CECL Delay Opens Window for Risk Improvements

The delay in the current expected credit loss accounting model has created a window of opportunity for small banks.

The delay from the Financial Accounting Standards Board created two buckets of institutions. Most of the former “wave 1” institutions constitute the new bucket 1 group with a 2020 start. The second bucket, which now includes all former “wave 2 and 3” companies are pushed back to 2023 — giving these institutions the time required to optimize their approach to the regulation.

Industry concerns about CECL have focused on two of its six major steps: the requirement of a reasonable and supportable economic forecast and the expected credit loss calculation itself. It’s important to note that most core elements of the process are consistent with current industry best practices. However, they may take more time for banks to do it right than previously thought.

Auditors and examiners have long focused on the core of CECL’s six steps — data management and process governance, credit risk assessment, accounting, and disclosure and analytics. Financial institutions that choose to keep their pre-CECL process for these steps do so at their own peril, and risk falling behind competitors or heightened costs in a late rush to compliance. Strategically minded institutions, however, are forging ahead with these core aspects of CECL so they can fully vet all approaches, shore up any deficiencies and maintain business as usual before their effective date.

Discussions over the impact of the CECL standard continue, including the potential for changes as the impacts from CECL bucket 1 filings are analyzed. Unknown changes, coupled with a three-year deadline, could easily lead to procrastination. Acting now to build a framework designed to handle the inevitable accounting and regulatory changes will give your bank the opportunity to begin CECL compliance with confidence and create a competitive advantage over your lagging peers.

Centering CECL practices as the core of a larger management information system gives institutions a way to improve their risk assessment and mitigation strategies and grow business while balancing risk and return. More widely, institutions can align the execution across the organization, engaging both management and shareholders.

Institutions can use their CECL preparations to establish an end-to-end credit risk management framework within the organization and enjoy strategic, incremental improvements across a range of functions — improving decision making and setting the stage for future standards. This can yield benefits in several areas.

Data management and quality: Firms starting to build their data histories with credit risk factors now can improve their current Allowance for Loan and Lease Losses process to ensure the successful implementation of CECL. Financial institutions frequently underestimate the time and effort required to put the required data and data management structures in place, particularly with respect to granularity and quality. For higher quality data, start sourcing data now.

Integration of risk and financial analysis: This can strengthen the risk modeling and provisioning process, leading to an improved understanding and management of credit quality. It also results in more appropriate provisions under the standard and can give an early warning of the potential impact. Improved communication between the risk and finance functions can lead to shared terminologies, methods and approaches, thereby building governance and bridges between the functions.

Analytics and transparency: Firms can run what-if scenario analysis from a risk and finance perspective, and then slice and dice, filter or otherwise decompose the results to understand the drivers of changes in performance. This transparency can then be used to drive firms’ business scenario management processes.

Audit and governance: Firms can leverage their CECL preparations to adopt an end-to-end credit risk management architecture (enterprise class and cloud-enabled) capable not only of handling quantitative compliance to address qualitative concerns and empower institutions to better answer questions from auditors, management and regulators. This approach addresses weaknesses in current processes that have been discovered by audit and regulators.

Business scenario management: Financial institutions can leverage these steps to quantify the impact of CECL on their business before regulatory deadlines, giving them a competitive advantage as others catch up. Mapping risks to potential rewards allows firms to improve returns for the firm.

Firms can benefit from CECL best practices now, since they are equally applicable to the current incurred loss process. Implementing them allows firms to continue building on their integration of risk and finance, improving their ALLL processes as they do. At the same time, they can build a more granular and higher quality historical credit risk database for the transition to the new CECL standards, whatever the timeframe. This ensures a smoother transition to CECL and minimizes the risk of nasty surprises along the way.

A Bank Board’s Role During a Pandemic

Don’t just sit there — do  something!

This is probably the normal emotional reaction of many bank directors as the COVID-19 pandemic consumes large chunks of the U.S. economy, possibly putting their institutions at risk if the crisis leads to a deep and enduring recession.

The role of the board, even in a crisis of this magnitude, is still to provide oversight rather than manage. The board’s role doesn’t change during a crisis, but certainly the governance process must become more focused and strategic, the pace of deliberations must quicken and communication becomes even more important.

Bank boards are ultimately responsible for the safety and soundness of their institutions. While senior management devotes their full attention to running the bank during a time of unprecedented economic turmoil, the board should be looking ahead to anticipate what might come next.

“I think the challenge for [directors] is to gauge the creeping impact on their bank over the next few months,” says James McAlpin, who heads up the banking practice at Bryan Cave Leighton Paisner in Atlanta. “The board’s role is oversight … but I believe that in certain times — and I think this is one of them — the oversight role takes on a heightened importance and the board needs to focus on it even more.”

