Board Standards for Overseeing the Risk Governance Framework

This article is excerpted from A Director’s Voyage through Risk Management, a book by Dean Yoost that looks at how directors should approach cyber, strategic, third-party, and other risks. Yoost, a member of RMA’s Editorial Advisory Board, is a frequent contributor to The RMA Journal.

In September 2014, the OCC issued “Guidelines Establishing Heightened Standards for Certain Large Insured Banks, Insured Savings Associations, and Insured Federal Branches.”

The guidelines are intended to advance the heightened expectations program as memorialized by the OCC’s informal set of heightened expectations. Examiners will now assess risk management practices and the effectiveness of board oversight using these guidelines to identify and communicate areas requiring improvement by the board and management.

The fact that the heightened standards were prescribed as guidelines rather than formal regulations provides for flexibility on the part of the OCC. “Guidelines give the OCC more flexibility in determining whether to require a noncompliant institution to submit a formal remediation plan or tailor a different remedy, taking into account the institution’s circumstances and its self-corrective or remedial efforts,” said Rodney R. Peck, partner, Pillsbury Winthrop Shaw Pittman and a board member of Bank of the West.

Under the guidelines, six minimum standards have been set for the board in overseeing the risk governance framework’s design and implementation:

  1. Require an effective framework. Directors should oversee compliance with safe and sound practices and require management to establish and implement an effective risk governance framework that meets the guidelines’ standards.
  2. Provide active oversight of management. The board should actively oversee risk-taking activities and hold management accountable for adhering to the framework.
  3. Exercise independent judgment. Directors are expected to exercise sound, independent judgment when providing oversight.
  4. Include at least two independent directors on the board.
  5. Provide ongoing training to all directors. The board should establish and adhere to a formal, ongoing educational program for directors, which considers the directors’ knowledge and experience as well as the institution’s risk profile.
  6. Conduct an annual self-assessment. The board’s self-assessment should include an evaluation of how well the institution is meeting the standards established for the board in the guidelines.

The guidelines indicate that directors should be knowledgeable about finance and committed to conducting diligent reviews of management, the financials, and business plans. The OCC will evaluate each director’s knowledge and experience, as demonstrated in their written biographies and discussions with examiners.

Moreover, the guidelines reemphasize the OCC’s expectations that the board provide a “credible challenge” to management. The OCC believes that directors will be able to exert this challenge if they have a comprehensive understanding of the risk-taking activities and actively engage in overseeing those activities.

The above is based on an excerpt from The RMA Journal, June 2016 article “Credible Challenge and the Search for Excellence.” You can read the article in its entirety here.

Washington – The Week Ahead, June 17–21, 2017

Read More

Board Standards for Overseeing the Risk Governance Framework

Read More

Regulatory Update for July 2017

Read More

comments powered by Disqus