Best Practices for Onboarding New Directors


governance-9-12-19.pngJoining a bank board can be a bewildering experience for some new directors. There’s a lot to learn, including new, confusing abbreviations and financial metrics specific to the banking industry. But with the right approach, bank boards and nominating/governance committees can make the experience easier.

Onboarding new directors and more quickly acclimating them to the world of depository institutions is essential to ensuring banks have a functioning board that is prepared to navigate an increasingly changing and complex environment. It can also reduce potential liability for the bank by ensuring its members are educated and knowledgeable, and that no one personality or viewpoint dominates the boardroom.

Banking differs from other industries because of its business model, funding base, regulatory oversights and jargon. Directors without existing knowledge of the industry may need one to two years before becoming fully contributing members who can understand the most important issues facing the bank, as well as the common parlance.

Proactive boards leverage the chairperson to create an onboarding process that is comprehensive without being overwhelming, and tailor it to suit their institution’s particular needs, as well as the skill sets of newly recruited board members. The chair can work with members of the nominating/governance committee and executives like the chief financial officer to create a specific onboarding program and identify what pertinent information will best serve their new colleague.

Bank Director has compiled the following checklist to help strengthen your bank’s onboarding program.

1. Help new directors understand their role on the board.
New directors often come in with a background in business or accounting, skills that are useful in a bank boardroom. But business success in one industry may not readily translate to banking, given the unique aspects of its business model, regulations and even vocabulary associated with financial institutions. New directors can access insights on “The Role of the Board” through Bank Director’s Online Training Series.

Banks are uniquely regulated and insured. Directors should be able to appreciate the role they serve in their oversight of the bank, as well as the role regulators have in keeping the bank safe and sound, and ensuring prudent access to credit.

2. Provide an overview of the banking industry.
Directors often aren’t bankers and will need to be acquainted with the business of banking broadly.

With this overview will come the distinctive terms and acronyms that a new director may hear tossed around a boardroom. Boards should either create or provide a glossary with definitions and acronyms of terms, including the principal regulators and common financial metrics.

Click HERE to access Bank Director’s Banking Terms Glossary.

3. Provide an overview of your bank’s business model and strategy.
Directors will need to understand the bank’s products, including how it funds itself, what sort of loans it makes and to whom, as well as other services the bank provides for a fee. They will also need to learn about the bank’s credit culture, capital regime and its approach to risk management, including loan loss reserving.

4. Create a reading list.
There are a number of internal and external resources that new board members can access as they become acclimated to the ins and outs of bank governance. Internally, they should have access to recent examination reports, call reports, and quarterly and annual filings, if they exist. They should also access external resources, like Bank Director’s Online Training Series, the Federal Reserve Bank of Kansas City’s 2016 publication, “Basics for Bank Directors,” and “The Director’s Book,” published by the Officer of the Comptroller of the Currency.

Additionally, they should keep up-to-date with the industry through bank-specific publications, such as Bank Director’s newsletter and magazine.

5. Schedule one-on-one meetings with the management team.
A new board member will need to understand who they are working with and the important roles those individuals play in running a successful bank. Their onboarding should include meetings with the management team, especially the CFO for a discussion about the financial metrics, risk measurement and health of the bank. It may also be prudent to schedule a meeting with other executives who oversee risk management at the bank.

6. Schedule one-on-one meetings with members of the board and key consultants.
New directors should sit down with the heads of board committees to understand the various oversight functions the board fulfills. The bank may also want to reach out to the firms it works with, including its accounting, law and consulting firms, to chat about their roles and relationship with the company.

7. Emphasize continuing education.
Boards should convey to new members that they expect continued education and growth in the role. One way to achieve this is through conference attendance, which can provide intensive and specialized education, as well as a community of directors from banks in other geographic areas that new members can learn from. Direct new board members to events hosted by your state banking association, if available, or sign them up for annual conferences like Bank Director’s Bank Board Training Forum.

