Regulators' Focus on Bank 'Culture' Goes Global

Register now

WASHINGTON — The regulatory drumbeat in support of enhanced corporate governance — and improved management "culture" — is getting louder.

In the wake of U.S. rules requiring stronger risk management at the big banks, the Basel Committee — made up of regulators from nearly 30 nations including the U.S. — has just issued new corporate governance principles on everything from how boards oversee corporate culture to implementing sound compensation structures.

Experts say the guidelines — which are a revision of 2010 principles — are consistent with steps banks are already taking, but they highlight policymakers' mounting interest in ensuring that management culture does not lead to the kind of risk-taking that helped spur the crisis. Next week, the Federal Reserve Bank of New York is planning a whole-day event focused on improving culture.

"The world is changing in terms of much more focus on governance, particularly for banks and financial institutions," said Lee Kurman, a managing director at the consulting firm Exiger. "I'm not sure there's anything startlingly new in these guidelines, but the fact that the Basel Committee has republished these guidelines, with more detail, underscores the importance of stronger governance.

"It appears to be a guidepost not just for banks but for regulators to heighten the focus once again."

The wide-ranging Basel document, which the public has until Jan. 9 to comment on, lays out a total of 13 corporate governance principles for banks to follow. The first assigns "overall responsibility" for the bank to the board, meaning the board is responsible for "overseeing the implementation of … strategic objectives, governance framework and corporate culture."

According to the guidance, boards foster a good management culture by setting a "tone at the top."

"A fundamental component of good governance is a demonstrated corporate culture of reinforcing appropriate norms for responsible and ethical behavior," the Basel Committee said. "These norms are especially critical in terms of a bank's risk awareness, risk-taking and risk management."

Other principles address issues such as board members' qualifications, how the board governs itself, the governance responsibilities of senior management, establishment of an independent risk management team at the bank with direct access to the board, the independence of internal auditing functions and compensation structures that are "effectively aligned with sound risk management."

"Compensation programmes should facilitate adherence to risk appetite, promote appropriate risk-taking behaviour and encourage employees to act in the interest of the company as a whole … rather than for themselves or only their business lines," the committee said.

Observers said while regulators are focused on discrete corporate governance issues, such as incentive-based compensation, they view a healthy corporate culture as key to strengthening the broad range of a bank's risk management functions.

"Culture is a catch-all for a lot of these ideas. … It is less specific than: What are the constraints on compensation structures?" said Henry T. C. Hu, a banking law professor at the University of Texas. "Discussing a firm's risk 'culture' refers to a collection of ideas about proper risk-taking."

Hu noted the Basel guidelines can serve an "educational" purpose for smaller banks.

"A lot of these ideas are not terribly controversial, and are the kinds of things that a board and senior executives, concerned about running their bank in a safe and sound manner, might want to consider adopting irrespective of any regulatory mandate," he said. "For small banks, which may not have thought about these issues quite as much as the too-big-to-fail banks, this is a particularly useful document."

It is unclear to what extent the Basel guidelines will lead to formal implementation of similar guidelines by each member country, but U.S. bank regulators have already taken steps to prod banks into strengthening their corporate governance structures.

The Office of the Comptroller of the Currency last month finalized its "heightened expectations" guidance, which sets forth minimum standards for risk governance frameworks at banks with over $50 billion in assets. Like the Basel Committee, the OCC guidance - which formalizes exam measures that have been in place since 2010 - discusses the importance of a bank using "three lines of defense" against undue risk: the risk monitoring done by the actual business lines, a separate risk management function and the bank's auditors.

Meanwhile, the federal bank regulators and other agencies are still working to finalize restrictions, mandated under the Dodd-Frank Act, on incentive-based compensation plans. The restrictions were proposed in 2011.

On the heels of the OCC's guidance, Comptroller Thomas Curry earlier this month reinforced the importance of management culture in directing how decisions are made. He said recent pitfalls such as the "robo-signing" scandal could be attributed to problems in overall risk management.

"What troubles me is not that some individuals made bad decisions, but that the business practices that have caused problems were made possible by weaknesses in the organization's risk management and risk culture," Curry wrote in an Oct. 8 op-ed for the quarterly journal of The Clearing House. He added later that finalizing the 2011 compensation rule "is a priority for the OCC."

Kurman, who formerly was general counsel for Morgan Stanley's banking subsidiary, said large banks have made substantial headway relative to corporations in other sectors in ensuring the independence of their auditing and compliance teams.

"Banks have made the most progress in isolating their auditing functions as an independent process. It is not only independent from business units, but it has a direct reporting line to the audit committee of the board," he said. "Other areas - such as risk and compliance - are headed in that direction. One example is how banks are separating their legal and compliance functions. The reason for that is a bank's legal department has an advocacy element, … whereas compliance is more neutral."

But others said in focusing so intently on corporate governance, regulators run the risk of laying too much at board members' door.

David Baris, president of the American Association of Bank Directors, said there is a suggestion in both the Basel and OCC guidelines that boards should be accountable not only for the process of strengthening risk management but also for the outcomes of risk-related decisions, even if those outcomes are beyond management's control.

Many banks in the crisis "failed because the economy went into the ditch," Baris said. "It wasn't necessarily because the board or management failed to meet their fiduciary responsibilities."

For reprint and licensing requests for this article, click here.
Law and regulation Dodd-Frank