How Honesty and Engagement Define the Huntington Bancshares Board

Written by

David Porteous, the lead director on $188.5 billion Huntington Bancshares’ board of directors, has a deep reservoir of experience in both corporate and public sector governance. He joined the Columbus, Ohio-based board in 2003, and became lead director in 2007, just as the bank was emerging from the financial crisis with some significant battle scars.

So, when Porteous talks about corporate governance and the challenges facing bank directors, it pays to listen closely.

In this edition of The Slant Podcast, Porteous talks about his board experience at Huntington, including his relationship with Chairman and CEO Stephen Steinour.

According to Porteous, a critical component of the bank’s governance culture is transparency and a broad level of engagement between the CEO, board and senior executive team.

“When Steve was hired…the commitment that Steve made to us and we made to him as a board was to ensure that [we] had an open, transparent, engaging relationship, Porteous says. “I talk to him at least every week, usually for an hour or more, and sometimes multiple times.”

Huntington has also made a big commitment to environmental, social and governance issues – known as ESG for short. Some conservative commentators speculated that Silicon Valley Bank’s commitment to ESG issues distracted the board and senior management team from more fundamental concerns and played a role in the bank’s failure earlier this year.

For his part, Porteous rejects the idea that focusing on ESG is a distraction. “I view [ESG] as table stakes if you want to call it that,” he says. “It makes organizations stronger. It’s not a distraction.”

This episode, and all past episodes of The Slant Podcast, are available on BankDirector.com, Spotify and Apple Music.

Why the Duty of Cybersecurity is the Next Evolution for Fiduciary Duties

Written by

Bank directors know they can be personally liable for breaches of their fiduciary duties.

Through cases like In re Caremark International Inc. Derivative Litigation 698 A.2d 959 (Del. Ch. 1996), Stone v. Ritter, 911 A.2d 362 (Del. 2006), and Marchand v. Barnhill, 212 A.3d 805 (Del. 2019), Delaware courts have held boards responsible for failing to implement systems to monitor, oversee and ensure compliance with the law.

Recently, the Delaware Court of Chancery formally expanded those rules in In re McDonald’s Corporation Stockholder Derivative Litigation, Del. Ch. Ca. No. 2021-0324-JTL. The ruling established that the fiduciary duties of the officers of a Delaware corporation include a duty of oversight that is comparable to the responsibility of directors. These cases make clear that when the duty of oversight meets with the immense cybersecurity responsibilities of financial institutions, a duty of cybersecurity is added to the fiduciary responsibilities of directors and officers.

The lawsuit by 25 former McDonald’s employees alleged that corporate executives failed to address systemic harassment, leading to a hostile work environment. By allowing failure to oversee and monitor claims against the officers in that case, all corporate executives are now forced to take a leadership role in monitoring and addressing company-wide issues.

Given prior rulings in Delaware courts concerning the duty of oversight and officer fiduciary duties, the McDonald’s decision reiterates the importance of implementing robust compliance programs. It also clarifies that officers and directors must actively address compliance.

Cybersecurity is paramount among the myriad of compliance issues that all corporate officers and directors must address. For example, in 2019, In re Google Inc. Shareholder Derivative Litigation, the proceedings against Google’s parent company involved claims that the company’s board of directors and officers failed to discharge their oversight duties related to the 2018 Google+ security vulnerability. That suit settled for $7.5 million and the company agreed to implement significant governance reforms to address data privacy issues. Similarly, In re Yahoo! Inc. Shareholder Derivative Litigation, multiple cybersecurity breaches between 2013 and 2016 led to a shareholder derivative lawsuit, which settled for $29 million in 2019.

And, in the past year, multiple financial institutions, including Wells Fargo & Co., JPMorgan Chase & Co., and Bank of America Corp., faced lawsuits also seeking to hold their officers and directors personally liable for, amongst other things, failing to:

1. Protect customer data adequately.
2. Oversee the bank’s cybersecurity practices.
3. Prevent data breaches that exposed customer personal information.

