On February 18, 2014, the Board of Governors of the Federal Reserve System (the “FRB”) approved a final rule (the “Final Rule”) implementing certain of the “enhanced prudential standards” mandated by Section 165 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act” or “Dodd-Frank”). The Final Rule applies the enhanced prudential standards to (i) U.S. bank holding companies (“U.S. BHCs”) with $50 billion (and in some cases, $10 billion) or more in total consolidated assets and (ii) foreign banking organizations (“FBOs”) with (x) a U.S. banking presence, through branches, agencies or depository institution subsidiaries, and (y) depending on the standard, certain designated amounts of assets worldwide, in the United States or in U.S. non-branch assets. The Final Rule’s provisions are the most significant, detailed and prescriptive for the largest U.S. BHCs and the FBOs with the largest U.S. presence—those with $50 billion or more in total consolidated assets and, in the case of FBOs, particularly (and with increasing stringency) for FBOs with combined U.S. assets of $50 billion or more or U.S. non-branch assets of $50 billion or more.
Posts Tagged ‘Risk management’
Our observations on the Federal Reserve’s final rule:
1. Delayed effective date and higher threshold: Foreign Banking Organizations (FBOs) eked out several small victories in the final rule—in particular, the July 2015 compliance date has been pushed to July 2016 and smaller FBOs (i.e., those with under $50 billion in US non-branch assets) are no longer required to form an Intermediate Holding Company (IHC). The changes reflect the Federal Reserve’s attempt to respond to FBOs’ concerns, especially that smaller FBOs did not pose as much risk to US financial stability.
Pursuant to Section 165 of the Dodd-Frank Act, the Federal Reserve has issued a final rule to establish enhanced prudential standards for large U.S. bank holding companies (BHCs) and foreign banking organizations (FBOs).
U.S. BHCs: The final rule represents the latest in a series of U.S. regulations that apply heightened standards to large U.S. BHCs. As the graphic below illustrates, under the emerging post-Dodd-Frank prudential regulatory landscape for U.S. BHCs, the number and stringency of prudential standards generally increase with the size of the banking organization.
On February 12, the White House released the widely anticipated Framework for Improving Critical Infrastructure Cybersecurity (“the Framework”). Developed pursuant to Executive Order 13636 (issued in February 2013), the Framework strongly encourages companies across the financial, communications, chemical, transportation, healthcare, energy, water, defense, food, agriculture, and other critical infrastructure sectors to implement and comply with its voluntary standards. The provisions set forth in the Framework may establish a new baseline for industry standard practices, and may impact or guide FTC enforcement actions and plaintiff data breach lawsuits.
The JP Morgan Chase board of directors has vexed the world with its terse announcement in a recent 8-K filing that CEO Jamie Dimon would receive a big pay raise—$20 million in total pay for 2013, up from $11.5 million for 2012, a 74 percent increase.
Not surprisingly, the news sparked strong reactions, from indignant critique to justification and support. Dimon’s raise obviously has special resonance because JP Morgan’s legal woes were one of the top business stories last year as it agreed to $20 billion in payments to settle a variety of cases involving the bank’s conduct since 2005 when Dimon became JPM CEO. But the ultimate question that gets fuzzed-over in the filing and response is one of culture and accountability—whether a long-serving CEO is accountable for a corporate culture that has spawned major regulatory inquiries and settlements across a broad range of legal issues, even though the firm has otherwise performed well commercially.
Over the past year, boards of directors continued to face increasing scrutiny from shareholders and regulators, and the consequences of failures became more serious in terms of regulatory enforcement, shareholder litigation and market reaction. We expect these trends to continue in 2014, and proactive board oversight and involvement will remain crucial in this challenging environment.
During 2013, activist investors publicly pressured all types of companies—large and small, high-flyers and laggards—to pursue strategies focused on short-term returns, even if inconsistent with directors’ preferred, sustainable long-term strategies. In addition, activists increasingly focused on governance issues, resulting in heightened shareholder scrutiny and attempts at participation in areas that historically have been management and board prerogatives. We expect increased activism in the coming year. We also expect boards to continue to have to grapple with oversight of complex issues related to executive compensation, shareholder litigation over significant transactions, risk management, tax strategies, proposed changes to audit rules, messaging to shareholders and the market, and board decision-making processes. And, as evidenced in recent headlines, in 2014 the issue of cybersecurity will demand the attention of many boards.
