Rebuilding Bank Governance after the : Best Practices Thomson CONTENTS

Why Banks Are Different...... 3

Establishing a Framework for Assessing Risk ...... 4

Focusing on the Right Data Remains a Core Challenge...... 5

Finding the Right People – Experience is Key, But Not the Only Answer . . . 5

A Spotlight on Executive Pay...... 6

Conclusion ...... 7

2 Rebuilding Bank Governance after the Financial Crisis: Best Practices October 2012 Demands on bank directors have rarely been There is also a wider array of risks bank higher . Following the financial crisis of 2008, managements and boards must assess in board members in the u .s . and Europe contrast to other industries . These include have confronted dozens of new rules from a credit; market; liquidity; operational; legal and multitude of regulators, while striving to regain reputational risks . At any time, one of these the confidence of customers and shareholders . risks has the potential to jeopardize the bank’s Amidst this newfound scrutiny, bank boards business—making it critical for board members are increasingly being held accountable, with to have timely access to information . regulators as well as private plaintiffs pursuing The regulatory scrutiny to which banks are claims when performance falters . In the first subject, as well as the rising risk of litigation, nine months of 2012, the FDIC authorized suits makes it particularly important for banks to against 274 defendants—although many of be able to point to an effective governance these will ultimately be settled . structure . For example, banks should give The scrutiny shows no sign of abating . Just in careful thought to what percentage of directors the last few months, there has been the are ‘inside’ directors versus independent rate-setting scandal that led to the resignation directors; what the appropriate board of chief executive, and the unexpected committees are to establish and of course, who trading loss of more than $5 8. billion at is best equipped to run those committees . In JPMorgan that was followed by the departure particular, the board may want to consider a of its chief investment officer . ‘skills audit’ to identify in greater detail what knowledge or experience each member can How should bank boards respond in these contribute to the board . times of heightened risk? This white paper will review governance guidelines mandated by Bank directors should keep in mind that regulators or recommended by academics regulators conduct examinations that and consultants . The hope is that banks will include an assessment of whether a board be less vulnerable to extraordinary losses is carrying out its duties . During the course by setting clear standards for assessing risk; of an examination, examiners review board paying careful attention to board structure and minutes . According to a guide for bank selection of directors; and taking a thoughtful directors published by the approach to incentive compensation for top Bank of Kansas City (Basics for Bank Directors, executives . January 2010), the examiner will look to the minutes to confirm that the board has: Why Banks Are Different “approved business strategies for the bank; Banks require governance solutions that differ approved and reviewed policies that articulate from what other industries might adopt . This is risk tolerances and set exposure limits for its due to banks’ conflicting constituents: on the important activities; and periodically reviewed one hand, they must satisfy shareholders, but the bank’s performance in order to monitor its they are also beholden to the public, including risk exposures and the effectiveness of its risk depositors . Satisfying the first group may mean management . Bank directors must also be taking risks that jeopardize the second—which mindful of ‘’management information,” or what in turn could subject the bank to regulatory information is disclosed to regulators and the scrutiny . Being a bank board member involves a public on business and risk decisions . delicate search for a middle ground . Establishing a Framework for separate risk committee composed of Assessing Risk independent directors, including at least one Given the growing complexity of global banks’ risk management expert with a background at operations, regulators have stressed that bank a large, complex business . The Federal Reserve is boards should be guided by a special currently drafting this rule; similar requirements committee focused on risk management, and for smaller bank holding companies may set specific standards for that committee’s follow . priorities . The failure of bank boards to In the u .k ., the Walker Review, an assessment adequately monitor risk has been repeatedly of corporate governance at u .k . banks, was referred to by regulators as a cause of the published in November 2009, strongly financial crisis . One oft-quoted fact about the recommending that banks set up a board-level collapse of is that the bank’s risk committee and appoint a Chief Risk Officer risk committee met only twice in 2006 and in to support the board committee . However, the 2007, the years leading up to the crisis . recommendations ultimately adopted in the In the past, many bank boards managed risk revised UK Corporate Governance Code through the audit committee . But that is (affecting all companies) the following year did changing, at the prodding of regulators who not mandate a separate risk committee . The believe risk oversight is critical enough to code does stress that “the board is responsible warrant its own committee . The role of the risk for determining the nature and extent of the committee is to take a strategic approach to significant risks it is willing to take in achieving analyzing and assessing risk . In contrast, the its strategic objectives .” audit committee is responsible for verifying The Basel Committee on Banking Supervision, that the proper controls are in place, with which includes representatives of 27 nations, regard to risk management, compensation and published its revised ‘Principles for Enhancing other governance issues . This is key given Corporate Governance’ in October 2010 . The banks’ increased disclosure requirements . principles noted that “effective risk management u .s . banks, along with other companies, are requires robust internal communication within bound by enhanced Securities and Exchange the bank about risk, both across the organization Commission disclosure rules effective February and through reporting to the board and senior 2010, requiring companies to provide details management .” The Basel Committee also about the board’s role in assessing risk . Even recommended the appointment of a Chief Risk though the rule does not mandate a specific Officer with access to the board, and in many course of action, it indirectly promotes best cases, a risk committee . practices in risk management . The rules also Banks have already made progress in tightening require companies to disclose compensation risk controls: a recent survey by Ernst & Young policies that could affect the company’s risk (Progress in Risk Management, profile . June 2012) of 69 global banks and 6 insurance The Dodd-Frank Wall Street Reform and companies found that 87% already had Consumer Protection Act of 2010 will require established a board-level risk committee; publicly traded u .s . bank holding companies while 57% of participants said their boards had with assets of $10 billion or more to set up a increased focus on risk post-crisis .