In these cases, and many others, cybersecurity and data breaches have caused reputational damage for officers and directors and damaged the corporation’s relationships with customers and partners. In addition, these corporate leaders risk:

Breach of fiduciary duty claims. If directors or officers do not take reasonable steps to protect the corporation from a data breach, they risk breaching their fiduciary duties and could be held personally liable for the damages caused by the breach.
Accusations of Negligence. Directors and officers can be accused of negligence for failing to implement appropriate security measures, train employees on cybersecurity best practices and respond to a breach in a timely and effective manner.
Criminal prosecution. If directors and officers intentionally or recklessly cause a breach or fail to report it to the authorities, they may face criminal prosecution.
Regulatory penalties. Government or financial regulators can impose significant fines for cybersecurity failures.

And, just as the risks for directors and officers explode, they face an insurance whipsaw. First, directors’ and officers’ (D&O) insurance policies may include specific exclusions for cyber-related claims or require separate cyber insurance to cover these risks. Next, increased personal exposure for officers and directors will increase the likelihood facing lawsuits, increasing the premiums for D&O insurance. To protect themselves, directors and officers should insist on increased corporate governance protection, including:

• The prioritization by boards of cybersecurity and data privacy as crucial risk management areas, including putting proper reporting and monitoring systems into place.
• Requiring directors and officers to actively understand the evolving landscape of cybersecurity and data privacy risks and regulations.
• Corporate investment in appropriate cybersecurity measures and employee training to minimize the risk of data breaches as well as the associated legal and reputational risks.

To mitigate their risk of personal liability, corporate officers and directors must understand, implement and monitor the cybersecurity safeguards their financial institutions need. And, the courts have sent a clear message to bank directors and officers: To discharge your duty of cybersecurity, you must actively oversee and monitor institutional cybersecurity and data privacy programs.

The Promise and the Peril of Director Term Limits

Written by

Bank boards seeking to refresh their membership may be tempted to consider term limits, but the blunt approach carries several downsides that they will need to address.

Term limit policies are one way that boards can navigate crucial, but sensitive, topics like board refreshment. They place a ceiling on a director’s tenure to force regular vacancies. Bringing on new members is essential for banks that have a skills or experience gap at the board level, or for banks that need to transform strategy in the future with the help of different directors. However, it can be awkward to implement such a policy. There are other tools that boards can use to deliver feedback and ascertain a director’s interest in continued service.

The average age of financial sector independent directors in the S&P 500 index was 64.1 years, according to the 2021 U.S. Spencer Stuart Board Index. The average tenure was 8.3 years. The longest tenured board in the financial sector was 16 years.

“I believe that any small bank under $1 billion in assets should adopt provisions to provide for term limits of perhaps 10 years for outside directors,” wrote one respondent in Bank Director’s 2022 Governance Best Practices Survey.

The idea has some fans in the banking industry. The board of directors at New York-based, $121 billion Signature Bank, which is known for its innovative business lines, adopted limits in 2018. The policy limits non-employee directors to 12 years cumulatively. The change came after discussions over several meetings about the need for refreshment as the board revisited its policies, says Scott Shay, chairman of the board and cofounder of the bank. Some directors were hesitant about the change — and what it might mean for their time on the board.

“In all candor, people had mixed views on it. But we kept talking about it,” he says. “And as the world is evolving and changing, [the question was: ‘How do] we get new insights and fresh blood onto the board over some period?’”

Ultimately, he says the directors were able to prioritize the bank’s needs and agree to the policy change. Since adopting the term limits, the board added three new independent directors who are all younger than directors serving before the change, according to the bank’s 2022 proxy statement. Two are women and one is Asian. Their skills and experience include international business, corporate governance, government and business heads, among others.