Look for conferences that offer information calibrated to a director’s understanding, starting with basic or introductory instruction suited for new directors. The conferences should also facilitate discussion among directors, so that they can learn from each other. As a director grows in the role, the board can seek out more specialized training.

Successful onboarding should help new directors acclimate to the world of banking and become a productive member of the board. Boards should expect their directors to become comfortable enough that they go beyond thoughtful listening and ask intelligent questions that reinforce the bank’s strategy and its risk management.

A Former Regulator Shares His Advice for Boards


regulator-6-13-19.pngDeveloping a positive relationship with regulators is important for any bank. How can banks foster this?

There’s no one better to answer this question than a former regulator.

Charles Yi served as general counsel of the Federal Deposit Insurance Corp. from 2015 to 2019, where he focused on policy initiatives and legislation, as well as the implementation of related rulemaking. He also served on the FDIC’s fintech steering committee.

In this interview, Yi talks about today’s deregulatory environment and shares his advice for banks looking to improve this critical relationship. He also explains the importance of a strong compliance culture and what boards should know about key technology-related risks.

Yi, now a partner at the law firm Arnold & Porter, in Washington, D.C., spoke to these issues at Bank Director’s Bank Audit & Risk Committees Conference. You can access event materials here.

BD: You worked at the FDIC during a time of significant change, given a new administration and the passage of regulatory relief for the industry. In your view, what do bank boards need to know about the changes underway in today’s regulatory environment?
CY: While it is true that we are in a deregulatory environment in the short term, bank boards should focus on prudent risk management, and safe and sound banking practices for the long term. Good fundamentals are good fundamentals, whether the environment is deregulatory or otherwise.

BD: What hasn’t changed?
CY: What has not changed is the cyclical nature of both the economy and the regulatory environment. Just as housing prices will not always go up, [a] deregulatory environment will not last forever.

BD: From your perspective, what issues are top of mind for bank examiners today?
CY: It seems likely that we are at, or near, the peak of the current economic cycle. The banking industry as a whole has been setting new records recently in terms of profitability, as reported by the FDIC in its quarterly banking profiles. If I [were] a bank examiner, I would be thinking through and examining for how the next phase of the economic cycle would impact a bank’s operations going forward.

BD: Do you have any advice for boards that seek to improve their bank’s relationship with their examiners?
CY: [The] same thing I would say to an examiner, which is to put yourself in the shoes of the other person. Try to understand that person’s incentives, pressures—both internal and external—and objectives. Always be cordial, and keep discussions civil, even if there is disagreement.

BD: What are some of the biggest mistakes you see banks make when it comes to their relationship with their examiner?
CY: Even if there is disagreement with an examiner, it should never become personal. The examiner is simply there to do a job, which is to review a bank’s policies and practices with the goal of promoting safety and soundness as well as consumer protection. If you disagree with an examiner, simply make your case in a cordial manner, and document the disagreement if it cannot be resolved.

BD: In your presentation at the Bank Audit & Risk Committees Conference, you talked about the importance of projecting a culture of compliance. How should boards ensure their bank is building this type of culture?
CY: Culture of compliance must be a focus of the board and the management, and that focus has to be communicated to the employees throughout the organization. The incentive structure also has to be aligned with this type of culture.

Strong compliance culture starts at the top. The board has to set the tone for the management, and the management has to be the example for all employees to follow. Everyone in the organization has to understand and buy into the principle that we do not sacrifice long-term fundamentals for short-term gain—which in some cases could end up being [a] long-term loss.

(Editor’s note: You can learn more about building a strong culture through Bank Director’s Online Training Series, Unit 16: Building a Strong Compliance Culture.)

BD: You served on the FDIC’s fintech steering committee, which—in a broad sense—examined technology trends and risks, and evaluated the potential impact to the banking system. Banks are working more frequently with technology partners to enhance their products, services and capabilities. What’s important for boards to know about the opportunities and risks here?
CY: Fintech is the next frontier for banking, and banks are rightly focused on incorporating technology into their mix of products and services. One thing to keep in mind as banks increasingly partner with technology service providers is that the regulators will hold the bank responsible for what the technology service provider does or fails to do with regard to banking functions that have been outsourced.

