Banks have lots of meetings, which is why we were interested to see a new report from Bain & Company on the subject. It found that 67% of meetings end before participants can make important decisions and 85% of executives are dissatisfied with the efficiency and effectiveness of their company's meetings. There are lots of ways to improve meetings, but just knowing this data is a good first step.
In an effort to help community bankers with their next meeting on corporate governance, yesterday we discussed the just released "principles for enhancing corporate governance" report from the global bank regulatory community. Today we begin our discussion with changes bankers will need to incorporate related to enhancing risk management and control.
Regulators expect banks to have a defined risk management function that includes a chief risk officer (or equivalent); a compliance function and an internal audit function. Regulators also expect banks to ensure each of these is given authority, stature, independence, resources and access to the board. In addition, regulators expect banks to identify, assess and monitor risk companywide; have internal controls systems in place; and to keep pace with changes to the bank's risk profile. Factors such as growth or shifts in external risks may require banks to enhance risk practices more quickly than in the past. Finally, regulators expect banks to have a risk management structure that supports frank and timely internal communication within the bank about risk and provides robust ongoing reporting to management and the Board.
Compensation standards tied to risk, reducing complexity of corporate structures and increasing transparency are also key facets of the new principles. Basically, these main components and the ones we laid out yesterday are designed to clarify what examiners will be looking for and to help banks more quickly enhance corporate governance processes.
We have learned much from the crisis and many of the problems we have encountered lead back to corporate governance, so this approach by the regulators isn't surprising. Here are some things you can do to stay on top of things.
Regulators make it clear that the Board has overall responsibility for the bank. As such, Boards specifically will need to approve and monitor the business strategy (including long-term financial interests, risk exposure and ability to manage risk); approve and oversee the risk strategy (including risk tolerance or appetite); set policies for risk, risk management and compliance; have an internal controls system; manage compensation; and have a corporate governance framework (that includes principles, corporate values and a code of conduct). Boards are required to maintain an effective relationship with regulators and when making decisions be sure to take into account the interests of shareholders, depositors and other relevant stakeholders.
Regulators also expect Board members to remain qualified; receive training; have a clear understanding of their role in corporate governance; define governance practices for its own work and ensure these practices are followed (and periodically reviewed); establish committee charters; and have committees set up for audit, risk, compensation, nominations/governance and ethics. Finally, regulators highlight that the board of the parent company has the overall responsibility for corporate governance and risk management for all subsidiaries.
Regulators expect management to ensure the bank's activities are consistent with the business strategy, risk tolerance/appetite and policies approved by the Board (including promoting accountability, transparency and implementing risk management systems). In addition, management must identify and manage risks companywide and make sure systems keep pace with changes to the bank's risk profile and the external risk landscape. Finally, management teams need to incorporate quantitative and qualitative measures; clearly explain assumptions used; conduct stress testing; scenario analysis; capital adequacy testing; back test; update policies and procedures; ensure 3rd parties review things; have a formal approval process for new products; conduct risk assessments; review product pricing and enhance internal communication. Since these and other processes around corporate governance and communication are ongoing projects at every bank, it looks like meetings are here to stay.