4 Rebuilding Bank Governance after the Financial Crisis: Best Practices October 2012 Focusing on the Right Data Remains and correlations, and include qualitative a Core Challenge firm-wide views of risk relative to return and But more needs to be done, with information to the bank’s external operating environment. gathering cited as the top challenge . While Senior management, and, as applicable, the 77% of participants in the Ernst & Young survey board, should review and approve scenarios have increased spending on technology since that are used in the bank’s risk analysis and the crisis, it will take years before those systems should be made aware of assumptions and are fully operational . potential shortcomings embedded in the “While the reporting process is improving in bank’s risk models.”​ many organizations, persistent problems still Finding the Right People – cited run the gamut from poor data quality, to Experience is Key, But Not the Only gaps in data flow from system to system, to the Answer sheer volume of data, which can result in Even if boards obtain the appropriate data, ‘phone book-sized’ reports that are not relevant interpreting it is another matter . As a result, or useful,’’ the study noted . identifying the best executives to serve on bank A key question is what data is important for the boards is a critical task . board to monitor . Boards are desperate to Many third parties such as rating agencies avoid getting overwhelmed by minutiae, at a maintain that bank boards should include time when rising complexity makes risk harder directors with financial backgrounds . Given the to monitor . Historically banks have focused on risks at stake, it is no longer acceptable for formulas such as Value At Risk to determine bank directors to plead ignorance of arcane whether the bank was operating in a prudent financial products such as collateralized manner . But critics say VAR failed to take into obligations . account extreme market conditions, such as those of 2008 . Banks have in fact been hiring more financial veterans . A report by Moody’s Investors Service A useful description of how boards should (Bank Boards in the Aftermath of the Financial approach risk management appeared in the Crisis, March 2010) noted that 46% of outside Basel Committee report: directors at global banks in North America and “Risk analysis should include both quantitative Europe had financial backgrounds, up from and qualitative elements. While risk measurement 32% before the crisis . is a key component of risk management, excessive Still, hiring banking industry veterans may not focus on measuring or modeling risks at the be a panacea . A Federal Reserve Bank of New expense of other risk management activities may York report on governance (Corporate result both in overreliance on risk estimates that Governance and Banks: What Have We do not accurately reflect real exposures and in Learned From the Financial Crisis?, June 2011) insufficient action to address and mitigate risks. noted that the board included The risk management function should ensure seven directors with a financial background, that the bank’s internal risk measurements cover out of a total of 13 members . Meanwhile, at a range of scenarios, are not based on overly , the British bank bailed out by optimistic assumptions regarding dependencies the government in 2008, the board included a former bank CEO, a top fund manager, and a prior member of the governing body of the banks to be sure incentive compensation . Could it be, the report practices for their highest paid employees “take wondered, that more sophisticated board into account risk and are consistent with safe members actually enable risk taking? and sound practices .” Expertise has its place on bank boards, but Globally, a force for change in bank perhaps it is more important to be mindful of compensation policies has been the Financial structural standards . For example, shareholders Stability Board (FSB), set up after the financial are urging banks to move away from having crisis and whose members include the “Group one executive serving as both CEO and Chairman . of Twenty” plus Spain, the Netherlands, made the change back in Switzerland, Singapore and Hong Kong, and 2009, after more than half of shareholders the . The G-20 approved voted to strip then-CEO Kenneth Lewis from his the Principles and the Implementation dual role as Chairman . ( named an Standards set forth by the FSB on compensation independent Chairman in 2010 but has reserved in 2009, and FSB members are at various the right to place the CEO in the Chairman’s stages of implementation . (Both the European seat, assuming it appoints a lead independent Union and the u .s ., through Dodd Frank, have director .) Other large banks will likely follow: In adopted much of the FSB principles) . April, 40% of JPMorgan shareholders voted to The FSB mandates placing limits on a bank’s remove CEO from his role as bonus pool as a percentage of net revenues if Chairman . the underlying capital base is not sound . For So-called ‘independent’ directors who stay in “material risk takers,” the FSB calls for 40% to those roles too long may lack objectivity, a 60% of variable compensation to be deferred World Bank report noted (Bank Governance: at least three years, with even more deferred Lessons from the Financial Crisis, March 2010) . for the most senior executives . Banks should For example, at the time of the financial crisis, “claw back’’ incentive compensation if non-executive bank directors had been in place performance suffers . ten years at Bear Stearns, and at Bear Stearns, The FSB calls for over 50% of incentive Lehman Brothers and Lynch, the term of compensation to be in the form of stock, or the CEO/Chairman exceeded those of non- equity-linked securities, rather than cash—“as executive directors . long as these instruments create incentives A Spotlight on Executive Pay aligned with long-term value creation and the Another focus of bank governance reform time horizons of risk .” Some observers note involves setting appropriate levels of incentive that an excessive focus on the stock price can, compensation . Many critics believe excessive in fact, lead to increased risk taking . The chief pay contributed to the financial crisis . executives at Bear Stearns and Lehman Brothers, Compensation is also a hot-button issue for for example, were among those institutions’ investors and customers, who get angry when largest shareholders . Some experts, including executives get paid millions of dollars after a former top banking executive Sallie Krawcheck, bank has suffered losses . in a recent Harvard Business Review article (“Four Ways to Fix Banks,” June 2012) – suggest In June 2010, regulators overseeing most u .s . boards link at least some of the pay of top banks issued guidance requiring the largest executives to the bank’s debt .

