Will More Banks Form this Uncommon Board Committee?


committee-2-22-19.pngIt wasn’t in response to a cybersecurity event or a nudge from regulators that prompted Huntington Bancshares’ board to create a Significant Events Committee in early 2018.

Instead, says Dave Porteous, lead director at the $108 billion bank based in Columbus, Ohio, it was old-fashioned governance principles that drove Huntington’s board to establish the ad hoc committee responsible for responding to the biggest risk faced by banks today: cybersecurity threats.

“Particularly over the last 10 years, the world is changing so quickly it has really become incumbent upon all boards, in my view, to continually be evaluating their governance structure and whether or not they need to make adjustments … to how the world is changing,” Porteous says.

Ask any bank executive or director right now to name the things that cause them to lose sleep at night and cybersecurity will almost invariably be at the top of the list.

Millions of personal records have already been compromised globally, and it can cost even a small bank millions of dollars to rectify a single cyber event. Yet, while it is a common topic in boardrooms, it hasn’t yielded widespread governance restructuring at banks across the United States.

Bank Director’s 2018 Technology Survey found that 93 percent of the 161 chief bank executives, senior technology officers and directors said cybersecurity is an issue of focus by their board.

But a 2018 analysis by Harvard Law School found that just 7 percent of all S&P 500 companies have separate technology committees, though 29 percent of large public bank holding companies above $10 billion in assets have set up just such a thing. This is significant because, as the study noted, cybersecurity is often the responsibility of the technology committee.

Significant events have over time produced mandated changes in corporate structure, like the requirement in Dodd-Frank requiring banks above $10 billion in assets to have a separate risk committee, or the requirement in Sarbanes-Oxley that an audit committee oversee a bank’s independent auditor.

But Porteous argues that banks should not wait for changes in the law to force them into structural changes. The changes should emerge instead from ongoing conversations at institutions about new trends and threats.

“To me the critical thing is constantly be assessing and challenging yourself as a board on the way in which you govern and not to be afraid to make adjustments,” Porteous says. “In other words, create committees to address the current or upcoming issues that enhance the focus (of the board).”

For Huntington, the establishment of the Significant Events Committee was years in the making, but finally came after the board realized it was having similar discussions about the same topic at the board level and in separate committees.

It was a natural thing for us to take these discussions we were having, both at the board meeting and various committee-level meetings, and then decide that we were spending a significant amount of time in those discussions that it was going to be critically important,” Porteous says.

When formed, the committee included Huntington CEO Stephen Steinour, who chaired the committee; the lead director; the chairs of the technology, risk and audit committees and the “lead cyber director,” the 2018 company proxy said. The committee has since been folded into the broader Technology Committee because of overlapping skill sets, Porteous says, but the bank can reestablish it or other ad hoc committees as necessary.

One such committee was Huntington’s Integration Committee, created when the bank acquired FirstMerit Corp. in 2016. The committee met three times in 2017 after the acquisition and was later dissolved.

But it’s not just cybersecurity or M&A that should qualify as a significant event worthy of a board’s attention. Recurring natural disasters, for instance, including hurricanes in the Southeast and wildfires in the West are examples that might merit a similar response.

Whatever the issue, Porteous suggests boards continually assess their governance structure through annual board-level assessments or just paying attention to what’s in the newspaper every day.

“It’s critical to make those adjustments or adapt to the changing world,” Porteous says.

Hiring a Chief Technology Officer



Bob DiCosola, executive vice president of Old Second Bancorp, a $2.2 billion asset holding company in Aurora, Illinois, talks with Bank Director digital magazine Editor Naomi Snyder about hiring a chief technology officer with a business background and what the bank will need going forward.

DiCosola briefly touches on the following:

  • What types of information technology people the bank needs
  • Using an in-house advisory team of millennials
  • The bank’s new IT business plan

This video first published in Bank Director digital magazine’s Tech Issue in December.

