Friday, Apr 01, 2022
Supervising Corporate Governance: Pushing the Boundaries
Listen to the Podcast
This TC Note and the accompanying podcast explores the reasons why there is insufficient attention to the supervision of corporate governance. Practical steps and techniques to improve the oversight of corporate governance are provided.
Read the transcript here.
Read the Toronto Centre Note
SUPERVISING CORPORATE GOVERNANCE: PUSHING THE BOUNDARIES
There is no shortage of descriptions of good corporate governance. These include principles issued by international standard setters; rules and guidance issued by national financial supervisory authorities; and national codes and other standards for corporate governance in listed companies.
Most of these standards combine quantitative “characteristics” requirements with more qualitative requirements relating to “performance”. The combination of characteristics and performance determines the quality and effectiveness of corporate governance.
The “characteristics” typically include separating the roles of the Chair and the CEO; having a majority of independent non-executive directors on a company board; gender and other forms of diversity in board membership and senior management; the existence of board committees, especially for risk and internal audit; the regularity of board and board committee meetings; and having independent and well-resourced control and internal audit functions.
Meanwhile, “performance" – how corporate governance operates in practice – would include how the Chair of a board manages the board agenda and board meetings; how a board challenges the senior management of a company; how a board establishes a company’s strategy, values and culture; how a board identifies risks and gains assurance that these risks are well controlled and managed; how a board establishes and operates a company’s remuneration policies; and how control functions and internal audit operate in practice.
In any company, not just financial institutions, boards set long-term goals and approve the business strategy, oversee and govern the management of risk, and play a key role in setting the culture and values. Good governance, involving the active and constructive involvement of boards, is of critical importance to financial institutions. This is because financial institutions actively take risk in the pursuit of returns, which needs to be closely managed and controlled, and because most financial institutions operate in a fiduciary capacity.
Notwithstanding its critical importance, many supervisors use a “checklist” approach to the review/assessment of corporate governance in financial institutions, focusing primarily on readily identifiable and easily measurable characteristics. These are important considerations, but they tell supervisors little about the overall effectiveness of corporate governance.
Such supervisors may be reluctant to go beyond the specific points covered by their checklists and therefore take a very limited – and almost certainly inadequate – approach to meeting board members (especially non-executive directors), and to asking the right kind of questions if and when they do meet them. As a result, such supervisors will be unable to make properly informed judgements on the quality and effectiveness of corporate governance.
This Toronto Centre Note, which is applicable to supervisors of all financial sectors (banking, insurance, pension funds and securities):
- explores the possible reasons for limited approaches to the supervision of corporate governance;
- discusses ways in which blockages to good and effective supervision of corporate governance could be addressed even where there may be cultural or other sources of resistance to this; and
suggests some techniques and opportunities that supervisors could use to probe more deeply into corporate governance, and to form better supervisory judgements.
It is not always easy to identify blockages to the good supervision of corporate governance, and it is often even more difficult to address them. In this section, we examine some possible blockages and discuss how they might be removed or reduced.
Limited supervision of corporate governance in financial institutions may reflect a more general lack of attention to corporate governance at an economy-wide level. A country may not have a tradition of placing importance on good corporate governance, or developing national codes or other materials to highlight good practice. In such circumstances, supervisors of financial institutions may lack any high-level reference points for assessing corporate governance and requiring remediation where this is deficient. Any frameworks they develop specifically for financial institutions may, in consequence, lack credibility.
Addressing the blockage: taking corporate governance seriously
Financial supervisors may need to mobilize support for a more demanding approach to corporate governance that extends beyond the financial institutions they supervise. They may need to take an imaginative approach to encourage the development and implementation of economy-wide standards of corporate governance, then use these as a basis for introducing their own more specific requirements for financial institutions.
Financial supervisors could, for example, seek to influence the government department responsible for company law, while securities supervisors who are responsible for formulating the listing requirements for companies listed on the national stock exchange(s) could strengthen the governance requirements for these companies. The objective would be to enshrine higher corporate governance standards in legislative or regulatory requirements on companies across all sectors.
To make progress in this respect financial supervisors are likely to have to deploy some subtle persuasion and influencing techniques. For example, as described in the “four box model” (Toronto Centre (2015)), for each stakeholder they may need to formulate arguments showing what is wrong with the current situation and identify compelling reasons that can be used to convince the stakeholder of the need to take action; identify anticipated outcomes and benefits that relate directly to the stakeholder; take account of the stakeholder’s concerns about the proposed change and how those concerns could be alleviated; and identify aspects of the current situation that are valued by the stakeholder and that will be maintained.
Illustrative example: taking corporate governance seriously
The head of the (non-central bank) supervisory authority in country A was increasingly concerned about the absence of a sound corporate governance framework in her country. There were no national standards against which to assess boards or non-executive directors and no basis on which to require remedial measures to address deficiencies.
She took the following steps:
The core principles had no legal force, but a ‘comply or explain’ approach was adopted whereby stakeholders (including shareholders) were able to challenge companies that failed to comply with the principles. Over time, supervisors felt increasingly empowered to refer (explicitly or implicitly) to the standards in their dealings with financial institutions. This initially had the effect of ‘nudging’ these institutions in the direction of better practice, and over time it was possible to build on this and to develop further momentum for improved governance standards.
Irrespective of the broader, economy-wide approach to corporate governance, some financial sector supervisors may not view corporate governance as an important factor in the risks taken by financial institutions; how well these are managed and controlled; the adequacy of financial institutions’ financial resources, and in their operational resilience. There are three possible reasons for this.