Many economists expect the U.S. economy to tip into a recession, so every board needs to be looking at the key indicia of the health of their bank in relation to its loan portfolio. “I’ve spoken to a few CEOs and board members over the past couple of weeks where there are active conversations going on about benchmarks over the next few months,” says McAlpin. “‘If by, say, the end of April, certain events have occurred or certain challenges have emerged, this is what we’ll do.’ In other words, there’s pre-planning along the lines of, ‘If things worsen, what should be our response be?’”

This is not the first banking crisis that David Porteous, the lead director at Huntington Bancshares, a $109 billion regional bank in Columbus, Ohio, has lived through. Porteous served on the Huntington board during the previous banking crisis, recruiting a new executive management team and writing off hundreds of millions of dollars in bad loans. That experience was instructive for what the bank faces now.

Porteous says one of the board’s first steps during the current crisis should be to take an inventory of the available “assets” among its own members. Are there directors whose professional or business experience could be helpful to the board and management team as they work through the crisis together?

Communication is also crucial during a crisis. Porteous says that boards should be communicating more frequently and on a regular schedule so directors and senior executives can organize their own work flow efficiently. Given the social distancing restrictions that are in effect throughout most of the country, these meetings will have to occur over the phone or video conferencing.

“You may have meetings normally on a quarterly or monthly basis, but that simply is not enough,” Porteous says. “You need to have meetings in between those. What we have found at Huntington that served us very well in 2008 and 2009 and is serving us well now, we have set a time — the same day of the week, the same time of the day, every other week — where there’s a board call. So board members can begin to build their plans around that call.”

Porteous says the purpose of these calls is for select members of the management team to provide the board with updates on important developments, and the calls should be “very concise, very succinct” and take “an hour or less.”

Porteous also suggests that either the board’s executive committee or a special committee of the board should be prepared to convene on short notice, either virtually or over the phone, if a quick decision is required on an important matter.

C. Dallas Kayser, the non-executive chairman at City Holding Co., a $5 billion regional bank headquartered in Charleston, West Virginia, says that when the pandemic began to manifest itself in force, the board requested reports from all major divisions within the bank. “The focus was to have everybody drill down and tell us exactly how they’re responding to customers and employees,” he says. Like Porteous at Huntington, Kayser has asked the board’s executive committee to be available to meet on short notice. The full board, which normally meets once a month, is also preparing to meet telephonically more often.

As board chair, Kayser says he feels a special responsibility to support the bank’s chief executive officer, Charles “Skip” Hageboeck. “I’ve been in constant conversations with Skip,” he says. “I know that he’s stressed. Everyone is, in this situation.” Being a CEO during a crisis can be a lonely experience.  “I recognize that, and I’ve made myself available for discussions with Skip 24/7, whenever he needs to bounce anything off of me,” Kayser says.

One of the things that every board will learn during a crisis is the strength of its culture. “The challenges that we all face in the banking industry are unprecedented, and it really becomes critical now for all directors, as well as the senior leadership of the organizations that they oversee, to work together,” says Porteous. One sign of a healthy board culture is transparency, where neither side holds back information from the other. “You should have that all the time, but it’s even more critical during a crisis. Management and the board have got to have a completely open and transparent relationship.”

One Bank’s Approach to Improving Its Culture

Merriam-Webster defines culture as “the set of shared attitudes, values, goals, and practices that characterizes an institution or organization.” These attributes are central to a company’s success.

Corporations with strong cultures tend to have financial performance that matches, according to studies that have investigated the relationship. The corporate review website Glassdoor found in 2015 that the companies on its “Best Places to Work” list, as well as Fortune’s “Best Companies to Work For” list, outperformed the S&P 500 from 2009 to 2014 by as much as 122%. In contrast, Glassdoor’s lowest-rated public companies underperformed the broader market over the same period.

Unlike the financial metrics banks rely on to measure their performance, culture is harder to measure and describe in a meaningful way. How can a bank’s leadership team — particularly its board, which operates outside the organization — properly oversee their institution’s cultural health?

“A lot of boards talk about the board being the center of cultural influence within the bank, and that’s absolutely true,” says Jim McAlpin, a partner at the law firm Bryan Cave Leighton Paisner and leader of its banking practice group. As a result, they should “be mindful of the important role [they] serve [in] modeling the culture and forming the culture and overseeing the culture of the institution.”

Winter Haven, Florida-based CenterState Bank Corp., with $17.1 billion in assets, values culture so highly that the board created a culture-focused committee, leveraging its directors’ expertise.

