On February 26, 2021, staff of the Board of Governors of the Federal Reserve System (“FRB”) finalized supervisory guidance that describes the key attributes of effective boards at large US bank holding companies and savings and loan holding companies (the “Guidance”).1 At the same time, FRB revised 12 supervisory letters and made nine other letters inactive based on the results of its analysis of 27 supervisory guidance letters that addressed expectations for boards of directors of bank holding companies and savings and loan holding companies.2 (It retained six letters without change).
These actions are part of a multi-year initiative by FRB Vice Chair of Supervision Randy Quarles to revise and clarify expectations for risk management at the institutions FRB regulates. The last time the FRB comprehensively updated its risk management guidance was in 1995.3 The FRB’s initiative is still ongoing, as key items remain outstanding, such as supervisory expectations for risk management by an institution’s senior management, revisions to examination manuals and changes to the process for communicating supervisory findings.
The Guidance and the changes to the existing supervisory guidance are immediately effective and should help boards improve their effectiveness and efficiency by scaling back their involvement in the day-to-day operations of their institutions. The Guidance will be implemented through the supervisory process, and FRB expects to work with institutions to understand how it affects their activities. In this Legal Update, we describe the background to FRB’s initiative, outline the Guidance and discuss its implications for financial services.
Since the 2008 financial crisis, FRB has been working to enhance resiliency and address the risks posed by large financial institutions to US financial stability. The beginning of this initiative can be traced to the issuance of SR 12-17 in December 2012, which set forth a new framework for the consolidated supervision of large financial institutions and was supplemented in 2014 with recovery planning expectations.4 These actions were followed in 2015 by the issuance of SR 15-18 and SR 15-19, which established heightened capital planning expectations for large financial institutions, and in 2016 with the issuance of SR 16-11, which established revised risk management expectations for smaller financial institutions.5
In late 2017 and early 2018, FRB issued proposals for a new rating system for large financial institutions and revised supervisory expectations for boards of directors, management of business lines and independent risk management at those institutions.6 In particular, the proposed supervisory expectations sought to clarify the roles of an institution’s board of directors and senior management, which had become difficult to distinguish due to unclear wording in prior guidance and enforcement settlement agreements. In February 2019, FRB finalized the new Large Financial Institution (“LFI”) rating system for bank holding companies with total consolidated assets of $100 billion or more; all non-insurance, non-commercial savings and loan holding companies with total consolidated assets of $100 billion or more; and intermediate holding companies (“IHCs”) of foreign banking organizations with combined US assets of $50 billion or more that were established pursuant to Regulation YY.7
Scope of the Guidance
The Guidance applies to all domestic bank holding companies and savings and loan holding companies with total consolidated assets of $100 billion or more (excluding intermediate holding companies of foreign banking organizations established pursuant to Regulation YY) and to systemically important nonbank financial companies designated by the Financial Stability Oversight Council for supervision by FRB (of which there currently are none). This is an increase from the $50 billion threshold in the 2017 proposal that was intended to align the Guidance with the LFI rating system and the tailoring threshold in Section 401 of the Economic Growth, Regulatory Relief, and Consumer Protection Act.8
Notably, the Guidance applies to insurance and commercial savings and loan holding companies with total consolidated assets of $100 billion or more, even though insurance savings and loan holding companies are subject to extensive regulation by state insurance authorities and the federal government is restricted from regulating the business of insurance under the McCarran-Ferguson Act. An “overview” released with the Guidance expresses FRB’s view that the Guidance does not relate to or conflict with the regulation of the business of insurance.
Attributes of Effective Boards
FRB expects that a board of directors will be effective in overseeing the institution and recognizes that boards must take into account the unique activities, risk profile and complexity of their institution when fulfilling that obligation.
The centerpiece of the Guidance is a set of descriptions of five attributes that FRB has observed in effective boards of directors, which is supplemented with illustrative examples of effective practices. Notably, FRB explicitly recognizes that boards also are subject to other statutory and regulatory requirements (e.g., applicable state corporation law, federal securities laws and exchange listing requirements) and does not intend for the Guidance to supersede, replace or conflict with those requirements.
The FRB states that five attributes of effective boards are that they:
1. Oversee the development of, review, approve and periodically monitor the institution’s strategy and risk appetite.
2. Direct senior management to provide directors with information that is sufficient in scope, detail and analysis to enable the board to make sound, well-informed decisions and consider potential risks.
3. Oversee and hold senior management accountable for effectively implementing the institution’s strategy, consistent with its risk appetite, while maintaining an effective risk management framework and system of internal controls.
4. Through their risk and audit committees, assess and support the stature and independence of the institution’s independent risk management and internal audit functions.
5. Consider whether their composition, governance structure and practices support the institution’s safety and soundness and promote compliance with laws and regulations based on factors such as the firm’s asset size, complexity, scope of operations, risk profile and other changes that occur over time.
