Last year, Citigroup's board unexpectedly replaced the bank's CEO over reported issues of strategic direction and leadership. More, recently, board concerns about CEO continuity at JPMorgan Chase appear to have played a role in turnover in the executive suite. Beyond banks, boards at Yahoo, Best Buy, Hewlett Packard and others have taken quick steps to replace CEOs when perceived issues have arisen.
This board resurgence has at its roots the reality of rising expectations for banks and public companies—expectations contained in the federal banking and securities laws, but also driven by shareholders, the media, and perhaps as importantly, Capitol Hill and others in Washington.
However, there is a growing dissonance between what policymakers and shareholders want and the corporate law and governance standards enshrined in state law, particularly Delaware law. Without care, state fiduciary standards are increasingly looking toothless, and perhaps even pointless, as banking supervisors continue to define the parameters of banking law and governance.
Corporate law has long been the province of state law. Delaware is the most important state here given its role as the corporate Switzerland of the United States, home to over 60% of the country's public companies. State corporate law and director duties developed organically, and in the context of what academics have called the agency issue.
This issue, articulated by Michael Jensen and others as early as the 1970s, asserts that incentives for boards and management may not be aligned with shareholder interests in the structure of U.S. banks and public companies, and as a result actions fall short of expectations.
Simply put, corporate governance is the stuff that goes into those gaps between expectations and actions. Law and governance bind the system together, and have been defined by the Delaware and other courts for over a century. Unfortunately we have a growing gulf between state and federal law, notably in the area of risk management.
We have been here before. Starting in the late 1970s, federal standards articulated compliance and oversight duties for banks. It was not until the mid-1990s, however, that state law adopted such a duty, and even then, the duty as it exists today is mild at best. In the widely cited 1996 Caremark decision, the Court of Chancery of Delaware held that for a board of directors to be held liable under state law, there must be a "sustained and systemic failure" such as an "utter failure to ensure a reporting system exists" or even "bad faith."
Today we have a similar problem with regard to risk management at banks. In response to risk management weaknesses revealed during the financial crisis, Congress, via the Dodd-Frank Act, required boards to establish overall risk management requirements as part of what are called enhanced prudential standards. Banking supervisors have proposed rules requiring any publicly traded bank holding company with $10 billion or more in total consolidated assets to establish a risk committee. A foreign banking organization with global consolidated assets of $10 billion or more would have similar requirements.
But how do we square this with a state law regime calibrated only to require accountability in the case of a "systemic" or "utter failure"? That the state tool is ill-designed to address contemporary expectations was tacitly acknowledged by a Delaware court in a 2009 shareholder derivative suit against Citigroup. That case was dismissed because the court held that state standards are not designed to hold companies accountable for what the court termed a failure to "properly evaluate business risk."
