The Federal Deposit Insurance Corporation (FDIC) today proposed strict new guidelines to strengthen risk management and board oversight for banks with more than $10 billion in assets.
If finalized, the binding rules would establish expectations for bank boards on structure, duties, and risk oversight. Boards would need a majority of independent directors and key committees on risk, audit and compensation. Plus, directors would have to actively challenge management and set a tone discouraging imprudent practices.
MBK Search’s research team has broken down the ten biggest requirements listed in the proposed guidelines:
1) Broadened scope to include more banks
The guidelines would apply to all FDIC-insured banks with over $10 billion in total consolidated assets for two consecutive quarters based on Call Report filings. This expanded scope goes beyond the largest banks to rope in mid-sized players, aiming to reduce bank failures and losses.
2) Independent directors take majority seats
Boards would be required to have a majority of independent directors not affiliated with the bank. The FDIC says this enhances oversight and accountability by reducing conflicts of interest and domination by bank insiders. Diversity of experience and demographics on the board is also emphasized.
3) Risk committee requirement
Banks would need a dedicated board risk committee, chaired independently, with risk management expertise. Meeting at least quarterly, this committee would oversee the risk program, ensure risks are managed within appetite, and challenge management as needed, promoting safety.
4) Three lines of defense surround the castle
The proposed guidelines calls for mandatory business units, an independent risk management unit, and internal audit form three lines monitoring adherence to the risk program. This system aims to comprehensively identify, escalate, and address risks.
5) Risk appetite statements required
Banks must implement board-approved risk appetite statements with quantitative limits and qualitative components, restricting what the FDIC calls imprudent exposures. This critical foundation aligns risk-taking with tolerance and constraints.
6) Red alert on limit breaches
The proposal says the FDIC must be notified in writing when internal risk limits or legal/regulatory violations are significantly breached, enforcing accountability. This allows prompt attention to material events.
7) Tone check on cultural health
Directors would be required to be proactive in discouraging excessive risk-taking and unethical behavior, rather than prioritizing profit above prudence. This influences institutional culture and safety.
8) C-Suite gains new risk sheriff
Having a dedicated Chief Risk Officer would be required, reporting independently to the board risk committee. This empowers centralized, expert assessment of risks across the bank.
9) Director training prevents complacency
The proposal would require ongoing formal training of directors to cover risks, laws, regulations, and other topics to hone oversight abilities. The FDIC says this would counter knowledge gaps that may weaken governance.
10) Annual board checkup to diagnose weaknesses
Bank boards would need to conduct self-assessments identifying and addressing deficiencies annually. This facilitates continuous improvement in governance.
The FDIC has called for feedback on the guidelines over the next 60 days. You can read the full guidelines on its website.
At MBK Search, we help firms find world-class talent to build champion GRC teams. We recruit across all regulated industries and sectors in the United States, EMEA, and APAC. Let’s start building — visit our website to find out how. www.mbksearch.com