BD: On a final note: In your view, what are the top risks facing the industry today?
CY: I mentioned already the risks facing the industry as we contemplate the downhill side of the current economic cycle. One other issue that I know the regulators are and have been spending quite a lot of time thinking about is cybersecurity. What is often said is that a cyber event is not a question of if, but when. We can devote volumes of literature [to] talking about this issue, but suffice for now to say that it is and will continue to be a focus of the regulators.

Arnold & Porter was a sponsor of Bank Director’s Bank Audit & Risk Committees Conference.

77 Percent of Bank Boards Approve Loans. Is That a Mistake?


loans-5-17-19.pngBank directors face a myriad of expectations from regulators to ensure that their institutions are safe and sound. But there’s one thing directors do that regulators don’t actually ask them to do.

“There’s no requirement or even suggestion, that I’m aware of, from any regulators that says, ‘Hey, we want the board involved at the loan-approval level,’” says Patrick Hanchey, a partner at the law firm Alston & Bird. The one exception is Regulation O, which requires boards to review and approve insider loans.

Instead, the board is tasked with implementing policies and procedures for the bank, and hiring a management team to execute on that strategy, Hanchey explains.

“If all that’s done, then you’re making good loans, and there’s no issue.”

Yet, 77 percent of executives and directors say their board or a board-level loan committee plays a role in approving credits, according to Bank Director’s 2019 Risk Survey.

Boards at smaller banks are more likely to approve loans than their larger peers. This is despite the spate of loan-related lawsuits filed by the Federal Deposit Insurance Corp. against directors in the wake of the recent financial crisis.

Loans-chart.png

The board at Mayfield, Kentucky-based First Kentucky Bank approves five to seven loans a month, says Ann Hale Mills, who serves on the board. These are either large loans or loans extended to businesses or individuals who already have a large line of credit at the bank, which is the $442 million asset subsidiary of Exchange Bancshares.

Yet, the fact that directors often lack formal credit expertise leads some to question whether they should be directly involved in the process.

“Inserting themselves into that decision-making process is putting [directors] in a place that they’re not necessarily trained to be in,” says James Stevens, a partner at the law firm Troutman Sanders.

What’s more, focusing on loan approvals may take directors’ eyes off the big picture, says David Ruffin, a director at the accounting firm Dixon Hughes Goodman LLP.

“It, primarily, deflects them from the more important role of understanding and overseeing the macro performance of the credit portfolio,” he says. “[Regulators would] much rather have directors focused on the macro performance of the credit portfolio, and understanding the risk tolerances and risk appetite.”

Ruffin believes that boards should focus instead on getting the right information about the bank’s loan portfolio, including trend analyses around loan concentrations.

“That’s where a good board member should be highly sensitized and, frankly, treat that as their priority—not individual loan approvals,” says Ruffin.

It all boils down to effective risk management.

“That’s one of [the board’s] main jobs, in my mind. Is the institution taking the right risk, and is the institution taking enough risk, and then how is that risk allocated across capital lines?” says Chris Nichols, the chief strategy officer at Winter Haven, Florida-based CenterState Bank Corp. CenterState has $12.6 billion in assets, which includes a national correspondent banking division. “That’s exactly where the board should be: [Defining] ‘this is the risk we want to take’ and looking at the process to make sure they’re taking the right risk.”

Directors can still contribute their expertise without taking on the liability of approving individual loans, adds Stevens.

“[Directors] have information to contribute to loan decisions, and there’s nothing that says that they can’t attend officer loan committee meetings or share what they know about borrowers or credits that are being considered,” he says.

But Mills disagrees, as do many community bank directors. She believes the board has a vital role to play in approving loans.

