A new age for governance

On August 3, 2017, the Federal Reserve Board (Fed) proposed guidance that would significantly revise its expectations for boards of directors by laying out its view of the five key attributes that describe an effective board.  The proposal would also set in motion efforts to better delineate the roles, responsibilities, and accountabilities among senior management and the board by rescinding or revising past guidance and rules.  The proposed guidance on board effectiveness would apply to US bank holding companies (BHCs), savings and loan holding companies (SLHCs), and nonbank financial companies designated by the Financial Stability Oversight Council (FSOC) as systemically important.  The proposed guidance would not apply to intermediate holding companies (IHCs) of foreign banking organizations or state member banks, but the Fed noted that it anticipates proposing guidance on board effectiveness for IHCs at a later date, and requested feedback on how the guidance should be adapted to apply to IHCs and state member banks. The proposed guidance would also be used as part of the Fed’s supervisory assessment of board effectiveness outlined in a companion proposal on a new rating system for large financial institutions (LFIs).1

This significant rebalancing of board expectations was borne out of the Fed’s multi-year post-crisis reviews of board effectiveness at the largest banking organizations, as well as a better understanding from the industry of the unintended consequences of past guidance and rules.   The Fed’s key findings include that many board requirements in existing guidance and rules have contributed to a blurring of the lines between boards and senior management, which has led to diluted accountability.  In addition, the Fed noted that boards were devoting significant time satisfying supervisory expectations at the expense of sufficiently focusing on their core responsibilities, such as setting strategic direction and articulating the firm’s risk tolerance.  Further noted was the information flow challenges, such as in preparing for meetings.

As a down payment on this shift to better distinguishing accountabilities and allowing boards to prioritize their core responsibilities, the Fed proposed specific revisions to its guidance set forth by Supervision and Regulation (SR) Letter 13-13 (Supervisory Considerations for the Communication of Supervisory Findings).2 Under the proposed revised guidance, supervisory findings (Matters Requiring Immediate Attention (MRIAs) and Matters Requiring Attention (MRAs)) would generally be sent to senior management for them to address.  A particular MRA/MRIA would only be sent to the board if it involves corporate governance responsibilities, issues with its oversight of senior management or holding them accountable, or if senior management fails to take appropriate remedial action.

Board effectiveness (BE)

The Fed continues to tailor its expectations based on the size and complexity of an organization. For US BHCs and SLHCs with $50 billion or more in assets and FSOC-designated nonbank financial companies, the guidance describes five attributes of effective boards:

(1) Set clear, aligned, and consistent direction regarding the firm’s strategy and risk tolerance;
(2) Actively manage information flow and board discussions;
(3) Hold senior management accountable;
(4) Support the independence and stature of independent risk management and internal audit; and
(5) Maintain a capable board composition and governance structure.

The Fed indicated that it will evaluate firms against these five attributes through its supervisory process, but offered that larger firms could also perform self-assessments for their own improvement, which could be provided to the Fed.  This guidance focuses on those five attributes for an effective board, while shifting away from a “process-oriented” view to their responsibilities.

In tandem with the proposed BE guidance, the Fed proposed a new rating system for larger firms (i.e., BHCs and non-insurance, non-commercial SLHCs with more than $50 billion in total assets, and IHCs of foreign banking organizations). One of the three pillars, Governance and Controls, specifically includes an evaluation of BE.

For firms below $50 billion in assets, the Fed refers to its recent guidance set forth in SR Letter 16-11 (Supervisory Guidance for Assessing Risk Management at Supervised Institutions with Total Consolidated Assets Less than $50 Billion).  That guidance covers expectations for board oversight of risk management including:

  • Approving the institution’s overall business strategies and significant policies;
  • Understanding the risks the institution faces;
  • Having access to information to identify the size and significance of the risks;
  • Providing guidance regarding the level of acceptable risk exposures to the institution; and
  • Overseeing senior management’s implementation of the board-approved business strategies and risk limits.

Two phase review of rescinding or revising guidance and regulations

To align previous guidance and regulations with the newly proposed core responsibilities of boards and the Fed’s supervisory framework, a review of previous guidance is underway.  Thus far, 27 SR letters with 170 expectations for holding company boards have been identified for potential elimination or revision.  In some cases, the letters would revise or eliminate those sections that are duplicative of the BE guidance or SR 16-11.  The Fed has indicated that, in most cases where the phrase “board and senior management” is used, the guidance would be revised to refer only to senior management.

The second phase of review will address both regulations and interagency guidance.  This review will include an even broader set of safety and soundness mandates.

