steering toward a successful future for their bank, and doing so with satisfied shareholders.

How Progressive Banks Use Board Software


software-1-7-19.pngThere’s a little magic in board meetings. Industry veterans — each armed with decades of wisdom and expertise — come together to make decisions that dictate the future of your bank. Each decision affects the lives of the employees and the customers they loyally serve.

Those decisions matter. So why not make them as effective as possible?

Achieving the best outcome in every board decision requires effective decision-making. That’s why progressive banks invest in board management software.

Transitioning to board software saves banks over $10,000 in annual administrative costs, but that pales in comparison to the broader benefits of better governance.

How? Let’s look at how technology can deliver better decisions from your board.

Streamlining Organization
The biggest brains in banking are often the busiest. When you bring those brains together, every minute counts. But bank board packets are notoriously lengthy. Organizing and navigating materials can be a drain on meeting time.

Board management software makes it easy to drag and drop files into your board book, rearrange pages, and access everything at the touch of a button. The best board software supports interactive agendas and robust search features, allowing directors to search multiple documents and navigate from a single location. These features limit the “information overload” during board meetings, and keep directors focused on more pertinent discussions.

Banks use board management technology to organize material between various committees. Administrators can configure access to material by individual users (i.e. a specific board member) or their role on a particular committee. Quality board software extends the same security features and granularity of information control to users at the committee level as it does for the board itself.

The right technology helps maintain focus in the boardroom by centralizing information and making it easy to navigate. Spending less time flipping through pages means having more time for decisions that matter most to your bank.

Maximizing Security
Board software enhances the security of confidential information and makes it easier to control how that information is shared.

Directors can securely share private bank records with examiners and regulators. Streamlining this process means gaining earlier access to audit reports, which often guide a board’s decision-making.

Board members can also add their executive assistants to the software, giving them access to the information they need while avoiding the risks associated with sharing confidential materials via email.

Enhancing the privacy and security of board documents and communications allows directors to provide more honest insights and, ultimately, more informed decisions.

Strengthening Communication
Board management software improves director communication beyond the boardroom, making materials available for review and discussion at any time.

Banks can use the software’s annotation features to share thoughts and feedback among board members. Directors can take notes directly on the page of a board book as they would a physical copy. They can also share their notes with others.

The benefits these features serve are twofold; (1) increasing the portability of information means having more informed and prepared directors, and (2) more informed decisions about the future of your bank.

Optimizing Deliberation
Board software doesn’t just strengthen communication, it optimizes deliberation. Voting and e-signature features optimize a board’s efficiency while survey features allow members to quickly gauge consensus over an issue as it’s being discussed. Surveys can also be used before meetings to prioritize agenda items or after meetings for ancillary voting on outcomes and process improvements.

The best board software provides directors with the option to accept anonymous survey responses, which allows board members to submit candid, honest feedback and paves the way for more effective decision-making.

Leveraging easy-to-use software keeps board members organized and engaged, strengthening their communication and maximizing administrative efficiency. Investing in management technology is an easy win for progressive banks interested in making better decisions across the board.