First Kentucky Bank’s board examines quantitative metrics—including credit history, repayment terms and the loan-to-value ratio—and qualitative factors, such as the customer’s relationship with the bank and how changes in the local economy could impact repayment.

“We are very well informed with data, local economic insight and competitive dynamics when we approve a loan,” she says.

And community bank directors and executives are looking at the bigger picture for their community, beyond the bank’s credit portfolio.

“We are more likely to accept risk for loans we see in the best interest of the overall community … an external effect that is hard to quantify using only traditional credit metrics,” she says.

Regardless of how a particular bank approaches this process, however, the one thing most people can agree on is that the value of such bespoke expertise diminishes as a bank grows and expands into far-flung markets.

“You could argue that in a very small bank, that the directors are often seasoned business men and women who understand how to run a business, and do have an intuitive credit sense about them, and they do add value,” says Ruffin. “Where it loses its efficacy, in my opinion, is where you start adding markets that they have no understanding of or awareness of the key personalities—that’s where it starts breaking apart.”

Exclusive: How This Growing Community Bank Focuses on Risk


risk-5-16-19.pngManaging risk and satisfying examiners can be difficult for any bank. It’s particularly hard for community banks that want to manage their limited resources wisely.

One bank that balances these challenges well is Bryn Mawr Bank Corp., a $4.6 billion asset based in Bryn Mawr, Pennsylvania, on the outskirts of Philadelphia.

Bank Director Vice President of Research Emily McCormick recently interviewed Chief Risk Officer Patrick Killeen about the bank’s approach to risk for a feature story in our second quarter 2019 issue. That story, titled “Banks Regain Sovereignty Over Risk Practices,” dives into the results of Bank Director’s 2019 Risk Survey. (You can read that story here.)

In the transcript of the interview—available exclusively to members of our Bank Services program—Killeen goes into detail about how his bank approaches stress testing, cybersecurity and credit risk, and explains how the executive team and board have strengthened the organization for future growth.

He discusses:

  • The top risks facing his community bank
  • Hiring the right talent to balance risk and growth
  • Balancing board and management responsibilities in lending
  • Conducting stress tests as a community bank
  • Managing cyber risk
  • Responding to Bank Secrecy Act and anti-money laundering guidance

The interview has been edited for brevity, clarity and flow.

download.png Download transcript for the full exclusive interview

Are These the Best of Times for Bank Directors?


strategy-5-13-19.pngFor someone who has covered the banking industry as long as I have (hint: I wrote my first banking story in 1986), these are among the best days to be a banker—or director of a bank—that I can remember. Profitability is high, as is capitalization, and the industry is gliding on the updraft of a strong economy and lower taxes.

The current health of the industry was apparent from what we did not talk about at Bank Director’s Bank Board Training Forum, which took place on May 9-10 in Nashville. There were no sessions about deteriorating loan quality, or the best way to structure a loan workout program, or the need to raise capital. Indeed, our managing editor, Kiah Lau Haslett, wrote a story that published Friday on this website warning against the perils of complacency.

When your biggest challenge is guarding against complacency, you’ve definitely found yourself in tall cotton.

It’s worth drilling down a little bit into the industry’s strong fundamentals. In addition to the continuation of a strong U.S. economy, which will be a record expansion if it continues much longer, banks have also benefited—more than any other industry—from last year’s steep cut in corporate tax rates, as well as a modest rollback of regulations in the Dodd-Frank Act.

Joseph Fenech, managing principal and head of research at the investment banking firm Hovde Group, explained during a presentation that thanks to the tax cut, both return on average assets and return on average tangible common equity jumped to levels last seen prior to the Great Recession. And not only has deregulation had a measurably positive impact on the industry’s profitability, according to Fenech, it has also brought new investors into the sector.

“It’s really driving change in how investors think about banks,” he says.