First, irrespective of the quality of the corporate governance structures in place in financial institutions, financial supervisors may choose to place most emphasis on the most ‘visible’ drivers of risk: the inherent risks facing a financial institution (for example credit, insurance, market, conduct, operational, or money laundering risks); the financial resources of the institution; and the roles of senior management and internal control functions (risk management, compliance, actuarial, internal audit) in managing and controlling risks. They may see little value added in focusing on the role of the board, notwithstanding the significant role it should have in overseeing risk management.
Such a supervisory approach may in part reflect the use of a “CAMELs” (capital, assets, management, earnings and liquidity) approach to supervision. Some supervisors using a CAMELs approach describe the “management” component as being primarily about the ability of a financial institution to diagnose and to respond to financial stress, and the ability of its management to identify, measure, monitor, and control risks to ensure its safe and sound operations and compliance with applicable laws and regulations. The role of the board of a financial institution may not be addressed at all under such an approach or may be considered only as a relatively minor sub-set of the “management” component. This may explain why some securities supervisors that impose corporate governance requirements on listed companies may not do the same for some of the securities companies they supervise.
Second, some supervisors may have traditionally seen the oversight of governance as a matter of corporate law rather than a matter for supervisors. It is now widely recognized that such a view is inconsistent with risk-based supervision.
Third, the quality of corporate governance in financial institutions may be so poor that supervisors view this as a lost cause, so it is not worth allocating scarce supervisory resources to the massive task of addressing these deficiencies. This approach is misguided. Corporate governance is of fundamental importance and needs to be addressed, however low a base some financial institutions start from.
Addressing the blockage: recognizing the importance of good corporate governance
As described in Toronto Centre (2016 and 2020b), corporate governance is important for financial supervisors because:
The board has the ultimate responsibility for setting a financial institution’s strategy, including its risk appetite and ensuring that mechanisms are in place for managing this. It should be active in satisfying itself that effective controls are in place and should receive comprehensive (but also comprehensible) information to assure itself that this is the case.
Assessment of a financial institution’s corporate governance is therefore a key element of risk-based supervision because this is an important mitigant of risk. Good corporate governance can reduce the probability that risks will materialize and strengthen the ability of a firm to manage the impact if they do so. Weak corporate governance makes it more likely that risks will materialize and that the consequences of these risks will be severe. Indeed, poor corporate governance is in many respects an additional risk in its own right.
Where supervisors have adopted risk-based supervision (RBS), the matrix used to summarize the risk assessment of larger financial institutions usually includes a separate column on the quality and effectiveness of the board in addition to columns relating to senior management, risk management and other internal controls. These are key aspects of corporate governance (see Toronto Centre (2018a)).
When applying RBS, supervisors need to exercise judgement in reaching an assessment score for the board or corporate governance (using ratings such as strong, acceptable, weak, needs improvement) for inclusion in the risk matrix for any financial institution of significant size.
Illustrative example: recognizing the importance of good corporate governance
Supervisory authority in country B had no tradition of assessing corporate governance. Inspection of documents provided by supervised financial institutions confirmed the existence of boards (a legal requirement) but there was no contact with, or assessment of, boards or their members. On implementing RBS the importance of focusing on boards, and on corporate governance more generally, was recognized.
The following steps were taken:
Even where supervisors have adopted a risk-based approach to supervision they may be reluctant to make the necessary judgements about corporate governance. They may stick to basing their assessments on the kinds of quantitative and easily measurable metrics typically used in standard checklist approaches. Assessing these “characteristics” is usually undertaken as an “off-site” supervisory activity, and even where supervisors continue their assessment on-site this may in practice involve no more than reviewing documents that are not part of the standard reporting package from financial institutions.
This checklist approach has two significant drawbacks.
First, a focus solely on the easily measurable “characteristics” of the board, or corporate governance more generally, does not allow a supervisor to determine the quality and effectiveness of corporate governance because there is no assessment of “performance” – for example, how well the board operates in practice. Having the necessary structures in place for identifying and controlling risks is essential, but they also need to perform effectively and deliver good governance. The assessment of the quality and effectiveness of corporate governance requires a more judgement-based approach.
Second, as discussed in Toronto Centre (2018a), a key feature of risk-based supervision is that it is forward-looking. Checklist-type approaches can provide only a ‘point in time’ assessment of risks today. If RBS is conducted effectively it can identify deficiencies in corporate governance and internal controls at an early stage, so that the necessary remediation can be undertaken before the attendant risks crystallize and cause damage. This requires supervisors to make judgements on how risks are likely to develop in the future and whether corporate governance is sufficiently strong to enable both current and prospective risks to be managed and controlled effectively.
Addressing the blockage: making supervisory judgements
Making judgements is core to risk-based supervision in all areas, not just corporate governance. Supervisors may need help with becoming comfortable about this.
As discussed in Toronto Centre (2018a and 2018b), supervisors need a combination of:
Making good judgements is also fundamental to supervisors being able to follow the IMF (2010) recommendation that financial supervisors should be:
Intrusive – understand the financial institution they are supervising
Skeptical – be questioning, even in the good times: “countercyclical supervision” can restrict reckless behaviour
Proactive – take action based on an assessment of firm-specific and system-wide risks
Comprehensive – remain alert to developments “at the margin”, in both supervised financial institutions and unregulated firms
Adaptive – adapt to new products, markets, services and risks in individual financial institutions and system-wide
Conclusive – follow supervisory judgements through to a clear conclusion.
Illustrative example: making supervisory judgements
A further reason why supervisors may be unwilling to make judgements about governance is that they are unsure what arrangements would be acceptable even if they do not comply fully with ‘textbook’ governance structures. For example, it may not be practicable for smaller firms to implement the full panoply of ‘classical’ governance structures set out in standard texts on the subject. It may not be feasible for them to have a board with a majority of independent non-executive directors and a full set of board sub-committees, or to have a full time Chief Risk Officer or Head of Compliance, or whole departments devoted to these functions. In such cases the importance of corporate governance may be overlooked because conventional structures and requirements are not seen as being achievable.
