Addressing the blockage: taking corporate governance seriously

Financial supervisors may need to mobilize support for a more demanding approach to corporate governance that extends beyond the financial institutions they supervise. They may need to take an imaginative approach to encourage the development and implementation of economy-wide standards of corporate governance, then use these as a basis for introducing their own more specific requirements for financial institutions.

Financial supervisors could, for example, seek to influence the government department responsible for company law, while securities supervisors who are responsible for formulating the listing requirements for companies listed on the national stock exchange(s) could strengthen the governance requirements for these companies. The objective would be to enshrine higher corporate governance standards in legislative or regulatory requirements on companies across all sectors.

To make progress in this respect financial supervisors are likely to have to deploy some subtle persuasion and influencing techniques. For example, as described in the “four box model” (Toronto Centre (2015)), for each stakeholder they may need to formulate arguments showing what is wrong with the current situation and identify compelling reasons that can be used to convince the stakeholder of the need to take action; identify anticipated outcomes and benefits that relate directly to the stakeholder; take account of the stakeholder’s concerns about the proposed change and how those concerns could be alleviated; and identify aspects of the current situation that are valued by the stakeholder and that will be maintained.

Illustrative example: taking corporate governance seriously

The head of the (non-central bank) supervisory authority in country A was increasingly concerned about the absence of a sound corporate governance framework in her country. There were no national standards against which to assess boards or non-executive directors and no basis on which to require remedial measures to address deficiencies. 

She took the following steps:

• She reviewed the principles embodied in corporate governance codes in other countries and those issued by international organizations such as the OECD.
• As a starting point she distilled these principles into ten core principles.
• She identified key stakeholders with an interest in sound governance - in particular, its role in promoting better supervisory outcomes and financial stability. The Governor of the central bank proved to be a key ally in this.
• The support of relevant government departments and industry associations was sought initially for their endorsement of the ten core principles, and subsequently to promote them.

The core principles had no legal force, but a ‘comply or explain’ approach was adopted whereby stakeholders (including shareholders) were able to challenge companies that failed to comply with the principles. Over time, supervisors felt increasingly empowered to refer (explicitly or implicitly) to the standards in their dealings with financial institutions. This initially had the effect of ‘nudging’ these institutions in the direction of better practice, and over time it was possible to build on this and to develop further momentum for improved governance standards.

Addressing the blockage: recognizing the importance of good corporate governance

As described in Toronto Centre (2016 and 2020b), corporate governance is important for financial supervisors because:

• Problems in financial institutions can often be traced back to failures of corporate governance, for example where a board failed to control the executive management (or a dominant chief executive), or where poor board oversight allowed weak internal controls to continue unchecked.
• Well-managed and well-run financial institutions are less likely to fail and are more likely to treat their customers and counterparties fairly.
• Financial institutions have a fiduciary responsibility to their customers. Poor corporate governance may undermine trust and confidence in the financial system.
• Good corporate governance extends beyond regulatory requirements to cover adherence to legislation, regulations, and codes relating to wider matters which may also provide protection to consumers, investors, and other stakeholders.
• Supervisors can have greater confidence in the internal control mechanisms of financial institutions, and in the information provided by these institutions, when they meet high standards of corporate governance.
• Well-managed and well-controlled financial institutions should be better placed to implement changes in their structure or operations required by supervisors.

The board has the ultimate responsibility for setting a financial institution’s strategy, including its risk appetite and ensuring that mechanisms are in place for managing this. It should be active in satisfying itself that effective controls are in place and should receive comprehensive (but also comprehensible) information to assure itself that this is the case.

Assessment of a financial institution’s corporate governance is therefore a key element of risk-based supervision because this is an important mitigant of risk. Good corporate governance can reduce the probability that risks will materialize and strengthen the ability of a firm to manage the impact if they do so. Weak corporate governance makes it more likely that risks will materialize and that the consequences of these risks will be severe. Indeed, poor corporate governance is in many respects an additional risk in its own right.