The only bad news Fenech offered was his assessment that bank M&A pricing has peaked. From 2008 to 2016, stocks of the most active acquirers traded at a premium to book value while many distressed targets traded at a discount, which translated to favorable “deal math” for buyers, according to Fenech. Deal pricing began to edge up from 2016 to 2018 as more acquirers came into the market. Many transactions had to be priced at a premium to book value, which began to make the deal math less favorable for the buyer.

Generally, the higher the deal premium, the longer it takes for it to be accretive. Since the beginning of this year, says Fenech, many investors have become wary of deals with high premiums unless they are clearly accretive to earnings in a reasonable period of time. Undisciplined acquirers that overpay for deals will see their stocks shunned by many investors.

This new dynamic in bank M&A also impacts sellers, who now may receive a lower premium for their franchise.

“I think the peak pricing in bank M&A was last year,” says Fenech.

An important theme during the entire conference was the increased attention that board diversity is getting throughout the industry. Bank Director President Mika Moser moderated a general session panel discussion on board diversity, but the topic popped up in various breakout sessions as well. This is not always a comfortable discussion for bank boards since—let’s face it—most bank boards are comprised overwhelming of older white males.

For many proponents, the push for greater board diversity is not simply to accomplish a progressive social policy. Diverse groups usually offer a diversity of thought—and that makes good business sense. Academic research shows that diverse groups or teams make better business decisions than more homogenious groups, where the members are more inclined to affirm each other’s biases and perspectives than challenge them. Larry Fink, the chairman and CEO of Blackrock—the world’s largest asset manager—believes that diverse boards are less likely to succumb to groupthink or miss emerging threats to a company’s business model, and are better able to identify opportunities that promote long-term growth.

The banking industry still has a lot of work to do in terms of embracing diversity in the boardroom and among the senior management team, but I get the sense that directors are more sensitive—and more open to making substantive changes—than just a few years ago.

The Bank Board Training Forum is, at its core, a corporate governance conference. While we cover a variety of issues, it’s always through the perspective of the outside director. James McAlpin, Jr., a partner and leader of the financial services client services group at the law firm Bryan Cave, gave an insightful presentation on corporate governance. But sometimes the simplest truth can be the most galvanizing.

“The responsibilities of directors can be boiled down to one simple goal—the creation of sustainable long-term value for shareholders,” he says. There are many decisions that bank boards must make over the course of a year, but all of them must be made through that prism.

Avoid the Risk of Complacency


growth-5-10-19.pngBank directors have a golden opportunity to position their banks for future growth and prepare them for change—if they can resist the lull of complacency, according to speakers at the opening day of Bank Director’s 2019 Bank Board Training Forum on May 9.

The current economic environment remains benign, as regulators have paused interest rate increases and credit quality remains pristine, says Joseph Fenech, managing principal and head of research at Hovde Group. Further, he argues that banks today are better equipped to withstand a future economic downturn.

But speakers throughout the day say the risk is that board members may feel lulled by their banks’ current performance and miss their chance to position these institutions for future growth.

“We’re going through the good years in banking. I would argue your biggest competitor is complacency,” says Don MacDonald, chief marketing officer at MX Technologies. He adds that bank boards needs to be asking hard questions about the future despite today’s positive operating environment.

Banks are grappling with the rapid pace of change and technology, shifting customer demographics and skills gaps at the executive and board levels. Speakers during the conference provided a variety of ways that directors can address these concerns with an eye toward future growth.

One way is to redefine how community banks think about their products and their markets, according to Ron Shevlin, director of research at Cornerstone Advisors. Shevlin says many community banks face competition from firms outside of their geographic marketplace. In response, some community banks are moving away from a geographic community and toward affinity, or common bond, groups. These firms have identified products or loans they excel at and have expanded their reach to those affinity customers. He also advises banks to examine how their products stack up to competing products. He uses the example of checking accounts, pointing out that large banks and financial technology firms sometimes offer rewards or personal financial management advice for these accounts.

“Everyone talks about customer experience, but fixing the customer experience of an obsolete product is a complete waste of money,” he says.