The requirement in such cases is that the arrangements that do exist should still produce the outcomes sought from effective governance. Regardless of the size of a financial institution, there can still be an effective board of directors, and one individual can be required to have an independent perspective on risk and have the standing to influence decisions about it. ‘Independence’ in this context means that the individual concerned is not unduly influenced by profitability issues – as would be the case if they were the head of a business unit. Supervisors need to be able to make judgements about the adequacy of such arrangements when there may be no textbook answer they can rely on.
Illustrative example: risk governance in small firms
The supervisory authority in country C was responsible for a large number of small to medium-sized firms which could not reasonably be expected to implement the full range of ‘classic’ corporate governance structures. The supervisory authority nevertheless pressed firms X and Y to put in place effective governance arrangements.
Firm X – an investment firm with 35 employees – responded by asking the Director of the Retail Investment Department to ‘double up’ as Head of Risk. This involved receiving regular reports on compliance and limit breaches and compiling these into a quarterly report for the CEO.
Firm Y – a cooperative bank with 45 staff – responded by asking the Head of Internal Audit to take on an additional ‘risk management function which involved identifying, measuring and monitoring the range of risks being undertaken by the firm and reporting quarterly to the board on these and their likely future direction. The firm gave careful consideration to how these new responsibilities would be prioritized and managed
The supervisory authority judged that the proposed arrangements in Firm X were not acceptable because of the narrow perspective on risk and the limited reporting arrangements. Most important however was the fact that, as the head of a business function, the proposed Head of Risk would be conflicted.
In contrast, the proposed arrangements in Firm Y were judged by the supervisory authority to be acceptable because of the broader perspective on risk and the fact that the additional risk function would be taken on within an existing independent control department. The Head of Internal Audit would not be conflicted by business imperatives. The arrangement was, however, subject to close monitoring for the first two years of its operation.
Supervisors may be comfortable with a passive and reactive checklist approach to corporate governance, following a standard list of topics. They may have no interest in “pushing out the boundaries” by investigating any topic not covered on the checklist.
There may be several reasons for such a lack of curiosity:
- A minority of supervisors may simply lack imagination or curiosity, seeing supervision as a career in which they can progress by undertaking formulaic, box-ticking work. Such a mindset is inconsistent with a risk-based approach to supervision.
- More junior supervisors may be discouraged from taking an inquisitive approach by their line management, who themselves lack imagination or curiosity. This raises potentially serious issues which go directly to the culture of the supervisory authority. Senior managements need to be mindful of such issues when adopting risk-based supervision.
- There may be genuine unease about uncovering information that goes beyond a formulaic list of topics, because the information may prove hard to interpret or require complex remediation rather than the fixing of a straightforward compliance-like issue. This concern may be made more acute if a financial institution is disposed to questioning the supervisor’s ‘need to know’ about such wider issues.
- In countries where public officials and in particular employees of central banks enjoy particularly high status, supervisors may be reluctant to discuss topics where the answers to their questions are not known in advance. This may be because of a “fear of the unknown” and a concern that if they do not understand fully the answers that they are given they will appear ill-informed and be unable to pursue the subject effectively. Some supervisors may feel obliged to maintain an air of omniscience, making them reluctant to pursue avenues of enquiry with which they are unfamiliar or to ask questions whose answers may be hard to interpret or understand.
Supervisors should be curious, wanting to know everything that is relevant (and material) about the operation of the institutions they supervise. An approach which emphasizes “I do not know everything but I know what I need to find out about” is far preferable to one that fails to pursue potentially important matters for the sake of appearances. A supervisory authority should promote a culture in which curiosity is encouraged.
Addressing the blockage: curiosity
It is understandable that supervisors may be resistant to topics that are ‘new and scary’. Even if they are prepared to admit that they are entering new and largely unexplored territory they may want support and assistance in formulating a set of questions to ask and training in understanding the answers they are given.
There may also be wider cultural or managerial issues that need to be addressed here. Supervisors should be encouraged and supported – not criticized and held back – by their line management when they investigate new topics or adopt new approaches (for example, interviewing non-executive directors to gain a better understanding of how corporate governance operates in practice).
Supervisory authorities that have adopted a risk-based approach to supervision should recognize that this necessitates taking a more judgement-based and forward-looking approach to assessing the most important prudential and conduct risks posed by financial institutions and the extent to which the institutions are able to manage and control these.
This is not a trivial or simple change in emphasis but a fundamental paradigm shift that needs to be supported by cultural adjustment and change management within the supervisory authority (see Toronto Centre (2018b)). It will be necessary to have some sort of consciousness-raising within a supervisory authority to show that supervisory curiosity is an essential element of taking a forward-looking and judgement-based approach, the purpose of which is to deliver better supervisory outcomes by identifying and addressing the largest risks to supervisory objectives.
Being curious is a more rewarding and challenging for supervisors than following a standard checklist approach. This should put supervisory authorities in a better position to recruit and motivate high-quality staff.
Illustrative example: curiosity
Supervisory authority D was in the process of implementing risk-based supervision. Junior staff were enthusiastic and felt empowered by this, but some middle- and senior-level managers were more comfortable with the previous, more compliance-based approach.
As discussed in Toronto Centre (2016), a supervisory assessment of the quality and effectiveness of corporate governance in a financial institution should include making judgements on:
- Whether the non-executive directors are sufficiently challenging. Supervisors need to be alert to cases where the relationship between the non-executives and the chief executive is too close, or where the chief executive is over-dominant and is able to effectively intimidate the board.