Where supervisors have adopted risk-based supervision (RBS), the matrix used to summarize the risk assessment of larger financial institutions usually includes a separate column on the quality and effectiveness of the board in addition to columns relating to senior management, risk management and other internal controls. These are key aspects of corporate governance (see Toronto Centre (2018a)). 

When applying RBS, supervisors need to exercise judgement in reaching an assessment score for the board or corporate governance (using ratings such as strong, acceptable, weak, needs improvement) for inclusion in the risk matrix for any financial institution of significant size. 

Illustrative example: recognizing the importance of good corporate governance

Supervisory authority in country B had no tradition of assessing corporate governance. Inspection of documents provided by supervised financial institutions confirmed the existence of boards (a legal requirement) but there was no contact with, or assessment of, boards or their members. On implementing RBS the importance of focusing on boards, and on corporate governance more generally, was recognized.

The following steps were taken:

• A review was undertaken of practices in assessing corporate governance in other jurisdictions.
• Advice was sought from an international body (such as the Toronto Centre).
• Informal contact was made with the boards of three financial institutions that were thought to have relatively effective and enlightened governance arrangements, so that supervisors could identify examples of good practice.
• On the basis of these contacts a basic framework was established for interacting with and assessing company boards as part of risk-based supervision. 
• The framework developed was along the lines of the steps outlined in the second half of this Note.

 Addressing the blockage: making supervisory judgements

Making judgements is core to risk-based supervision in all areas, not just corporate governance. Supervisors may need help with becoming comfortable about this.

As discussed in Toronto Centre (2018a and 2018b), supervisors need a combination of:

• Training and development on RBS which places emphasis on the use of judgement and a forward-looking approach.
• Guidance on how to use judgement. Supervisors cannot simply be told to “go and use your judgement”. They need clear guidance and training in what constitutes good practices for boards, senior management and high-level control functions in the financial institutions they supervise, together with criteria for assessing these.
• This guidance might include “risk cards” which provide examples of the read-across from quantitative indicators and qualitative observations to a judgement on risk assessment as well as how a financial institution’s corporate governance might be “scored” (as strong, acceptable, needs improvement, or weak) on a risk matrix.
• Practicing the use of appropriate forms of questioning (usually open-ended questions) and interpreting the answers. This is discussed later in this Note.
• Feedback and support from panels of supervisors to validate judgements and check the consistency of judgements made across peer groups of institutions.
• Support from the senior management of supervisory authorities – encouraging supervisors to make judgements and backing judgement-based supervisory interventions to address identified risks or deficiencies in governance and controls.

Making good judgements is also fundamental to supervisors being able to follow the IMF (2010) recommendation that financial supervisors should be:

Intrusive – understand the financial institution they are supervising

Skeptical – be questioning, even in the good times: “countercyclical supervision” can restrict reckless behaviour

Proactive – take action based on an assessment of firm-specific and system-wide risks

Comprehensive – remain alert to developments “at the margin”, in both supervised financial institutions and unregulated firms

Adaptive – adapt to new products, markets, services and risks in individual financial institutions and system-wide

Conclusive – follow supervisory judgements through to a clear conclusion.

Illustrative example: making supervisory judgements

• The supervisor of Firm Z undertook an investigation of the effectiveness of governance and controls, based on an examination of documents and extensive questioning of senior staff and board members.
• The supervisor uncovered significant deficiencies in governance structures and evidence that the structures that did exist were ineffective in important respects.
• An internal ‘panel’ discussion was held within the supervisory authority in which the evidence base was examined.  A list of required improvements suggested by the supervisor was agreed to be necessary, proportionate and in line with requirements placed on other firms that had similar issues in the past.
• The supervisor communicated the list of required improvements to the firm along with an indicative timeline for these.
• The firm was invited to respond setting out detailed plans for making the required improvements. The senior management of the firm objected strongly to the supervisory requirements and sought a meeting with the Head of Supervision.
• The Head of Supervision was able to establish that: a) the investigation of governance had been thorough; b) the findings of deficiencies in governance were firmly supported by the evidence; and c) the proposed remediation had been agreed by a supervisory panel and was consistent with the treatment of other firms. On this basis the supervisor’s judgements were fully supported.

