The Fed’s Wake-Up Call to Bank Directors

Edward D. Herlihy and Lawrence S. Makow are partners in the Corporate Department at Wachtell, Lipton, Rosen & Katz. The following post is based on a Wachtell Lipton memorandum by Mr. Herlihy and Mr. Makow; the complete publication, including footnotes, is available here.

The Dodd-Frank Act was undoubtedly a thorough re-working of the regulatory paradigm for banks and other financial institutions. But no less resolute are the intentions of U.S. banking regulators to carry regulatory reform further, based in significant part on perceived “macroprudential” authority after Dodd-Frank. The new regulatory paradigm will increasingly leave behind bank regulation’s traditional moorings in the protection of federally insured deposits and safe and sound operation of banking organizations. Instead, “macroprudential” regulation will rest on the goals of protecting U.S. financial stability and reducing systemic risk—broad, malleable concepts that elude precise definition. It will seek to influence activities not just of banking organizations but also activities conducted by non-bank entities not traditionally subject to prudential regulation. And, according to an important speech given last week by Federal Reserve Governor Daniel K. Tarullo, the new regulatory paradigm embraces consideration of a potentially unprecedented expansion of the fiduciary duties of directors of banking institutions. This would give such directors very potent incentives to prioritize supervisory goals—including macroprudential objectives.

Modifying Fiduciary Duties

Specifically, the Governor posed the question whether existing modes of financial regulation could be further supplemented by:

[modifying] the fiduciary duties of the boards of regulated financial firms … to reflect what I have characterized as regulatory objectives. Doing so might make the boards of financial firms responsive to the broader interests implicated by their risk-taking decisions even where regulatory and supervisory measures had not anticipated or addressed a particular issue. And of course, the courts would thereby be available as another route for managing the divergence between private and social interests in risk-taking.

Unspecified are precisely how fiduciary duties would be modified or to whom in particular they would be owed, or how the courts would develop the expertise required to judge the board’s fidelity to the relevant regulatory objectives—so, at the moment, the proposal appears to be more of a thought experiment than a concrete regulatory initiative. Still, directorial fiduciary duty law has developed primarily through state common law, and the questions of what the duties encompass, how directors satisfy them, to whom they are owed and to what extent directors may be exculpated from, or indemnified against, personal liability for their breach, among many others, have given rise to an extraordinarily complex and nuanced body of law. Few topics are of more concern to directors than their potential for liability for breach of fiduciary duty. It is often said that U.S. public corporations overwhelmingly choose to incorporate in Delaware because its corporate law is more “developed” and “predictable.” For these reasons, proposals by important public officials that would substantially change the fiduciary duty landscape, even if preliminary, are bound to elicit strong responses. Indeed, Frank Keating, President of the American Bankers Association, reacted this way:

I’m concerned that Governor Tarullo’s suggestion will discourage participation on local bank boards across the country, reducing community participation in a manner that will harm institutions’ abilities to serve their customers. Broadening directors’ liability means that many talented candidates will deploy their expertise outside of the banking industry and that bank boards won’t include the diverse cross-section of community members that is so vital to their success.

In order to better understand the context, it is helpful to review other themes struck recently regarding prudential regulation of systemically important financial institutions and financial stability. Such a review is also helpful because, beyond any potential impact on fiduciary duties, speeches of senior regulatory officials emphasize overarching themes and directions concerning supervision and governance of financial institutions that should be of great interest to all directors of financial institutions, regardless of whether particular regulations explicitly apply to their firms. Two important themes are the broadening of regulation by basing it on system-wide financial stability goals and by imposing it on the shadow banks that exist beyond the current “regulatory perimeter.”

Broadening the Foundational Aims of Prudential Regulation

The first broadening theme is comprised of the concern regarding systemic risk to financial stability of the United States and the macroprudential regulation that explicitly takes it into account. Key provisions of Dodd-Frank, such as Section 165, lead to a regulatory paradigm that can impose behavioral restrictions on an individual financial institution based not on concerns about safety and soundness of the institution itself and its federally insured deposits, but based solely on the impact that the institution may have the financial stability of the U.S. as a whole:

[T]he aims and scope of prudential regulation have been fundamentally redefined since the financial crisis. Most significantly, a concern with financial stability and an increased emphasis on macroprudential regulation have informed major changes in both banking law and supervision…. The systemic perspective and consequent aim of protecting financial stability argue for the stronger and broader regulatory measures that have been undertaken in recent years.