- How well the board understands the risks that the firm is running, and determines the capital, other reserves and provisions, liquidity and other resources required to support these risks.
- Whether internal control functions are of high quality, sufficiently resourced, and independent of the business.
- How the board assures itself that the firm’s internal controls, remuneration, and other policies and procedures operate effectively and are in line with the strategy, risk appetite, values and culture the board has established.
These judgements need to be based not only on the characteristics of a financial institution’s corporate governance arrangements which will often be described in documentation requested from the financial institution but also – and most importantly – on:
- Interviews with non-executive directors, in particular the chair of the board, and the chairs of the audit, risk, and other board committees;
- Interviews with senior management;
- Interviews with the heads of control functions and the external auditor;
- Interviews with the appointed actuary of insurers and pension funds;
- Observation of board, board committee and executive committee meetings; and
- Interviews with a range of staff at all levels within a financial institution to assess whether the controls, values and culture that senior management claims to be in place (and on which the board relies) operate effectively throughout the business.
However, supervisors may be unwilling to probe into corporate governance issues because this would require them to engage in discussions with the “great and the good” on the boards of financial institutions. Supervisors may feel that they should respect and revere the CEO or board members who may be retired generals, former CEOs, former politicians, and friends and relations of the owner, rather than ask them difficult questions.
Supervisors may feel intimidated by the owner of a financial institution who asks, “who are you to come here and tell me how to run things?”, or by a non-executive director who makes it only too clear that they would resent being interviewed by a relatively junior supervisor. In some countries, women supervisors may face even more hostility and may be uncomfortable challenging a male senior manager or board member who is older and more senior to them. There have been cases where women supervisors have been told their place is at home.
There may also be elements of “regulatory capture” here. Some supervisors may be unwilling to challenge the “great and the good” because these people may be influential in determining the supervisors’ own career prospects including, in some cases, the scope for them moving into senior positions in financial institutions themselves.
Addressing the blockage: engaging with the “great and the good”
An unwillingness of supervisors to engage with non-executive directors and senior management in financial institutions might be addressed through a combination of:
However, there may be a much wider issue here that would require a supervisory authority to persuade a range of stakeholders (not just non-executive directors of financial institutions themselves, but those responsible for appointing board members, the government, politicians, the public and the media) that a move to more challenging and intensive supervision of corporate governance will deliver better outcomes for supervision, the financial system and consumers. In some countries this might need to be linked to moves towards more independent, more active and less conflicted boards.
This should be achievable if there is sufficient appetite for change entailing a more challenging approach. But it is important to recognize the barriers to change where the existing position has strong benefits for current board members, for those who appoint them, and for the senior management of financial institutions who would prefer a cozy relationship with their board to being challenged by the board.
Illustrative example: engaging with the “great and the good”
This type of approach may not be sufficient where the unwillingness to engage is steeped in national culture and cultural norms. Training and development, and a “just do it” approach, may not work in these circumstances. A more gradualist ‘water on a stone’ approach may be necessary, as discussed further in the second half of this Note.
Supervisors may face a lack of encouragement or support from their line management for a proper assessment of corporate governance, including through discussions with board members of the financial institutions they supervise. In some cases there may even be active opposition to this. This could be for any of the reasons discussed above – line management denying the importance of good corporate governance, feeling uncomfortable or insecure about making judgements or asking open-ended questions, a lack of “buy-in” to risk-based supervision, regulatory capture, other stakeholder pressures, or just wanting a non-confrontational relationship with financial institutions.
In some cases, the resistance of line management may be implacable, with little prospect of it diminishing in the near future. But in many others there will be some scope for leverage to reduce the resistance and even promote some encouragement and support.
Addressing the blockage: line management within the supervisory authority
The importance of sound corporate governance is underlined by the attention paid to it by international standard setters, and its integral role in risk-based supervision. This is not to say that good corporate governance is a panacea; there are limits to what even good boards and non-executive directors can achieve. But the importance of corporate governance cannot – and should not - be disputed, and financial institutions (particularly their boards) should be pressed by supervisors to demonstrate that their governance arrangements are effective.
A supervisory authority needs to recognise the importance of corporate governance and if necessary to increase the emphasis placed on this within supervision. This may be achieved through:
Realistically, however, if there is implacable resistance higher up the supervisory authority the only option for less senior supervisors might be to persist in pressing for change until some combination of enlightenment and circumstances creates scope for change.
Illustrative example: line management within the supervisory authority
The discussion in the first half of this Note offered suggestions on how a supervisor (or a supervisory authority more generally) could progress towards a judgement-based and forward-looking assessment of the quality and effectiveness of a financial institution’s corporate governance.
The second half of the Note offers some additional suggested techniques and opportunities that could enable a supervisor (or a supervisory authority) to make incremental progress. Particular emphasis is placed on meetings with board members of financial institutions.
An incremental approach involves a hierarchy of possibilities, starting with those that are the least threatening and the least demanding of board members. A supervisor (or supervisory authority) should consider where they stand in terms of this sequence (they might already have made significant progress, and some of the intermediate steps may not be required) and how they might progress further along it.
At the most basic level a supervisory authority could issue a general communication (a supervisory circular, or whatever form of generic communication to financial institutions the authority typically uses) to raise the awareness of both supervisors and the boards of financial institutions to the rights – and indeed the duty – of supervisors to have some contact with boards. Such a communication would be couched in constructive and positive terms but underlying it would be the message that supervisors have a right and a duty to ask questions, and board members will be expected to respond constructively.