Illustrative example: risk governance in small firms

The supervisory authority in country C was responsible for a large number of small to medium-sized firms which could not reasonably be expected to implement the full range of ‘classic’ corporate governance structures. The supervisory authority nevertheless pressed firms X and Y to put in place effective governance arrangements.

Firm X – an investment firm with 35 employees – responded by asking the Director of the Retail Investment Department to ‘double up’ as Head of Risk. This involved receiving regular reports on compliance and limit breaches and compiling these into a quarterly report for the CEO. 

Firm Y – a cooperative bank with 45 staff – responded by asking the Head of Internal Audit to take on an additional ‘risk management function which involved identifying, measuring and monitoring the range of risks being undertaken by the firm and reporting quarterly to the board on these and their likely future direction. The firm gave careful consideration to how these new responsibilities would be prioritized and managed

The supervisory authority judged that the proposed arrangements in Firm X were not acceptable because of the narrow perspective on risk and the limited reporting arrangements. Most important however was the fact that, as the head of a business function, the proposed Head of Risk would be conflicted.

In contrast, the proposed arrangements in Firm Y were judged by the supervisory authority to be acceptable because of the broader perspective on risk and the fact that the additional risk function would be taken on within an existing independent control department. The Head of Internal Audit would not be conflicted by business imperatives.  The arrangement was, however, subject to close monitoring for the first two years of its operation.

Addressing the blockage: curiosity

It is understandable that supervisors may be resistant to topics that are ‘new and scary’. Even if they are prepared to admit that they are entering new and largely unexplored territory they may want support and assistance in formulating a set of questions to ask and training in understanding the answers they are given.

There may also be wider cultural or managerial issues that need to be addressed here.  Supervisors should be encouraged and supported – not criticized and held back – by their line management when they investigate new topics or adopt new approaches (for example, interviewing non-executive directors to gain a better understanding of how corporate governance operates in practice).  

Supervisory authorities that have adopted a risk-based approach to supervision should recognize that this necessitates taking a more judgement-based and forward-looking approach to assessing the most important prudential and conduct risks posed by financial institutions and the extent to which the institutions are able to manage and control these.

This is not a trivial or simple change in emphasis but a fundamental paradigm shift that needs to be supported by cultural adjustment and change management within the supervisory authority (see Toronto Centre (2018b)). It will be necessary to have some sort of consciousness-raising within a supervisory authority to show that supervisory curiosity is an essential element of taking a forward-looking and judgement-based approach, the purpose of which is to deliver better supervisory outcomes by identifying and addressing the largest risks to supervisory objectives. 

Being curious is a more rewarding and challenging for supervisors than following a standard checklist approach. This should put supervisory authorities in a better position to recruit and motivate high-quality staff.    

Illustrative example: curiosity

Supervisory authority D was in the process of implementing risk-based supervision. Junior staff were enthusiastic and felt empowered by this, but some middle- and senior-level managers were more comfortable with the previous, more compliance-based approach.

• A member of the supervisory team was told during a routine contact with a major financial institution that the Head of Internal Audit had resigned along with two of the senior staff of the department.
• The institution was reminded of the formal requirement that the post of Head of Internal Audit needed to be filled. If a permanent replacement could not be found right away, someone suitably qualified would need to fill the post in an ‘acting’ capacity.
• As far as the manager of the supervisory team was concerned, the issuance of this reminder was the end of the matter.
• However, the team member was curious about the circumstances of the resignations and spoke informally to a contact in the financial institution who indicated that there had long been unease about the standing of Internal Audit. The Head of Internal Audit had resigned shortly after seeking to raise this matter with the Chair of the Audit Committee and being denied access to them.
• The team member suggested that a third party be asked to undertake a review of governance with respect to internal audit arrangements. The manager of the supervisory team was skeptical – particularly as the financial institution would be expected to bear the cost of this review. The team member was able to produce a reasoned case, citing earlier concerns about the absence of effective board leadership in the financial institution, and the manager reluctantly agreed.
• The review was undertaken and revealed serious shortcomings about the operations and effectiveness of the board. The financial institution was required to take immediate remedial measures.

