Best Practices for Onboarding New Directors


governance-9-12-19.pngJoining a bank board can be a bewildering experience for some new directors. There’s a lot to learn, including new, confusing abbreviations and financial metrics specific to the banking industry. But with the right approach, bank boards and nominating/governance committees can make the experience easier.

Onboarding new directors and more quickly acclimating them to the world of depository institutions is essential to ensuring banks have a functioning board that is prepared to navigate an increasingly changing and complex environment. It can also reduce potential liability for the bank by ensuring its members are educated and knowledgeable, and that no one personality or viewpoint dominates the boardroom.

Banking differs from other industries because of its business model, funding base, regulatory oversights and jargon. Directors without existing knowledge of the industry may need one to two years before becoming fully contributing members who can understand the most important issues facing the bank, as well as the common parlance.

Proactive boards leverage the chairperson to create an onboarding process that is comprehensive without being overwhelming, and tailor it to suit their institution’s particular needs, as well as the skill sets of newly recruited board members. The chair can work with members of the nominating/governance committee and executives like the chief financial officer to create a specific onboarding program and identify what pertinent information will best serve their new colleague.

Bank Director has compiled the following checklist to help strengthen your bank’s onboarding program.

1. Help new directors understand their role on the board.
New directors often come in with a background in business or accounting, skills that are useful in a bank boardroom. But business success in one industry may not readily translate to banking, given the unique aspects of its business model, regulations and even vocabulary associated with financial institutions. New directors can access insights on “The Role of the Board” through Bank Director’s Online Training Series.

Banks are uniquely regulated and insured. Directors should be able to appreciate the role they serve in their oversight of the bank, as well as the role regulators have in keeping the bank safe and sound, and ensuring prudent access to credit.

2. Provide an overview of the banking industry.
Directors often aren’t bankers and will need to be acquainted with the business of banking broadly.

With this overview will come the distinctive terms and acronyms that a new director may hear tossed around a boardroom. Boards should either create or provide a glossary with definitions and acronyms of terms, including the principal regulators and common financial metrics.

Click HERE to access Bank Director’s Banking Terms Glossary.

3. Provide an overview of your bank’s business model and strategy.
Directors will need to understand the bank’s products, including how it funds itself, what sort of loans it makes and to whom, as well as other services the bank provides for a fee. They will also need to learn about the bank’s credit culture, capital regime and its approach to risk management, including loan loss reserving.

4. Create a reading list.
There are a number of internal and external resources that new board members can access as they become acclimated to the ins and outs of bank governance. Internally, they should have access to recent examination reports, call reports, and quarterly and annual filings, if they exist. They should also access external resources, like Bank Director’s Online Training Series, the Federal Reserve Bank of Kansas City’s 2016 publication, “Basics for Bank Directors,” and “The Director’s Book,” published by the Officer of the Comptroller of the Currency.

Additionally, they should keep up-to-date with the industry through bank-specific publications, such as Bank Director’s newsletter and magazine.

5. Schedule one-on-one meetings with the management team.
A new board member will need to understand who they are working with and the important roles those individuals play in running a successful bank. Their onboarding should include meetings with the management team, especially the CFO for a discussion about the financial metrics, risk measurement and health of the bank. It may also be prudent to schedule a meeting with other executives who oversee risk management at the bank.

6. Schedule one-on-one meetings with members of the board and key consultants.
New directors should sit down with the heads of board committees to understand the various oversight functions the board fulfills. The bank may also want to reach out to the firms it works with, including its accounting, law and consulting firms, to chat about their roles and relationship with the company.

7. Emphasize continuing education.
Boards should convey to new members that they expect continued education and growth in the role. One way to achieve this is through conference attendance, which can provide intensive and specialized education, as well as a community of directors from banks in other geographic areas that new members can learn from. Direct new board members to events hosted by your state banking association, if available, or sign them up for annual conferences like Bank Director’s Bank Board Training Forum.