And the policy seems to complement the bank’s other corporate governance policies and practices: a classified board, a rigorous onboarding procedure, annual director performance assessments and thoughtful recruitment. Altogether, these policies ensure board continuity, offer a way to assess individual and board performance and create a pool of qualified prospects to fill regular vacancies.

Signature’s classified board staggers director turnover. Additionally, the board a few years ago extended the expiring term of its then-lead independent director by one year; that move means only two directors leave the board whenever they hit their term limits.

Shay says he didn’t want a completely new board that needed a new education every few years. “We wanted to keep it to a maximum of a turnover of two at a time,” he says.

To support the regularly occurring vacancies, Signature’s recruitment approach begins with identifying a class of potential directors well in advance of turnover and slowly whittling down the candidates based on interest, commitment and individual interviews with the nominating and governance committee members. And as a new outside director prepares to join the board, Signature puts them through “an almost exhausting onboarding process” to introduce them to various aspects of the bank and its business — which starts a month before the director’s first meeting.

But term limits, along with policies like mandatory retirement ages, can be a blunt corporate governance tool to manage refreshment. There are a number of other tools that boards could use to govern, improve and refresh their membership.

“I personally think term limits have no value at all,” says James J. McAlpin Jr., a partner at Bryan Cave Leighton Paisner LLP.

He says that term limits may prematurely remove a productive director because they’re long tenured, and potentially replace them with someone who may be less engaged and constructive. He also dislikes when boards make exceptions for directors whose terms are expiring.

In lieu of term limits, he argues that banks should opt for board and peer evaluations that allow directors to reflect on their engagement and capacity to serve on the board. Regular evaluation can also help the nominating and governance committee create succession plans for committee chairs who are near the end of their board service.

Perhaps one reason why community banks are interested in term limits is because so few conduct assessments. Only 30% of respondents to Bank Director’s 2022 Governance Best Practices Survey, which published May 16, said they didn’t conduct performance assessments at any interval — many of those responses were at banks with less than $1 billion in assets. And 51% of respondents don’t perform peer evaluations and haven’t considered that exercise.

For McAlpin, a board that regularly evaluates itself — staffed by directors who are honest about their service capacity and the needs of the bank — doesn’t need bright-line rules around tenure to manage refreshment.

“It’s hard to articulate a reason why you need term limits in this day and age,” he says, “as opposed to just self-policing self-governance by the board.”

Driving Accountability in Incentive Compensation Governance

Written by


compensation-7-17-19.pngI once flunked a math test because I didn’t show my work. Turns out, showing your work is important to both math teachers and bank regulators.

To drive accountability, it is important to document and “show your work” when it comes to governance of incentive compensation plans and processes. The largest banks, due to increased regulatory oversight, have made significant strides in complying with regulators’ guidance and creating robust accountability. Here are some resulting “better practices” that provide food for thought for banks of all sizes.

While the 2010 interagency guidance on sound incentive compensation policies is almost a decade old, it remains the foundation for regulatory oversight on the matter. The guidance outlined three lasting principles for the banking industry:

  • Provide employees incentives that appropriately balance risk and reward.
  • Create policies that are compatible with effective controls and risk management.
  • Support policies through strong corporate governance, including active and effective oversight by the organization’s board of directors.

Most organizations used the release of the 2010 guidance to take a fresh look at their incentive plans. It proposed a non-exhaustive list of risk-balancing methods, such as risk adjustment of awards and deferral of payment. Many banks changed their plan structures and provisions to increase sensitivity to, and better account for, risk. The changes made sense pragmatically but largely addressed only the first principle.

After the financial crisis, boards were expected to engage in the oversight and review of all incentive arrangements to ensure that they were not rewarding imprudent risk taking. However, most institutions quickly realized it was not practical for directors to be in the weeds of all their broad-based incentive plans and thus delegated that task to management.

Compensation committees outlined expectations for senior management regarding incentive plan creation, administration and monitoring in a formal document. Their expectations would include, for example, the process for reviewing incentive plan risk.

