The Challenging Role of a Director
â€¢ Board involvement
â€¢ Assessment of risks
â€¢ Management and control of the risks
â€¢ Oversight of service provider arrangements
â€¢ Adjusting the program
â€¢ Reporting to the board of directors
â€¢ Implementation of regulatory standards
Examiners will be scrutinizing board involvement in all phases of the program from development through on-going maintenance. GLBA is enforceable under section 39(a) of the FDI Act, which means that informal or formal enforcement actions may be requested or issued for non-compliance with the Act. In addition, regulators may assess civil monetary penalties against specific individuals, including directors within the institution.
Sarbanes Oxley (SOX) has also redirected attention to the need for a strong and independent board. Emerging technology may change the way a financial institution conducts its business, but the principles of corporate governance have not changed and remain valid.
Because of SOX, the role of the board in overseeing the financial institutionâ€™s operations is no longer standard best practice but required. The boardâ€™s role must include:
â€¢ Selecting and retaining competent management
â€¢ Establishing strategic long-term and short-term goals
â€¢ Monitoring operations to ensure adequacy and compliance with laws and policies
â€¢ Overseeing business performance
â€¢ Ensuring community credit needs are met
For corporate governance to be effective there must be a high level of cooperation between the board and management; however, the board as a whole and the directors individually must maintain independence in evaluating managementâ€™s actions. To fully exercise their fiduciary responsibility, directors must understand the environment in which the bank functions, regulatory requirements, and the financial condition of the institution.
Oversight of the institution includes establishing policies, clearly communicating these to employees, and monitoring them for compliance with laws and regulations, economic changes, and the institutionâ€™s environment. In addition to establishing polices, the board must ensure that the appropriate controls are in place and that processes for monitoring the institutionâ€™s condition, compliance with internal policies, regulation and laws are effective. One method of monitoring would be establishing reporting requirements. The appropriate level of reporting will be dependent on each institutionâ€™s individual operations and circumstances.
Providing for independent reviews and testing of compliance with board policies, regulations and laws, and the integrity and adequacy of the information reported to the board and maintained by the institution is not only a standard best practice, but required by SOX. These reviews may be performed by qualified independent internal auditors, by an examining committee of the board, or by a qualified CPA. The board must have the direct responsibility in the hiring, firing, and evaluating the institutionâ€™s auditors. The auditors should report directly to the directorate or audit committee to maintain the required independence.
All insider financial transactions must be above reproach. Directors must avoid any preferential transactions involving insiders or their related interests. Insider transactions will be judged using the same criteria as an ordinary customer of the institution. These transactions must be completely above board and in compliance with all laws and regulations. Directors who permit preferential treatment breach their fiduciary responsibilities and can be subject to civil and criminal liability.
Last but not least, the board should review all reports of examination, supervisory actions, and/or correspondence from the institutionâ€™s primary supervisory agency. Findings and recommendation should be reviewed and a process for addressing the findings implemented and tracked.
The role of the board has always been to oversee operations; however, the adoption of these two laws emphasizes the old adage â€œthe buck stops here.â€