mars 01 2024

Whose Role is It Anyway? Distinguishing Corporate Officers from Directors


Most legal entities like corporations have officers and directors who, together, run the business. Directors sit on the board of directors and collectively govern and oversee the entity. In contrast, officers generally implement the board’s vision and manage the day-to-day operations of the business.

While it’s widely understood that the roles and responsibilities of officers and directors are distinct from each other, regulators have often merged or confused the concepts.1 This can create problems when directors are expected to intervene in the day-to-day purview of management.2 In this Legal Update are examples of how regulators have struggled to distinguish the roles of officers and directors, and how this issue continues to impact the compliance obligations of banks and non-bank corporate entities.

Confusion Among Bank Regulators Regarding Regulation O

Banking regulators, such as the Board of Governors of the Federal Reserve System (“FRB”) and the Federal Deposit Insurance Corporation (“FDIC”), may mistakenly categorize certain types of directors as “executive officers” for purposes of Regulation O because of the significant role that directors often play in the affairs of a bank.3

Regulation O – Restrictions on Extensions of Credit to Insiders

Section 22(h) of the Federal Reserve Act and Regulation O impose restrictions on extensions of credit to insiders of a member bank, including a national bank.4 Regulation O also applies to state non-member banks and savings associations.5 It covers, among other types of extensions of credit by a bank, loans to an insider of the bank; a bank holding company of which the bank is a subsidiary; and any other subsidiary of that bank holding company.6

Regulation O prohibits or limits extensions of credit to “insiders,” which include executive officers, directors, and principal shareholders, as well as any related interest of such a person (e.g., a company controlled by an insider).7 Notably, the restrictions on extensions of credit to executive officers of a bank are stricter than the restrictions that apply to directors of the bank or executive officers of nonbank affiliates.8

Regulation O defines a “director” as “any director of the company or bank, whether or not receiving compensation.”9 In contrast, Regulation O defines an “executive officer” as “a person who participates or has authority to participate (other than in the capacity of a director) in major policymaking functions of the company or bank…”10 Regulation O presumes that the chairman of the board of the bank is an “executive officer,” unless they are excluded, by resolution of the board of directors or by the bylaws of the bank, from participation (other than in the capacity of a director) in major policymaking functions of the bank, and the chairman does not actually participate in those functions.11

Regulation O places a general set of restrictions on extensions of credit by a bank to all insiders of both banks and its affiliates. For example, banks must extend credit to insiders on substantially the same terms, and follow the same credit underwriting procedures, as it would apply to non-insiders and non-employees.12 In addition, Regulation O places specific restrictions on loans made to “executive officers.” For example, banks are only permitted to extend credit to any executive officer if the aggregate amount of such extensions of credit does not exceed, at any one time, the greater of 2.5 percent of the bank’s unimpaired capital and unimpaired surplus, or $25,000, but in neither event more than $100,000.13

The regulators’ overly expansive approach to Regulation O (discussed below) illustrates the widespread confusion in its default position of treating a board chairman as an executive officer unless certain conditions are met. As a matter of corporate governance, the default position should be the opposite presumption that the board chair is not an executive officer unless unusual circumstances exist.

Supervision Appeals Review Committee’s (“SARC”) Decision

On September 19, 2023, the FDIC’s Supervision Appeals Review Committee (“SARC”) published a decision regarding an alleged violation of Regulation O that highlights the confusion surrounding the definitions of “executive officer” and “director.” In this case, a bank’s board of directors adopted annual resolutions excluding the Chairman of the Board from participation in major policymaking functions of the bank. The chairman also served on the board’s loan, investment, and marketing committees.

The FDIC’s Regional Office had concluded that the bank’s extensions of credit to the Chairman of the Board violated the heightened insider lending restrictions for executive officers of a bank, because the bank had made certain prohibited loans to an executive officer as defined by Regulation O. When the bank filed a request for review of the determination with the Director of Risk Management Supervision (“RMS”), the Director issued a decision concurring in the Regional Office’s determination. The bank appealed the Director’s decision to the SARC.14

The SARC interpreted Regulation O to mean that a Chairman of the Board could be an executive officer under Regulation O only when the chairman’s participation in policymaking functions is outside their capacity as a director. In this case, the SARC concluded that the Chairman was engaged in various activities that could reasonably be described as “policymaking,” but these activities all appeared to be within his capacity as a board member. Therefore, the SARC found that extensions of credit made by the bank to the Chairman of the Board did not violate the heightened insider lending restrictions for executive officers of a bank.