Comp, Risk Committees Cooperate
Banks also developed stronger communication or information sharing between the compensation and risk committees of the board. This was sometimes accomplished through cross-pollinating members between the committees or conducting joint meetings on the topic. It also became standard for the chief risk officer to participate in compensation committee meetings and present on incentive compensation risk, as well as the overall risk profile of the organization.

Incentive compensation review committees, made up of the most-senior control function heads such as the chief financial officer, chief human resource officer, general counsel and chief risk officer, are often delegated primary oversight responsibilities. To create accountability, this management committee operates under a formal charter, oversees the entire governance process, provides for credible challenges throughout and annually approves all non-executive plans. A summary of their activities and findings is presented to the compensation committee annually, at minimum.

Working groups representing various business lines and broad control functions support the management committee in actively monitoring incentive compensation plans. Every activity in the governance process—from plan creation or modification to risk reviews and back-testing—has a documented process map with roles and responsibilities.

These large bank practices might be overkill for smaller organizations. However, some level of documentation and process formalization is a healthy process for any size. My advice: Don’t get fixated on the red tape, as proper governance and controls can be scaled to the size and complexity of each individual bank.

Formalize the Process
The second and third principles of the 2010 guidance are aimed at driving greater accountability and efficient oversight, including enhanced information sharing. Formalizing the process simply helps to crystalize expectations for those involved and safeguards against the dodging of responsibilities.

Plus, regulators—just like that math teacher—want to see the work. It’s not enough to simply have the right answer. You must be able to document the process you went through to get there.

The Need for Secure Communications in the Boardroom

Written by


communication-5-21-19.pngBoards need to keep director communications secure, timely and accurate.

Communication can be a major challenge for busy board directors who need to touch base with their peers regularly, and it can introduce major security risks for the institution.

Boards tend to use different applications or multiple email accounts; the numerous multiple electronic platforms means that directors need to remember multiple user IDs and passwords. Directors sometimes resort to using their personal email accounts out of frustration with other systems or for personal convenience.

Many boards send sensitive internal governance communications through insecure communication channels. The use of personal email for internal board communications is widespread. A report Diligent Corporation conducted with Forrester Consulting discovered that 56 percent of directors use personal email for their board communications. Governance professionals and C-level executives also sometimes use their personal email for governance communications.

This is not a good practice. Cybercrime continues to evolve; attacks are increasingly sophisticated, and they are occurring with increasing frequency. Attacks are also becoming more complex, and recovering from digital breaches may become increasingly difficult.

Hackers specifically target directors, C-level executives and the people who support them in a tactic known as “whaling.” Hackers are keenly aware that boards regularly deal with information that is highly sensitive and confidential. Cyber criminals are likely to target high-profile individuals, threatening them with the release of private information unless they pay a ransom. When directors and other notable individuals use personal email accounts for corporate business, they are prone to falling victim to phishing and malicious cyberattacks that could harm the corporation.

Best practices for corporate governance require directors to communicate in ways that are secure, timely and accurate, and that reflect good governance principles. Encapsulated within the principles of good corporate governance is the need to use the right technology to support these efforts. Specific technology that protects the board’s internal communications can also streamline various processes. However, boards should look for specific tools with features such as remote wiping, given that nearly 30% of directors report losing or misplacing a phone, tablet or computer at some point.

The only way to keep sensitive and confidential information private is to use a secure digital messaging application. Look for applications that can work with existing digital infrastructure but are also secure. Some solutions help augment governance and accountability functions, which can address liability issues that email and other types of communications can sometimes create for board administrators and general counsels.

Probably the most difficult element of using secure communications in the boardroom is actually getting directors to use the technology. Getting board directors to change their habits can be a daunting task and something that can take time. However, with the right support and training, directors will be more willing to make the change.