Look for conferences that offer information calibrated to a director’s understanding, starting with basic or introductory instruction suited for new directors. The conferences should also facilitate discussion among directors, so that they can learn from each other. As a director grows in the role, the board can seek out more specialized training.

Successful onboarding should help new directors acclimate to the world of banking and become a productive member of the board. Boards should expect their directors to become comfortable enough that they go beyond thoughtful listening and ask intelligent questions that reinforce the bank’s strategy and its risk management.

The Strategic Side of Cybersecurity Governance


cybersecurity-8-7-19.pngWithout a comprehensive cyber risk governance strategy, banks risk playing Whac-A-Mole with their cybersecurity.

Most financial institutions’ cybersecurity programs are tactical or project-oriented, addressing one-off situations and putting out fires as they arise. This piecemeal approach to cybersecurity is inefficient and increasingly risky, given the growing number of new compliance requirements and privacy and security laws. Institutions are recognizing that everyone in the C-suite should be thinking about the need for a cyber risk governance strategy.

There are three key advantages to having a cyber risk governance strategy:

  • Effectively managing the audit and security budget: Organizations that address current risks can more effectively prepare for cybersecurity threats, while meeting and achieving consistent audit results. A thorough risk assessment can highlight real threats and identify controls to evaluate on an ongoing basis through regular review or testing.
  • Reducing legal exposure: Companies and their officers can reduce the potential for civil and criminal liability by getting in front of cybersecurity and demonstrating how the institution is managing its risk effectively.
  • Getting in front of cybersecurity at an organizational level: Strategic planning is an important shift of responsibility for management teams. It proactively undertakes initiatives because it’s the right thing to do, versus an auditor instructing a company to do them.

So what’s required to set up a cyber risk governance strategy? Most organizations have talented individuals, but not necessarily personnel that is focused on security. Compounding the industry shortage of cybersecurity professionals, banks may also lack the resources necessary to do a risk assessment and ensure security practices are aligned to the cyber risk governance. As a result, banks frequently bring in vendors to help. If that’s the case, they should undertake a cyber risk strategy assessment with the help of their vendor.

Bank boards can perform a cyber risk governance strategy assessment in three phases:

  1. An assessment of the current cyber risk governance strategy. In phase one, a vendor’s team will review a bank’s current organizational and governance structure for managing information security risk. They’ll also review the information technology strategic plan and cybersecurity program to understand how the bank implements information security policies, standards and procedures. This provides a baseline of the people and processes surrounding the organization’s cyber risk governance and information security risk tolerance.
  2. Understand the institution’s cyber risk footprint. Here, a vendor will review the technology footprint of customers, employees and vendors. They’ll look at internal and external data sources, the egress and ingress flow of data, the data flow mapping, the technology supporting data transport and the technology used for servicing clients, employees, and the third parties who support strategic initiatives.
  3. Align information security resources to cyber governance goals. In phase three, a vendor will help the bank’s board and executives understand how its people, process and technology are aligned to achieve the company’s institution’s cyber governance goals. They’ll review the bank’s core operations and document the roles, processes and technology surrounding information security. They’ll also review the alignment of operational activities that support the bank’s information security strategic goals, and document effective and ineffective operational activities supporting the board’s cyber governance goals.

Once the assessment is complete, a bank will have the foundation needed to follow up with an operational analysis, tactical plan and strategic roadmap. With the roadmap in place, a bank can craft a cyber risk strategy that aligns with its policies, as well as an information security program that addresses the actual risks that the organization faces. Instead of just checking the boxes of required audits, bank boards can approach the assessments strategically, dictating the schedule while feeling confident that its cyber risks are being addressed.

Board Compensation, Diversity Under Scrutiny


diversity-7-17-19.pngSimilar to trends in other industries, banks have been simplifying their director pay programs. Slightly more than half of publicly traded banks with $1 billion to $10 billion in assets increased cash retainers instead of offering board meeting fees. Board meeting fees are the easiest to simplify, given the generally consistent number of meetings and their applicability to all board members. Retainers are also the most common way to recognize committee chairs for their roles and compensate committee members.