Addressing the blockage: engaging with the “great and the good”

An unwillingness of supervisors to engage with non-executive directors and senior management in financial institutions might be addressed through a combination of:

• Training and development for supervisors - covering the reasons why corporate governance is important; considering how best to explain this legitimate supervisory interest in discussions with non-executive directors and senior management; and practicing asking open-ended questions to senior people.
• Strong support from the senior management of the supervisory authority for supervisors assessing the quality and effectiveness of corporate governance in financial institutions, including through interviews with the “great and the good”.  Board members may have to be reminded politely but firmly that financial institutions are subject to supervision and that discussions with boards form an important part of that. Supervisors have a statutory duty to seek reasonable information and board members should cooperate in providing it. 
• Where there is little or no tradition of such approaches it may be necessary for initial contacts to be made by a senior member of the supervisory authority and for subsequent interactions to involve supervisors with sufficient seniority to hold their own with board members of financial institutions. It is not reasonable to expect junior supervisors to deal assertively with board members. 

However, there may be a much wider issue here that would require a supervisory authority to persuade a range of stakeholders (not just non-executive directors of financial institutions themselves, but those responsible for appointing board members, the government, politicians, the public and the media) that a move to more challenging and intensive supervision of corporate governance will deliver better outcomes for supervision, the financial system and consumers.  In some countries this might need to be linked to moves towards more independent, more active and less conflicted boards.

This should be achievable if there is sufficient appetite for change entailing a more challenging approach.  But it is important to recognize the barriers to change where the existing position has strong benefits for current board members, for those who appoint them, and for the senior management of financial institutions who would prefer a cozy relationship with their board to being challenged by the board.  

Illustrative example: engaging with the “great and the good”

• Supervisors became increasingly aware of the need to understand the effectiveness of corporate governance in Bank W. It appeared that non-executive directors were poorly qualified and exercised little control over the executive.
• There was no tradition in the jurisdiction of interactions with board members, who were mainly retired public officials with little knowledge of banking or of the financial sector generally. Directorships were seen as a reward for public service.
• The Director of Supervision contacted the chair of the board of Bank W seeking a meeting. At the meeting, the chair told the Director that board members did not see themselves as having any role in controlling the bank. They were largely passive recipients of whatever information the CEO chose to provide them with. 
• The chair also indicated that non-executive board members would respond badly to ‘some official telling them how to do their jobs.’
• The Director of Supervision reminded the chair of the supervisory authority’s statutory duty to supervise banks and that the assessment of corporate governance was part of that. There was no wish to adopt a confrontational approach – the head of the relevant supervisory department could meet the board to explain the work of the supervisory authority and its approach to assessing corporate governance.
• The meeting subsequently took place. Some board members were initially hostile but it was agreed that, as a first step, the supervisory authority would receive regular board minutes and that the head of the supervisory department would meet board members for a general update twice a year. 
• This paved the way to a closer and more searching relationship in which the supervisory authority was able gradually to set out its expectations of board members, to question them on their roles in the governance of the firm, and to raise the expected standard for new board members.

This type of approach may not be sufficient where the unwillingness to engage is steeped in national culture and cultural norms. Training and development, and a “just do it” approach, may not work in these circumstances. A more gradualist ‘water on a stone’ approach may be necessary, as discussed further in the second half of this Note.  

