Recent stress in the banking sector continues to affect the operations and financial positions of banks in the U.S. While executive management teams analyze events and take actions to address the needs of their institutions and customers, there are important oversight actions that corporate directors of banks, especially mid-sized banks with total assets of between $50 billion and $250 billion can take to fulfill their role of looking out for the interests of the bank’s shareholders.
1. Understand and challenge management’s viewpoint on changing risks and dislocations, including how potential continued rate increases and a potential “higher for longer” interest rate environment could affect the bank’s strategy and objectives.
Directors should ask management to support and explain their critical assumptions, especially in situations where they differ from the perspectives of regulators, investors, rating agencies, financial analysts and industry observers. Boards should also carefully consider how management proposes to recalibrate risk appetite as the environment changes; in doing so, they should challenge the methodologies and metrics they use to set critical limits.
Some key questions to ask include:
- Has the bank established risk tolerances that are sufficient enough to capture current and emerging risks that have come to light?
- Are those risk tolerances complemented by key risk indicators and reporting? Given current events, should they be adjusted?
- Are risk acceptance decisions sufficiently governed and supported, and are the implications well understood?
- Does the board receive high-quality reports that convey clear, impactful insights supported by facts and analysis?
2. Review the details of executive management’s crisis action plans and the range of market and economic scenarios that management is considering.
Evaluate the availability and adequacy of management’s crisis resiliency, specifically capital and contingency funding. Some key questions to ask include:
- Has management appropriately tested the bank’s contingency plans?
- Is management documenting the lessons learned from those tests and adjusting plans based on the results?
- Has management performed multiple tabletop simulation exercises?
- Does the bank have communication plans in place that consider all relevant media outlets, including social media?
3. Obtain independent perspectives by meeting in executive session with the chief risk officer (CRO) and the chief audit executive.
Boards should seek the CRO’s and CAE’s independent perspectives on the bank’s current risk profile in relation to the board-approved risk appetite and strategy, as well as the adequacy of executive management’s risk management and crisis response plans. In addition, the CRO and CAE can provide an independent evaluation of the strengths and weaknesses of the bank’s risk management capabilities given the current environment. In particular, boards should seek their evaluation of the quality of risk data, the speed with which analyses and reports can be produced and the capabilities of crisis response talent.
4. Assess whether the board and the bank’s management teams have the right skills and sufficient resources.
The scope and nature behind the current market stress — and the scope and nature of the required response — strains existing key personnel on the board and in management. Boards should determine whether they have skill gaps in areas relevant to the current stress and where they may need subject matter expertise and training. Immediate areas of focus could include capital planning, liquidity management, regulatory strategy, crisis management, financial reporting, regulatory compliance, recovery and resolution planning, and business integrations.
In performing this assessment, boards should consider whether they run the risk of being overly dependent on a single board member in one or more of these areas, which can lead to overreliance or dependency on a key person. Further, boards should also focus on making sure that senior management, treasury and independent risk management functions have sufficient resources and capabilities to execute their responsibilities.
5. Plan ahead for the post-stress environment.
We believe that heightened regulatory requirements for mid-sized banks are inevitable, and that standards that are currently applicable to banks with assets exceeding $250 billion will progressively be applied to smaller institutions, such as those with assets between $50 billion and $250 billion. To prepare, boards for institutions with assets of $50 billion and above should consider:
- Launching a comprehensive evaluation of board practices in light of the principles outlined in the Federal Reserve’s supervisory guidance for boards at banks with more than $100 billion in assets, SR21-3. They should carefully consider the degree to which an evaluation should be executed by independent parties.
- Gaining an understanding of how a potential tightening of regulatory standards for mid-sized banks would affect the institution. For instance, would the bank need to make upgrades to its capital and liquidity risk management frameworks and systems? How would the bank’s talent needs change? What changes would the bank need to make to senior management and board governance? How will operations and controls need to change? What are management’s plans to address these changes?