CenterState wants “to create an incredible culture for their employees to enjoy and their customers to enjoy,” says David Salyers, a former Chick-fil-A executive who joined CenterState’s board in 2017. He’s also the author of a book on corporate culture, “Remarkable!: Maximizing Results through Value Creation.”

Salyers knew he could help the bank fulfill this mission. “I want to recreate for others what Truett Cathy created for me,” he says, referring to the founder of Chick-fil-A. “I love to see cultures where people love what they do, they love who they do it with, they love the mission that they’re on, and they love who they’re becoming in the process of accomplishing that mission.”

Few banks have a board-level culture committee. Boston-based Berkshire Hills Bancorp, with $13.2 billion in assets, established a similar corporate responsibility and culture committee in early 2019 to oversee the company’s corporate social responsibility, diversity and inclusion, and other cultural initiatives. Citigroup established its ethics, conduct and culture committee in 2014, which focuses on ethical decision-making and the global bank’s conduct risk management program — not the experience of its various stakeholders.

CenterState’s board culture committee, established in 2018, stands out for its focus on the bank’s values and employees. Among the 14 responsibilities outlined in its charter, the committee is tasked with promoting the bank’s vision and values to its employees, customers and other stakeholders; overseeing talent development, including new hire orientation; advising management on employee engagement initiatives; and monitoring CenterState’s diversity initiatives.  

The committee was Salyers’ suggestion, and he offered to chair it. “I said, ‘What we need to do, if you want to create the kind of culture you’re talking about, [is] we ought to elevate it to a board level. It needs to get top priority,’” he says. “We’re trying to cultivate and develop the things that will take that culture to the next level.”

As a result of the committee’s focus over the past year, CenterState has surveyed staff to understand how to make their lives better. It also created a program to develop employees. These initiatives are having a positive impact on the employee experience at the bank, says Salyers.

Creating a culture committee could be a valuable practice for some boards, particularly for regional banks that are weighing transformative deals, says McAlpin. CenterState has closed 11 transactions since 2011. In January, it announced it will merge with $15.9 billion asset South State Corp., based in Columbia, South Carolina. The merger of equals will create a $34 billion organization.  

“At the board level, there’s a focus on making sure there is a common culture [within] the now very large, combined institution,” says McAlpin, referencing CenterState. “And that’s not easy to accomplish, so the board should be congratulated for that … to form a [culture] committee is a very good step.”

CenterState’s culture committee leverages the passion and expertise of its directors. Both Salyers and fellow director Jody Dreyer, a retired Disney executive, possess strong backgrounds in customer service and employee satisfaction at companies well-regarded for their corporate culture. While this expertise can be found on the boards of Starbucks Corp. and luxury retailer Nordstrom, few bank boards possess these traits.

Focusing on culture and the employee experience from the top down is vital to create loyal customers.

“The best companies know that culture trumps everything else, so they are intentional about crafting engaging and compelling environments,” Salyers wrote in his book. “A company’s culture is its greatest competitive advantage, and it will either multiply a company’s efforts, or divide both its performance and its people.”

Talking Too Much About Board Diversity

A backlash has emerged in response to diversity and inclusion initiatives.

In the past several years, activists, institutional investors and some companies — including banks — have advocated for increased diversity and inclusion on their boards and throughout their firms. These groups believe that a diversity of race, gender, age and opinion is good for business and, ultimately, for shareholders.

But two recent studies draw attention to a burgeoning backlash to these efforts. Whether from message fatigue or concern about the board’s focus, companies may need to be mindful about the promotion and communication of their D&I efforts.

Director support to increase gender and racial diversity in the boardroom fell for the first time since 2013 in PwC’s 2019 governance survey. Thirty-eight percent of directors said gender diversity was very important in 2019, down from 46% in 2018. Those who said racial and ethnic diversity was very important fell to 26%, down from 34% the year prior.

Directors seem to be fatiguing of these messages, says Paula Loop, leader of PwC’s Governance Insights Center, who adds she was surprised at the recent trend.

“The way that we rationalized it is that it appears that directors have heard the message and they’re trying to acknowledge that,” she says.

Respondents to PwC’s survey acknowledged that diversity has added value to their discussions and decisions, Loop says, and that it increasingly makes sense from a business perspective. This finding is supported more broadly: Bank Director’s 2018 Compensation Survey found that 87% of respondents “personally believe” that board diversity, either through age, race or gender, has a positive impact on the bank’s performance.

“We have to remember, especially when you’re thinking about boards, they … don’t move necessary as quickly as one might think,” Loop says. “I feel like we’re in an evolution — but there’s been a lot in the last couple of years.”

Interestingly, PwC observed different responses to the survey based on the gender of respondents. A higher percentage of female directors reported that gender and racial/ethnic diversity on the board was “very important.” Male directors were less inclined to report seeing evidence of the benefits of diversity, and more than half agreed that diversity efforts “are driven by political correctness.”