Addressing the blockage: line management within the supervisory authority

The importance of sound corporate governance is underlined by the attention paid to it by international standard setters, and its integral role in risk-based supervision. This is not to say that good corporate governance is a panacea; there are limits to what even good boards and non-executive directors can achieve. But the importance of corporate governance cannot – and should not - be disputed, and financial institutions (particularly their boards) should be pressed by supervisors to demonstrate that their governance arrangements are effective.

A supervisory authority needs to recognise the importance of corporate governance and if necessary to increase the emphasis placed on this within supervision. This may be achieved through:

• A realization that improving corporate governance is fundamental to achieving the supervisory objective of safe and sound financial institutions;
• An understanding of the full implications of risk-based supervision (for example, as a result of a senior management workshop exploring the cultural and change management implications of fully adopting risk-based supervision (see Toronto Centre (2018b)); and/or
• Experience of a crisis. Many crises have their origins wholly or partly in weak corporate governance. A crisis can both alert supervisory bodies to the fundamental importance of corporate governance and be used as a lever to embed corporate governance more deeply into supervisory processes.

Realistically, however, if there is implacable resistance higher up the supervisory authority the only option for less senior supervisors might be to persist in pressing for change until some combination of enlightenment and circumstances creates scope for change.

Illustrative example: line management within the supervisory authority

• The head of supervisory authority E became increasingly aware of publications by international standard setters stressing the importance of corporate governance.
• There was no tradition in her jurisdiction of assessing corporate governance in financial institutions and it was highly likely that there would be resistance to it from the boards of these institutions. 
• She was open to the idea of engaging more actively with boards and non-executive directors but was unsure where corporate governance fitted into supervision or how to go about stepping up this engagement.
• The supervisory authority was in the process of adopting risk-based supervision. The head had previously seen this as a purely technical exercise involving junior supervisors filling in a risk matrix.
• On looking further into this she realized that adopting risk-based supervision involved profound cultural and managerial change in the supervisory authority and had implications for relations with financial institutions and their boards.
• She engaged other stakeholders (such as the Governor of the central bank – see the earlier illustrative example) to build a consensus supporting better supervisory oversight of corporate governance.
• She and her senior staff engaged with the boards of financial institutions, emphasizing: a) the importance that the supervisory authority attached to good governance and the reasons for this; b) that supervisors would in future aim to assess the effectiveness of boards; c) that they would seek the cooperation of boards; d) this was intended to be a collaborative and constructive effort; but e) this was going to happen and boards were expected to cooperate.  Any obstruction would have consequences for the supervisory authority’s perception of, and approach to, the institution concerned.

Illustrative example – seizing the opportunity

·       The head of supervisory authority F had long been concerned that there was insufficient engagement with, and scrutiny of, corporate governance in the banks in his jurisdiction.

·       When supervisors pressed banks to take significant remedial measures, the management or board members would often complain directly to the head of the supervisory authority, claiming that the proposed changes would be costly and make their banks uncompetitive.

·       The head of the authority had found himself with few grounds to resist these representations and would have had little wider (political) support for doing so. This had a corrosive effect on the morale of the supervisory teams who saw their decisions repeatedly overturned and eventually gave up pressing for remediation.

·       A medium sized bank in the jurisdiction failed. It was discovered in the subsequent inquiry that the board had been passive in the adoption of a reckless strategy and that two board members with significant shareholdings in the bank had actively encouraged this strategy in the pursuit of short-term gains.

·       The head of the supervisory authority ‘used’ this episode as leverage to effect a significant change of direction for supervision:

o   The point was made to other senior stakeholders (politicians and the central bank) that governance failings had contributed substantially to the failure, which had involved significant financial and political cost.

o   A strengthened approach to the assessment of corporate governance was developed. This was widely publicized in various forms including a letter from the head of agency to all bank chairs.

o   The staff of the supervisory authority were informed of a revised decision-making process whereby: a) as long as staff could demonstrate that they had followed proper process in arriving at supervisory decisions they would be supported; and b) any supervisory decisions with significant ‘wider’ implications such as very heavy costs for supervised institutions would be subject to an orderly internal escalation/validation process.