Annual equity grants are also a core element of board member pay at public banks, while stock option grants remain a minority practice. Restricted stock is the most common form of equity.

The amount of time for directors’ equity awards to vest is also shortening. Of the banks we reviewed with $1 billion to $10 billion in assets, 73 percent of those using full-value awards were granted either fully vested or with a one-year vesting requirement.

This shortened vesting period for director awards parallels the declassification of board structure and use of one-year terms. Banks do not want to incentivize directors that would have otherwise resigned or not stood for reelection to remain on the board so their equity awards can vest.

Most public banks have share ownership guidelines, which often require that directors own three to five times the annual cash retainer. Most guidelines build in a fixed amount of time for directors to reach the guideline, like five years. Another recent trend is a stock ownership requirement, which requires directors to hold a certain percentage of vested shares until they reach the guideline and kicks in if they fall below the threshold.

Scrutiny and Oversight
Director compensation has been in the spotlight because of recent litigation and increased focus from proxy advisory firms.

Institutional Shareholder Services (ISS) announced it will target board members who are responsible for setting director pay when levels are “excessive,” with adverse vote recommendations issued as early as 2020 where director or board chair pay is in the top 2 percent to 3 percent of a defined comparison group. This will not be an issue for most banks that pay within a reasonable range around market, but banks should be aware of this change. As a result, the industry is likely to see enhanced proxy disclosures that includes the board compensation philosophy, additional responsibilities of chair roles and communication of independent compensation reviews.

Delaware courts have recently issued a series of decisions limiting the extent that the business judgment rule protects directors when determining their own compensation. As a result, companies are being more thoughtful in establishing total limits on director compensation, establishing appropriate stock ownership guidelines and holding requirements, and closely reviewing the competitiveness of pay levels and structure. We recommend companies check their plans to ensure appropriate caps are in place.

Diversity Focus
Large institutional investors, proxy advisory firms and legislators are putting significant focus on board diversity. BlackRock’s most recent proxy voting guidelines encouraged companies to have “at least two women directors” on their board. Vanguard noted that board diversity is “an economic imperative, not an ideological choice” in a 2017 open letter to public company directors.

Beginning in 2020, State Street Global Advisors, the asset management business of State Street Corp., will vote against the slate of directors on a company’s nominating committee if that company’s board does not include any women directors, and the company has not engaged in successful dialogue with the asset manager regarding board gender diversity for three consecutive years.

Proxy advisory firms will generally recommend voting against a company’s nominating committee chair if a board includes no women; Glass Lewis started in 2019, with ISS joining in 2020.

Outside of corporations, two states are looking into gender diversity mandates. California enacted legislation that imposes gender quotas on public companies headquartered in the state; New Jersey has proposed a nearly identical law.

We expect these issues to be top of mind for the boards of many banks in the coming 12 to 24 months, along with other concerns such as director tenure, retirement age and engagement. Banks should evaluate their programs and board composition in light of these hot topics.

Community Bank Succession Planning in Seven Steps


succession-6-25-19.pngSuccession planning is vital to a bank’s independence and continued success, but too many banks lack a realistic plan, or one at all.

Banks without a succession plan place themselves in a precarious, uncertain position. Succession plans give banks a chance to assess what skills and competencies future executives will need as banking evolves, and cultivate and identify those individuals. But many banks and their boards struggle to prepare for this pivotal moment in their growth. Succession planning for the CEO or executives was in the top three compensation challenges for respondents to Bank Director’s 2018 Compensation Survey.

The lack of planning comes even as regulators increasing treat this as an expectation. This all-important role is owned by a bank’s board, who must create, execute and update the plan. But directors may struggle with how to start a conversation with senior management, while executives may be preoccupied with running the daily operations of the bank and forget to think for the future of the bank without them. Without strong board direction and annual check-ins, miscommunications about expected retirement can occur.

Chartwell has broken down the process into seven steps that can help your bank’s board craft a succession plan that positions your institution for future growth. All you have to do is start.