Pivot from culture to accountability

It is worth noting that, in a departure from past guidance, speeches, and industry conferences, the proposed BE guidance does not explicitly mention the board’s role with regard to the institution’s culture.  For example, one piece of guidance to be revised is SR 12-17 (Consolidated Supervision Framework for Large Financial Institutions). Among other things, the framework requires the board to:

Maintain a corporate culture that emphasizes the importance of compliance with laws and regulations and consumer protection, as well as the avoidance of conflicts of interest and the management of reputational and legal risks.

The lack of a culture discussion in the guidance may be driven by debates in recent years within the industry and among regulators concerning whether culture can be measured and whether supervisors should be examining against such a criteria or expectation without more clarity.  That said, it’s unlikely that the concept of culture will fully recede from broader Fed expectations outside of the board.  For example, the concept of senior management fostering a control culture is noted in the proposed LFI rating system and it remains to be seen whether a revision to the Fed’s corporate compliance guidance may address culture or conduct risk in a new way.

Ultimately it appears that the Fed has shifted its emphasis toward the board’s role in advancing management accountability.  In the proposed guidance, the board is most effective when “holding management accountable for its actions, including effective risk management and compliance.”  The board’s effectiveness in holding management accountable will be evaluated through its degree of engagement and effective challenge of management as well as how it measures management performance and sets compensation.

Aligning board’s role to setting clear, aligned and consistent direction

This attribute delineates the board’s role in strategy-setting and risk tolerance (a shift away from “risk appetite”) and ensuring alignment with the capacity of the institution’s risk management framework.  This attribute further clarifies that boards should focus their reviews on significant policies and programs rather than more detailed policies and requirements better left to senior management. Significant policies and programs include capital plans, recovery and resolution plans, audit plans, enterprise-wide risk management policies, liquidity risk management policies, compliance risk management programs, and incentive compensation and performance management programs.

Active management of information flow and deliberations

Another notable attribute of the proposed guidance that calls for greater board engagement in conducting its activities is “active management of information flow and deliberations.”  In the Fed’s view, effective boards describe information needs to management, ask for improvements over time, and help set the board agenda with adequate time for deliberations and enable the board to make sound, well-informed decision.  Effective boards also seek information outside of regular meetings by requesting special sessions or training and by reaching out beyond the CEO and their direct reports to senior staff and senior supervisors.

Reinforcing independence and stature of risk management and internal audit

The guidance solidifies the role of the Chief Risk Officer (CRO) and Chief Audit Executive (CAE) and clarifies the Fed’s expectation that the board reinforce, support, and enable the independence of the risk management and internal audit functions. This guidance reinforces that risk and audit committees of the board are expected to communicate directly with the respective CRO/CAE and provide these independent functions unrestricted access to their committees and ensure that they have adequate budget and other resources.


The new BE guidance and efforts to revise past guidance and rules in ways that better distinguish roles, responsibilities, and accountabilities between boards and senior management should be welcomed by the industry.  However, as this and other guidance/rules are revised and finalized, it will be important for boards to recognize that their responsibilities have not diminished.  On one hand, the Fed is removing certain review and process-oriented expectations that are not core to a board’s core responsibilities.  On the other hand, the Fed has laid out more clearly how an effective board operates and will be charging examiners with more clearly examining against those attributes and, in turn, rating the board’s effectiveness in meeting those attributes. With that in mind, each board should proactively review its self-assessment process to ensure it aligns with the five BE attributes.

All of this suggests that, as boards are unshackled from unnecessary oversight burdens, they should take the opportunity to shift their attention to those core matters on which they have been eager to focus. While no less challenging, the role of a board member would seem to be on the cusp of a much more meaningful new age.


David Wright
Managing Director | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Irena Gecas-McCarthy
Principal | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Michele Crish
Managing Director | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

Chris Spoth
Principal | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

John Corston
Independent Senior Advisor to Deloitte & Touche LLP

Dave Wilson
Independent Senior Advisor to Deloitte & Touche LLP

Alex LePore
Senior Consultant | Deloitte Risk and Financial Advisory
Deloitte & Touche LLP

1On August 3, 2017 the Fed also issued a notice of proposed rulemaking on a proposed new rating system for its supervision of large financial institutions.
2These proposed changes to SR 13-13 would apply to all Fed-supervised institutions, including BHCs, SLHCs, state member banks, US branches and agencies of foreign banking organizations, and FSOC-designated nonbank financial companies..

This publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor.

Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.

About Deloitte

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee (“DTTL”), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as “Deloitte Global”) does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the “Deloitte” name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see http://www.deloitte.com/about to learn more about our global network of member firms.

Copyright © 2017 Deloitte Development LLC. All rights reserved.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s