WASHINGTON — The Federal Deposit Insurance Corp. issued proposed guidelines directing large banks to establish and promote risk management strategies, ethical codes and policies that ensure safe and sound operations, compliance with regulations and consumer protections.
In a statement accompanying the proposal, FDIC Chairman Martin Gruenberg argued that a string of regional bank failures earlier this year were accelerated by poor corporate governance, demonstrating the need for the agency to codify more stringent corporate governance standards for regional banks.
"The FDIC believes that larger, more complex [insured depository institutions, or IDIs] require more sophisticated and formal corporate governance and risk management structures and practices," he said. "The proposed guidelines would clarify the FDIC's expectation that corporate governance and risk management frameworks need to evolve along with growth, complexity and changing business models and risk profiles of larger IDIs."
Under the
"The FDIC observed during the 2008 financial crisis and more recent bank failures in 2023 that financial institutions with poor corporate governance and risk management practices were more likely to fail," the proposal notes. "Corporate and risk governance structure and practices should keep pace with the bank's changes in size, business model, risk profile, and complexity [and] larger or more complex institutions should have more sophisticated and formal board and management structures and practices."
As proposed, the guidance also requires a majority of a bank's directors to have no affiliation with its parent holding company in order to increase the board's independence in decision-making. National banks are already subject to similar standards established by the OCC.
Approved last week by notational vote outside the board's customary meeting schedule, the guidance passed by a narrow 3-2 party line margin. FDIC Vice Chairman Travis Hill and board member Jonathan McKernan — both Republican appointees — voted against the proposal.
Hill said while many of the guidelines are positive practices the FDIC should expect from banks, he had concerns with the parts of the proposal he saw as so open-ended as to be practically unenforceable. Those he cited include the requirements that banks set what the agency considers an appropriate tone for risk management, developing a written strategic plan, articulating an overall mission statement and written code of ethics, conducting an annual self-assessment and the need for firms to describe a safe and sound risk culture.
"I am skeptical that many of the provisions should rise to the level of enforceable safety and soundness standards, and I think we should be mindful that one-size-fits-all 'best practices' are rarely actually the best practices for the unique situation and circumstances of any particular institution," he said. "I think our examiners should focus more on banks' core financial condition rather than micromanaging these types of processes."
McKernan noted a number of aspects of the guidelines he saw as potentially fraught, and noted the proposed guidelines may take the much needed focus off of bank manager's need to manage prudential risks.
"While similar to the standards adopted by the OCC … our version would tend to undermine accountability for risk ownership, conflate the roles of board and management, preempt state corporate law, and potentially conflict with regulatory expectations applicable to parent companies," he said. "My hope is that we will address these issues in the final guidelines."