In my view, a takeaway from the turmoil earlier this year is that bank supervisors should focus more on core risks to safety and soundness, and relatively less on process-related governance.
I agree that sound corporate governance and appropriate controls are important for any bank of any size, and the proposal includes a number of sound practices for large and midsize banks, but I am skeptical that many of the provisions should rise to the level of enforceable safety and soundness standards, and I think we should be mindful that one-size-fits-all “best practices” are rarely actually the best practices for the unique situation and circumstances of any particular institution.1
For example, the proposal would require a bank’s leadership to “set an appropriate tone,” “develop a written strategic plan,” “articulate an overall mission statement,” establish a “written code of ethics,” conduct an “annual self-assessment,” and have a “comprehensive written statement” based on its risk profile that should “describe a safe and sound risk culture.” While I appreciate the spirit behind these expectations, I am skeptical that violating any of these requirements should by themselves constitute violations of our safety and soundness standards, and I think our examiners should focus more on banks’ core financial condition rather than micromanaging these types of processes.2
The section of the Guidelines related to board composition includes provisions related to diversity and board independence but nothing related to relevant professional experience or qualifications of board members. While I appreciate that there can be value in having a range of experiences and perspectives represented on a bank’s board, I am skeptical that a board can satisfy the standards set forth in the Guidelines unless it includes members that have in-depth knowledge of banking.3 I think the Guidelines should be realistic in their expectations of individual board members, given that some may not have any background in banking or finance, and, to the extent the FDIC feels expectations related to Board composition are warranted, I think our focus should start with relevant experience and qualifications.4
Relatedly, the proposal would require that all board members “confirm that the covered institution operates … in compliance with all laws and regulations” and that institutions identify and report in writing all violations of law or regulations, among other similar expectations. While institutions certainly should act in compliance with the law, these expectations underestimate both the massive complexity of the legal and regulatory world in which banks operate5 and the challenges associated with knowing with certainty what is or is not a violation of certain laws and regulations.6
I do not support the proposal, but I appreciate the staff’s work and look forward to reviewing comments.
- 1
On a related note, the FDIC has on numerous occasions over the years resisted when its Inspector General recommended that the FDIC strictly adhere to corporate governance or general government best practices. See, e.g., FDIC Office of Inspector General, The FDIC’s Implementation of Enterprise Risk Management (July 2020).
- 2
Perhaps Silicon Valley Bank is an instructive example. See , e.g., Office of Inspector General for the Board of Governors of the Federal Reserve System and Consumer Financial Protection Bureau, Material Loss Review of Silicon Valley Bank, p. 43 (September 25, 2023) (“We believe that [the supervisory team] did not sufficiently act to mitigate the risks from interest rate changes because it was focused on risk management and associated processes. Interviewees noted that while the [supervisory] team was focused on SVB’s risk management and associated processes, it did not pay close attention to changes in the financial condition of the institution. . . . A Board official noted that [supervisors were] highlighting risk management deficiencies when more serious problems were emerging and that [supervisors] missed the deficiencies in the bank’s financial condition.”).
- 3
For example, under the Guidelines, every bank board member would have “a duty to safeguard, through the lawful, informed, efficient, and able administration of the covered institution, the interests of the covered institution and to oversee and confirm that the covered institution operates in a safe and sound manner, in compliance with all laws and regulations.”
- 4
Perhaps, again, Silicon Valley Bank is an instructive example. See, e.g., Material Loss Review of Silicon Valley Bank, supra note 2, at p. 14 (September 25, 2023) (“[B]oard of directors’ committees did not sufficiently challenge management on the design and content of the risk information presented to directors. Examiners noted that members of SVB’s board of directors lacked relevant large financial institution risk management experience, which hindered its ability to provide effective oversight.”).
- 5
Fully understanding just the FDIC’s July-to-October 2023 regulatory agenda alone would be a full-time job for a bank board member.
- 6
See, e.g., Federal Deposit Insurance Corporation, Supervisory Guidance on Multiple Re-Presentment NSF Fees (August 2022).