Evolving Banking Regulation: Governance – from expectations to delivery
Analysis of the financial crisis revealed poor quality decision-making and poor quality oversight of risk by many bank Boards. The governance of many banks was at best fractured, at worst broken. Facing commercial, shareholder and regulatory pressures to improve their governance, most banks recognize the commercial advantages of good governance including:
- Improved strategic and day-to-day decision-making and risk management.
- Supporting senior management in executing their responsibilities.
- Supporting the implementation of an unprecedented level of strategic change in response to competition, technology, data, structure and regulation.
Defining Good Governance
Meanwhile, standard setters have begun to define what good governance looks like, with a particular focus on the role of the Board and on risk governance. For example, international standard-setters and national authorities have strengthened their rules and guidance on governance; and supervisors have increased the intensity and widened the scope of their interactions with banks Boards and senior management. The process for changing board governance began with remuneration, reflecting the initial post-financial focus of the G20 and national politicians. Regulatory and supervisory attention was then extended to improving the functioning of some long-standing areas of governance where banks had less focus ahead of the financial crisis. These include the separation of the roles of the Chair of the Board and the CEO; the knowledge, experience, expertise, independence and time commitment of the non-executive directors, and the extent of the challenge they provide; and various specific aspects of risk governance.
Most recently, the focus has widened to the role of Boards in establishing, communicating and assessing the culture, value and behaviors of the bank; the assessment (by banks and their supervisors) of the suitability of Board members and senior management; and holding senior management personally accountable for their bank meeting regulatory requirements and expectations.
The regulatory consequences of poor governance in banks have become clearer. Supervisors have become increasingly active and tougher in directing banks to improve their governance; in assessing the suitability of new senior managers and Board members; in making more use of Pillar 2 capital add-ons in response to poor governance and controls; and in taking disciplinary action – against banks and where possible against individuals – when serious problems emerge. There is less solid evidence of investor pressure being brought to bear on banks.
Banks have improved their governance, in part in response to these commercial, regulatory and supervisory pressures. At Board level, we observe more attention being focused on understanding risk, on setting risk appetite, and on controlling, measuring, monitoring and reporting risk. This includes a reinforcement of the Board with non-executive directors who bring a deeper experience and expertise of banking and risk management; a more active role for the Board Risk Committee; a closer consideration of risk maps and risk related management information; and establishing and elevating the role of the CRO in discussing risk with the Board Risk Committee and/or the Board itself. However, further progress in some key areas of governance is needed:
- clarifying who owns corporate governance issues in a bank
- demonstrating that an effective risk governance framework is in place and is operating as intended, and that the bank is capable of being governed effectively
- finding sufficient qualified, experienced and fully independent Board members, especially in countries with smaller talent pools
- reaching a sufficiently advanced Board level understanding of risk
- defining a risk appetite for difficult to quantify risks, setting risk limits across business units and entities, strategic planning and execution, and embedding risk appetite within a wider risk culture
- ensuring that desired culture and values are not only stated but are firmly embedded throughout the bank and reinforced through recruitment, remuneration and promotion decisions
- establishing clear personal responsibilities for the senior management team, individually and collectively, and enforcing accountability for these responsibilities
- introducing data aggregation and reporting procedures that are capable of supporting accurate regulatory reporting, good risk management and effective Board oversight (as discussed in Evolving Banking Regulation Part Three)
- making the CRO role fully effective in reaching a full group-wide, forward- looking and strategic view of risk, and using this to add value to both Board oversight and the risk management function
- identifying and controlling conduct risk (in both retail and wholesale markets).
To make further progress, banks may find it useful to:
- undertake a self-assessment against regulatory core standards and principles, together with the expectations of other stakeholders – one key question for banks here is how they can demonstrate that they are meeting (or where necessary are taking action to enable them to meet) regulatory requirements and other expectations, and in doing so are delivering the real substance and spirit of good governance, not just the form and the letter
- clarify how improved governance will be measured from a commercial perspective
- seek independent assurance of progress made and the gaps still to be addressed, from some combination of internal audit, third party reviews and Board effectiveness reviews.