A number of recent separate actions by governmental agencies have made the regulatory environment for banks and financial institutions even more uncertain and the future does not look bright.
According to CNN, during 2012, U.S. banks paid $10.7 billion in fines for various misdeeds. However, no banks or individuals were served with any indictments of criminal activities. Many believed the big bank influences on government regulators and Congress were still strong and that the "Too Big to Jail" code remained in effect.
However, in February, the criminal division of the Department of Justice changed the routine on the big global banks and filed criminal charges against employees of the Tokyo subsidiary of the Royal Bank of Scotland and levied huge fines against the parent company (largely owned by the U.K. government). Similar criminal charges should be expected for a growing number of brokers who cooperated with banks to manipulate the Libor rate quotes.
One thing is very clear. Financial institutions will need to adapt risk management strategies to account for this apparent strategic change amongst federal and state regulators. There is strong evidence that the newly adopted examination standards made clear in the Dodd-Frank rules are expanding the scope and details of a firm's risk management policies, procedures and effectiveness.
Personally, I believe the most important issue facing bank boards and their executive management does not involve how to handle the huge damages to reputational risks or mitigate the impact of large fines on shareholder equity, bonus and merit salary increase pools (which will ultimately be passed on to customers) following tougher enforcement actions from regulators. Instead, it involves addressing the ineffectiveness of their governance policies and procedures.
Every bank is required by law to provide adequate training to employees on both the Bank Secrecy Act and anti-money-laundering laws and sanctions legislation outlined by the Office of Foreign Assets Control. If the numerous and costly failures in these areas continue, one has to question the viability and implementation of the bank's governance policies and specific procedures in these areas. This is certainly not the time to cut budgets for training in the older laws and other key areas resulting from the new rules handed down by Dodd-Frank.
All compliance programs rely on policies and procedures which meet the specific needs of the bank and its operations. Even the most detailed procedures require monitoring and testing. Effective systems for evaluating and measuring transactional events are required by regulation and play a major part in the regulatory examination procedures.
The effectiveness, training and communication of these systems are the most important responsibilities of a board of directors. Boards must thoroughly understand the regulatory environment and take the time to define specific policies, based on sound principles, and oversee the implementation by management at all levels.
Boards should be asking themselves whether they have adequate knowledge of the regulations and the organizational requirements to effectively manage both external demands and internal control needs. This is not the time for boards to ignore the compliance functions or delegate their operation to management without an oversight policy and procedure.
Criminal indictments of bank employees indicate a failure in the institution's governance, risk and compliance policies and procedures. As these are ultimately the fiduciary responsibility of the board and its individual members, board members might want to look back at the fate of the Enron board and the heavy financial penalties paid by outside board members.