Bank Directors Expected to Know Bank’s Risk Appetite, Challenge Management

Community banks should read carefully the OCC’s latest proposal to hold directors at large banks more accountable for risk management. While the proposed rule is aimed at banks with assets of $50 billion or more, the OCC is making it very clear that all banks, regardless of their asset size, should be aware of regulators’ increased expectations.

Charles Taylor, the OCC’s deputy comptroller for capital and regulatory policy, said as much in a March 3 speech during the Institute of International Bankers’ annual Washington conference. While emphasizing that the proposed rule was designed for the largest banks, Taylor said “the OCC reserves the authority to apply the rules to an insured entity, including a Federal branch, irrespective of asset size, if that entity has operations that are highly complex or present heightened risk.” The proposal says the OCC would consider “complexity of products and services, risk profile and scope of operations” of smaller banks to determine if they should comply.

The proposal calls on bank directors to understand the bank’s risk appetite “and to question, challenge and oppose management proposals that could lead to excessive risk taking or pose a threat to safety and soundness,” Taylor said, adding that at least two of those board members would have to be independent of management. The OCC wants large banks to establish an actionable risk appetite framework, a recommendation made by the Financial Stability Board in November.

The OCC proposal also would mandate that banks use “three lines of defense” to ensure an effective risk framework: front line business units, independent risk management and internal audit. Those units should address all risks to earnings, capital, liquidity and reputation and use “sound stress testing processes” to help them. It emphasizes that bank directors must be engaged to understand whether the bank is well-managed or taking excessive risks.

Regulators already expect all bank directors to monitor their institutions for risks, and challenge management to make sure the bank is operated in a safe and sound manner. That’s why when banks fail, the FDIC often files lawsuits against a bank’s board members, holding them personally liable. There have been 1,089 defendants in FDIC D&O lawsuits from 2009 through the end of February.

The FDIC has produced a series of technical videos for community bank directors to make sure they understand their responsibilities.