The FDIC board voted today in favor of proposed rulemaking to establish new guidelines for governance and risk management at supervised banks with at least $10 billion in consolidated assets. The notational vote occurred outside the board’s regular meeting schedule, with two members saying they objected to the proposal.
Among other things, the proposed guidelines state that bank boards should establish risk management programs “appropriate for the size, complexity, business model, and risk profile of the covered institution.” Banks also should have a “three-line-of-defense model of risk management” for monitoring and reporting risks consisting of business units, an independent risk management function led by a chief risk officer and an institution’s internal audit unit led by a chief audit officer. In addition, banks should “effectively communicate” their risk appetite and policies to encourage compliance by all employees, and identify and report breaches of risk limits, even if the institution does not realize a loss from the breach.
In a statement, FDIC Chairman Martin Gruenberg said that both the 2008 financial crisis and more recent bank failures showed that banks with poor corporate governance and risk management practices were more likely to fail. “The FDIC believes that larger, more complex [insured depository institutions, or IDIs] require more sophisticated and formal corporate governance and risk management structures and practices,” he said. “The proposed guidelines would clarify the FDIC’s expectation that corporate governance and risk management frameworks need to evolve along with growth, complexity and changing business models and risk profiles of larger IDIs.”
FDIC Vice Chairman Travis Hill and board member Jonathan McKernan objected to the proposed rulemaking, with Hill saying regulators need to resist “one-size-fits-all” best practices. “While I appreciate that there can be value in having a range of experiences and perspectives represented on a bank’s board, I am skeptical that a board can satisfy the standards set forth in the guidelines unless it includes members that have in-depth knowledge of banking,” he said.