Venturing Outside the Regulatory Perimeter

The second area of broadening is driven by the interconnectedness of institutions, which may or may not clearly be subject to prudential regulation, within the overall financial system. This paradigm requires that regulation reach not just prudentially regulated institutions, but also those outside the current regulatory perimeter—institutions comprising the so-called shadow banking system. A particular focus is on entities and transactions involved in short-term wholesale funding and carrying large trading books, including maturity-matched books of securities financing transactions such as repos and securities lending. Here, Governor Tarullo explains that traditional “prudential regulatory structure was too narrow in that it did not extend to firms and activities outside of banking organizations, even those that could pose a threat to financial stability, because the soundness of the federal deposit insurance system was not implicated.”

This vision of regulation goes beyond the explicit statutory Dodd-Frank extension of Federal Reserve supervision to non-bank institutions deemed to be large or interconnected enough to be of systemic significance. Governor Tarullo points out that “the risk of contagious runs would persist even in the absence of individually systemic institutions.” Citing “a need to supplement prudential bank regulation with a third set of policy options in the form of regulatory tools that can be applied on a market-wide basis,” i.e., not just to entities clearly subject to regulatory supervision, he contemplates that regulators might, for example, set a universal regulatory charge on all securities financing transactions, a minimum amount of excess margin that would need to be posted by “any entity that wants to borrow against any security.”

Regulating Board Oversight: Which Master Do You Serve?

It is in this context that Governor Tarullo has turned his attention to corporate governance and corporate law fiduciary duties. In his June 9 address, he declared that “special corporate governance measures are needed as part of an effective prudential regulatory system.”

Of course, there is nothing new about banking regulation placing upon banks and bank holding companies constraints on the operation of the business, and consequently on the discretion of boards of directors. Examples include the constraints imposed by capital requirements on distributions to shareholders, and the need to subject mergers and acquisitions authorized by the board to approval by banking regulators. Moreover, boards of directors have long been at the center of the bank examination process and allotted an important role in regulatory enforcement actions. And, as we pointed out in our memorandum of January 17, 2014, Dodd-Frank and the regulations enacted in its wake have prescribed significant new responsibilities to boards, particularly those of larger institutions, in important areas such as enterprise-wide risk management, capital planning and stress testing, resolution planning and liquidity risk management.

Additionally, the OCC’s “heightened standards” framework articulates a vision of decidedly deeper involvement on the part of directors of larger banks in their institutions’ risk management practices and control mechanisms. Among other things, the framework—which will guide the approach of bank examiners going forward—requires that board oversight of an institution’s risk-taking activities be “active”: “[i]n providing active oversight, the board of directors should question, challenge, and when necessary, oppose recommendations and decisions made by management that could cause the bank’s risk profile to exceed its risk appetite or jeopardize the safety and soundness of the bank.” It is also invites a discrete focus on individual director engagement, as it ascribes a duty to oversee compliance with safe and sound banking practices to “[e]ach member” of a bank’s board. Observers expect the OCC framework to be formally adopted soon, but it is already influencing supervisory practices on the ground, including those of the Federal Reserve.

But the enhanced demands on of boards under banking regulation are distinct from the potential liabilities directors face under state fiduciary duty law. It is possible that a plaintiff could seek to introduce evidence of conscious, bad-faith evasion of the various regulatory mandates purportedly constituting a breach of fiduciary duties in seeking to make out a Caremark claim (that is, a claim that a board breached its oversight responsibilities by failing to cause the corporation to have in place sufficient mechanisms and systems detect and prevent illegal conduct within). Indeed, the fact pattern of one of the leading cases explicating the limited nature of Caremark duties (and denying relief to the plaintiff) involved an enforcement action, including $50 million in fines and civil monetary penalties, for a violation of the Bank Secrecy Act and anti-money laundering regulations. But aside from this remote possibility, supervisory requirements of boards have occupied a mostly distinct sphere from state-law fiduciary duties—conceptually distinct obligations involving different sources of the relevant law, different behavioral requirements, different thresholds for liability, different classes of beneficiaries, different enforcement mechanisms and different remedies and levels of personal risk to directors.