Male directors were three times as likely as a female director to assert that investors “devote too much attention” to both gender and racial/ethnic diversity. Overall, 63% of directors believe investors are too focused on gender diversity, up from 35% in 2018; 58% report the same when it comes to racial/ethnic diversity, up from 33%.

The different responses along gender lines demonstrates why diversity matters, Loop says. The report shows that gender-diverse slate of directors do have a “different emphasis or different way of thinking.”

“It validates why it’s good to have a diverse group of people in a room when you have a conversation about an important issue,” she says.

But even if a bank makes headway on increasing the gender diversity on its board, there is still another group to think about: shareholders. A recent study found that companies that appoint women to the board experience a decline in their share price for two years after the appointment. The study looked at more than 1,600 U.S. companies between 1998 and 2011.

“Investors seem to be penalizing, rather than rewarding, companies that strive to be more inclusive,” wrote INSEAD researchers Isabelle Solal and Kaisa Snellman in a November 2019 Harvard Business Review article about their study.

What we think is happening is that investors believe that firms who choose to appoint women are firms who care more about diversity than about maximizing shareholder value,” writes Solal, a postdoctoral research fellow at the Stone Centre for the Study of Wealth Inequality at INSEAD, in an email interview.

In subsequent research, they found that investors view appointments of female directors with a company’s “diversity motivation.” The association is “not that surprising,” she writes, given that “almost all” press releases feature the gender of the appointee when that person is a woman, and will often include other references to diversity.

“Gender is never mentioned when the director is a man,” she writes.

Solal says that companies should still appoint women to their boards, especially given that the shareholder skepticism dissipates in two years. But companies should be mindful that overemphasizing a director’s gender or diversity may be unhelpful, and instead highlight the “skills and qualifications of their candidates, regardless of their gender.”

Board Governance For The New Year

Business conditions, financial markets and competitive landscapes are always changing. But perhaps there is no arena of business undergoing a more significant transformation at the moment than corporate governance.

Whether driven by activists investors, regulators, institutional shareholders, governance gadflies or best practices, corporate governance is in the crosshairs for many organizations today. And in the banking sector — where some in Washington have placed a bullseye on the industry’s back — an enhanced focus on governance is the order of the day.

Bank boards today would be well served to pay close attention to three important aspects of governance: board composition, size and director age and tenure. When left to their own devices, too often inertia will set in, causing boards to ignore needed enhancements to corporate governance and boardroom performance. Even in the private company and mutual space, there is room for improvement and incorporation of best practices if a bank wants to continue to remain strong and independent.

Some governance advocates adopt a certain viewpoint that downplays an institution’s history. “If you were building the board for your bank today at its current size, how many of the existing directors would you select for the board?” the viewpoint goes. This obviously ignores historical contributions and the context that took the bank to its current state.  However, as the old saying goes: “What got you here often won’t get you there.”

For many institutions — particularly those that have grown significantly through acquisition — the size of the board has become unwieldy. Oftentimes, executives doled out seats to get a deal done; in some extreme cases, boards now have 16, 18, 20 — or more — directors.

While this allows for ample staffing of committees, pragmatically there may be too many voices to hear before the board can make decisions. At the same time, banks with only six or seven  directors may not be able to adequately staff board committees, and perhaps operate as a “committee of the whole” in some cases.  Often times, this low number of directors implies a high level of insularity.

Research from sources including both Bank Director and the National Association of Corporate Directors suggests that the average board size is between 10 and 11 directors, including the CEO. Furthermore, the CEO is now typically the sole inside director, unless the CEO transition plan is underway and a president has been named as heir apparent to the CEO role (similar to KeyCorp’s September 2019 succession announcement). Too many or too few directors can impede a board’s effectiveness, and 75% of public boards have between nine and 12 directors.

Board composition, of course, speaks to the diversity seated around the board table. Whether you accept the prevailing sentiment or not, there is ample evidence that boards with more diverse perspectives perform better. In order to garner more diverse viewpoints, the board needs to be less homogenous (read: “not full of largely middle-aged white men”) and more representative of the communities served and employee demographics of today and tomorrow. And let’s not forget about age diversity, which helps to bring the perspectives of younger generations (read: “vital future customers and employees”) into the boardroom. One real world example: How would you feel if your bank lost a sizable municipal deposit relationship because a local ordinance required a diverse board in order to do business with an institution? It can happen.