·       As a result of the changes, supervisory staff felt empowered to require reasonable remediation without the fear that bank representations would result in these being arbitrarily overturned.

·       One bank subsequently objected to a requirement to strengthen its board by recruiting two additional, genuinely independent, non-executive directors with banking experience. On making representations to the head of the supervisory authority the bank was: a) reminded of the new, stronger, requirements for corporate governance; and b) informed that the supervisory team had followed internal procedures in requiring the firm to adhere to sound practice. As such there was no basis on which the head of the authority could, or should, intervene.            

Supervisory process 1: Suitability regime

Many supervisory authorities operate a suitability regime for key individuals (this may also be described as “licensing”, “authorisation”, “approval/pre-approval”, or “fit and proper” regimes for key individuals), under which the supervisory authority has to approve (or not object to) the appointment of key individuals such as the senior management and non-executive directors of a financial institution (see Toronto Centre (2017)).

One option for supervisory authorities operating a suitability regime is to interview some individuals as part of a supervisory assessment of whether they are fit and proper for the specific role to which the financial institution proposes to appoint them. Where supervisory authorities have chosen this option, they usually limit such interviews to larger institutions and to specific roles (for example the chair of a board or a board committee, the CEO, the chief risk officer, the chief financial officer, and the chief actuary of a life insurer). It may be necessary to overcome resistance from some individuals because they have already been assessed (and interviewed) by the financial institution that is proposing to appoint them. 

This approach to assessing the suitability of key individuals provides supervisors with four tools to improve corporate governance:

1)    In an ideal world, the suitability (fit and proper) test provides some assurance that only the “right” people enter the system. Some individuals may be found to be unsuitable, and therefore ineligible for appointment to the proposed position. This could be because they have a track record of wrong-doing in previous employments, do not have the skills and experience required for the role, or – in the case of a non-executive director – are unlikely to challenge the senior management of the financial institution. 

2)    Where the supervisory authority has the legal powers to do so, it could impose conditions on an appointment, for example requiring a newly appointed non-executive director to attend training courses relating to the core business activities of the financial institution. 

3)    Even if a supervisor cannot prevent some unsuitable individuals from being appointed in the first place, they can use a suitability regime – and in particular interviews of appointees – as a way of telling appointees what the supervisor expects of them. For example, a supervisor can emphasize to a newly appointed non-executive director that they are expected to understand the risks faced by the financial institution whose board they are joining, to monitor how effectively these risks are managed and controlled, and to actively challenge the executive senior management. These kinds of messages can by conveyed to all new appointees, including the “great and the good”. 

4)    Newly appointed non-executives can also be put on notice (even if they are the “great and the good”) up-front of a supervisory expectation that the supervisor will be monitoring their performance (for example through reviewing the minutes of board meetings). This could be backed up by a clear expectation that at least some non-executive directors will be interviewed every year and asked about corporate governance issues (including what they have done personally as a non-executive director). This can provide a strong signal that supervisors are taking a close interest in the performance and effectiveness of non-executive directors. 

Supervisory process 2: Risk-based supervision

Some supervisory authorities that have adopted a risk-based approach to supervision specify that, at least for larger and more systemically important financial institutions, the risk assessment process will include the interviewing of board and board committee chairs and some other non-executive directors on a routine basis as part of the supervisory assessment of the quality and effectiveness of corporate governance. This integrates (“hard wires”) meetings with board members into the supervisory process.

For example, the Central Bank of Ireland’s (2016) “PRISM” system of risk-based supervision specifies that, depending on the impact measure of a financial institution, the risk assessment process will include regular meetings with the chair and non-executive directors (as well as with the CEO, CFO, CRO and external auditor) to cover matters such as the strategic direction of the firm, strengths and vulnerabilities, governance, risk profile, and board competency and effectiveness.