Confusion Among Non-Bank Regulators Regarding the Corporate Transparency Act (“CTA”)

Similar to how regulators of banks have struggled to delineate the roles of executive officers and directors, regulators of non-bank corporate entities have also had difficulties distinguishing between the roles of officers and directors of non-bank corporate entities. The Financial Crimes Enforcement Network (“FinCEN”) has grappled with the question of whether directors have the authority to make important decisions regarding a corporate entity, and how their roles differ from those of other senior officers.

Corporate Transparency Act (“CTA”) Reporting Requirements

On January 1, 2021, the Corporate Transparency Act (“CTA”) was enacted into law as part of the National Defense Authorization Act (“NDAA”), requiring a broad array of legal entities to register with FinCEN and disclose their ultimate beneficial owners.15 On September 30, 2022, FinCEN issued a final rule implementing the beneficial ownership information (“BOI”) reporting requirements of the Corporate Transparency Act (“BOI Rule”).16 The CTA’s reporting requirements apply to “reporting companies,” which include both domestic and foreign companies.

Among other things, the BOI Rule requires reporting companies to submit information about their “beneficial owners,” which are defined as any individual who—directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise—(i) exercises substantial control over the entity; or (ii) owns or controls at least 25 percent of the ownership interests of the entity.17

Exercising “Substantial Control”

In order to clarify what it means to exercise “substantial control” over an entity, FinCEN identified three indicia of substantial control: (1) service as a senior officer of a reporting company; (2) authority over the appointment or removal of any senior officer or dominant majority of the board of directors (or similar body) of a reporting company; and (3) direction, determination, or decision of, or substantial influence over, important matters of a reporting company. There is also a catch-all provision for an individual who has any other form of substantial control over a reporting company.18 A “senior officer” is narrowly defined as any individual holding the position or exercising the authority of a president, chief financial officer, general counsel, chief executive officer, or chief operating officer.19

FinCEN’s BOI Rule draws a bright line that requires reporting companies to report senior officers as individuals who exercise substantial control over an entity. However, the BOI Rule does not automatically categorize directors as beneficial owners who exercise substantial control. In fact, the BOI Rule merely states that “[a]n individual may directly or indirectly… exercise substantial control over a reporting company through: (A) Board representation…”20 Additionally, one of FinCEN’s FAQs on the BOI Rule states that “Whether a particular director meets any of these criteria is a question that the reporting company must consider on a director-by-director basis.”21

Thus, FinCEN has implicitly acknowledged that a director’s authority to make decisions as part of a collective body is not enough to deem that director to be a beneficial owner who exercises substantial control over a reporting company. Rather, determining whether a director exercises substantial control requires a fact-based analysis regarding the individual director’s roles and responsibilities within the reporting company.

As mentioned above, in the Regulation O context, the SARC conducted a similar fact-based analysis to determine whether a bank’s Chairman of the Board engaged in major policymaking functions outside of his capacity as a director, such that the chairman would be considered an “executive officer” of the bank. In the SARC case, the FDIC argued that the chairman was an executive officer who served on the bank’s loan and investment committees on a continuous and permanent basis as a member of those committees, and the board minutes also demonstrated that the chairman’s participation in policymaking involving a wide variety of matters, including providing direction and leadership regarding the bank’s capital markets and investment strategy and its lending activities. However, the SARC ultimately disagreed with the staff determination and held that the chairman was or is engaged in various activities that could reasonably be described as policymaking within the chairman’s capacity as a board member.22

Non-bank corporate entities seeking to limit the number of reportable beneficial owners can glean important lessons from the SARC decision, as well. As a best practice, non-bank corporate entities should carefully define the roles of directors so that directors only have control over matters that would be appropriate for a board member. In particular, board members should make decisions as part of a collective body or committee, rather than as individuals who have the authority to make important decisions for the reporting company.