Lastly, many boards are aging. The average public director today is 63 — roughly two years older than a decade ago. And as directors age and begin to see the potential end of their board service, a number of community bank boards have responded by raised their mandatory retirement age and prolonging the inevitable. Yet with rising tenure and aging boards, how can an institution bring on next-level board talent to ensure continued strong performance and good governance, without becoming unnecessarily large? Boards need to stay strong and hold to their longstanding age and tenure policies, or establish a tenure or retirement limit, in order to allow for a healthy refresh for the demands ahead.

High-performing companies typically have high-performing boards. It is rare to see an institution with strong performance accompanied by a weak or poorly governed board. Boards that take the time to thoughtfully optimize their size, composition and refreshment practices will likely improve the bank’s performance — and the odds of continued independence.

Best Practices for Onboarding New Directors


governance-9-12-19.pngJoining a bank board can be a bewildering experience for some new directors. There’s a lot to learn, including new, confusing abbreviations and financial metrics specific to the banking industry. But with the right approach, bank boards and nominating/governance committees can make the experience easier.

Onboarding new directors and more quickly acclimating them to the world of depository institutions is essential to ensuring banks have a functioning board that is prepared to navigate an increasingly changing and complex environment. It can also reduce potential liability for the bank by ensuring its members are educated and knowledgeable, and that no one personality or viewpoint dominates the boardroom.

Banking differs from other industries because of its business model, funding base, regulatory oversights and jargon. Directors without existing knowledge of the industry may need one to two years before becoming fully contributing members who can understand the most important issues facing the bank, as well as the common parlance.

Proactive boards leverage the chairperson to create an onboarding process that is comprehensive without being overwhelming, and tailor it to suit their institution’s particular needs, as well as the skill sets of newly recruited board members. The chair can work with members of the nominating/governance committee and executives like the chief financial officer to create a specific onboarding program and identify what pertinent information will best serve their new colleague.

Bank Director has compiled the following checklist to help strengthen your bank’s onboarding program.

1. Help new directors understand their role on the board.
New directors often come in with a background in business or accounting, skills that are useful in a bank boardroom. But business success in one industry may not readily translate to banking, given the unique aspects of its business model, regulations and even vocabulary associated with financial institutions. New directors can access insights on “The Role of the Board” through Bank Director’s Online Training Series.

Banks are uniquely regulated and insured. Directors should be able to appreciate the role they serve in their oversight of the bank, as well as the role regulators have in keeping the bank safe and sound, and ensuring prudent access to credit.

2. Provide an overview of the banking industry.
Directors often aren’t bankers and will need to be acquainted with the business of banking broadly.

With this overview will come the distinctive terms and acronyms that a new director may hear tossed around a boardroom. Boards should either create or provide a glossary with definitions and acronyms of terms, including the principal regulators and common financial metrics.

Click HERE to access Bank Director’s Banking Terms Glossary.

3. Provide an overview of your bank’s business model and strategy.
Directors will need to understand the bank’s products, including how it funds itself, what sort of loans it makes and to whom, as well as other services the bank provides for a fee. They will also need to learn about the bank’s credit culture, capital regime and its approach to risk management, including loan loss reserving.

4. Create a reading list.
There are a number of internal and external resources that new board members can access as they become acclimated to the ins and outs of bank governance. Internally, they should have access to recent examination reports, call reports, and quarterly and annual filings, if they exist. They should also access external resources, like Bank Director’s Online Training Series, the Federal Reserve Bank of Kansas City’s 2016 publication, “Basics for Bank Directors,” and “The Director’s Book,” published by the Officer of the Comptroller of the Currency.

Additionally, they should keep up-to-date with the industry through bank-specific publications, such as Bank Director’s newsletter and magazine.

5. Schedule one-on-one meetings with the management team.
A new board member will need to understand who they are working with and the important roles those individuals play in running a successful bank. Their onboarding should include meetings with the management team, especially the CFO for a discussion about the financial metrics, risk measurement and health of the bank. It may also be prudent to schedule a meeting with other executives who oversee risk management at the bank.

6. Schedule one-on-one meetings with members of the board and key consultants.
New directors should sit down with the heads of board committees to understand the various oversight functions the board fulfills. The bank may also want to reach out to the firms it works with, including its accounting, law and consulting firms, to chat about their roles and relationship with the company.

7. Emphasize continuing education.
Boards should convey to new members that they expect continued education and growth in the role. One way to achieve this is through conference attendance, which can provide intensive and specialized education, as well as a community of directors from banks in other geographic areas that new members can learn from. Direct new board members to events hosted by your state banking association, if available, or sign them up for annual conferences like Bank Director’s Bank Board Training Forum.

Look for conferences that offer information calibrated to a director’s understanding, starting with basic or introductory instruction suited for new directors. The conferences should also facilitate discussion among directors, so that they can learn from each other. As a director grows in the role, the board can seek out more specialized training.