Three Things Bank Boards Can Do to Improve the Use of Technology


2-26-14-emily-tech.pngThere is little doubt that technology is rapidly changing lifestyles, not to mention banking. More than half of all Americans owned a smartphone in 2013, up from 35 percent just two years prior, according to the Pew Research Center.

Jack Schultz, chairman at Effingham, Illinois-based Midland States Bancorp, which has $1.7 billion in assets, says his bank’s board and management keep an eye on the competition from both inside and outside the banking industry, and then rapidly adapt. He uses mobile banking as an example. “It’s a much quicker game than what it was 5 or 10 years ago,” he says.

Technology moves at a rapid pace, and much of that change could result in better service to potential and current clients, all while making the institution more efficient. Here are some items that bank boards can consider to avoid becoming irrelevant.

  1. Add a board member with expertise in technology or innovation.
    “Because of the way that the industry is changing so quickly, I think that having people who have a background in technology and innovation is a strong attribute for the board,” says Schultz. Not only do these board members need to understand what technology will be important to customers, but they also need to understand the impact of cyber security risk on the institution and, due to the reliance of many small institutions on third-party technology, how to oversee vendor management. “Every single bank is a consumer of technology,” says Ryan Gilbert, himself a technology expert and director at Sacramento-based River City Bank. Gilbert is chief executive officer of BetterFinance Inc. (formerly known as BillFloat), a financial technology company which helps consumers manage their bills and provides small loans to consumers and small businesses through lenders. While many banks have lawyers, real estate professionals and doctors with expertise in areas like business development or compliance, many board members do not fully understand the technology the bank relies on. “There is a significant knowledge gap that’s out there,” Gilbert says.

    But finding these directors can be a challenge. “Most people like me don’t want to be on bank boards,” Gilbert says. Aside from the liability posed by serving on a bank board, he says that the difference between the banking industry, focused on safety and soundness, and the technology sector, focused on innovative problem-solving, can result in a culture clash. “Working with banks as a financial innovator is super difficult,” he says. “Banks and regulators put the ‘no’ into innovation.”

  2. Add a technology committee to the board.
    “I think all boards should have an IT [information technology] committee” focusing on the bank’s technology needs, including external vendors, says Gilbert. Technology is a significant part of the bank’s budget, with industry spending in the U.S. expected to increase by almost 10 percent by 2015, according to research and consulting firm Celent. More than half of spending was allocated to external services and software in 2013, and Celent expects the industry’s reliance on vendors to increase.

    “Unfortunately many banks, or bankers, do not get very involved in IT matters, and prefer to either outsource or really not lend too much attention to these issues,” says Agustin Abalo, who uses his expertise as a former chief information officer at Banco Santander International, a subsidiary of Spanish global bank Banco Santander, to chair the IT committee of BAC Florida Bank, a $1.3 billion-asset institution headquartered in Coral Gables, Florida. This board-level committee is composed of three independent directors and several officers, including the bank’s president, chief risk officer, chief operating officer and chief information officer. Abalo says that just like other committees focus on relevant risks, like large loans, IT committees can help tackle the growing issue of cyber-crime. He recommends that the IT committee keep the board informed about the bank’s technology needs and related budget requirements.

  3. Focus on technology that improves the user experience and makes the bank more efficient.
    “Usability, which is a massive focus for [financial technology] companies and Internet start-ups, really hasn’t been a focus in banking,” says Gilbert, making it critical for boards that want to set the institution apart to ensure that the customer experience—both in person and online—is positive.

    Mobile banking continues to have a big impact on the industry, and when done right, can result in satisfied customers and a more efficient institution. “Access and convenience are key to the customer,” says Dustin Luton, chief executive officer at Covina, California-based Simplicity Bank, a savings bank with $867 million in assets. “They want things on their own timeline.” If more tasks, like cancelling a debit card or stopping payment on a check, can be done through mobile or online banking, it’s convenient for customers. It can also allow branch and call center staff to better focus on customers that need more assistance or want more products and services from the bank. “These little things will make the difference in the long run from a customer perspective, all these little things that [customers] just don’t really think about,” says Luton.