Now at the five-year anniversary of the Sarbanes- Oxley Act (“SOX”), significant confusion continues as to what SOX means to the role and responsibilities of bank directors.
SOX and its implementation has generated uncertainty and at times created unnecessary concern and angst over the role of directors vis-à-vis their organizations, shareholders, regulators, and management. SOX is often inappropriately cited in support of doing, or not doing, a number of things, and is often the source of inappropriate and inaccurate cause for alarm.
So, with five years of SOX behind us, what does SOX mean to bank directors and their role and responsibilities to their constituencies?
The Background of SOX and Financial Institutions
The good news for financial institutions is that most of the underlying corporate concepts reflected by SOX have long-time roots in the financial services industry. The notions of director independence, adequate controls, strong board oversight, restrictions on insider transactions, and financial reporting transparency have long been ingrained in the fabric of banking law and regulation, and as such are not new concepts for banking organizations.
For institutions whose shares are registered with the SEC, SOX (and listing exchange rules in some instances) in fact impose certain new technical requirements which impact directors through mandatory independence requirements and various new compliance matters which the board must ultimately enforce for the organization. The requirements are not, however, materially different from existing financial services law and regulation at the bank level in most instances. SOX by its nature has tended to heighten the visibility of the board and arguably sets enhanced standards for “best practices” for non- SEC institutions. SOX does not, however, change the underlying role of the board vis-à-vis management and the organization as established by historic common law.
The Role of the Director
While the visibility and scrutiny of board actions has arguably been heightened by SOX, the underlying role of the board remains basically unchanged. The common law director fiduciary obligations of care, loyalty, and disclosure remain intact, and are still the primary measure by which the role of directors is judged. Other statutory requirements imposed on directors in the financial services industry are not changed by SOX, and directors are still not “guarantors” of institutional performance. That is not to say that the role of directors is not subject, however, to an enhanced sense of scrutiny and visibility by regulatory agencies, investors, the media, and shareholders in the current post-SOX environment.
Also, there is no question that institutions and their boards are currently operating in an environment of generally heightened regulatory scrutiny under an increased compliance focus. While part and parcel of the current environment, this increased compliance burden does not result from SOX but is rather unique to the issues impacting financial services industry at this time. The most important role of the board with regard to the heightened compliance focus is to assure that they set the tone for compliance throughout the organization, but take care to avoid being overwhelmed by the compliance burden.
Certainly easier said than done.
Reacting to SOX
Directors remain the place where the “buck stops” for purposes of making certain that the institution pays appropriate attention to whatever legal and regulatory requirements may be applicable to its operations. The board, as noted previously, must set the tone for compliance and watch for (and react promptly to) any “red flags” that may arise. That being said, while the board must recognize and address the current environment, they must take care to avoid being overwhelmed by it and keep in mind their role with regard to their constituencies. Banks are still expected to make a return on investment for their shareholders within the bounds and requirements of law and safe and sound operations. And in turn, it is the role of the board to set policy and direction to operate the institution within those parameters and then make certain that their directions are followed. That aspect of the director role is really no different from the pre-SOX environment.
While often misinterpreted and misapplied, it is important to note that SOX does not change the underlying role of the board. Directors must take care to avoid overreacting to the pressures and confusion regarding their role. They must avoid creating unnecessary, and often extremely counter-productive, adverse relations with management while attempting to micro-manage the organization—that’s what the board hires management to do. At the same time, boards must remain alert and ready to take appropriate action if necessary to correct issues before they become too large to address.
Care must also be taken to foster and, if appropriate, grow the business of the institution; always within the boundaries of law and consistent with safe and sound operations. The current compliance environment offers ongoing distractions from the business of banking, and boards must maintain a focus on business opportunities for the institution while remaining a visible “cheerleader” for the organization in support of its efforts.
In short, it is important to recognize the current environment but avoid being overwhelmed by it.
No one said it would be easy.
This Too Shall Pass
The environment created by the combination of SOX and the current general compliance focus provides a basis for significant confusion as to its impact on the role of the board and individual directors, and it is unfortunately too often a source of misinformation and misdirection. While it’s difficult at the present to see the light at the end of the tunnel (and we always hope that when we do it’s not the headlight on an oncoming train), like all other cycles this too shall pass and institutions will be able to get back to the business of banking. Hopefully sooner than later.
The “bottom line” is that directors are still expected to be directors, and management is still expected to manage. Given their oversight role, directors are still expected to provide policy direction to the institution consistent with the best interests of their constituencies and SOX really doesn’t change that basic role for financial institution directors.