Successful onboarding should help new directors acclimate to the world of banking and become a productive member of the board. Boards should expect their directors to become comfortable enough that they go beyond thoughtful listening and ask intelligent questions that reinforce the bank’s strategy and its risk management.

The Strategic Side of Cybersecurity Governance


cybersecurity-8-7-19.pngWithout a comprehensive cyber risk governance strategy, banks risk playing Whac-A-Mole with their cybersecurity.

Most financial institutions’ cybersecurity programs are tactical or project-oriented, addressing one-off situations and putting out fires as they arise. This piecemeal approach to cybersecurity is inefficient and increasingly risky, given the growing number of new compliance requirements and privacy and security laws. Institutions are recognizing that everyone in the C-suite should be thinking about the need for a cyber risk governance strategy.

There are three key advantages to having a cyber risk governance strategy:

  • Effectively managing the audit and security budget: Organizations that address current risks can more effectively prepare for cybersecurity threats, while meeting and achieving consistent audit results. A thorough risk assessment can highlight real threats and identify controls to evaluate on an ongoing basis through regular review or testing.
  • Reducing legal exposure: Companies and their officers can reduce the potential for civil and criminal liability by getting in front of cybersecurity and demonstrating how the institution is managing its risk effectively.
  • Getting in front of cybersecurity at an organizational level: Strategic planning is an important shift of responsibility for management teams. It proactively undertakes initiatives because it’s the right thing to do, versus an auditor instructing a company to do them.

So what’s required to set up a cyber risk governance strategy? Most organizations have talented individuals, but not necessarily personnel that is focused on security. Compounding the industry shortage of cybersecurity professionals, banks may also lack the resources necessary to do a risk assessment and ensure security practices are aligned to the cyber risk governance. As a result, banks frequently bring in vendors to help. If that’s the case, they should undertake a cyber risk strategy assessment with the help of their vendor.

Bank boards can perform a cyber risk governance strategy assessment in three phases:

  1. An assessment of the current cyber risk governance strategy. In phase one, a vendor’s team will review a bank’s current organizational and governance structure for managing information security risk. They’ll also review the information technology strategic plan and cybersecurity program to understand how the bank implements information security policies, standards and procedures. This provides a baseline of the people and processes surrounding the organization’s cyber risk governance and information security risk tolerance.
  2. Understand the institution’s cyber risk footprint. Here, a vendor will review the technology footprint of customers, employees and vendors. They’ll look at internal and external data sources, the egress and ingress flow of data, the data flow mapping, the technology supporting data transport and the technology used for servicing clients, employees, and the third parties who support strategic initiatives.
  3. Align information security resources to cyber governance goals. In phase three, a vendor will help the bank’s board and executives understand how its people, process and technology are aligned to achieve the company’s institution’s cyber governance goals. They’ll review the bank’s core operations and document the roles, processes and technology surrounding information security. They’ll also review the alignment of operational activities that support the bank’s information security strategic goals, and document effective and ineffective operational activities supporting the board’s cyber governance goals.

Once the assessment is complete, a bank will have the foundation needed to follow up with an operational analysis, tactical plan and strategic roadmap. With the roadmap in place, a bank can craft a cyber risk strategy that aligns with its policies, as well as an information security program that addresses the actual risks that the organization faces. Instead of just checking the boxes of required audits, bank boards can approach the assessments strategically, dictating the schedule while feeling confident that its cyber risks are being addressed.

Board Compensation, Diversity Under Scrutiny


diversity-7-17-19.pngSimilar to trends in other industries, banks have been simplifying their director pay programs. Slightly more than half of publicly traded banks with $1 billion to $10 billion in assets increased cash retainers instead of offering board meeting fees. Board meeting fees are the easiest to simplify, given the generally consistent number of meetings and their applicability to all board members. Retainers are also the most common way to recognize committee chairs for their roles and compensate committee members.

Annual equity grants are also a core element of board member pay at public banks, while stock option grants remain a minority practice. Restricted stock is the most common form of equity.

The amount of time for directors’ equity awards to vest is also shortening. Of the banks we reviewed with $1 billion to $10 billion in assets, 73 percent of those using full-value awards were granted either fully vested or with a one-year vesting requirement.

This shortened vesting period for director awards parallels the declassification of board structure and use of one-year terms. Banks do not want to incentivize directors that would have otherwise resigned or not stood for reelection to remain on the board so their equity awards can vest.

Most public banks have share ownership guidelines, which often require that directors own three to five times the annual cash retainer. Most guidelines build in a fixed amount of time for directors to reach the guideline, like five years. Another recent trend is a stock ownership requirement, which requires directors to hold a certain percentage of vested shares until they reach the guideline and kicks in if they fall below the threshold.