Directors need to understand the importance of using the right technologies and why their current communication methods open the board up to risk. Assessing the security threat demonstrates to the board that the discussion topics and documents are highly sensitive and cannot risk being leaked. The right communication application should provide control to the administrator, with security being a top feature to ensure directors are protected.

Additionally, getting director buy-in from the start is crucial. It is important that boards realize what could happen if their emails are hacked and why they need to adopt secure communications avenues.

Providing your board of directors with the right reasons for needing secure communications is half the battle. Make sure your bank properly evaluates the various technologies to ensure that they will have the right training to properly leverage the tools.

Compensation Governance in Today’s Economy

Written by



Despite recent shifts in the economic and regulatory environment, bank boards still need to keep a close eye on many of the same issues—including risks related to your bank’s compensation practices, as McLagan Partner Gayle Appelbaum explains in this video. She also spells out how talent pressures, and the expectations of regulators and investors, will continue to keep banks on their toes.

  • Key Practices for Boards and Compensation Committees
  • Why You Can’t Relax in Today’s Strong Economy
  • The Need for Heightened Corporate Governance

Six Tech Trends for 2017

Written by


tech-trends-4-17-17.pngFor capital markets participants worldwide, Nasdaq operates as a pioneer in maintaining market resiliency and mobilizing the latest practical technologies to strengthen and optimize the business performance of our partners and, most importantly, our clients. Amidst a rapidly changing economic and political environment, the technological advances used in financial services during 2016 reached staggering new heights by year-end.

As a financial technology company, we are especially excited about what is in store for 2017. We believe the following technology trends will have a significant impact on the capital markets this year.

Machine Learning and Artificial Intelligence
Machine learning and artificial intelligence will cross-cut almost everything that we do, and it will be applicable across the board—from helping customers to trade to market surveillance. We are bringing in nontraditional data sets including email and text messaging, sentiment and macroeconomics data, and we are mining log files from different systems for insights. The technology will be used to calculate and generate indices and exchange-traded funds. It will also be integrated into exchange matching engines (the system that matches buy and sell orders) so that it can make certain trade decisions.

Collaboration Tools
Secure collaboration software and online portals will play an important part in how corporate directors and leadership teams work as compliance, board management and the need for a central document repository have become increasingly vital business propositions. These web and mobile app-based tools are typically designed with multiple security and functionality features to provide greater governance, engagement and transparency throughout an organization. As more companies begin to integrate collaboration software into their business workflows, the secure sharing of critical information will become more simplified.

Cloud Computing
Cloud providers are taking security seriously, and we anticipate that the financial cloud will soon be more secure than most traditional on-ground data centers. That would potentially allow us to make sensitive information more broadly available than on traditional, centralized databases. Exchanges need to comply with rules and regulations on fair and equal access for clients, so moving front-office applications to the cloud necessitates some technology changes. Running middle-office and back-office applications in the cloud is more straightforward, but in 2017 we will continue work to address the remaining security concerns regarding data separation and customer access to data.

Data Analytics
The ability to mine data, normalize it, update analytics in real time and present it in a consolidated view is a source of competitive advantage. We are now seeing a seismic shift across the industry with machine learning and artificial intelligence enabling users to eliminate bias in the analysis and discover new patterns in the data.

There will be a diverse set of use cases for data analytics within financial services, including its application in the investor relations function, where analytics can assist the IR team by aggregating specific investor data points, filtering institutional investors by the positions they hold in your company’s stock and identifying specific investment characteristics.

Mobile Technology
Advancements in mobile technology have changed the way business professionals collaborate and access information. A new generation of cloud-based applications has simplified information sharing across device types. For example, we have combined mobile technology with other technologies—particularly cloud and blockchain—to enable remote proxy voting. To some extent, financial firms have been laggards in adopting mobile technology because of the security concerns, but addressing those will drive increased penetration.