Continued Confusion Among Bank Regulators Regarding the Roles of Directors in the Corporate Governance Proposal

On October 3, 2023, the FDIC published a proposed rulemaking that would add extensive corporate governance obligations and risk management directives for certain financial institutions to the FDIC’s safety and soundness guidelines (the “Proposed Standards”). The Proposed Standards would apply to all FDIC-supervised institutions with total consolidated assets of $10 billion or more on or after the effective date of the final Guidelines.23

The Proposed Standards address the obligations, composition, duties, and committee structure that the FDIC expects bank boards to satisfy as part of good corporate governance. Under the Proposed Standards, the duties of the board of directors would include: (i) setting an appropriate tone and establishing a responsible, ethical corporate culture; (ii) evaluating and approving a strategic plan; (iii) approving and annually reviewing policies; (iv) establishing and annually reviewing a written code of ethics; (v) actively overseeing the bank’s activities, including all material risk-taking activities; (vi) exercising independent judgment; (vii) selecting and appointing qualified executive officers; (viii) establishing and adhering to a formal training program; (ix) conducting an annual self-assessment of its effectiveness; and (x) establishing and annually reviewing compensation and performance management programs.24

The Proposed Standards often conflate the roles of the board of directors and management, imposing duties on boards that are typically the responsibility and prerogative of management. For example, the Proposed Standards propose making directors responsible for corporate culture, work environments, operating policies, and the ethics code. However, these are typically managerial functions and responsibilities, rather than board functions and responsibilities. Consider some examples in more detail.25

First, the Proposed Standards suppose that a board is to “establish a corporate culture and work environment that promotes responsible, ethical behavior.”26 But while boards of directors often perform the function of setting a “tone at the top,” it is a reach to expect them to be able to “establish cultures or work environments.”27 These are managerial functions and responsibilities. In the case of work environments, these functions occur deep in the organization, such as in bank branches.

Second, the Proposed Standards say that “The board is responsible for establishing . . . the policies that . . . guide the operations of the covered institution . . .”28 But operations are the province of management, not boards, and boards should direct management to establish appropriate operational policies.29 Were the proposal to be adopted, operational policy formulation—starting with a wholesale review of all existing policies—would utterly consume the time boards can devote to oversight.

Third, the Proposed Standards refer to an institution-wide code of ethics to be “written and adopted by the board,” and later say the “board should establish a written code of ethics for the covered institution, covering directors, management, and employees.”30 True, boards can and do direct management to develop institution-wide codes of ethics for the board’s review and approval, and both federal securities laws and stock exchange listing rules require companies to adopt codes of ethics. But the development of such codes, particularly those applicable to employees, is a management function.31 Institution-wide promulgation of the code must originate with management, and be developed with internal input.32

Fourth, the Proposed Standards contain a series of provisions prescribing the production of various programs and controls. In most cases, these provisions direct management to establish and implement them, and the board to oversee and approve them. Such an allocation of responsibilities between the board and management is appropriate, and reflects both applicable law and standard governance practices. But in the same section, in at least three instances, the Proposed Standards direct the board to establish certain programs and processes which are the responsibility and prerogative of management, not boards: the risk management function; handling risk limit breaches; and dealing with violations of law.


Boards, as well as regulators, may benefit from increasing their attention to the differences, as well as occasional similarities, that exist in the role of the board versus the role of management.33

In brief, the role of directors is defined as the ultimate decision-making body of the corporation or bank. It has both an oversight role (overseeing management on behalf of shareholders and other constituencies) and an advisory role (advising management), with almost no involvement in every-day company operations. The board works as a collective group, with all directors having the same fiduciary duties and the same exposure to liability.

In contrast, the management team consists of full-time company employees whose main responsibility is to operate the company. These officers—such as the CEO, COO, CFO, CLO, CIO, CISO, and CRO—are appointed and compensated by the board. They report to the board and provide the board with accurate and timely information on the company’s performance, opportunities, and challenges. They implement the board-approved strategy, manage the entity’s risks, execute its operations, and develop its talent.