Step 1: Begin Planning
When it comes to planning, there is no such thing as “too early.” Take care during this time to lay down the ground work for how communication throughout the process will work, which will help everything flow smoothly. Lack of communication can lead to organizational disruption.

Step 2: The Emergency Plan
A bank must be prepared if the unexpected occurs. It is essential that the board designates a person ahead of time to take over whatever position has been vacated. The emergency candidate should be prepared to take over for a 90-day period, which allows the board or management team time to institute short- and long-term plans.

Step 3: The Short-Term Plan
A bank should have a designated interim successor who stays in the deserted role until it has been satisfactorily filled. This ensures the bank can operate effectively and without interruption. Often, the interim successor becomes the permanent successor.

Step 4: Identify Internal Candidates
Internal candidates are often the best choice to take over an executive role at a community bank, given their understanding of the culture and the opportunity to prepare them for the role, which can smooth the transition. It is recommended that the bank develop a handful of potential internal candidates to ensure that at least one will be qualified and prepared to take over when the time comes. Boards should be aware that problems can sometimes arise from having limited options, as well as superfluous reasons for appointments, such as loyalty, that have no bearing on the ability to do the job.

Step 5: Consider External Candidates
It is always prudent for boards to consider external candidates during a CEO search. While an outsider might create organization disruption, he or she brings a fresh perspective and could be a better decision to spur changes in legacy organizations.

Step 6: Put the Plan into Motion
The board of directors is responsible for replacing the CEO, but replacing other executives is the CEO’s job. It is helpful to bring in a third-party advisory firm to get an objective perspective and leverage their expertise in succession and search. When the executive’s transition is planned, it can be helpful to have that person provide his or her perspective to the board. This gives the board or the CEO insight into what skills and traits they should look for. Beyond this, the outgoing executive should not be involved in the search for their successor.

Step 7: Completion
Once the new executive is installed, it is vital to help him or her get situated and set up for success through a well-planned onboarding program. This is also the time to recalibrate the succession plan, because it is never too early to start planning.

Weighing the Value of a Bank Holding Company


governance-6-24-19.pngIn May, Northeast Bank became the fourth banking organization in two years to eliminate its holding company. Northeast joins Zions Bancorporation, N.A., BancorpSouth Bank and Bank OZK in forgoing their holding companies.

All of the restructurings were motivated in part by improved efficiencies that eliminated redundant corporate infrastructure and activities. The moves also removed a second level of supervision by the Federal Reserve Board. Bank specific reasons may also drive the decision to eliminate a holding company.

Zions successfully petitioned to be de-designated as a systemically important financial institution in connection with its holding company elimination. In its announcement, Northeast replaced commitments it made to the Fed with policies and procedures relating to its capital levels and loan composition that should allow for more loan growth in the long run.

Banks are weighing the role their holding companies play in daily operations. Some maintain the structure in order to engage in activities that are not permissible at the bank level. Others may not have considered the issue. Now may be a good time to ask: Is the holding company worth it?

Defined Corporate Governance
Holding companies are typically organized as business corporations under state corporate law, which often provides more clarity than banking law for matters such as indemnification, anti-takeover protections and shareholder rights.

Transaction Flexibility
Holding companies provide flexibility in structuring strategic transactions because they can operate acquired banks as separate subsidiaries. This setup might be desirable for potential partners because it keeps the target’s legal and corporate identity, board and management structure. But even without a holding company, banks can still preserve the identity of a strategic partner by operating it as a division of the surviving bank.

Additional Governance Requirements
A holding company’s status as a separate legal entity subjects it to additional corporate governance and recordkeeping requirements. A holding company must hold separate board of directors and committee meetings with separate minutes, enter into expense-sharing and tax-sharing agreements with its bank subsidiary and observe other corporate formalities to maintain separate corporate identities. In addition, the relationship between the holding company and its subsidiary bank is subject to Section 23A and Section 23B of the Federal Reserve Act, an additional regulatory compliance burden.