Blockchain
Blockchain technology could create important efficiencies in position-keeping and reconciliation. For cash-settled securities, it could accelerate the clearing and settlement time frame from three days to same-day, significantly reducing risk in the system. Collateral could be moved around quickly and easily. On the settlement side, blockchain could complement several services, including managing payments and cash, transferring securities, facilitating collateral and tri-party arrangements, and securities lending.

It is clear that financial services in 2017 will evolve rapidly as new technology is integrated into the marketplace. These technologies will change how financial institutions manage their infrastructure, interact with one another, and ultimately, how industry leaders scale and grow their businesses. We are excited to see how the year unfolds.

Good Corporate Governance Starts With the Articles and Bylaws

Written by


governance-11-14-16.pngJust as a good diet and regular exercise contribute to a healthy lifestyle, good corporate governance and board oversight often serve as the foundation for the health and stability of any corporate organization. Corporate governance is often a difficult concept to nail down. In the highly regulated banking industry, the importance of good corporate governance practices is significantly amplified due to the additional layer of regulatory risk that may not affect businesses in other industries.

Although good corporate governance is often associated with maintaining certain policies and procedures, such as guidelines, codes of conduct, committee charters, shareholder agreements and intercompany and tax sharing agreements, we routinely encounter financial institutions that ignore or overlook one of the most fundamental aspects of corporate governance: the articles of incorporation and bylaws. In fact, we experience many situations in which financial institutions have articles and bylaws that are significantly outdated and have not been revised to comply with current laws, regulations and other corporate best practices. Failure to keep these governing documents current can not only raises legal and regulatory concerns, but oftentimes compromises the ability of the management team to protect and preserve the interests of its shareholders.

A comprehensive review of the articles and bylaws is recommended, particularly if you have not conducted such a review in the past. Set forth below is a summary of certain terms and provisions that may be of particular interest to your management and board of directors.

Compliance With State Corporate Laws
State corporate laws provide the basic foundation for the conduct of business of most banks and bank holding companies. Over time, these state corporate laws are revised or replaced with more modern corporate statutes. Although the corporate laws may evolve over time, many financial institutions fail to adapt their articles and bylaws to conform to these changes. In many cases, we encounter articles and bylaws that reference outdated and repealed laws and statutes that could lead to questionable legal interpretations and uncertainty in many critical situations.

Limitation of Personal Liability and Indemnification of Directors and Officers
Most state corporate laws have provisions that permit a corporation to limit the personal liability of, and/or provide indemnification to, directors and officers pursuant to provisions in its articles or bylaws. Typically, the ability to limit liability and provide indemnification to directors and officers is eliminated in certain situations such as a breach of fiduciary duty or intentional misconduct. However, we routinely experience situations in which the limitation of liability and indemnification are either not addressed by the articles or bylaws or contain provisions that may not fully protect the interests of the management team.

Electronic Communications
As technology continues to evolve, many state corporate statutes have been revised to permit certain shareholder and director communications, such as notices of shareholder and director meetings, to be delivered in electronic format. Despite these statutory revisions, if your institution’s articles and bylaws require physical delivery of these notices, you might not be able to take advantage of these newer and less costly forms of communication.

Uncertificated Shares
As financial institutions continue to consolidate and increase their shareholder base, the use of third-party transfer agents is becoming more prevalent for the management of stock transfer records. Most transfer agents have implemented uncertificated book-entry systems as a means of recording stock ownership, which eliminates the need for physical stock certificates. However, it is not uncommon for the articles and bylaws to specifically require the issuance of physical stock certificates to their shareholders. Obviously, these provisions must be revised before implementing an uncertificated stock program.

In addition to the specific matters addressed above, some other important areas to consider when reviewing your articles and bylaws include the shareholders’ ability to call special meetings, the process for including shareholder proposals at annual or special meetings, the implementation of a classified board of directors, the process for the removal of directors, mandatory retirement age for directors, shareholder vote by written consent and a supermajority vote standard for certain article and bylaw amendments, such as limitation of liability and indemnification.

