© 2024 Arizent. All rights reserved.

FDIC proposes stricter governance guidelines for regional banks

FDIC
The Federal Deposit Insurance Corp. issued a proposal last week that would impose stricter corporate governance standards for regional banks, including "three-line-of-defense" risk management model.
Bloomberg News

WASHINGTON — The Federal Deposit Insurance Corp. issued proposed guidelines directing large banks to establish and promote risk management strategies, ethical codes and policies that ensure safe and sound operations, compliance with regulations and consumer protections. 

In a statement accompanying the proposal, FDIC Chairman Martin Gruenberg argued that a string of regional bank failures earlier this year were accelerated by poor corporate governance, demonstrating the need for the agency to codify more stringent corporate governance standards for regional banks.

"The FDIC believes that larger, more complex [insured depository institutions, or IDIs] require more sophisticated and formal corporate governance and risk management structures and practices," he said. "The proposed guidelines would clarify the FDIC's expectation that corporate governance and risk management frameworks need to evolve along with growth, complexity and changing business models and risk profiles of larger IDIs."

Under the proposal, the board of directors at all FDIC-supervised institutions — primarily state-chartered banks that are not part of the Federal Reserve system — with more than $10 billion of assets would need to establish risk management programs commensurate with the firm's size, risk profile, complexity and business model. The guidance also directs applicable banks to implement what's known as a "three-line-of-defense" risk management model to keep tabs on reporting risks. The layers of such a model would consist of risk management in banks' business units, an independent risk management program helmed by a chief risk officer and an internal audit. The guidance further notes banks will be responsible for proactively communicating their risk appetite and maintaining a strategy for promoting compliance by their staff and reporting any breaches of their articulated risk limits. 

"The FDIC observed during the 2008 financial crisis and more recent bank failures in 2023 that financial institutions with poor corporate governance and risk management practices were more likely to fail," the proposal notes. "Corporate and risk governance structure and practices should keep pace with the bank's changes in size, business model, risk profile, and complexity [and] larger or more complex institutions should have more sophisticated and formal board and management structures and practices."

As proposed, the guidance also requires a majority of a bank's directors to have no affiliation with its parent holding company in order to increase the board's independence in decision-making. National banks are already subject to similar standards established by the OCC.

Approved last week by notational vote outside the board's customary meeting schedule, the guidance passed by a narrow 3-2 party line margin. FDIC Vice Chairman Travis Hill and board member Jonathan McKernan — both Republican appointees — voted against the proposal.

MCKERNAN-JONATHAN-FDIC-BLOOMBERG
FDIC's McKernan questions rationale behind Basel endgame standards

Hill said while many of the guidelines are positive practices the FDIC should expect from banks, he had concerns with the parts of the proposal he saw as so open-ended as to be practically unenforceable. Those he cited include the requirements that banks set what the agency considers an appropriate tone for risk management, developing a written strategic plan, articulating an overall mission statement and written code of ethics, conducting an annual self-assessment and the need for firms to describe a safe and sound risk culture.

"I am skeptical that many of the provisions should rise to the level of enforceable safety and soundness standards, and I think we should be mindful that one-size-fits-all 'best practices' are rarely actually the best practices for the unique situation and circumstances of any particular institution," he said. "I think our examiners should focus more on banks' core financial condition rather than micromanaging these types of processes."

McKernan noted a number of aspects of the guidelines he saw as potentially fraught, and noted the proposed guidelines may take the much needed focus off of bank manager's need to manage prudential risks.

"While similar to the standards adopted by the OCC … our version would tend to undermine accountability for risk ownership, conflate the roles of board and management, preempt state corporate law, and potentially conflict with regulatory expectations applicable to parent companies," he said. "My hope is that we will address these issues in the final guidelines."

For reprint and licensing requests for this article, click here.
Regulation and compliance Politics and policy
MORE FROM ASSET SECURITIZATION REPORT