2013 was a year of continuing challenges and opportunities for U.S. banks. The low-interest rate environment continued to challenge the ability of banks to lend profitably. Already burdensome regulatory demands grew weightier with expanded Dodd-Frank stress testing and the finalization of the Volcker Rule, among other things. More than ever before, the responsibility of directors of financial institutions for regulatory compliance and bank safety and soundness is broadening, highlighted most recently by the OCC’s steps to formalize its program of supervisory “heightened expectations” for larger banks and their directors. Against this backdrop, the banking industry saw steady and creative deal activity, with a pronounced concentration among community banks.
For a number of years, as the new year approaches I have prepared for boards of directors a one-page list of the key issues that are newly emerging or will be especially important in the coming year. Each year, the legal rules and aspirational best practices for corporate governance, as well as the demands of activist shareholders seeking to influence boards of directors, have increased. So too have the demands of the public with respect to health, safety, environmental and other socio-political issues. In reviewing my 2013 issues memo, I concluded that the 2013 issues continued as the key issues for 2014 with a few changes in detail or emphasis. My key issues for 2014 are:
On October 30, 2013, the Office of the Comptroller of the Currency (the “OCC”) issued updated guidance to national banks and federal savings associations on assessing and managing risks associated with third-party relationships, which include all business arrangements between a bank and another entity (by contract or otherwise).  The new guidance introduces a “life cycle” approach to third-party risk management, requiring comprehensive oversight throughout each phase of a bank’s business arrangement with consultants, joint ventures, affiliates, subsidiaries, payment processors, computer network and security providers, and other third parties. Rather than mandating a uniform set of rules, however, the guidance instructs banks to adopt risk management processes commensurate with the level of risk and complexity of its third-party relationships. Accordingly, the OCC expects especially rigorous oversight of third-party relationships that involve certain “critical activities.”
The revamped guidance reflects the OCC’s concern that the increasing risk and complexity of third-party relationships is outpacing the quality of banks’ risk management over these outsourcing arrangements. The guidance cautions that a bank’s failure to implement appropriate third-party risk management processes may constitute an unsafe and unsound banking practice, and could prompt formal enforcement actions or a downgrade in a bank’s CAMELS management rating to less than satisfactory. The severity of these consequences suggests that third-party risk management practices are becoming an increasingly important focus of OCC supervisory efforts.
In many respects, the relentless drive to adopt corporate governance mandates seems to have reached a plateau: essentially all of the prescribed “best practices”—including say-on-pay, the dismantling of takeover defenses, majority voting in the election of directors and the declassification of board structures—have been codified in rules and regulations or voluntarily adopted by a majority of S&P 500 companies. Only 11 percent of S&P 500 companies have a classified board, 8 percent have a poison pill and 6 percent have not adopted a majority vote or plurality-vote-plus-resignation standard to elect directors. The activists’ “best practices” of yesterday have become the standard practices of today. While proxy advisors and other stakeholders in the corporate governance industry will undoubtedly continue to propose new mandates, we are currently in a period of relative stasis as compared to the sea change that began with the Sarbanes-Oxley Act and unfolded over the last decade.
In other respects, however, the corporate governance landscape continues to evolve in meaningful ways. We may be entering an era of more nuanced corporate governance debates, where the focus has shifted from check-the-box policies to more complex questions such as how to strike the right balance in recruiting directors with complementary skill sets and diverse perspectives, and how to tailor the board’s role in overseeing risk management to the specific needs of the company. Shareholder engagement has been an area of particular focus, as both companies and institutional investors have sought to engage in more regular dialogue on corporate governance matters. The evolving trend here is not only the frequency and depth of engagement, but also a more fundamental re-thinking of the nature of relationships with shareholders and the role that these relationships play in facilitating long-term value creation. Importantly, this trend is about more than just expanding shareholder influence in corporate governance matters; instead, there is an emphasis on the roles and responsibilities of both companies and shareholders in facilitating thoughtful conversations instead of reflexive, off-the-shelf mandates on corporate governance issues, and cultivating long-term relationships that have the potential to curb short-termist pressures in the market.