A review of your institution’s articles and bylaws is only one component of the broader corporate governance umbrella, but it is one of the more important and fundamental aspects of your board’s corporate governance responsibilities. Routine maintenance of these fundamental corporate documents will be a good start towards enhancing your institution’s overall corporate governance structure.

Do You Understand the New Incentive Compensation Proposed Rules?

Written by


compensation-9-7-16.pngFederal banking and securities regulators published a notice of proposed rulemaking revisiting incentive compensation standards that were originally proposed in 2011. The 2016 proposal provides a more prescriptive approach for larger financial institutions than the previous proposal, and it applies to institutions with $1 billion or more in assets. As with prior guidance applicable to incentive compensation, the overarching principles should be considered by financial institutions of all sizes when designing their compensation programs consistent with the Interagency Guidance on Sound Incentive Compensation Policies issued in June 2010, which applies to all banking organizations regardless of asset size.

The 2016 proposal is similar to the previous proposal in that it prohibits excessive compensation to “covered” persons. However, unlike the 2011 proposal, the 2016 proposal more clearly defines requirements of institutions by creating three levels based on average total consolidated assets, with the lowest scrutiny applying to Level 3 institutions, those that have assets of $1 billion or more but less than $50 billion.

The proposal has implications for any incentive compensation provided to officers, directors, employees and principal shareholders associated with an institution with assets of $1 billion or more. As required under the Dodd-Frank Act, the proposal tries to discourage excessive compensation and compensation that could lead to a material financial loss.

Excessive Compensation
There are two distinct elements for consideration. First is excessive compensation, which involves amounts paid that are unreasonable or disproportionate to the amount, nature, quality and scope of services performed by the covered person. Types of information the regulatory agencies will consider in making this assessment include, among others:

  • The combined value of all compensation, fees or benefits provided to the covered person;
  • The compensation history of the covered person and similarly-situated individuals;
  • The financial condition of the covered institution;
  • Peer group practices; and
  • Any connection between the individual and any fraudulent act or omission, breach of fiduciary duty or insider abuse.

Material Financial Loss
In determining whether incentive-based compensation could lead to a material financial loss, regulators have previously stated that they will balance potential risks with the financial reward and assess whether the institution has effective controls and strong corporate governance. The 2016 proposal specifically provides that an incentive-based compensation arrangement would not be considered to appropriately balance risk and reward unless it:

  • Includes financial and non-financial measures of performance;
  • Is designed to allow non-financial measures of performance to override financial measures of performance, when appropriate; and
  • Is subject to adjustment to reflect actual losses, inappropriate risks taken, compliance deficiencies, or other measures or aspects of financial and non-financial performance.

Additional Elements of the 2016 Proposal
The 2016 proposal re-emphasizes that internal controls and corporate governance are essential in monitoring risks related to incentive compensation. The 2016 proposal also contains a requirement that certain records must be disclosed upon request of the covered institution’s federal banking regulator.

The 2016 proposal will be effective 540 days after publication of the final rule and does not apply to any incentive plans with a performance period that begins before the effective date. Similarly, an institution that increases assets to become a Level 1, 2 or 3 institution must comply with rules applicable to that level within 540 days of the triggering size (determined based on asset size over the four most recent consecutive quarters).

Considerations
We recommend that boards begin taking steps in order to comply with the 2016 proposal and the Guidance.

  1. Consider whether any of the institution’s incentive-based compensation is excessive or encourages risks that could result in a material financial loss by: applying the excessive compensation factors as set forth above; making compensation sensitive to risk through deferrals, longer performance periods and claw-backs; and considering a peer group study.
  2. Document relevant considerations as evidence of compliance with the Guidance at the committee and board levels.
  3. Implement controls and governance to oversee and monitor compensation and determine whether to risk–adjust awards.
  4. Review compensation policies annually.