This communication could be used to highlight the importance that the supervisory authority places on good corporate governance and any existing supervisory principles, rules or guidance relating to this (as well as any relevant materials issued by international standard setters). This may not have a major impact in the short term, but communications of this type are of value in raising the profile of corporate governance and, over time, of shifting perspectives on this. These “nudges” may pay dividends over the longer term.
Supervisors could begin their contact with board members in a relatively informal and low-key way, simply by asking board members (or perhaps initially just the chair of the board) to explain how governance works in practice in their financial institution.
As discussed earlier, if the supervisory authority is gearing up to take a more intrusive and challenging approach to corporate governance the path towards this needs to be led by relatively senior supervisors. But there is a balance here – these initial contacts should be low-key, so having middle-level supervisors undertake them would help to emphasise that.
These initial meetings could be on the basis that the supervisors have reviewed whatever documentation on corporate governance has already been provided by the financial institution (board composition and membership, board committees, terms of reference, management information submitted to the board, agendas, minutes, etc). They now want to understand better how corporate governance works in practice. The focus here might be on asking about what discussions took place at a specific past board meeting or asking how board members challenged senior management on a specific issue (for example by asking what happened when a bank’s individual capital adequacy assessment (ICAAP) or an insurer’s own risk and solvency assessment (ORSA) was discussed by the board).
An extension of this – which might be a significant further step for both supervisors and financial institutions – would be for the supervisors to attend a board meeting, again to understand better how corporate governance operates in practice. An alternative in some circumstances may be to attend a meeting of the audit committee or the risk committee, which are often the main interface between the board and supervisors.
This approach requires careful thought. Board (or committee) members’ attitudes and behaviours will be very different in the presence of supervisors. If supervisors’ attendance were to be anything other than exceptional and exploratory this might encourage the development of alternative decision-making channels. Attendance at board or committee meetings can be an important signal of the seriousness with which corporate governance is viewed by supervisors and may be a valuable way of familiarizing board members with supervisors and vice versa. But this should be used sparingly and may not be a very effective way of eliciting definitive information about how boards and committees work in practice.
External events may provide supervisors with valuable leverage to extend their assessment of corporate governance, and in particular to be more proactive in questioning board members of financial institutions.
First, this may be a good application of the saying “never let a good crisis go to waste”. Crises (at home or abroad) provide a potent mix of learning opportunities, a rationale for raising standards, a way of sensitizing stakeholders to the need for change, and a platform from which to change supervisory practices. The global financial crisis of 2007-2009 led directly to:
- a greater realization of the role that poor corporate governance can play in allowing financial institutions to take excessive risks and to fail to manage and control these;
- the introduction of higher standards for corporate governance, by both international standard setters and national supervisory authorities; and
- more intensive and intrusive supervision of financial institutions – and in particular systemically important financial institutions - including of their corporate governance, with a particular focus on board composition and leadership, the skills, experience and independence of non-executive directors, risk governance and the role of a chief risk officer, internal controls, remuneration incentives, and culture and values.
There have been similar responses to country-specific crises. For example, the banking crisis in Ghana in 2017 was caused, to a significant extent, by deficiencies in corporate governance in many banks. In response, the Bank of Ghana (2018) issued a new Directive on Corporate Governance for the banking sector. The Directive emphasized the critical role of banks’ boards and senior management members and followed international best practice in setting out detailed requirements for the responsibilities and composition of banks’ boards (including the role of independent directors); risk management and internal control; and remuneration policies. The Bank of Ghana also increased its supervisory resources and redesigned its training programs for supervisory staff to increase its effectiveness in several areas including the assessment of corporate governance.
Second, new or emerging risks (for example the COVID-19 pandemic and climate-related risks) or the introduction of new or enhanced objectives/mandates for a supervisory authority (for example on financial inclusion, conduct, or anti-money laundering) provide supervisors with valuable opportunities for arranging meetings with the board members of financial institutions to discuss these issues.
These discussions can be framed in the “safe territory” of asking how a financial institution is itself approaching these issues, primarily as an input to help the supervisory authority to understand the issues better, to identify good practices, and to develop standards and supervisory approaches. A good example of this are the meetings between the Canadian Office of the Superintendent of Financial Institutions (OSFI) and the banks and insurers that it supervises to discuss climate-related risks, including how this could have an impact on the corporate governance of these financial institutions. Supervisors can also use such discussions to assess whether board members are acquiring the necessary skills and expertise in new risk areas or are drawing on external expertise to do so.
Illustrative example – seizing the opportunity
· The head of supervisory authority F had long been concerned that there was insufficient engagement with, and scrutiny of, corporate governance in the banks in his jurisdiction.
· When supervisors pressed banks to take significant remedial measures, the management or board members would often complain directly to the head of the supervisory authority, claiming that the proposed changes would be costly and make their banks uncompetitive.
· The head of the authority had found himself with few grounds to resist these representations and would have had little wider (political) support for doing so. This had a corrosive effect on the morale of the supervisory teams who saw their decisions repeatedly overturned and eventually gave up pressing for remediation.
· A medium sized bank in the jurisdiction failed. It was discovered in the subsequent inquiry that the board had been passive in the adoption of a reckless strategy and that two board members with significant shareholdings in the bank had actively encouraged this strategy in the pursuit of short-term gains.
· The head of the supervisory authority ‘used’ this episode as leverage to effect a significant change of direction for supervision:
o The point was made to other senior stakeholders (politicians and the central bank) that governance failings had contributed substantially to the failure, which had involved significant financial and political cost.
o A strengthened approach to the assessment of corporate governance was developed. This was widely publicized in various forms including a letter from the head of agency to all bank chairs.
o The staff of the supervisory authority were informed of a revised decision-making process whereby: a) as long as staff could demonstrate that they had followed proper process in arriving at supervisory decisions they would be supported; and b) any supervisory decisions with significant ‘wider’ implications such as very heavy costs for supervised institutions would be subject to an orderly internal escalation/validation process.
