Having transformed U.S. bank regulation, Dodd-Frank implementation is now reshaping bank corporate governance. Recent rulemakings and proposals by the Board of Governors of the Federal Reserve System (Federal Reserve) point to a far more prescriptive approach to corporate governance for significant bank holding companies and significant foreign banking organizations with U.S. operations (FBOs) than traditionally has been the case. This approach should also be expected to apply to systemically significant nonbank financial companies (Nonbank SIFIs) designated by the Financial Stability Oversight Council.
In addition, Dodd-Frank has allowed regulators to expand their toolkit for dealing with perceived corporate governance failings, and so non-compliance with the new governance requirements may lead to greater supervisory consequences.
Below, we describe the principal new responsibilities that boards of directors and senior management should expect under the Federal Reserve's new supervisory regime, as well as the increased penalties that may be imposed if those responsibilities are not met.
Implementation of Financial Stability Provisions of Dodd-Frank
Title I of Dodd-Frank seeks to avoid future financial crises by imposing heightened requirements on financial firms of substantial size and interconnections. These requirements include stress tests, capital plans, resolution planning, and enhanced liquidity and risk management standards. In implementing Dodd-Frank's requirements in these areas, the Federal Reserve has laid out specific responsibilities for boards of directors and other specific governance mandates.
Federal Reserve Stress Test Rule
- U.S. bank holding companies, state member banks, and, once they are subject to consolidated capital requirements, savings-and-loan holding companies, in each case with total consolidated assets of $10 billion or more
- U.S. Nonbank SIFIs
- The Federal Reserve has proposed that the rule also apply to U.S. intermediate holding companies with total consolidated assets of $10 billion or more established by FBOs with $50 billion or more in global total consolidated assets
Under the Federal Reserve's final stress test rule, the board of directors of a covered company, or a committee of the board, must review and approve the policies and procedures relating to stress testing processes as frequently as warranted by economic conditions or the condition of the company, but no less than annually. Senior management is responsible for establishing a system of controls, oversight, and documentation to ensure that stress testing processes are effective.
In addition, a covered company's board of directors and senior management must consider the results of stress tests, as appropriate, as part of the company's capital planning process, including when making changes to the company's capital structure; when assessing the company's exposures, concentrations, and risk positions; and when developing recovery and resolution plans.
Federal Reserve Capital Plan Rule
- Bank holding companies with total consolidated assets of $50 billion or more
- The Federal Reserve has proposed that the rule also apply to U.S. Nonbank SIFIs and to U.S. intermediate holding companies with total consolidated assets of $50 billion or more established by FBOs with $50 billion or more in global total consolidated assets
Under the Federal Reserve's final capital plan rule, the board of directors of a covered company, or a designated board committee, must review the "robustness" of the company's process for assessing capital adequacy, ensure that any deficiencies in the company's process for assessing capital adequacy are appropriately remedied, and approve the company's capital plan.
The Federal Reserve has prescribed the manner in which "robustness" is to be evaluated, which is based on seven elements:
- A sound risk management infrastructure
- An effective process for translating risk measures into estimates of potential loss, over a range of adverse scenarios and environments
- A clear definition of available capital resources and an effective process for forecasting available capital resources
- A process for considering the impact of loss and resource estimates on capital adequacy
- A process to use assessments of loss and resource estimates on capital adequacy to make key decisions on capital planning
- Robust internal controls governing capital adequacy components
- Effective board and senior management oversight of the capital adequacy process, including regular reviews
The Federal Reserve has further indicated, with respect to its oversight of the capital planning process, that it would focus on whether boards of directors and senior management conduct periodic reviews of capital goals, assess the appropriateness of the adverse economic scenarios used, review the capital planning process for limitations and uncertainties, and appropriately approve contemplated capital actions.
