Cathy Lemieux Ph.D. a Senior Advisor with Treliant, has over 30 years of experience in financial services regulation, corporate governance/enterprise risk management, international banking regulation, and the Community Reinvestment Act. Cathy has helped banks of all sizes aligning their internal controls with their regulatory obligations, assessing their compliance and enterprise…
When discussing characteristics of effective boards of directors, federal bank regulators often mention “credible challenge.” In fact, the Office of the Comptroller of the Currency (OCC) mentions it 14 times in the Comptroller’s Handbook section on “Corporate and Risk Governance.”
What do the regulators mean by “credible challenge?” What do they mean by “effective challenge?” Here’s a look at their actual definitions:
- The OCC, in its “Corporate and Risk Governance” booklet: “The method that directors use to hold management accountable by being engaged and asking questions and eliciting any facts necessary, when appropriate, to satisfy themselves that management’s strategies are viable and in the bank’s best interests.”1
- The Federal Financial Institutions Examination Council (FFIEC), in its IT Handbook on “Business Continuity Management”: “A credible challenge involves being actively engaged, asking thoughtful questions, and exercising independent judgment.”2
- The Federal Deposit Insurance Corporation (FDIC), in “A Community Bank Director’s Guide to Corporate Governance: 21st Century Reflections on the FDIC Pocket Guide for Directors”: “A director’s responsibility to oversee the conduct of the bank’s business necessitates using independent judgment and providing a credible challenge. This entails engaging in robust discussions with senior management and perhaps challenging recommendations at times, rather than simply deferring to their decisions.”3
- The Federal Reserve, in its Bank Holding Company (BHC) Supervision Manual: “…directors challenge senior management’s assessments and recommendations.”
Are credible challenge and effective challenge synonymous? Generally, the answer would appear to be “yes,” but not in all cases. In certain circumstances, effective challenge appears to imply a minimum level of subject matter expertise. Hence the requirements that the chair of the board’s audit committee be a “financial expert.”
On this point, for large institutions, the Federal Reserve encourages that boards should establish a “a process designed to identify and select potential director nominees with a mix of skills, knowledge, experience, and perspectives,” and that “[t]his process takes into account, for example, a potential nominee’s expertise, availability, integrity, and potential conflicts of interest and considers a diverse pool of potential nominees, including women and minorities.”4
The Consensus on Credible Challenge
Clearly, the primary federal banking regulators are unanimous. Effective boards should form independent judgments and ask management tough questions. Regulators think this is such a key factor in the safety and soundness of an organization that they include their assessment of the effectiveness of the board in several important ratings:
- The management component of the bank rating for Capital adequacy, Asset quality, Management, Earnings, Liquidity, and Sensitivity (CAMELS);5
- As part of the board and senior management oversight component of the Risk management, Financial condition, and Impact (RFI) rating for BHCs between $10 billion and $100 billion in total assets;6 and
- As part of the governance and controls component of the Large Financial Institution (LFI) rating for large bank holding companies.7
Essentials: Diverse Perspectives and Adequate Information
To provide credible challenge, a board needs qualified directors. Directors are often chosen because of the diverse perspectives they bring to discussions. Diverse perspectives can make sure that the organization does not develop blind spots.
The second requirement for credible challenge is data. Directors need to receive accurate, complete, and timely information. Is the data periodically verified by internal audit? Do directors receive information in enough time to review it before meeting? Is it presented in a format that facilitates oversight? Is there too much data or too little?
The role of directors is to oversee management, provide organizational leadership, and establish corporate core values. It is management’s role to run the bank. Directors’ focus should be on the drivers and trends related to current and emerging risks; adherence to the board-approved strategy and risk appetite; and deficiencies in risk management or control practices. By providing credible challenge to management in these key areas, directors can help ensure the safety and soundness of the organization as well as a pathway to sustainable growth in line with the organizations’ mission and values.
Meeting Credible Challenge Expectations
So how can a board demonstrate that it is living up to the credible challenge expectation? Examiners review the following:
Minutes: Key documents include the minutes of board and board committee meetings. It is important that the minutes contain enough detail about board discussions for regulators to see that directors are engaged and questioning management. This can present a challenge to a climate of openness if directors are concerned that any dissenting opinion will be available to a wider audience. It is not critical that the minutes attribute questions to particular directors. Some organizations opt to list the topics discussed. For example, minutes reporting on management’s presentation on an organization’s key risk indicators (KRIs) might report, “Directors questioned the root cause of the amber rating for liquidity. Management responded …” A less effective entry might be, “Management presented the KRI report. A discussion ensued.”
- Agendas: In board and committee meeting agendas, is enough time allocated to key topics for the board to discuss important matters or are numerous topics jammed into a finite time period?
- Board meeting packages: Do they contain sufficient detail for the board to understand the issues? On the other hand, are the packages so voluminous that a board member could not reasonably be expected to review all the material? Also important is when the directors receive the materials. Do they receive it in sufficient time to facilitate a reasonable review before the meeting?
- Training: What training do directors receive? Directors often come from diverse backgrounds and may not be familiar with the financial regulatory environment. Regulatory guidance requires the board to approve key policies on a regular basis. The OCC lists 14 policies and programs for which regulations require board approval, and banks often bring an expanded list of polices to their boards for their approval. Regulators expect directors to have sufficient background to understand how the policies and programs will be executed by the organization.
Supporting a Culture of Credible Challenge
In summary, an organization can demonstrate that it supports a culture of credible challenge by:
- Constructing meeting agendas with sufficient time built in for discussion;
- Providing meeting packages in advance of the meeting, with sufficient time for directors to review the material;
- Providing “Goldilocks” meeting packages that contain just the right amount of detail; and
- Providing board members regular training opportunities, particularly around changes in the regulatory environment.
Generally speaking, credible challenge is the hallmark of an effective board. Including directors with a mix of knowledge, experience, and perspective can ensure that credible challenge is also effective challenge.
4 FRB Attachment SR 21-3/CA-21-1
5 See the Federal Financial Institutions Examination Council’s (FFIEC’s) Uniform Financial Institutions Rating System, FR 67021 (December 19, 1996)
6 FRB SR 19-4
7 FRB SR 19-13