· As a result of the changes, supervisory staff felt empowered to require reasonable remediation without the fear that bank representations would result in these being arbitrarily overturned.
· One bank subsequently objected to a requirement to strengthen its board by recruiting two additional, genuinely independent, non-executive directors with banking experience. On making representations to the head of the supervisory authority the bank was: a) reminded of the new, stronger, requirements for corporate governance; and b) informed that the supervisory team had followed internal procedures in requiring the firm to adhere to sound practice. As such there was no basis on which the head of the authority could, or should, intervene.
A thematic review of corporate governance may be used to open discussions with board members of financial institutions. Such a review would involve discussions with a sample of financial institutions, with the results used primarily as inputs into an overall assessment of standards of corporate governance, the identification of good and less good practices, and a revision of standards (principles, rules, guidance and supervisory expectations). Although the identification of good practices is the main focus for such work, serious failings in individual financial institutions would need to be addressed.
There is scope for a supervisory authority to include the interviewing of the board members of financial institutions within its standard supervisory processes. These processes can be published, so that both board members and supervisors understand what they entail, and that there is a clear expectation that these processes will be followed. The boxes below summarize two such processes – for a “fit and proper persons” regime, and for risk assessments within a risk-based approach to supervision.
Supervisory process 1: Suitability regime
Many supervisory authorities operate a suitability regime for key individuals (this may also be described as “licensing”, “authorisation”, “approval/pre-approval”, or “fit and proper” regimes for key individuals), under which the supervisory authority has to approve (or not object to) the appointment of key individuals such as the senior management and non-executive directors of a financial institution (see Toronto Centre (2017)).
One option for supervisory authorities operating a suitability regime is to interview some individuals as part of a supervisory assessment of whether they are fit and proper for the specific role to which the financial institution proposes to appoint them. Where supervisory authorities have chosen this option, they usually limit such interviews to larger institutions and to specific roles (for example the chair of a board or a board committee, the CEO, the chief risk officer, the chief financial officer, and the chief actuary of a life insurer). It may be necessary to overcome resistance from some individuals because they have already been assessed (and interviewed) by the financial institution that is proposing to appoint them.
This approach to assessing the suitability of key individuals provides supervisors with four tools to improve corporate governance:
1) In an ideal world, the suitability (fit and proper) test provides some assurance that only the “right” people enter the system. Some individuals may be found to be unsuitable, and therefore ineligible for appointment to the proposed position. This could be because they have a track record of wrong-doing in previous employments, do not have the skills and experience required for the role, or – in the case of a non-executive director – are unlikely to challenge the senior management of the financial institution.
2) Where the supervisory authority has the legal powers to do so, it could impose conditions on an appointment, for example requiring a newly appointed non-executive director to attend training courses relating to the core business activities of the financial institution.
3) Even if a supervisor cannot prevent some unsuitable individuals from being appointed in the first place, they can use a suitability regime – and in particular interviews of appointees – as a way of telling appointees what the supervisor expects of them. For example, a supervisor can emphasize to a newly appointed non-executive director that they are expected to understand the risks faced by the financial institution whose board they are joining, to monitor how effectively these risks are managed and controlled, and to actively challenge the executive senior management. These kinds of messages can by conveyed to all new appointees, including the “great and the good”.
4) Newly appointed non-executives can also be put on notice (even if they are the “great and the good”) up-front of a supervisory expectation that the supervisor will be monitoring their performance (for example through reviewing the minutes of board meetings). This could be backed up by a clear expectation that at least some non-executive directors will be interviewed every year and asked about corporate governance issues (including what they have done personally as a non-executive director). This can provide a strong signal that supervisors are taking a close interest in the performance and effectiveness of non-executive directors.
Supervisory process 2: Risk-based supervision
Some supervisory authorities that have adopted a risk-based approach to supervision specify that, at least for larger and more systemically important financial institutions, the risk assessment process will include the interviewing of board and board committee chairs and some other non-executive directors on a routine basis as part of the supervisory assessment of the quality and effectiveness of corporate governance. This integrates (“hard wires”) meetings with board members into the supervisory process.
For example, the Central Bank of Ireland’s (2016) “PRISM” system of risk-based supervision specifies that, depending on the impact measure of a financial institution, the risk assessment process will include regular meetings with the chair and non-executive directors (as well as with the CEO, CFO, CRO and external auditor) to cover matters such as the strategic direction of the firm, strengths and vulnerabilities, governance, risk profile, and board competency and effectiveness.
In providing supervisors with the best tools for dealing with corporate governance there are four steps which are of particular importance, as described in the box below:
- Asking the right questions;
- Interpreting the answers;
- Being brave in making evidence-based judgments; and
- Being prepared to undertake necessary supervisory interventions.
Risk-based supervision of corporate governance is a very long way from rudimentary, compliance-based approaches to supervision. The depth and nature of interactions with firms and the style of questioning needs to reflect this. This includes the use of open-ended questions calling for discursive answers couched in respondents’ own words.
Four steps in assessing and improving corporate governance
1 Ask the right questions
It is easy to find out about the characteristics of corporate governance using standard reporting or closed-ended questions that require a simple factual answer. But to understand its effectiveness it is necessary to interact directly with board members and senior management and to ask open-ended questions. This approach can be empowering for supervisors:
· Open-ended questions can be more powerful than specific, focused ones because they are broader in scope.