6 Rebuilding Bank Governance after the Financial Crisis: Best Practices October 2012 Another trend affecting bank compensation on equity exceeded its cost of equity . (Mr . involves shareholders’ growing role . Following Diamond has since stepped down following the passage of Dodd-Frank, all u .s . companies the Libor scandal and agreed to forfeit much must include in their proxy a separate resolution of his compensation) . called “Say on Pay” which allows investors to Conclusion indicate their views on compensation plans . Companies in the u .k . have had the ability to Keeping a tight rein on risk at a bank in the comment on pay packages since 2003, although twenty-first century is a complicated task . the government is expected to make such votes Setting the right framework for assessing risk, binding starting next year . selecting the right board members, and determining the right compensation mix for These shareholder votes are leading to increased top executives are all important . But given the scrutiny for bank executives . In April, a majority growing complexity behind these processes, of Citigroup’s shareholders voted against communication among board members and management’s pay packages in a non-binding with top bank executives remains critical . A vote . Since then, the bank has reportedly hired thoughtful board will be in frequent contact, a consultant to review the compensation . That with mechanisms in place to respond quickly same month, more than a quarter of Barclays in times of market stress, with the help of shareholders voted against the compensation improved technology . Enhanced communication of its then-CEO, Robert Diamond . The bank can go a long way toward identifying problems agreed half of Mr . Diamond’s £2 .7m bonus for before they blossom into scandals or areas of 2011, which was to be paid out over three years, regulatory scrutiny . would only be paid in full when the bank’s return THOMSON REUTERS ACCELUS™ Thomson Reuters Governance, Risk & Compliance (GRC) business unit provides comprehensive solutions that connect our customers’ business to the ever-changing regulatory environment . GRC serves audit, compliance, finance, legal, and risk professionals in financial services, law firms, insurance, and other industries impacted by regulatory change . The Accelus suite of products provides powerful tools and information that enable proactive insights, dynamic connections, and informed choices that drive overall business performance . Accelus is the combination of the market-leading solutions provided by the heritage businesses of Complinet, IntegraScreen™, Northland Solutions, Oden®, Paisley®, West’s Capitol Watch®, Westlaw® Business, Westlaw Compliance Advisor® and World-Check® .

For more information, visit accelus.thomsonreuters.com

© 2012 Thomson Reuters GRC00056/10-12