Another challenge for boards is the makeup of the board itself. Directors need to have a skill set that is relevant to the challenges and opportunities a bank faces. Today, directors are concerned about how the bank will respond to technology, increase the diversity of their boards and remain relevant to the next generation of bank customers, says J. Scott Petty, managing partner of financial services at Chartwell Partners, an executive search firm.

He challenges directors to consider the skills and experiences they will need in a few years, as well as how confident they are that they have the right board and leadership to run the bank.

“Change doesn’t happen overnight. It has to be planned for,” he says. “Board composition should reflect the goals of the financial institution.”

Banks can resist complacency with their culture, according to Robert Hill, Jr., CEO of South State Corp. Hill says there is never a point in time when “you’ve got it made and your bank is cruising.” Various headwinds come and go, but the overarching theme behind the bank’s challenges is that pace of change, need for customer engagement and competition are all increasing.

In response, Hill says the bank is very selective about who they hire, and looks for passion, values and engagement as well as specific skills. South State prioritizes soundness, profitability and growth—in that order—and wraps its cultural fabric around and throughout the company. A large part of that is accomplished through leadership, and the accountability that goes with it.

“If the culture is not strong and foundation is not strong, it will be much harder for a company to evolve,” he says.

Will More Banks Form this Uncommon Board Committee?


committee-2-22-19.pngIt wasn’t in response to a cybersecurity event or a nudge from regulators that prompted Huntington Bancshares’ board to create a Significant Events Committee in early 2018.

Instead, says Dave Porteous, lead director at the $108 billion bank based in Columbus, Ohio, it was old-fashioned governance principles that drove Huntington’s board to establish the ad hoc committee responsible for responding to the biggest risk faced by banks today: cybersecurity threats.

“Particularly over the last 10 years, the world is changing so quickly it has really become incumbent upon all boards, in my view, to continually be evaluating their governance structure and whether or not they need to make adjustments … to how the world is changing,” Porteous says.

Ask any bank executive or director right now to name the things that cause them to lose sleep at night and cybersecurity will almost invariably be at the top of the list.

Millions of personal records have already been compromised globally, and it can cost even a small bank millions of dollars to rectify a single cyber event. Yet, while it is a common topic in boardrooms, it hasn’t yielded widespread governance restructuring at banks across the United States.

Bank Director’s 2018 Technology Survey found that 93 percent of the 161 chief bank executives, senior technology officers and directors said cybersecurity is an issue of focus by their board.

But a 2018 analysis by Harvard Law School found that just 7 percent of all S&P 500 companies have separate technology committees, though 29 percent of large public bank holding companies above $10 billion in assets have set up just such a thing. This is significant because, as the study noted, cybersecurity is often the responsibility of the technology committee.

Significant events have over time produced mandated changes in corporate structure, like the requirement in Dodd-Frank requiring banks above $10 billion in assets to have a separate risk committee, or the requirement in Sarbanes-Oxley that an audit committee oversee a bank’s independent auditor.

But Porteous argues that banks should not wait for changes in the law to force them into structural changes. The changes should emerge instead from ongoing conversations at institutions about new trends and threats.

“To me the critical thing is constantly be assessing and challenging yourself as a board on the way in which you govern and not to be afraid to make adjustments,” Porteous says. “In other words, create committees to address the current or upcoming issues that enhance the focus (of the board).”

For Huntington, the establishment of the Significant Events Committee was years in the making, but finally came after the board realized it was having similar discussions about the same topic at the board level and in separate committees.

It was a natural thing for us to take these discussions we were having, both at the board meeting and various committee-level meetings, and then decide that we were spending a significant amount of time in those discussions that it was going to be critically important,” Porteous says.

When formed, the committee included Huntington CEO Stephen Steinour, who chaired the committee; the lead director; the chairs of the technology, risk and audit committees and the “lead cyber director,” the 2018 company proxy said. The committee has since been folded into the broader Technology Committee because of overlapping skill sets, Porteous says, but the bank can reestablish it or other ad hoc committees as necessary.