Additional Regulatory Oversight
Holding companies are also subject to the Fed’s supervision, examination and reporting requirements, which carry additional compliance costs and consume significant management attention. The Fed also expects bank holding companies to serve as a source of financial strength to their subsidiary banks, an expectation that was formalized in the Dodd-Frank Act.

Diminished Capital Advantages
Historically, holding companies could issue Tier 1 capital instruments that were not feasible or permissible for their bank subsidiaries, such as trust preferred securities and cumulative perpetual preferred stock. They also enjoyed additional flexibility to redeem capital, an advantage that has largely been eliminated by the Basel III rulemaking and Fed supervisory requirements. A holding company with existing grandfathered trust preferred securities or with registered DRIPs may find them useful capital management tools. Holding companies with less than $3 billion in consolidated assets that qualify under the Small Bank Holding Company and Savings and Loan Holding Company Policy Statement are not subject to the Fed’s risk-based capital rules. These companies are permitted to have higher levels of debt than other holding companies and banks.

Broader Activities, Investments
Bank holding companies, especially those that elect to be financial holding companies, can engage in non-banking activities and activities that are financial in nature through non-bank subsidiaries that are bank affiliates. In some cases, these activities may not be bank permissible, such as insurance underwriting and merchant banking. The Fed also has authority to approve additional activities that are financial in nature or incidental or complementary to a financial activity on a case-by-case basis.

Bank holding companies can also make passive, non-controlling minority investments that do not exceed 5 percent of any class of voting securities in any company, regardless of that company’s activities. By comparison, banks are limited to making investments in companies that are engaged solely in bank-permissible activities or must rely on authorities such as community development or public welfare authority to make investments. Banks may also have limited leeway authority to invest in specific securities or types of securities designated under the applicable state banking law or by the applicable state banking regulator.

Banks that are not interested in activities or investment opportunities available to holding companies may be less concerned about eliminating the structure. But an organization that engages in activities at the holding company level that are not permissible for banks or that desires to maintain its grandfathered rights as a unitary savings and loan holding company may not wish to eliminate its holding company.

Operating without a holding company would result in more streamlined regulatory oversight, corporate governance and recordkeeping processes. But a holding company provides the flexibility to engage in activities, to make investments and to create structures that a bank may not. Bank boards should weigh these costs and benefits carefully against their strategic and capital management plans.

The Most Effective Bank Directors Share These Two Qualities


director-6-14-19.pngBanks have a slim margin for error.

They typically borrow $10 for every $1 of equity, which can amplify any missteps or oversight. Robust oversight by a board of directors, and in particular the audit and risk committees, is key to the success of any institution.

“At the Federal Reserve Bank of Kansas City, we have consistently found a strong correlation between overall bank health and the level of director engagement,” wrote Kansas City Fed President Esther George in the agency’s governance manual, “Basics for Bank Directors.” “Generally, we have seen that the institutions that are well run and have fewer problems are under the oversight of an engaged and well-informed board of directors.”

This may sound trite, but the strongest bank boards embrace a collective sense of curiosity and cognitive diversity, according to executives and directors at Bank Director’s 2019 Bank Audit & Risk Committees Conference in Chicago.

Balancing revenue generation against risk management requires a bank’s audit and risk committees to invite skepticism, foster intelligent discussion and create a space for constructive disagreements. Institutions also need to remain abreast of emerging risks and changes that impact operations and strategy.

This is why curiosity, in particular, is so important.

“It’s critical for audit committee members to have curiosity and a critical mind,” says Sal Inserra, a partner at Crowe LLP. “You need to ask the tough questions. The worst thing is a silent audit committee meeting. It’s important to be inquisitive and have a sense of curiosity.”

Board members who are intellectually curious can provide credible challenges to management, agrees John Erickson, a director at Bank of Hawaii Corp.

Focusing on intellectual curiosity, as opposed to a set of concrete skills, can also broaden the pool of individuals that are qualified to sit on a bank’s audit and risk committees. These committees have traditionally been the domain of certified public accountants, but a significant portion of audit committee members in attendance at the conference were not CPAs.