Scrutiny and Oversight
Director compensation has been in the spotlight because of recent litigation and increased focus from proxy advisory firms.

Institutional Shareholder Services (ISS) announced it will target board members who are responsible for setting director pay when levels are “excessive,” with adverse vote recommendations issued as early as 2020 where director or board chair pay is in the top 2 percent to 3 percent of a defined comparison group. This will not be an issue for most banks that pay within a reasonable range around market, but banks should be aware of this change. As a result, the industry is likely to see enhanced proxy disclosures that includes the board compensation philosophy, additional responsibilities of chair roles and communication of independent compensation reviews.

Delaware courts have recently issued a series of decisions limiting the extent that the business judgment rule protects directors when determining their own compensation. As a result, companies are being more thoughtful in establishing total limits on director compensation, establishing appropriate stock ownership guidelines and holding requirements, and closely reviewing the competitiveness of pay levels and structure. We recommend companies check their plans to ensure appropriate caps are in place.

Diversity Focus
Large institutional investors, proxy advisory firms and legislators are putting significant focus on board diversity. BlackRock’s most recent proxy voting guidelines encouraged companies to have “at least two women directors” on their board. Vanguard noted that board diversity is “an economic imperative, not an ideological choice” in a 2017 open letter to public company directors.

Beginning in 2020, State Street Global Advisors, the asset management business of State Street Corp., will vote against the slate of directors on a company’s nominating committee if that company’s board does not include any women directors, and the company has not engaged in successful dialogue with the asset manager regarding board gender diversity for three consecutive years.

Proxy advisory firms will generally recommend voting against a company’s nominating committee chair if a board includes no women; Glass Lewis started in 2019, with ISS joining in 2020.

Outside of corporations, two states are looking into gender diversity mandates. California enacted legislation that imposes gender quotas on public companies headquartered in the state; New Jersey has proposed a nearly identical law.

We expect these issues to be top of mind for the boards of many banks in the coming 12 to 24 months, along with other concerns such as director tenure, retirement age and engagement. Banks should evaluate their programs and board composition in light of these hot topics.

Community Bank Succession Planning in Seven Steps


succession-6-25-19.pngSuccession planning is vital to a bank’s independence and continued success, but too many banks lack a realistic plan, or one at all.

Banks without a succession plan place themselves in a precarious, uncertain position. Succession plans give banks a chance to assess what skills and competencies future executives will need as banking evolves, and cultivate and identify those individuals. But many banks and their boards struggle to prepare for this pivotal moment in their growth. Succession planning for the CEO or executives was in the top three compensation challenges for respondents to Bank Director’s 2018 Compensation Survey.

The lack of planning comes even as regulators increasing treat this as an expectation. This all-important role is owned by a bank’s board, who must create, execute and update the plan. But directors may struggle with how to start a conversation with senior management, while executives may be preoccupied with running the daily operations of the bank and forget to think for the future of the bank without them. Without strong board direction and annual check-ins, miscommunications about expected retirement can occur.

Chartwell has broken down the process into seven steps that can help your bank’s board craft a succession plan that positions your institution for future growth. All you have to do is start.

Step 1: Begin Planning
When it comes to planning, there is no such thing as “too early.” Take care during this time to lay down the ground work for how communication throughout the process will work, which will help everything flow smoothly. Lack of communication can lead to organizational disruption.

Step 2: The Emergency Plan
A bank must be prepared if the unexpected occurs. It is essential that the board designates a person ahead of time to take over whatever position has been vacated. The emergency candidate should be prepared to take over for a 90-day period, which allows the board or management team time to institute short- and long-term plans.

Step 3: The Short-Term Plan
A bank should have a designated interim successor who stays in the deserted role until it has been satisfactorily filled. This ensures the bank can operate effectively and without interruption. Often, the interim successor becomes the permanent successor.

Step 4: Identify Internal Candidates
Internal candidates are often the best choice to take over an executive role at a community bank, given their understanding of the culture and the opportunity to prepare them for the role, which can smooth the transition. It is recommended that the bank develop a handful of potential internal candidates to ensure that at least one will be qualified and prepared to take over when the time comes. Boards should be aware that problems can sometimes arise from having limited options, as well as superfluous reasons for appointments, such as loyalty, that have no bearing on the ability to do the job.

Step 5: Consider External Candidates
It is always prudent for boards to consider external candidates during a CEO search. While an outsider might create organization disruption, he or she brings a fresh perspective and could be a better decision to spur changes in legacy organizations.