Basel III's Advanced Approaches Implementation
- U.S. banking institutions with total consolidated assets of $250 billion or more
- U.S. banking institutions with total consolidated on-balance sheet foreign exposure of $10 billion or more
- Other U.S. banking institutions that elect the advanced approaches and comply with all applicable requirements
Implementation of Basel III is a key complement to Dodd-Frank implementation. The current proposal on Basel III's advanced approaches, which permit internal models to be used to calculate risk-weighted assets, includes the following governance requirements:
- As a condition to using the advanced approaches, an institution's board of directors must approve a written plan implementing the advanced approaches
- The institution "must maintain a comprehensive and sound planning and governance process to oversee the implementation efforts"
- The institution must have an operational risk management function that is independent of business line management and that reports to the board of directors or a designated committee of the board
- The board of directors, or a designated committee, must review, at least annually, the effectiveness of the systems supporting capital calculations under the advanced approaches
- The board of directors, or a designated committee, must annually receive a report from an internal audit function regarding the controls supporting the company's systems used to make capital calculations
- The board of directors must approve a formal disclosure policy that addresses the institution's approach for determining the disclosures required by Basel III as well as relevant internal controls and procedures
- U.S. bank holding companies and FBOs with global total consolidated assets of $50 billion or more
- Nonbank SIFIs
Under the Federal Reserve's final resolution planning rule, a covered company's resolution plan must include a detailed description of the company's governance with respect to the planning process, and must describe:
- How resolution planning is integrated into the corporate governance structure and processes of the company
- The company's policies, procedures, and internal controls governing preparation and approval of the resolution plan
- The identity and position of the senior management officials of the covered company primarily responsible for overseeing the development, maintenance, implementation and filing of the resolution plan and compliance with the resolution plan regulations
- The nature, extent, and frequency of reporting to senior executive officers and the board of directors regarding the development, maintenance, and implementation of the resolution plan
- The nature, extent, and results of any contingency planning since the date of the most recent plan's filing to assess the viability of or improve the resolution plan
- The relevant risk measures used to report credit risk exposures, both internally and externally
The fact that specific governance structures must be described in resolution plans, of course, means that examiners will expect those structures to be maintained over time.
Federal Reserve Section 165 Proposals
Prescriptive corporate governance rules are taken even further in the Federal Reserve's proposed regulations implementing the enhanced prudential standards required by Section 165 of Dodd-Frank, which the Federal Reserve characterized as "provid[ing] a core set of concrete rules to complement . . . existing efforts to enhance the supervisory framework for covered companies." This "concrete" approach to corporate governance is reflected in the proposals' requirements on liquidity management and risk management for both domestic covered companies and FBOs, and, for FBOs, in the intermediate holding company requirement.
Domestic Section 165 Proposal
- U.S. bank holding companies with total consolidated assets of $50 billion or more
- U.S. Nonbank SIFIs
With respect to liquidity management, the Federal Reserve affirmatively stated that the proposed regulation departs from its traditional approach of overseeing liquidity risk management through supervisory guidance. Instead, the proposal lays out a detailed governance structure with responsibilities for the company's board of directors, risk committee, senior management, and a review function independent of the management functions that execute funding.
The domestic proposal would also require covered companies to have an "enterprise-wide risk committee" consisting of members of its board of directors, chaired by an independent director and having a board-approved formal written charter, as well as a chief risk officer reporting directly to both the enterprise-wide risk committee and the company's chief executive officer.
Foreign Section 165 Proposal
- FBOs with global total consolidated assets of $50 billion or more
The proposed Section 165 regulation for FBOs would require FBOs with $50 billion or more in total global consolidated assets and $10 billion or more in total consolidated U.S. nonbranch assets to form an intermediate holding company for their U.S. operations. "To help ensure a strong, centralized corporate governance system," the intermediate holding company would be required to be governed by a board of directors or managers operating in substantially the same manner as a U.S. corporate board. The proposal thus departs from the current concept of a "virtual holding company," where the U.S. operations of FBOs may be organized under different ownership chains, but there is an overall management structure overseeing those chains.
In addition, FBOs with $50 billion or more in total consolidated U.S. assets would be subject to liquidity and risk management requirements similar to the domestic proposal, with most responsibilities being given to a U.S. risk committee and U.S. chief risk officer, both of which the proposal would require. The U.S. risk committee for such FBOs would be required to have at least one independent member.
The principal responsibilities assigned under the domestic and foreign proposals are described in detail in the accompanying charts.
Increased Sanctions for Governance Failings -- Early Remediation Proposals
Under the new supervisory regime, failure to comply with governance requirements may lead to increased sanctions. Traditionally, ineffective governance and risk management could lead to a lowering of supervisory ratings. Under the Federal Reserve's proposed rules implementing Dodd-Frank's early remediation requirements, however, board and senior management failings would have additional consequences. Failure to comply with the enhanced liquidity management or risk management standards would lead to level 1, level 2, or level 3 remediation, depending on the severity of the noncompliance. The higher levels of remediation include, among other restrictions, limitations on capital distributions, asset growth, acquisitions, and executive compensation.
For significant financial institutions, a new corporate governance regime -- which regulators view as intrinsically linked to satisfactory compliance with Dodd-Frank's prudential requirements -- is being born. The era of flexible structures subject to bank supervisory guidance and recommendations is giving way to an era of codified responsibilities for boards of directors and senior management. Compliance with these new responsibilities should be expected to become the subject of regulatory examinations, which in turn will determine whether particular institutions maintain sound ratings or become subject to supervisory action or early remediation.
Click here to view tables.