Robert Glaser, the audit committee chair at Five Star Bank, sees that diversity of experience as an advantage for banks. He and several others say a diversity of experiences, or cognitive diversity, invites and cultivates diversity of thought. These members should be unafraid to bring their questions and perspectives to meetings.

Having non-CPAs on the audit committee of Pacific Premier Bancorp has helped the firm manage the variety of risks it faces, says Derrick Hong, chief audit executive at Pacific Premier. The audit committee chair is a CPA, but the bank has found it “very helpful” to have non-CPAs on the committee as well, he says.

Audit and risk committee members with diverse experiences can also balance the traditional perspective of the CPA-types.

It’s important [for audit committee members] to have balance. Bean counters don’t know everything,” says Paul Ward, chief risk officer at Community Bank System, who self-identifies as a “bean counter.”

“Some of the best questions I’ve seen [from audit committee members] have come from non-CPAs,” Ward says.

However, banks interested in cultivating intellectual curiosity and cognitive diversity in their audit and risk committees still need to identify board members with an appreciation for financial statements, and the work that goes into crafting them. After all, the audit committee helps protect the financial integrity of a bank through internal controls and reporting, not just reviewing financial statements before they are released.

Executives and board chairs also say that audit and risk committee members need to be dynamic and focus on how changes inside and outside the bank can alter its risk profile. Intellectual curiosity can help banks remain focused on these changes and resist the urge to become complicit.

I’ll be the first to admit that qualities like curiosity and cognitive diversity sound cliché. But just because something sounds cliché, doesn’t mean it isn’t also true.

Two-Thirds of Bank Directors Are Worried About the Same Thing


risk-6-12-19.pngAt around a quarter to seven o’clock on the evening of Saturday, May 11, firefighters showed up at Enloe State Bank in Cooper, Texas, to find a stack of papers on fire on the conference room table.

“We believe it is suspicious,” said the sheriff, “but we don’t have any more information at this point.” Three weeks later, regulators seized the bank “due to insider abuse and fraud by former officers,” according to Texas Banking Commissioner Charles Cooper.

It’s fair to say that Enloe State Bank is an outlier. It was the first bank to fail in a year and a half, in fact. And one can’t help but wonder what would lead someone to set papers ablaze on a conference room table.

Yet, incidents like this are important for bank executives and directors to register, because they underscore the importance of proactive oversight by a bank’s board—especially the audit and risk committees.

“The essence of the audit committee’s responsibilities is protecting the bank,” said Derrick Hong, the chief audit executive at Pacific Premier Bank, at Bank Director’s 2019 Bank Audit & Risk Committees Conference taking place in Chicago this week. “There are so many pitfalls and risks that could potentially take down a bank, so focusing on those things is the key responsibility of the audit committee.”

Admittedly, it seems like an odd time to worry about risk.

Bank capital levels have never been stronger or of higher quality, noted Steven Hovde, chairman and CEO of Hovde Group. Net charge-offs are lower across the industry than they’ve been in decades. And tax reform has catalyzed profitability. Despite narrow lending margins and subpar efficiency, the banking industry is once again earning more than 1 percent on its assets, exceeding the benchmark threshold last year for the first time since the financial crisis.

But it’s in the good times like these that banking’s troubles are sowed.

“You have to be proactive rather than reactive,” said Mike Dempsey, senior manager at Dixon Hughes Goodman LLP. This approach stems from culture, said Dempsey’s co-presenter LeAnne Staalenburg, senior vice president in charge of corporate security and risk at Capital City Bank Group.

“Culture is key,” said Stallenburg. “Having that culture spread throughout the organization is critical to having a successful risk management program.”

To be clear, the biggest threat to banks currently isn’t bad loans. Credit policy isn’t something to ignore, of course, because loan losses will climb when the cycle takes a turn for the worse. But banks have plenty of capital to absorb those losses, and memories of the last crisis are still fresh in many risk managers’ minds.

