The regulatory compliance obligations of banks continue to grow, and with them come increased expectations from regulators regarding the role of bank directors in overseeing how their banks meet those obligations. As a result, board books are getting thicker, board meetings are becoming longer, and the line between the roles of management and the board is becoming increasingly difficult to define. Boards can meet regulatory expectations by staying abreast of compliance trends upon which examiners expect board members to focus and by acting strategically to oversee bank compliance efforts.
Trend #1: Increasing Expectations for Bank Directors
One of the biggest compliance trends is, in fact, the increased role of the board in compliance oversight. For bank directors, traditional corporate duties of care and loyalty are supplemented by regulations and guidance that move the board beyond the role of strategic planners and overseers toward increased obligations to understand and “ensure” compliance with day-to-day regulatory requirements - thereby blurring the line between board and management. The OCC, FDIC and Federal Reserve have all increased their focus on corporate governance.
Trend #2: Vendor Oversight
Regulators are heavily focused on the risks that third party service providers pose to the banks they serve because of their noncompliance with banking laws. The message from regulatory agencies is that banks are responsible for any compliance shortcomings of their vendors, and that bank boards must take steps to protect their banks from vendor risk. For example, the OCC’s Guidance on Third-Party Relationships identifies eight specific duties of boards in overseeing relationships with vendors, including ensuring the bank has an effective process in place to manage third-party relationship risk, approving agreements with critical vendors, reviewing management’s summaries of due diligence on important vendors, and ensuring management takes appropriate actions to address problems.
Trend #3: Focus on Fairness
Everyone in banking is acutely aware of regulators’ increased focus on unfair, deceptive and abusive acts or practices, as well as fair lending issues. Banks and their boards are expected to ensure new products are fair and appropriate and are not likely to injure customers or potential customers. Banks must also take steps to avoid inadvertent harm to consumers caused by the business decisions they make. For example, decisions regarding where or how to advertise products or where to locate a branch could have the unintended result of reducing the products and services offered to minority groups residing in the bank’s market area.
Tips for Boards to Meet Regulator Expectations
Here are some tips to assist the board in approaching compliance oversight obligations effectively and efficiently to meet the expectations of bank regulators:
- Set the tone/ask questions: Because board members cannot possibly oversee every decision made or action taken within their banks, boards need to create a “culture of compliance” by communicating to management and employees that regulatory compliance is important. The best way to do this is to ask compliance-focused questions of management, such as “How will this branch relocation affect our compliance with fair lending laws?” and “What risks have compliance personnel and legal counsel identified in connection with this new product?” and “Has the new ad campaign been vetted for potential UDAAP issues?”.
- Do not assume vendors are compliant or that their contracts are non-negotiable: The board is expected to approve major service provider agreements, and the bank is responsible for vendor compliance with bank laws and regulations. To fulfill these obligations, the board needs to show it directed management to vet the agreements for compliance with banking laws and regulations and to negotiate protective terms for the bank. Contrary to popular belief, major vendor agreements sometimes fall short of regulatory expectations, and banks can and do negotiate changes to these agreements. Further, even where negotiations are unsuccessful, being able to show regulators the bank tried to negotiate better terms is evidence the bank is appropriately overseeing vendor relationships.
- Formalize your governance structure: The board’s governance structure can help or hinder efforts to oversee compliance. For some banks, it makes sense for the board to oversee bank activities directly, such as risk and audit. In other cases, it may be useful to create a separate committee to oversee certain aspects of the bank’s operations. Where committees are formed, it is important to clearly identify committee members’ duties and powers, which is generally accomplished by creating a committee charter. Also, governance needs change over time, so the board should periodically revisit whether the current structure is working. Finally, whatever structure the board chooses, it should not be unnecessarily complex. If a committee is created but never meets, the ineffective structure is more likely to harm than help the bank.
- Pay attention to policies and procedures: The number of policies bank boards must approve continues to increase. It is important for the board to understand the risks engendered in the policies, to confirm such risks are being adequately mitigated, and to determine whether the residual risks are consistent with the bank’s risk tolerances as determined by the board. Special attention should be given to policies affected by significant law changes, new products or services, or increased regulatory scrutiny.
- Get board-appropriate training: While board members need to generally understand applicable laws and regulations in order to oversee the bank’s risk profile appropriately, that does not mean board members should be attending the same trainings as front-line employees. Training should be board-focused and sometimes may be as simple as receiving a 10-minute refresher of important principles before reviewing a bank policy.
- Document board involvement: Large bank boards are now expected to provide a “credible challenge” to management decision-making, and this principle is trickling down to community banks. In order to meet these expectations, board minutes need to reflect the fact that the board understands the issues affecting the bank and that directors are asking informed questions regarding important management decisions. Regulators increasingly are looking for evidence of active board understanding and oversight when reviewing board minutes. Determining the appropriate level of specificity for board minutes can be challenging, but it is important to find the right balance.
By staying informed of major compliance trends and risks and creating an organized program to respond to those risks, bank boards can meet regulatory expectations while staying focused on the big picture.