Governor Tarullo suggests that traditional fiduciary duties, focused only on shareholders, may be inadequate as applied to directors of banking institutions—from several perspectives. He explains that certain aspects of banking regulation, like federal deposit insurance, make traditional fiduciary duties inadequate even for shareholders, as they may have the unintended effect of giving directors greater insulation from “the capital market discipline assumed in much corporate governance theory and corporate law.” For example, “the moral hazard associated with insured deposits implies that—at least at traditional, deposit-reliant banks—the kind of market discipline associated with the price of funding and creditor monitoring will be attenuated.” And the facts that any acquisition of a banking institution cannot proceed without regulatory approval, and that there are activity constraints that limit the universe of firms that can acquire a banking institution, may “limit the salutary disciplining effect on board and management of the market for corporate control.”

Risk: The Unique Challenge for Financial Intermediaries

In addition to arguing that inherent features of banking institutions and their regulation undermine the very assumptions implicit in the structure of fiduciary duty law, Governor Tarullo also points out that banks have greater needs. The management and oversight challenges associated with banking institutions are greater than those of other types of firms:

[T]he risks associated with financial intermediaries—especially those that are significantly leveraged and that engage in substantial maturity transformation—pose a particular challenge for corporate governance… [I]n the case of financial intermediaries … problems can be incredibly fast-moving, including runs on funding that can quickly place the very survival of the firm in doubt. These risks have increased during the past 25 years, as many institutions have combined traditional lending activities with capital markets businesses that rely on other funding models. Accordingly, judgments about risk appetite and control systems to manage risk must be effectively executed by senior management and overseen by the board. This imperative, in turn, means that the information and monitoring processes and systems established for, or available to, board of financial institutions may need to be more extensive than those in large, nonfinancial firms.

Not only does the nature of the risks involved in financial intermediation place greater demands on systems of corporate governance, but risk-taking itself is, as Governor Tarullo puts it, “perhaps the central activity” of financial institutions. And where financial intermediaries are significantly leveraged and engaged in maturity transformation, this “risk-taking carries substantial potential consequences beyond the possible losses to investors, counterparties and employees of the financial firm.” This is the key to his explanation of why “prudential regulation need[s] to involve itself with corporate governance” and why prudential regulation should, unlike most other administrative regulation, “create specific and ongoing requirements for corporate decisionmaking or oversight.”

A further argument for prudential regulation to involve itself with corporate governance is the difficulty of precisely quantifying “risk” and the limitations of other prudential tools such as prohibiting some activities entirely as unduly risky and influencing the conduct of permitted activities through mechanisms such as capital requirements. Because of these limitations, it is seen as “important for prudential regulation to influence the processes of risk-taking within regulated financial firms as a complementary tool.” An example is Section 165(h) of Dodd-Frank, the requirement that each bank holding company with $10 billion or more in consolidated assets have a risk committee of its board of directors that oversees risk management and controls. He notes that Section 165(h) does not specify what a firm’s risk appetite should be, but points out that “its inclusion in section 165 of the Dodd-Frank act, which requires an array of additional prudential measures directed at firms that could pose threats to financial stability, suggests that the risk-committee mandate has a prudential motivation.” The logic of this argument is that Dodd-Frank provides the legislative foundation for prudential regulation of the governance processes of a financial institution. The potential scope of that regulation is evident from his observations regarding the pervasiveness of risk-taking inherent to the business of financial intermediaries.

Having proposed that the risk appetite of a financial institution, and the processes, structures and systems that produce it, are properly the province of prudential regulators, Governor Tarullo notes that shareholders and regulators may well have a divergence of interests as to what substantive risk appetite decision a board of directors may elect. In order to change shareholder-focused corporate governance “to incorporate risk considerations consistent with micro- and macroprudential regulatory objectives[],” two reforms are identified: applying regulation to better align corporate governance with regulatory objectives and, as noted at the outset of this note, “broaden[ing] the fiduciary duties of boards and management.”