The biggest threat isn’t related to funding, either. Even though bankers are concerned about large institutions taking deposit market share as interest rates climb, 74 percent of attendees at Bank Director’s Audit & Risk Committees Conference said their institutions either maintained their existing share or gained share as rates inched higher.

Instead, according to conference attendees, the biggest threat is related to technology. When asked which categories of risk they were most concerned about, 69 percent identified cybersecurity as the No. 1 threat.

Vendor relationships only aggravate this concern. As Staalenburg and Dempsey noted in response to an attendee’s question, vendors offer another way for malicious actors to infiltrate a bank.

Even though we are in a golden age of banking, Hovde emphasized, now is not the time for a bank’s board, and particularly its audit and risk committees, to be complacent.

“Generally, we have seen that the institutions that are well run and have fewer problems are under the oversight of an engaged and well-informed board of directors,” wrote Kansas City Federal Reserve President Esther George in the Fed’s governance manual, Basics for Bank Directors. “Conversely, in cases where banks have more severe problems and recurring issues, it is not uncommon to find a disengaged board that may be struggling to understand its role and fulfill its fiduciary responsibilities.”

An Easy Way to Learn More About Banking


governance-5-24-18.pngEvery year when Richard Davis was the chief executive officer of U.S. Bancorp, he would travel to see Warren Buffett in Omaha, Nebraska.

“The meetings were always on the same day and always lasted exactly an hour and 15 minutes,” Davis once told me. “That wasn’t the plan. It just happened that way.”

Even though the meetings went over an hour, however, there were never people in the waiting room annoyed that the conversation went long. The tranquility was refreshing to Davis, who was accustomed to days packed with back-to-back meetings.

Buffett guards his time. He spends 80 percent of his day reading and thinking, he has said.

A student at Columbia University once asked Buffett, the chairman and CEO of Berkshire Hathaway, how to become a great investor. “Read 500 pages like this every day,” Buffett said, holding up a stack of papers. “That’s how knowledge works. It builds up, like compound interest. All of you can do it, but I guarantee not many of you will do it.”

The same is true of banking, I believe.

But where should one start? What are the most important things to read if one wants to learn more about banking?

As someone who has been immersed in banking literature for nearly a decade, I recommend starting with the annual shareholder letters written by a trio of top-performing bankers.

The best known is Jamie Dimon’s annual letter written to the shareholders of JPMorgan Chase & Co.

“Jamie Dimon writes the best annual letter in corporate America,” Buffett said on CNBC in early 2012. “He thinks well. He writes extremely well. And he works a lot on the report—he’s told me that.”

In his letter this year, Dimon talks about JPMorgan’s banking philosophy. He talks about leadership. He talks about the things JPMorgan doesn’t worry about: “While we worry extensively about all of the risks we bear, we essentially do not worry about things like fluctuating markets and short-term economic reports. We simply manage through them.”

And Dimon comments extensively on an array of critical issues facing not just the banking industry, but the broader economy and society: “[I]t is clear that partisan politics is stopping collaborative policy from being implemented, particularly at the federal level. This is not some special economic malaise we are in. This is about our society. We are unwilling to compromise. We are unwilling or unable to create good policy based on deep analytics. And our government is unable to reorganize and keep pace in the new world.”

A second CEO who writes an especially insightful letter is William Demchak at Pittsburgh-based PNC Financial Services Group.

In his latest letter, Demchak delves into PNC’s retail growth strategy, outlining the bank’s expansion into new markets using a combination of physical locations, aggressive marketing and digital delivery channels.

Demchak also discusses the changes underway in banking: “It’s an amazing time in the industry—exciting, if you’ve been preparing for it, and probably terrifying if you haven’t. . . . [I]n some ways, it feels like we’re running through the woods with 5,400 other players and one big bear: retail customers and deposit consolidation. Some will be lost in the chaos; others will fall victim to bad decisions and the realization that they waited too long to start moving toward the future.”

Last but not least is the letter written by Rene Jones at M&T Bank Corp, a regional lender with $120 billion in assets based in Buffalo, New York. Of all the annual messages written by bank CEOs this year, Jones’ does the most to advance the industry’s narrative.

