Bank Directors and the Art of Serving Multiple Masters

Published in the Summer 2022 issue of The Bankers' Statement

The banking environment is somewhat unique for directors in providing an always-perplexing issue:  Who is my constituency?  My institution?  My shareholders?  The regulators?  Which master do I serve?

In banking, the answer from a practical perspective, for better or for worse, remains “all of the above”.  Not perhaps from a strictly legal perspective where the fundamental director duties of care and loyalty to the institution remains the primary rule, but rather from the perspective that, in the banking industry perhaps more than any other, a critical part of the business plan and part of the responsibility of the board, consistent with their duty of care, is to understand and manage the government relationships and the complex plethora of issues relating thereto.  Regulatory issues and compliance considerations are an integral part of the business of banking, and especially so in the current environment.  In this industry, the regulatory oversight and compliance burdens that impact and accompany investment in a banking organization is an expected and important (and normal) part of the business (and expense) of banking.  Not a part of the business that bank investors or bankers particularly like, but a very normal and important part of the business nonetheless.

Opportunities for conflicts abound.  When does the interest in safety and soundness from a regulatory perspective, including implementing and enforcing regulatory capital ratios and capital retention, trump the interests of shareholders in receiving a dividend?  When does the interest in prudent growth from a regulatory perspective trump the interests of shareholders in expansion that otherwise appears appropriate from a board and management perspective?  When does the cost and expense of developing and implementing a detailed enterprise risk identification and management program trump profit opportunities for the institution?  When does the financial expense of securing a “1” rating in compliance become a justifiable expense from a shareholder perspective?

The reality in the banking industry is that, while these may be interesting issues to ponder from a theoretical perspective, the agencies have sufficient enforcement weapons in their arsenal to provide that failure to pay appropriate attention to regulatory and governance issues will generate a self-fulfilling prophecy in terms of the institution and its constituencies.  It is a known, expected and required part of operating and surviving in this industry.  Compliance requirements and the compliance burden, for better or for worse, clearly constitutes part of the business of banking, and part of the risk and expense that accompanies investment in a banking organization.

Director awareness, oversight, and management of these potential conflicts requires recognition that the facts and circumstances forming the basis for regulatory concerns are typically, from a practical perspective, consistent with concerns that directors need to address anyway as part of their fiduciary duty of care.  While the priorities and approach may differ, it is typically difficult to argue against most of the concepts that agency concerns (and restrictions) generally present in the area of safety and soundness.  Assuring institutional safety and soundness is consistent with the director duty of care.  Given the significant legal authority and tools available to agencies to address their concerns and implement corrective enforcement measures, including the assessment of substantial civil money penalties, boards choosing to ignore agency concerns and compliance issues do so at considerable peril to themselves, to their institutions and ultimately to their constituencies.

With the significantly enhanced industry, market and regulatory focus on compliance and risk management, it can be increasingly difficult for directors to spend much, if any, time focusing on their equally important role (and obligation) of promoting and advancing the actual “business” of the institution.  Bank board meeting agendas have been (and will continue to be for the foreseeable future) packed with compliance, risk management, examination, and disclosure matters coupled, perhaps, with some actual business considerations assuming there is any time remaining.  Not to suggest that attention to those issues isn’t a critical component of a bank director’s obligations to the institution and its constituencies.  It’s just that compliance and risk management issues continue to take unprecedented time and attention away from the business issues of banking, which may have seriously adverse long-term consequences as the business of the bank increasingly takes a back seat and the laws of unintended consequences take hold.

Despite some perceived confusion on the part of the media and others, banks are still private “for profit” organizations.  They happen to be required, by the nature of their business, to be licensed (and highly regulated) in order to conduct the business of banking but are also still expected to provide returns to investors consistent with safe and sound industry principles.  The result is an increasingly difficult balancing act as the constantly looming threat of liability related to compliance and risk management tends to generate an environment of fear and concern, detracting from the underlying business objectives for which the board is also equally responsible.  There is no easy answer.