The five attributes in the Guidance are conceptually the same as they were in the 2017 proposal. However, FRB made subtle alterations of word choice and other clarifications in the Guidance that reflect changes in the industry since 2017 or concerns raised by commenters. For example, in attribute #1, the phrase “types and levels of risk [the institution] is willing to take” is replaced with “risk appetite,” which is a commonly used term from the risk management profession and the heightened standards implemented by the Office of the Comptroller of the Currency (“OCC”).9
Another example of a clarification is in attribute #3, where FRB clarified that a board should approve financial and nonfinancial performance objectives for the chief executive officer and business line executive and only non-financial performance objectives for a chief risk officer and chief audit officer. Similarly, FRB modified attribute #4 to make it clear that a board risk committee is not required to be involved in the selection of members for an institution’s management risk committee. Further, FRB eliminated the suggestion from the 2017 proposal that a board provide FRB examiners with a copy of their self-assessment based on the assertion from commenters that sharing the results of self-assessments ultimately would undermine the value of conducting self-assessments.
The Guidance, along with the related changes to existing guidance, also clarifies that an institution’s board and senior management fulfill distinct roles and generally have separate sets of responsibilities. This significant change in tone should provide welcome relief to both boards and senior management, as it largely alleviates concerns that FRB will expect directors to be intimately involved in the day-to-day management of institutions. It may even support further tailoring of supervisory feedback by leading examiners to recognize that directors are not personally responsible for all instances of non-compliance within an institution, particularly if the board has established properly constructed compliance and risk management systems.
FRB intends to use the Guidance in informing its assessment of the governance and controls at all institutions subject to the LFI rating system (excluding IHCs).10 Specifically, the Guidance will be incorporated into FRB’s supervisory assessment of board effectiveness, which is one of the elements within the Governance and Controls component rating that is assigned to institutions under the LFI rating system. Therefore, we expect that implementation will occur gradually through an iterative discussion that reflects the principles-based nature of the Guidance and the other legal requirements that apply to an institution (e.g., NYSE listing requirements). This would be in contrast to the OCC’s heightened standards, which were implemented through a prescriptive, rules-based approach. Accordingly, institutions subject to the Guidance should begin considering how their board practices align (or should be aligned) to FRB’s five attributes.
Further, as noted above, the publication of the Guidance is not the end of FRB’s initiative on risk management. Specifically, the proposed supervisory expectations for risk management by an institution’s senior management have not been finalized, and FRB continues to consider changes to the process for communicating supervisory findings. We also expect FRB will implement extensive changes to its supervision manuals to reflect the Guidance and related changes to existing guidance, particularly with respect to the separate roles and responsibilities of boards of directors and senior management. These changes will need to flow through FRB’s examiner ranks and be integrated over time into institutions’ policies.
Finally, FRB notes in the cover letter to the revisions to supervisory guidance letters that it intends to assess the language it uses to communicate supervisory expectations for boards of directors (arguably including the language in the Guidance) to ensure it aligns with the 2018 Interagency Statement Clarifying the Role of Supervisory Guidance (“Guidance on Guidance”).11 FRB is the only federal banking agency not to have codified the Guidance on Guidance in regulation (which it proposed doing in November 2020), and the reference in last week’s cover letter to only the Guidance on Guidance may suggest that the agency is reconsidering the codification proposal.12
1 FRB, SR 21-3 / CA 21-1 (Feb. 26, 2021), https://www.federalreserve.gov/supervisionreg/srletters/SR2103.htm.
2 FRB, SR 21-4 / CA 21-2 (Feb. 26, 2021), https://www.federalreserve.gov/supervisionreg/srletters/SR2104.htm.
7 FRB, SR 19-3 (Feb. 26, 2019). Please see Mayer Brown’s Legal Update on the proposed board effectiveness guidance.
10 Savings and loan holding companies that are engaged in significant insurance or commercial activities are assigned an indicative rating under the RFI/C(D) rating system instead of the LFI rating system. The Guidance does not indicate how it will be implemented for savings and loan holding companies that are not subject to the LFI rating system.
12 See 86 Fed. Reg. 9253 (Feb. 12, 2021) (OCC adoption); 86 Fed. Reg. 9261 (Feb. 12, 2021) (CFPB adoption); 86 Fed. Reg. 7949 (Feb. 3, 2021) (NCUA adoption); FIL-03-2021 (Jan. 19, 2021) (FDIC adoption). Further, in January 2021, President Biden revoked Executive Order 13,892, which had applied a similar standard to guidance issued by executive branch departments and agencies. E.O. 13,992 (Jan. 20, 2021). The federal banking agencies have not indicated whether or how they will address the revocation in their regulations and guidance.