Tuesday, January 21, 2014

Strong Coffee and Weak Tea

On January 16, 2014, the Office of the Comptroller of the Currency (OCC) released a Notice of Proposed Rulemaking (NPR) to amend the existing 12 CFR 30 - Safety and Soundness Standards by establishing a set of formal safety and soundness standards specifically for the 21 national banks and federal savings associations with total assets greater than $50 billion.  These proposed safety and soundness standards (called Appendix D) are based on the OCC's heightened expectations program implemented for large national banks after the financial crisis.

The heightened expectations program was established to strengthen the governance and risk management practices in the OCC's largest banks.  The heightened expectations are that corporate governance and risk management practices in our nation's largest national banks need to be strong, not merely satisfactory.

The proposed guidelines set forth the minimum standards for the design and implementation of an institution’s risk governance framework and provide minimum standards for oversight of that framework by the board of directors.  The guidelines include provisions regarding:

  • The roles and responsibilities of those organizational units that are fundamental to the design and implementation of the risk governance framework. These units are front line units, independent risk management, and internal audit. Together, these units should establish an appropriate system to manage risk taking.
  • A comprehensive written statement that articulates the bank’s risk appetite, which serves as a basis for the risk governance framework. This statement should include both qualitative components and quantitative limits.
  • Board of directors’ oversight of a bank’s compliance with safe and sound banking practices. The board should ensure that the bank establishes and implements an effective risk governance framework that complies with the guidelines.
  • Active board oversight of a bank’s risk-taking activities. This includes establishing accountability for management’s adherence to the risk governance framework. The board should also evaluate management’s recommendations and decisions by questioning, challenging, and, when necessary, opposing, management proposals that could lead to excessive risk taking or pose a threat to safety and soundness.
  • Composition of the board of directors. A board of directors should have at least two independent members who are not part of the bank’s or the parent company’s management.

The OCC is stepping out in front of the other federal bank regulatory agencies with specific and enforceable safety and soundness guidelines.  You may have a different opinion, but frankly, prior to the OCC's heightened expectations program, governance and risk management guidance from all of the federal bank regulatory agencies read like little sermonettes - long on concepts and generalities, short on specifics and practical application.  This present high level of clear communication and transparency regarding OCC's expectations for large national banks is unique and refreshing among the federal bank regulatory agencies.  No hole cards and no guessing.  

Regarding the proposal... First, you cannot appreciate the sheer ecstasy that comes from finally being able to read a post-financial crisis Notice of Proposed Rulemaking that does not run several hundred pages in length.  This NPR is (only) 79 pages long.

Second, this NPR could as easily have been called the "Banking Consultant Screamingly Delicious Increase in Profits Regulation".  Bank consulting firms have already been engaged in the existing informal heightened expectations initiative, but now I anticipate that the combination of formalizing these safety and soundness standards in the Code of Federal Regulations and waving the stick of legal enforcement will have the boards of large banks further shoring up their fiduciary responsibility bona fides by requesting (and paying for) deeper dives.

The first four major provisions of the proposal (bulleted above) are the strong coffee. Read the details in the NPR and I think you will agree.  These are some meaty governance and risk management requirements that are very challenging to implement in large and complex organizations.

I thought the strong coffee provisions of the NPR were well thought out and organized.  My major concern centers on the approval of the resource budgets for what the NPR calls "independent risk management" and the "internal audit" functions.

While the board approves the appointment, removal, compensation, and salary adjustments for the Chief Audit Executive (CAE) and Chief Risk Executive (CRE), the specific language in the proposed regulation amendment itself is silent as to who is approving their resource budgets.  Resource budgets are a major determinant of the efficacy of these critical control functions.

The Supplementary Information section of the NPR indicates that, for internal audit functions (and CAEs) reporting to the Board's audit committee, the board, the board audit committee, or its chair, would oversee resource budgeting (among other functions).  On the other hand, for the CRE (and the administration of the "indpendent risk management function"), the CEO oversees the resource budgeting.  This disparity should be fixed in order to create equivalency in the checks-and-balances framework for both critical control functions.  The Board of Directors, or committee thereof, ought to approve, the appointment, removal, compensation, salary adjustment, and resource budgets for the CAE and the CRE.  

The weak tea is the fifth major provision of the NPR:  A board of directors should have at least two independent members who are not part of the bank’s or the parent company’s management.

That just doesn't square with a meaningful interpretation of the concept of credible challenge, published corporate governance best practice recommendations, and the elevated post-financial crisis public interest in the operations of these banking giants.  This specific proposal only serves to re-enact Custer's Last Stand at the Little Bighorn, except in the boardrooms of our largest banks, as the two independent directors will be seriously out-gunned by inside board members who run the daily operations of the bank.

Best practice for corporate audit committees, for example, is to have them consist of independent directors.  Two independent directors would not make a credible audit committee in our nation's largest banks.  Banks of this size, and weighing their systemic impact on the national and global economies, should ideally have a majority of directors be independent directors, not a symbolic lonesome twosome.

Hopefully, respected best practice organizations like the American Association of Bank Directors , the National Association of Corporate Directors, and the Conference Board can inform this process with their long experience and expertise on board-level governance by submitting comments on this provision of the NPR.

Otherwise, as a peripheral issue, it will also be interesting to see if there are any bank regulatory geopolitical ramifications to all of this.  As of 9/30, there were 33 banks with total assets over $50 billion.  21 of them are national banks and federal savings associations.  That leaves 12 state-chartered banks and savings associations that are supervised, at the federal level, by the Federal Reserve or the Federal Deposit Insurance Corporation (FDIC).  These state-chartered banks and savings associations were not subject to the informal heightened expectations program and will not be subject to the legally enforceable safety and soundness standards outlined in the NPR. 

I've railed about the OCC's excessive "rainy day" reserves (a FY 2012 net position of over $1 billion) in past blog postings.  I'm biting my tongue now on the topic.  Any tiny movement between federal and state bank charters in banks of this size can be seismic in terms of bank supervision workday impact as well as the number and geographic distribution of large bank examiners. 

Overall, this NPR is a bold example of leadership by Tom Curry, the Comptroller of the Currency.  In the same tradition of the leadership the agency exhibited in the previous amendment to the OCC's safety and soundness standards.  In February 2005, the OCC added Appendix C to 12 CFR 30 - Standards for National Banks' Residential Mortgage Lending Practices.  Those rules may have come a little late given the froth and craziness in the mortgage markets prior to the financial crisis, but it was also a courageous step by an Acting Comptroller of the Currency to do what needed to be done, at a time when timidity ruled in the interagency bank regulatory forum.

No comments:

Post a Comment