One such committee was Huntington’s Integration Committee, created when the bank acquired FirstMerit Corp. in 2016. The committee met three times in 2017 after the acquisition and was later dissolved.

But it’s not just cybersecurity or M&A that should qualify as a significant event worthy of a board’s attention. Recurring natural disasters, for instance, including hurricanes in the Southeast and wildfires in the West are examples that might merit a similar response.

Whatever the issue, Porteous suggests boards continually assess their governance structure through annual board-level assessments or just paying attention to what’s in the newspaper every day.

“It’s critical to make those adjustments or adapt to the changing world,” Porteous says.

Enhancing Shareholder Value



Bank stocks have taken a dive in late 2018, and bank boards play a key role in the strategic decisions driving shareholder value. Scott Sommer and Steve Williams of Cornerstone Advisors explain the issues impacting shareholder value in 2019, including technology.

  • Bank stock trends
  • Focus on fintech
  • Board decisions

Why Directors Should Not Fear Board Evaluations


governance-1-23-19.pngIn governance circles today, the conversations about board performance and evaluations continue to advance.

Governance advocates, proxy advisors and institutional investors encourage varying approaches to evaluating directors, assessing board effectiveness, and raising the bar on expectations for director contributions and performance.

Many community bank directors, however, are reticent to go down the board assessment path, fearing that the process will somehow result in their removal from the bank’s board. The goal of any evaluation, however, should not necessarily be to weed out directors, but rather to highlight areas for board and director improvement, and encourage continual forward movement on good governance.

In our view, there are three general types, or levels, of board evaluation to consider:

Level 1: A general assessment of the board overall and how the group is functioning. This evaluation might include areas such as:

  • Do we have the right committee structure, leadership and meeting frequency?
  • Are we as a board focusing our time on the correct and critical topics?
  • Do we have an appropriate and valuable range of skills and experiences around the board table to govern effectively in today’s industry climate?

Level 2: This typically involves an element of “self-assessment,” focused on what individual directors believe they contribute. This analysis highlights contributions of a technical, industry, business, community or other relative area. Self-assessments also aggregate the collective skills sitting in the boardroom, and help to inform the board about where there are critical gaps in the needed skills.

Level 3: This is where some trepidation arises—the individual evaluation. This assessment involves each director providing confidential feedback on their fellow directors, and should always be facilitated by a third party. Using an outside resource to review and compile the data provides a level of professional insulation between directors, and ensures anonymity of the assessments.

Peer evaluations can serve an important function by informing directors as to how their peers view their contribution. When viewed in conjunction with self-assessment output, it can provide a comprehensive, objective look at how each director views their contribution relative to how their contribution is viewed by their colleagues.

Many board members fear an assessment will expose shortcomings as a director. However, the goal of evaluations is to highlight areas for improvement and strengthen governance—not necessarily cull the herd. There are plenty of examples of directors whose contribution had slipped a bit due to personal or business distractions without realizing this shift occurred. In these instances, peer feedback was instrumental in helping that director return to highly engaged participation.

It’s also common to see individual feedback highlight areas where directors needed updated training or a refresher course in bank operations or oversight, often resulting in additional training for all directors.

One of the hallmarks of the most effective boards is a desire for continuous improvement, and striving to become a “strategic asset board.”

To be sure, board members whose contributions have declined considerably and remained below expectations for an extended period might need a “tough love” conversation. A board seat is a precious thing, and every director must bring current and valuable skills and experiences to the board table.

Directors whose lengthy tenure or legacy contributions are simply not up to current needs and governance standards—and who lack the fortitude for improvement—should ask themselves whether the bank would be better served by a different individual in that seat. It takes real maturity, self-awareness and a view for the “greater good” for a director to make such a determination.