1      Ask the right questions

Principles

It is easy to find out about the characteristics of corporate governance using standard reporting or closed-ended questions that require a simple factual answer. But to understand its effectiveness it is necessary to interact directly with board members and senior management and to ask open-ended questions. This approach can be empowering for supervisors:

·       Open-ended questions can be more powerful than specific, focused ones because they are broader in scope.

·       Instead of searching for the key detailed or forensic question to elicit information it is often preferable to ask an open-ended one along the lines of ‘Explain to me how …’ or ‘Describe the way in which….’.

·       Because respondents have to answer in their own words they are required to think and respond broadly about what they do and how they do it.

The list of open-ended questions needs to be tailored to the specific financial institution and should never become formulaic - institutions will quickly identify standard or formulaic questions and will become adept at providing equally formulaic (and therefore unhelpful) answers. 

Supervisors should not be afraid to ask for clarification of answers or to ask respondents to ‘Tell me more about that…’.  They should keep asking until they understand what is being said. 

Closed-ended questions: examples

Open-ended questions: examples

·       How many board members are there?

·       How many are non-executive?

·       How often does the board meet?

·       What does the management information (MI) pack contain?

·       Does the board have Audit and Risk Committees?

·       Who is on these committees?

·       What is the board’s attitude to risk?

·       How does the board satisfy itself that the risk appetite is being complied with?

·       What are the three biggest risks facing the firm at the moment?

·       When was the last time the board made a significant risk-based intervention? What happened?

·       How do you gain assurance that control functions are working effectively?

2      Have a framework for interpreting the answers 

Principles

Open-ended questioning is only effective if supervisors are able to interpret the answers properly, to gain an understanding of how a firm is run. There are often no ‘right answers’ in the area of corporate governance. There may be several ‘acceptable’ answers that give clear positive evidence of good governance. 

However, some answers may be unacceptable, because a) they might seem to convey useful information but in reality (and on closer scrutiny) do not; or b) they provide concrete evidence that corporate governance is unsatisfactory. The skill is to be able to distinguish acceptable/informative answers from unsatisfactory ones. Remember that board members and other senior individuals may be adept at providing vacuous answers that sound convincing. 

It is also often revealing to ask different individuals (non-executive directors, senior management, business heads, control function heads, etc) the same questions to identify potential inconsistencies in the answers. Answers to questions can also be compared against board (and board committee) minutes, agendas, ICAAP, ORSA and other documents to check whether the descriptions given by interviewees match what is recorded in these.

The examples below refer to the first three open-ended questions in step 1 above.

Acceptable answers (Board chair)

Unacceptable answers (Board chair)

Q1: Risk is probably the issue we discuss most often, as the board minutes demonstrate. The executive provided us with a draft risk appetite statement which we spent three meetings refining with the involvement of the Risk committee. It has a meaningful balance of qualitative and quantitative indicators.

Q2: Each quarter we are sent an MI statement which we can show you. At our insistence it focuses specifically on the indicators set out in the risk appetite statement. It also has a summary section on how risk has evolved and how it is expected to continue evolving over the next 12 months.

Q3: We are worried about the likely economic downturn and pressed the executive to show us the results of stress testing for this.  We are also concerned about the entry of IT based competitors and asked for a risk-focused briefing on that.  And we realized that we were relatively unsighted on potential interest rate risk, so we asked the executive to produce an analytical paper setting out the issues. On the basis of that we insisted that the firm’s policy on the interest rate gap be revised. 

All these documents can be made available to you and the issues were included in the ICAAP which the board approved. 

Q1: We have a Risk Committee to which the board delegates all this stuff. I know they receive regular updates from the Chief Risk Officer. The board members are all very experienced and this gives them a good feel for risk.

Q2: There is a very comprehensive MI pack which runs to over 100 pages. At every board meeting I ask the CEO whether there is anything we need to be worried about on the risk front. She usually gives a reassuring answer which I make sure is recorded in the minutes.