Step 6: Put the Plan into Motion
The board of directors is responsible for replacing the CEO, but replacing other executives is the CEO’s job. It is helpful to bring in a third-party advisory firm to get an objective perspective and leverage their expertise in succession and search. When the executive’s transition is planned, it can be helpful to have that person provide his or her perspective to the board. This gives the board or the CEO insight into what skills and traits they should look for. Beyond this, the outgoing executive should not be involved in the search for their successor.

Step 7: Completion
Once the new executive is installed, it is vital to help him or her get situated and set up for success through a well-planned onboarding program. This is also the time to recalibrate the succession plan, because it is never too early to start planning.

Weighing the Value of a Bank Holding Company


governance-6-24-19.pngIn May, Northeast Bank became the fourth banking organization in two years to eliminate its holding company. Northeast joins Zions Bancorporation, N.A., BancorpSouth Bank and Bank OZK in forgoing their holding companies.

All of the restructurings were motivated in part by improved efficiencies that eliminated redundant corporate infrastructure and activities. The moves also removed a second level of supervision by the Federal Reserve Board. Bank specific reasons may also drive the decision to eliminate a holding company.

Zions successfully petitioned to be de-designated as a systemically important financial institution in connection with its holding company elimination. In its announcement, Northeast replaced commitments it made to the Fed with policies and procedures relating to its capital levels and loan composition that should allow for more loan growth in the long run.

Banks are weighing the role their holding companies play in daily operations. Some maintain the structure in order to engage in activities that are not permissible at the bank level. Others may not have considered the issue. Now may be a good time to ask: Is the holding company worth it?

Defined Corporate Governance
Holding companies are typically organized as business corporations under state corporate law, which often provides more clarity than banking law for matters such as indemnification, anti-takeover protections and shareholder rights.

Transaction Flexibility
Holding companies provide flexibility in structuring strategic transactions because they can operate acquired banks as separate subsidiaries. This setup might be desirable for potential partners because it keeps the target’s legal and corporate identity, board and management structure. But even without a holding company, banks can still preserve the identity of a strategic partner by operating it as a division of the surviving bank.

Additional Governance Requirements
A holding company’s status as a separate legal entity subjects it to additional corporate governance and recordkeeping requirements. A holding company must hold separate board of directors and committee meetings with separate minutes, enter into expense-sharing and tax-sharing agreements with its bank subsidiary and observe other corporate formalities to maintain separate corporate identities. In addition, the relationship between the holding company and its subsidiary bank is subject to Section 23A and Section 23B of the Federal Reserve Act, an additional regulatory compliance burden.

Additional Regulatory Oversight
Holding companies are also subject to the Fed’s supervision, examination and reporting requirements, which carry additional compliance costs and consume significant management attention. The Fed also expects bank holding companies to serve as a source of financial strength to their subsidiary banks, an expectation that was formalized in the Dodd-Frank Act.

Diminished Capital Advantages
Historically, holding companies could issue Tier 1 capital instruments that were not feasible or permissible for their bank subsidiaries, such as trust preferred securities and cumulative perpetual preferred stock. They also enjoyed additional flexibility to redeem capital, an advantage that has largely been eliminated by the Basel III rulemaking and Fed supervisory requirements. A holding company with existing grandfathered trust preferred securities or with registered DRIPs may find them useful capital management tools. Holding companies with less than $3 billion in consolidated assets that qualify under the Small Bank Holding Company and Savings and Loan Holding Company Policy Statement are not subject to the Fed’s risk-based capital rules. These companies are permitted to have higher levels of debt than other holding companies and banks.

Broader Activities, Investments
Bank holding companies, especially those that elect to be financial holding companies, can engage in non-banking activities and activities that are financial in nature through non-bank subsidiaries that are bank affiliates. In some cases, these activities may not be bank permissible, such as insurance underwriting and merchant banking. The Fed also has authority to approve additional activities that are financial in nature or incidental or complementary to a financial activity on a case-by-case basis.

Bank holding companies can also make passive, non-controlling minority investments that do not exceed 5 percent of any class of voting securities in any company, regardless of that company’s activities. By comparison, banks are limited to making investments in companies that are engaged solely in bank-permissible activities or must rely on authorities such as community development or public welfare authority to make investments. Banks may also have limited leeway authority to invest in specific securities or types of securities designated under the applicable state banking law or by the applicable state banking regulator.

Banks that are not interested in activities or investment opportunities available to holding companies may be less concerned about eliminating the structure. But an organization that engages in activities at the holding company level that are not permissible for banks or that desires to maintain its grandfathered rights as a unitary savings and loan holding company may not wish to eliminate its holding company.

Operating without a holding company would result in more streamlined regulatory oversight, corporate governance and recordkeeping processes. But a holding company provides the flexibility to engage in activities, to make investments and to create structures that a bank may not. Bank boards should weigh these costs and benefits carefully against their strategic and capital management plans.