Boards have long held to age limits more than term limits as a vehicle to repopulate their boardroom. Yet as directors age, many institutions are raising or waiving the age requirements to retain experienced directors. Good reasons exist to keep veteran directors, but a board seat should be earned through performance. Seats should not be “institutionalized“ to an individual or family if those representing select interests are not qualified to contribute in a meaningful way and put the institution’s interests above their own.

The highest performing boards make it a policy to conduct some form of evaluation on a regular if not annual basis. Whether though a general, self or peer assessment process, more informed boards make better decisions around board composition and continued director service.

Boards with the strongest, most capable and engaged directors will have the greatest ability to survive and thrive in a consolidating industry. Boards that utilize some form of assessment are more likely to be among the survivors going forward.

One Tool To Get a Better Grasp on Cybersecurity Risk Oversight


cybersecurity-11-26-18.pngAs new types of risk – and new regulatory requirements – are introduced, bank directors play an instrumental role in making sure the executive team is properly addressing cybersecurity risks.

This can be an especially challenging responsibility as it is rare for board members to have the technical background or expertise to appropriately assess an entity’s cybersecurity risk management program without external resources. In many instances, directors find themselves in the uncomfortable position of relying primarily on management reports or the advice of third-party providers to meet their oversight responsibilities.

Annual scorecards from management and vulnerability assessments from third-party providers have value, but can make it difficult to compare and assess risk management programs with confidence.

To address this challenge, boards can consult new guides that offer ways to explore and dig into potential cyber risk management issues and other technical matters.

The Center for Audit Quality (CAQ), recently released a new publication, “Cybersecurity Risk Management Oversight: A Tool for Board Members.” The tool, like other emerging frameworks, is designed to help board members probe more deeply, challenge management assertions from a position of knowledge and understanding, and make more informed use of independent auditors.

Asking the right questions
In addition to offering board members a high-level overview of cybersecurity risk management issues and board responsibilities, the tool offers a series of probing questions board members can use as they engage in discussions about cybersecurity risks and disclosures with management and with independent financial auditors.

The questions are organized into four groups:

  1. Understanding how the financial statement auditor considers cybersecurity risk. These questions help board members understand the auditor’s approach to cybersecurity-related risks, and how such risks get addressed in the audit process.
  2. Understanding the role of management and responsibilities of the financial statement auditor related to cybersecurity disclosures. These questions help board members explore compliance with current SEC guidance, as well as other regulatory and disclosure requirements.
  3. Understanding management’s approach to cybersecurity risk management. These questions look beyond financial reporting and compliance, and begin to probe broader cybersecurity-related issues, including the governing framework, policies, processes, and controls the bank has in place to manage and mitigate cybersecurity risk.
  4. Understanding how CPA firms can assist boards of directors in their oversight of cybersecurity risk management. These questions help board members learn about additional offerings CPA firms can provide to assist them, and what factors to consider when engaging outside auditors to perform readiness assessments and examinations.

Starting the conversation
The CAQ says the cybersecurity oversight tool is not intended to be a comprehensive, all-inclusive list of questions for board members to ask. It also cautions against using the questions as a checklist for board members to use.

Rather, board members should look at the questions as conversation starters, examples of the types of issues they should raise with management and financial statement auditors. The purpose of the questions is to spark a dialogue to clarify responsibilities and generate a conversation and help board members develop a better understanding of how the company is managing its cybersecurity risks.

Expanding CPAs’ capabilities
As noted, one group of questions is designed to help board members learn more about other cybersecurity assurance services offered by CPA firms. One example of such services is the new System and Organization Controls (SOC) for Cybersecurity examination developed by the AICPA.

The information within the report provides management, directors or clients a description of the organization’s cybersecurity risk management program and an independent opinion on the effectiveness of the controls in place.

As concerns over cybersecurity risks in banking continue to intensify, directors will find it increasingly necessary to be capable of effectively challenging executive management and financial auditors. This tool is one guide alongside other evolving frameworks and services, that can help boards fulfill their responsibilities while also adding significant value to the bank and its shareholders.