Q3: We are always concerned about the firm’s cost base which needs to be kept tightly under control.  We always look closely at the non-revenue generating parts of the business.  And we recently asked about the implications of developing a digital delivery platform for some of the firm’s products.  The CEO said she understood our concerns but there was nothing to worry about.  All our competitors are doing it and all the risks are being addressed. I think that was recorded in the minutes somewhere as well.

3      Be brave in making evidence-based judgements

Principles

Supervisory judgements about corporate governance need to be based on evidence.  It is inevitably more challenging to assemble evidence to support judgements about corporate governance than it is about more ‘cut and dried’ issues such as compliance. 

Supervisors should strive to uncover positive evidence – the absence of this, even in response to persistent questioning, is likely to be of considerable significance. Firms will often challenge what they see as negative assessments. Being able to say ‘we repeatedly sought positive evidence but you were unable to provide it’ carries considerable power.

The examples below draw on the Board chair’s responses in step 2 above.

Positive evidence (acceptable answers)

Concerning evidence (unacceptable answers - even when board members were pressed for positive evidence)

·       Multiple instances of challenges and questions about risk in board minutes.

·       Clear (minuted) evidence of board determination to have a risk appetite statement with measurable risk metrics.

·       Risk appetite clearly set out in the firm’s ICAAP or ORSA, with evidence that this document was discussed actively by the board during its preparation.

·       Comprehensible MI packs with specific risk metrics permitting assessment of whether the risk appetite is being complied with, together with a traffic light (green/amber/red) system for current and emerging risks.

·       Evidence from board minutes of horizon scanning for risk; board members actively raising potential risk issues; board members seeking analytical information on actual and potential risks; and the executive responding fully to these challenges.

·       Sketchy, uninformative board minutes with infrequent, formulaic references to risk.

·       No evidence of proactive questioning by board members about current/future risks.

·       Evidence of passive acceptance by the board of a bland, uninformative and unquantifiable risk appetite statement.

·       No evidence of an ICAAP or ORSA being discussed by the board.

·       Overly long and detailed MI pack, with no references to risk appetite and no ‘story’ on emerging risk.

·       No evidence of horizon scanning or board members actively seeking risk information.

·       Multiple recorded instances of the board being too ready to accept unquantified, reassuring ‘everything is fine’ statements by the executive.

4      Supervisory intervention to remediate (where necessary) shortcomings in corporate governance

Principles

Undertaking supervisory assessments is not an end in itself – their purpose is to drive necessary supervisory intervention/remediation. When seeking improvements to corporate governance supervisors need to identify the shortcomings and specify the required outcomes. How closely remedial measures are monitored/checked is itself a risk-based decision depending on the risks involved and the extent to which reliance can be placed on the firm (on the principle of ‘trust but verify’).

The supervisory intervention below draws on the ‘concerning evidence’ set out in step 3 above.

Required outcome

Agreed measures and timetable

·       An independent review of board processes and effectiveness.

·       Conducted by a third party.

·       Recommendations for changes in procedures, training and (if necessary) changes in board membership.

·       Review to be completed within 3 months.

·       Remediation to be completed within 9 months.

·       An improved risk appetite statement.

·       CRO and Risk Committee to revise the risk appetite statement in line with industry good practice, using third party assistance if necessary.

·       To be completed (with board sign off) within 3 months.

·       Overhaul of MI.

·       CRO and Risk Committee to review the framework for the identification and monitoring of enterprise-wide risk.

·       Overhaul of MI designed to inform and alert board members to current and emerging risks.

·       To be completed (with board sign off) within 6 months.

·       Changes to decision making.

·       Review of board delegations.

·       Changed reporting/escalation arrangements to ensure that the board owns and takes accountable decisions for matters reserved to it.

·       Changed delegation arrangements to ensure that board monitors decisions which it delegates.

·       To be completed within 6 months.

·       A pillar 2 capital (solvency) add on.

·       Firm is required to hold additional capital, above the regulatory minimum that applies to all firms.

·       This pillar 2 add on is applied until governance issues are effectively resolved.