True, overlaps may occur in some cases, such as when a board helps managers respond to a corporate crisis, or when a director is also an executive. But in general, the roles of directors and senior managers differ fundamentally: (1) directors have a higher authority and accountability than managers, who are their agents; (2) directors have a broader and longer-term perspective than managers, who are focused on the day-to-day operations; and (3) directors have a more diverse and independent composition than managers, who are part of the same organization.

As regulators continue to face difficulties distinguishing between the roles of officers from the roles of directors, banks and non-bank corporate entities should continue to carefully manage the allocation of responsibility to their officers and directors. Board resolutions should ensure that the roles of directors are narrowly defined and that director activities are limited to actions taken in their capacity as a board member. This distinction should be reinforced through appropriate supervisory communications and participation by officers—and, when appropriate, directors—in meetings with examiners.


1 See, e.g., BPI, Guiding Principles for Enhancing US Banking Organization Corporate Governance 11 (Jan. 2021) (“Maintaining a distinction between the respective roles of the board and of management is necessary in any corporation.”).

2 Group of Thirty, Toward Effective Governance of Financial Institutions 20 (Apr. 2012) (“It is misguided and dangerous to conflate the responsibilities of management with those of the board.”).

3 See, e.g., TCH, The Role of the Board of Directors 6 (May 2016) (“US bank regulatory releases do not clearly distinguish between the … board and senior management”).

4 12 U.S.C. §§ 375a, 375b; 12 C.F.R. pt. 215.

5 12 U.S.C. §§ 1468(b), 1828(j); 12 C.F.R. §§ 31.2, 337.3.

6 12 C.F.R. § 215.1(b).

7 Id. at § 215.2(h).

8 12 C.F.R. § 215.5.

9 Id. at § 215.2(d)(1).

10 Id. at § 215.2(e)(1).

11 Id.

12 Id. at § 215.4.

13 Id. at § 215.5.

14 FDIC Supervision Appeals Review Committee, In the Matter of * * *, Case No. 2023-01,

15 See 31 U.S.C. § 5336.

16 See 31 C.F.R § 1010.380; 87 Fed. Reg. 59,498 (Sept. 30, 2022).

17 Id. at § 1010.380(d).

18 Id.

19 Id. at § 1010.380(f)(8).

20 Id. at § 1010.380(d)(1)(ii) (emphasis added).

21 FinCEN, Beneficial Ownership Information Reporting: Frequently Asked Questions, (emphasis added).

22 FDIC Supervision Appeals Review Committee, In the Matter of * * *, Case No. 2023-01,

23 FDIC, Guidelines Establishing Standards for Corporate Governance and Risk Management for Covered Institutions with Total Consolidated Assets of $10 Billion or More, 88 Fed. Reg. 70,391 (Oct. 11, 2023). FDIC-supervised institutions are insured state nonmember banks, state-licensed insured branches of foreign banks, and insured state savings associations that are subject to Section 39 of the FDI Act.

24 Id.

25 We take these examples from the Comment Letter of the Society for Corporate Governance on the Proposed Standards, which we assisted in drafting.

26 88 Fed. Reg. at 70,405.

27 See, e.g., BCBS, Corporate Governance Principles for Banks § 30 (July 2015) (discussing the steps a bank board should take to reinforce the “tone at the top”).

28 88 Fed. Reg. at 70,405.

29 See, e.g., Federal Reserve, Commercial Bank Examination Manual § 4000.1 (Apr. 2020) (“The board of directors of a bank should delegate the day-to-day routine of conducting the bank’s business to its officers and employees”).

30 88 Fed. Reg. at 70,395, 70,405.

31 E.g., OCC, Director’s Book 26 (Nov. 2020) (“The board should oversee management’s development and periodic review of the code of ethics and other policies that address board and employee conduct”).

32 See, e.g., BCBS, Corporate Governance Principles for Banks § 14 (July 2015) (“Management should develop a written code of ethics or a code of conduct.”).

33 See, e.g., NACD, The Role of the Board v. The Role of Management (Feb. 2022).

Stay Up To Date With Our Insights

See how we use a multidisciplinary, integrated approach to meet our clients' needs.