Life After Enron: What New Laws, Scrutiny Mean For Board Members
The failure of Enron and the huge questions it raised about accountability and governance has caught the attention of credit union directors.
During a breakout session at CUNA's Future Forum entitled, "Governance: Life After Enron," a show of hands indicated more than 90% of those in attendance were credit union board members. And while laws such as newly enacted Sarbanes-Oxley pertain only to publicly traded companies, there are plenty of legal questions and concerns for credit unions, according to the two people who spoke to the group.
"In my view, there really are just two simple rules that you need to follow," said Fenner. "They are duty of loyalty, and the duty of care. The duty of loyalty means you put the interests of the credit union first. The duty of care is to exercise reasonable care. This is the care a reasonable person would take. Know your responsibilities and carry them out."
Citing a real-life example from credit unions related to breach of duty of care, Fenner pointed to $30-million Waterside Credit Union in New York, where the manager was assisted by his daughter as assistant manager. When the manager retired to Florida, he volunteered to continue to pay the credit union's bills. But one day a corporate American Express bill arrived and it was taken to the daughter's attention, where it was discovered that her father was using the corporate card to pay for home repairs and personal expenses. The father promised not to do it anymore, but with no follow up. As a result, the former manager embezzled approximately $35,000 over a period of time before it was discovered by examiners.
The NCUA took prohibition action against both father and daughter, and both are now prohibited from further dealings with a federally insured financial institution. In the case above, the father breached duty of loyalty and the daughter breached duty of care, said Fenner.
Pressed by an audience member for what happened in this case to the board, Fenner said the daughter never informed the board of the breach. He said the agency did not hold the board accountable in this case.
Some Useful Guidance
Fenner noted that while the Sarbanes-Oxley Act of 2002 doesn't apply to credit unions, it does contain "useful guidance," especially on the auditing of financial statements. He added that in the coming weeks NCUA will be sending a letter to federal credit unions offering guidance related to Sarbanes-Oxley.
Fenner offered a list of do's and don'ts. Among the Do's: Ask what is best for members; ask stupid questions; act only when you understand; act independently, and read exam and other reports. On the Don't side: don't micromanage, follow anyone blindly, including other board members, CEO, CPA, attorney or regulator.
What should be in the board minutes? Fenner said that if a board member has concerns over anything, it should be included in the board minutes.
On the practical side, Fenner advised adoption of an indemnification policy, and should obtain D&O liability insurance. "If all you have is an indemnification policy, you're protected, but the credit union is not."
An Auditor's View
Speaking from the perspective of a credit union with a large internal audit function, Randy Manscill, VP and chief audit executive with America First Credit Union in Odgen, Utah walked through some of the steps AFCU has taken to ensure governance.
Manscill said his goal was to share best practices learned over his 24 years as the internal auditor at AFCU, which has grown to more than $1 billion in assets. "One of the things that stood out in my mind about Enron is that all five components of governance at Enron failed," he said. "I've seen their sheet-it had all the good things on it. But there was decay in the governance process."
"We are different from Enron, but also some things we can learn from Enron," said Manscill, who described governance as the procedures used by the governing body (board) to provide oversight of risk and control. What is risk? Manscill said it is the possibility that an event, activity or action will impact the ability of an organization to execute its tactical and strategic business plans."
The goverance model has roles that must be clearly defined and communicated veryone, he said, needs to know they're accountable and what resources are available. "The model is only as strong as its weakest link," he said.
Board members, noted Manscill, are key to governance. The key attributes, he said, are independence with no conflicts, must be qualified to serve, must engage in ongoing education and training, must have orientation for new members, and must have written board policies and responsibilities. One thing Manscill said excites him about community charters is the breadth of new talent available for boards. At his own credit union, he noted it has a two-year program of education for new board members. Where certain skill sets are missing, Manscill said the board should seek out that expertise.
As for what committees should be in place, he said it often depends on the risk profile of the credit union (ALCO, for instance), although some are required, such as the nominations committee.
One committee that most of those on hand said they did not have is a governmental affairs committee, even though he said threats in governmental affairs rank in his Top 10 committee list.
A Succession Plan For The Board
Manscill urged boards to not just have a succession plan for management, but for the board, as well. He further called on board members to be aware of the "tone of the top," that is that whatever happens ethically at the top of an organization filters down to the rest of the organization. "You can send a signal that it's OK to get away with things," he said.
When Manscill asked the nearly 100 people on hand how many did an annual self assessment of their board, only two raised their hands. Those that aren't, he observed, need to start.
"I think that with this Enron thing the job of supervisory committees is going to be redefined. I think that at smaller credit unions these people are going to have to be even more qualified. They are your partner in assisting you as a board in this oversight. I believe boards need to be involved in making sure these supervisory committees are doing their jobs. Just like the board, when it comes to your supervisory committee, try to find some people with diversified skills. Make sure their trained and that make sure there is a succession plan for that committee, as well."
One thing that has come out of Sarbannes-Oxley that is affecting America First Credit Union, according to Manscill, is that is is now reviewing the performance of its CPA firm for its conflicts with other clients.
What are the governance guidelines for senior management? According to Manscill, they must have the vision, leadership and a common body of skills to run the credit union. "If you have a good CEO and management, you ought to keep them, so make sure they are adequately compensated," recommended Manscill.
Only about one-fourth of those on hand for the session indicated they also have a business code of ethics. "We need to see more of those," he said. "People need to know what's expected, so make sure you have a code of conduct."
Manscill has a staff of eight auditors. Those auditors enter into every project prior to launch and makes recommendations from the beginning in order to avoid bigger problems later. And one final point to avoid the most ironic of auditing problems: ensure there is regular audit of the auditor, as well, he said.
Board of Directors (as described in section 113 of the FCU Act): General direction and control; meet monthly and maintain minutes; establish key operating policies; internal controls, and hiring and compensating employees.
Supervisory Committee (as described in section 115 of the FCU Act): Obtain annual audit; supplementary audits as necessary; verify member accounts, and suspend directors for cause. "A majority of directors can also suspend one or more supervisory committee members," said Fenner. "So if you're going to suspend them, don't tell them in advance."
Credit Committee (as described in Section 114 of FCU Act): existence depends on bylaws; elected or board appointed, oversee loan officers.
Officers and Employees: Contract, position, description, code of ethics, board policies.