Compensation. In the former category come such measures as regulating the structure of incentive compensation, already the subject of existing regulation and examination. As to compensation, the thinking runs somewhat against the grain of compensation “best practices” in the corporate investor community by noting that it may be desirable, from the perspective of regulators, for managers’ compensation to be more aligned with their interest in remaining employed long-term by a viable firm, rather than by maximizing the stock price in the short- or intermediate-term. “Ironically, regulatory objectives match up better with the old-style managers for whom the preservation of the firm is considerably more important than for shareholders.”

Management Reporting Systems. Still another approach identified in the first category is seeking to “affect the institutions and processes of corporate governance.” An example is the Federal Reserve’s own emphasis on firms developing and maintaining effective management information systems. (The OCC’s proposed “heightened standards” regulation is clearly in this category.)

Board Structure. Governor Tarullo focuses on “three board positions—the nonexecutive chair or lead director, the head of the risk committee, and the head of the audit committee,” zeroing in on two positions (lead director and audit committee head) that have been of intense interest to the investor community and placing the head of the risk committee in that company. He notes the common interest here between shareholders and supervisors, observing that both “must have confidence that globally active institutions with hundreds of thousands of employees have audit and risk committees with the practical ability to provide effective oversight of risk decisions.” Moreover, he suggests that informational agency costs borne by shareholders can be reduced by “regular discussions” between board members and supervisors, as those supervisors “may have an informed perspective on the firm’s operations that enables boards better to fulfill their strategic and risk-oversight functions.”

Functional Integration. Also emphasized is another area in which a confluence of interest is seen between shareholders and regulators: that decisions on “strategy, risk-appetite-setting and capital planning” be connected to each other and not made in separate silos, “with the convergence of these efforts coming together only when it is too late for each to affect the other, or for the board to be able to exercise effective oversight.” This admonition regarding the right hand needing to know what the left is doing seems directed in particular at larger institutions with complex management structures. It also suggests additional specific responsibilities for boards and executive management, as the reduction of silos by its nature needs to be done at the highest levels of an institution.

This points up the difficulty of drawing lines as to how involved a board, as opposed to management, should or can be in the details of corporate structure. One practical example faced by boards of banking organizations is the handling of “Matters Requiring Attention.” An MRA is a supervisory finding that examiners communicate to the firm regarding a compliance deficiency that the examiners expect the firm to remediate. MRAs may be numerous, particularly at larger or more complex institutions that undergo a more or less continual cycle of examinations, and not all are of the same level of importance. One way for a board to get into difficulty with its regulators is for material MRAs to go unresolved for too long. Thus, a board should place significant importance on making sure that it is aware of the status of MRAs and that adequate steps are taken so that they are resolved promptly to the satisfaction of regulators. An important area of focus for the board is to satisfy that adequate systems are in place so that trouble does not arise because of unresolved MRAs, and that the systems do not require that the board get involved in an unrealistic level of specific detail.

* * *

Whether or not the idea of modifying directors’ fiduciary duties to include bank regulatory objectives becomes reality, the flow of regulatory initiatives from the Federal Reserve and the other banking regulators is significantly altering supervisory practice, including regulatory expectations of the roles of the board and of individual directors.

In this environment, expressed views of senior regulatory officials and the evolving governance demands of banking agencies are being closely followed by others in the regulatory and policy-making community; they should be closely followed by bank directors as well. In addition, boards should be highly attentive to regulatory relationships and highly attuned to the tenor of the comments and statements coming from their regulators. Heightened sensitivity to the handling of any specific regulatory criticisms or outstanding issues, such as MRAs, is warranted.

Developments such as the expected adoption of the OCC’s heightened standards rule will be followed up by monitoring through the examination process to insure that firms are complying. The regulators will not welcome objections to compliance on the basis that boards are being asked to overstep their boundaries and enter what is properly the territory of management. Failures to meet these still often amorphous regulatory mandates will likely involve enforcement action and/or penalties at least against the institution. Even without penalties, enforcement action can play havoc with an institution’s strategic plans. Further, repeated failures to meet regulatory expectations could well lead to penalties directed at boards.

Both comments and trackbacks are currently closed.