· Instead of searching for the key detailed or forensic question to elicit information it is often preferable to ask an open-ended one along the lines of ‘Explain to me how …’ or ‘Describe the way in which….’.
· Because respondents have to answer in their own words they are required to think and respond broadly about what they do and how they do it.
The list of open-ended questions needs to be tailored to the specific financial institution and should never become formulaic - institutions will quickly identify standard or formulaic questions and will become adept at providing equally formulaic (and therefore unhelpful) answers.
Supervisors should not be afraid to ask for clarification of answers or to ask respondents to ‘Tell me more about that…’. They should keep asking until they understand what is being said.
Closed-ended questions: examples
Open-ended questions: examples
· How many board members are there?
· How many are non-executive?
· How often does the board meet?
· What does the management information (MI) pack contain?
· Does the board have Audit and Risk Committees?
· Who is on these committees?
· What is the board’s attitude to risk?
· How does the board satisfy itself that the risk appetite is being complied with?
· What are the three biggest risks facing the firm at the moment?
· When was the last time the board made a significant risk-based intervention? What happened?
· How do you gain assurance that control functions are working effectively?
2 Have a framework for interpreting the answers
Open-ended questioning is only effective if supervisors are able to interpret the answers properly, to gain an understanding of how a firm is run. There are often no ‘right answers’ in the area of corporate governance. There may be several ‘acceptable’ answers that give clear positive evidence of good governance.
However, some answers may be unacceptable, because a) they might seem to convey useful information but in reality (and on closer scrutiny) do not; or b) they provide concrete evidence that corporate governance is unsatisfactory. The skill is to be able to distinguish acceptable/informative answers from unsatisfactory ones. Remember that board members and other senior individuals may be adept at providing vacuous answers that sound convincing.
It is also often revealing to ask different individuals (non-executive directors, senior management, business heads, control function heads, etc) the same questions to identify potential inconsistencies in the answers. Answers to questions can also be compared against board (and board committee) minutes, agendas, ICAAP, ORSA and other documents to check whether the descriptions given by interviewees match what is recorded in these.
The examples below refer to the first three open-ended questions in step 1 above.
Acceptable answers (Board chair)
Unacceptable answers (Board chair)
Q1: Risk is probably the issue we discuss most often, as the board minutes demonstrate. The executive provided us with a draft risk appetite statement which we spent three meetings refining with the involvement of the Risk committee. It has a meaningful balance of qualitative and quantitative indicators.
Q2: Each quarter we are sent an MI statement which we can show you. At our insistence it focuses specifically on the indicators set out in the risk appetite statement. It also has a summary section on how risk has evolved and how it is expected to continue evolving over the next 12 months.
Q3: We are worried about the likely economic downturn and pressed the executive to show us the results of stress testing for this. We are also concerned about the entry of IT based competitors and asked for a risk-focused briefing on that. And we realized that we were relatively unsighted on potential interest rate risk, so we asked the executive to produce an analytical paper setting out the issues. On the basis of that we insisted that the firm’s policy on the interest rate gap be revised.
All these documents can be made available to you and the issues were included in the ICAAP which the board approved.
Q1: We have a Risk Committee to which the board delegates all this stuff. I know they receive regular updates from the Chief Risk Officer. The board members are all very experienced and this gives them a good feel for risk.
Q2: There is a very comprehensive MI pack which runs to over 100 pages. At every board meeting I ask the CEO whether there is anything we need to be worried about on the risk front. She usually gives a reassuring answer which I make sure is recorded in the minutes.
Q3: We are always concerned about the firm’s cost base which needs to be kept tightly under control. We always look closely at the non-revenue generating parts of the business. And we recently asked about the implications of developing a digital delivery platform for some of the firm’s products. The CEO said she understood our concerns but there was nothing to worry about. All our competitors are doing it and all the risks are being addressed. I think that was recorded in the minutes somewhere as well.
3 Be brave in making evidence-based judgements
Supervisory judgements about corporate governance need to be based on evidence. It is inevitably more challenging to assemble evidence to support judgements about corporate governance than it is about more ‘cut and dried’ issues such as compliance.
Supervisors should strive to uncover positive evidence – the absence of this, even in response to persistent questioning, is likely to be of considerable significance. Firms will often challenge what they see as negative assessments. Being able to say ‘we repeatedly sought positive evidence but you were unable to provide it’ carries considerable power.
The examples below draw on the Board chair’s responses in step 2 above.
Positive evidence (acceptable answers)
Concerning evidence (unacceptable answers - even when board members were pressed for positive evidence)
· Multiple instances of challenges and questions about risk in board minutes.
· Clear (minuted) evidence of board determination to have a risk appetite statement with measurable risk metrics.
· Risk appetite clearly set out in the firm’s ICAAP or ORSA, with evidence that this document was discussed actively by the board during its preparation.
· Comprehensible MI packs with specific risk metrics permitting assessment of whether the risk appetite is being complied with, together with a traffic light (green/amber/red) system for current and emerging risks.
· Evidence from board minutes of horizon scanning for risk; board members actively raising potential risk issues; board members seeking analytical information on actual and potential risks; and the executive responding fully to these challenges.
· Sketchy, uninformative board minutes with infrequent, formulaic references to risk.
· No evidence of proactive questioning by board members about current/future risks.
· Evidence of passive acceptance by the board of a bland, uninformative and unquantifiable risk appetite statement.
· No evidence of an ICAAP or ORSA being discussed by the board.
· Overly long and detailed MI pack, with no references to risk appetite and no ‘story’ on emerging risk.
· No evidence of horizon scanning or board members actively seeking risk information.
· Multiple recorded instances of the board being too ready to accept unquantified, reassuring ‘everything is fine’ statements by the executive.