Banks already have the dubious distinction of being one of the most heavily-regulated businesses on the planet.  With the additional burdens of ever-expanding regulatory oversight resulting from the economic and political environment; governmental and investor ESG pressures; a plethora of corporate governance, capital, compensation, and shareholder issues; expanded anti-money laundering initiatives; and enhanced risk-based capital and examination focus, the stakes are being raised to a point where it is difficult to see how boards manage to find any time to conduct the business of banking.  The increased compliance focus and associated direct and indirect cost can place a significant additional burden on already-strained bank resources as well as board and management relations, and can easily have the effect of distracting directors (and management) from the underlying business objectives of the organization.

Unfortunately, as earnings take a back seat to compliance burdens access to important capital can become increasingly difficult and costly.

The reality is that the compliance burden tends to have a greater relative impact on smaller institutions with limited resources.  Most are simply not equipped to maintain an extensive in-house staff to oversee compliance and risk management issues, and the costs associated with outside assistance can be significant.  Larger institutions typically are able to maintain in-house staffs to address the myriad compliance and risk management issues confronting their organizations.  Despite the well-intended discussion of regulatory relief for smaller institutions and “tiered” regulation there really isn’t much difference between the compliance needs and obligations of the small institution and the larger institution.  Regulatory “trickle-down” is a reality and, as a practical matter, difficult to avoid. As a result, smaller institutions can be disproportionately impacted by this phenomenon. Not that that’s news to them.

It’s hard to blame boards for turning their focus to the regulatory topics that pose the most immediate and visible threat and the most clear and present danger - particularly in the current environment.

Potential director conflicts of interest can and sometimes do arise when, for example, the interest in preserving or increasing capital is juxtaposed against maintaining the dividend stream.  Part of the expectation and understanding in this industry, however, is the ability of regulatory agencies to strongly “suggest” and, in some instances, demand that dividends be reduced, curtailed or eliminated altogether in order to preserve capital.  The regulatory consequences to the institution of failing to follow the “suggestion” or an agency order can be more costly to the institution (and its shareholders) in the long run.  While there may be a difference of opinion as to the appropriate level for capital, directors typically have, or should have, the same (or similar) concern(s) in exercising their duty of care.  The same issues arise in conjunction with day-to-day compliance costs.  The reality is that there is no easy answer, and that this is the environment that banks operate in at the present time.

It is unlikely that the focus on compliance and risk management will abate in the near term.  Bankers must take care to maintain an ongoing dialogue with agency representatives and keep them apprised of their compliance and risk management efforts and activities.  Sometimes perception becomes reality, so it is important to forestall unfounded concern by making regulators aware of compliance efforts and to address any concerns early.  Credibility is key.  There is no doubt that assuring the adequacy of controls and compliance with laws and regulations is a vital part of the business of banking, and ascertaining that those issues are appropriately addressed and implemented is a critical part of the responsibility of each and every board member, whether as a result of regulatory compliance directives or in exercising their own fiduciary responsibilities.

Like it or not, this is the environment in which banks operate and directors are compelled to react accordingly.  The threat (and the exposure) is very real, and boards must ascertain that adequate compliance, risk identification, and risk management programs are in fact in place and working.  Further, they must take care to monitor and vigorously enforce those programs to make certain that the programs are adequate to address the needs and exposure of their particular organization.  There is no “one‑size‑fits‑all” when it comes to compliance and risk management programs and each must be tailored to the risk profile of the individual institution and its operations, products and services.

At the same time, directors must take care not to overreact to external pressures and lose sight of the business and best long-term interests of the organization that they serve.  And therein lies the challenge.

It is, without a doubt, a difficult balancing act, and one that even the most seasoned, concerned, attentive, dedicated, and accomplished bank director may find challenging.  It is no surprise that boards are sometimes unable to be “distracted” by business issues when facing the pressures of the current compliance environment.

While the current compliance environment is arguably the most severe ever, these things tend to cycle.  Banking remains, by necessity and very appropriately, a highly-regulated industry.  Bad facts make bad law (and sometimes bad regulations), and the “splash” effect of a few bad players can taint the entire industry.  Regulatory agencies and legislatures react to what they perceive to be the important issues at hand (or at least the issue receiving the most attention) and, in well-intended response, enact laws and adopt regulations intended to protect the public and to remedy those matters.  The present banking environment is certainly reflective of those situations.

Care must be taken so that the cure does not become as bad, or worse, than the disease, and lead to even more significant problems.