It’s crafted around two arguments, the first of which concerns the growing share of retail deposits held by the nation’s biggest banks. This trend isn’t simply a function of scale and technology, Jones argues. It’s also driven by demographic patterns.

“Historically, deposit growth itself is highly correlated to increased employment, income and population,” Jones writes. “The banks with the most scale have benefited from their outsized presence in the largest U.S. markets, which unlike past recoveries, have experienced a disproportionate share of the nation’s economic growth.”

Jones’ second argument concerns the need to refine the existing regulatory framework: “Regulation, like monetary policy, is a tool whose purpose is simultaneously to promote the economy while protecting those who operate within it. It is a difficult balance—especially so after significant events such as the financial crisis. The practice of implementing and adjusting regulation is both necessary and healthy, because its impacts are felt by communities large and small.”

Jones’ message will resonate with bankers, as M&T has long been an unofficial spokesman for the industry on regulatory matters, giving voice to their frustration with the sharp swing in the regulatory pendulum over the past decade.

In short, all these letters are worth the modest amount of time they take to read. They are three of the leading voices in banking today. There’s a reason someone like Warren Buffett reads what they write.

The Need for Secure Communications in the Boardroom


communication-5-21-19.pngBoards need to keep director communications secure, timely and accurate.

Communication can be a major challenge for busy board directors who need to touch base with their peers regularly, and it can introduce major security risks for the institution.

Boards tend to use different applications or multiple email accounts; the numerous multiple electronic platforms means that directors need to remember multiple user IDs and passwords. Directors sometimes resort to using their personal email accounts out of frustration with other systems or for personal convenience.

Many boards send sensitive internal governance communications through insecure communication channels. The use of personal email for internal board communications is widespread. A report Diligent Corporation conducted with Forrester Consulting discovered that 56 percent of directors use personal email for their board communications. Governance professionals and C-level executives also sometimes use their personal email for governance communications.

This is not a good practice. Cybercrime continues to evolve; attacks are increasingly sophisticated, and they are occurring with increasing frequency. Attacks are also becoming more complex, and recovering from digital breaches may become increasingly difficult.

Hackers specifically target directors, C-level executives and the people who support them in a tactic known as “whaling.” Hackers are keenly aware that boards regularly deal with information that is highly sensitive and confidential. Cyber criminals are likely to target high-profile individuals, threatening them with the release of private information unless they pay a ransom. When directors and other notable individuals use personal email accounts for corporate business, they are prone to falling victim to phishing and malicious cyberattacks that could harm the corporation.

Best practices for corporate governance require directors to communicate in ways that are secure, timely and accurate, and that reflect good governance principles. Encapsulated within the principles of good corporate governance is the need to use the right technology to support these efforts. Specific technology that protects the board’s internal communications can also streamline various processes. However, boards should look for specific tools with features such as remote wiping, given that nearly 30% of directors report losing or misplacing a phone, tablet or computer at some point.

The only way to keep sensitive and confidential information private is to use a secure digital messaging application. Look for applications that can work with existing digital infrastructure but are also secure. Some solutions help augment governance and accountability functions, which can address liability issues that email and other types of communications can sometimes create for board administrators and general counsels.

Probably the most difficult element of using secure communications in the boardroom is actually getting directors to use the technology. Getting board directors to change their habits can be a daunting task and something that can take time. However, with the right support and training, directors will be more willing to make the change.

Directors need to understand the importance of using the right technologies and why their current communication methods open the board up to risk. Assessing the security threat demonstrates to the board that the discussion topics and documents are highly sensitive and cannot risk being leaked. The right communication application should provide control to the administrator, with security being a top feature to ensure directors are protected.

Additionally, getting director buy-in from the start is crucial. It is important that boards realize what could happen if their emails are hacked and why they need to adopt secure communications avenues.

Providing your board of directors with the right reasons for needing secure communications is half the battle. Make sure your bank properly evaluates the various technologies to ensure that they will have the right training to properly leverage the tools.