4 Supervisory intervention to remediate (where necessary) shortcomings in corporate governance
Undertaking supervisory assessments is not an end in itself – their purpose is to drive necessary supervisory intervention/remediation. When seeking improvements to corporate governance supervisors need to identify the shortcomings and specify the required outcomes. How closely remedial measures are monitored/checked is itself a risk-based decision depending on the risks involved and the extent to which reliance can be placed on the firm (on the principle of ‘trust but verify’).
The supervisory intervention below draws on the ‘concerning evidence’ set out in step 3 above.
Agreed measures and timetable
· An independent review of board processes and effectiveness.
· Conducted by a third party.
· Recommendations for changes in procedures, training and (if necessary) changes in board membership.
· Review to be completed within 3 months.
· Remediation to be completed within 9 months.
· An improved risk appetite statement.
· CRO and Risk Committee to revise the risk appetite statement in line with industry good practice, using third party assistance if necessary.
· To be completed (with board sign off) within 3 months.
· Overhaul of MI.
· CRO and Risk Committee to review the framework for the identification and monitoring of enterprise-wide risk.
· Overhaul of MI designed to inform and alert board members to current and emerging risks.
· To be completed (with board sign off) within 6 months.
· Changes to decision making.
· Review of board delegations.
· Changed reporting/escalation arrangements to ensure that the board owns and takes accountable decisions for matters reserved to it.
· Changed delegation arrangements to ensure that board monitors decisions which it delegates.
· To be completed within 6 months.
· A pillar 2 capital (solvency) add on.
· Firm is required to hold additional capital, above the regulatory minimum that applies to all firms.
· This pillar 2 add on is applied until governance issues are effectively resolved.
Sound corporate governance in financial institutions is of fundamental importance. Supervisors implementing risk-based frameworks need to assess the effectiveness of corporate governance and to press for remediation where shortcomings are found.
This Note has suggested several reasons why supervisory authorities may pay insufficient attention to this critical area of the leadership and control of financial institutions. These include a general lack of interest in corporate governance in a country; a supervisory authority not regarding corporate governance as being important; an unwillingness of supervisors to make judgements about the quality and effectiveness of a financial institution’s corporate governance; a lack of supervisory curiosity; an unwillingness of supervisors to ask questions of the “great and the good” who may serve as non-executive directors of financial institutions; and a lack of support and encouragement from the middle and senior management of supervisory authorities.
The Note has set out some practical steps that supervisory authorities can take to overcome these blockages and to improve their oversight of corporate governance. Supervisory authorities can make incremental progress through communicating with financial institutions about the importance of corporate governance; initiating low-key contacts with boards and board members; attending board meetings; undertaking thematic reviews of corporate governance; and seizing the opportunities presented by crises and by new and emerging risks for extending supervisory discussions with boards.
Where discussion do take place between supervisors and board members, the Note has highlighted the importance of supervisors asking open-ended questions; carefully interpreting the answers they receive; making evidence-based judgments; and undertaking necessary supervisory interventions to improve corporate governance in the financial institutions they supervise.
Significant weaknesses in corporate governance or the supervisory oversight of it are unlikely to be solved overnight. But this Note has aimed to demonstrate that with patience, determination and creativity, supervisory authorities can take steps towards raising the standards of corporate governance in financial institutions.
Bank of Ghana. Corporate Governance Directive. December 2018.
Basel Committee on Banking Supervision. Principles for enhancing corporate governance. October 2010.
Basel Committee on Banking Supervision. Corporate governance principles for banks. July 2015.
Central Bank of Ireland. PRISM Explained - How the Central Bank of Ireland is Implementing Risk-Based Regulation. February 2016.
Financial Stability Board. Thematic Review on Corporate Governance Peer Review Report. April 2017.
International Association of Insurance Supervisors and Organisation for Economic Co-operation and Development. Issues Paper on Corporate Governance. July 2009.
International Monetary Fund. The Making of Good Supervision: Learning to Say "No". May 2010.
International Organisation of Securities Commissions. Report on Corporate Governance. October 2016.
Toronto Centre. Action Planning Guide. October 2015.
Toronto Centre. Improving Corporate Governance in Regulated Firms. January 2016.
Toronto Centre. Assessing the Suitability of Key Individuals in Financial Institutions. May 2017.
Toronto Centre. Risk-Based Supervision. March 2018a.
Toronto Centre. Implementing Risk Based Supervision: A Guide for Senior Managers. July 2018b.
Toronto Centre. Risk-Based Supervision for Securities Supervisors (and Other Supervisors of Small Firms). February 2020a.
Toronto Centre. Supervising Corporate Governance During Crises. April 2020b.
Toronto Centre. Operational Resilience: The Next Frontier for Supervisors?. April 2021a.
Toronto Centre. A Climate Risk Toolkit for Financial Supervisors. September 2021b.
 This Note was prepared by Clive Briault and Paul Wright.
 See Toronto Centre (2016) and OECD (2021).
 For example, any national equivalent of the Cadbury Code (and its successors) in the UK and the King Reports on Corporate Governance in South Africa.
 See Toronto Centre (2021a) for a discussion of operational resilience.
 This saying is attributed – possible incorrectly – to Winston Churchill when he was working to create the United Nations after the second world war.
 See the examples referenced in Toronto Centre (2016), Basel Committee (2010 and 2015), IAIS/OECD (2009) and IOSCO (2016).
 Again, see Toronto Centre (2016).
 See, for example, Financial Stability Board (2017).
 See Toronto Centre (2020b and 2021b).
 OSFI (2021).
 For more details of how thematic reviews can be undertaken, see Toronto Centre (2020a).
 Toronto Centre (2017).