The degree of individual director accountability is on the rise
In business, trends in the financial services sector tend to spread outward to the broader corporate community. We have seen this repeatedly over the past decade, in domains ranging from financial reporting to risk and capital management. In particular, corporate governance trends in the financial services sector have, since 2008, included a heightened level of scrutiny on all boards of directors, including their oversight of risk appetite, business strategy and organizational culture. With this in mind, corporate audit committees should pay particular attention to the expanding mandates of financial institution audit committees and the parallel increase in individual director accountability.
Expanding corporate governance requirements for the financial services sector reflect in significant part the regulatory response to the global financial crisis, as well as the growing complexity of business strategy in the face of disruptive technologies and increased competition. In Canada, the emphasis on enhanced board governance in the financial services sector has been led by the Office of the Superintendent of Financial Institutions (OSFI). Seeking to ensure that Canadian banks maintain their resilience in the face of globally expanding systemic risks, OSFI finalized its Corporate Governance Guidelines in 2013. These guidelines have further raised the bar for demonstrating both overall board effectiveness and strong oversight of key control functions, including risk, compliance, finance and internal audit.
To help drive adoption of its Corporate Governance Guidelines, OSFI has become very proactive in its regulatory oversight activities. Boards and their committees experience significant pressure to demonstrate their active involvement and effectiveness in areas such as:
This heightened level of regulatory oversight often now includes regular meetings with boards and committees, as well as periodic meetings with individual board members to assess their qualifications and level of engagement in discharging their fiduciary responsibilities. Factors addressed in these meetings include judgment, initiative and responsiveness, and the overall operational effectiveness of the board.
The OSFI guidelines spell out expectations of the board as well as the audit committee.
The board, the guidelines state, “should regularly assess the effectiveness of the (institution)’s oversight functions and processes. Occasionally, as part of its assessment, the Board should conduct a benchmarking analysis of those functions or their processes with the assistance of independent external advisors.” Further, “the heads of the oversight functions should have sufficient stature and authority within the organization and be independent from operational management. They should have unfettered access and, for functional purposes, a direct reporting line to the board or the relevant board committee (e.g., Audit, Risk).” Typically, oversight responsibilities for the Compliance, Finance and Internal Audit functions fall within the mandate of the Audit Committee in financial institutions, while significant interaction with the Risk Committee is also often required to ensure full oversight of the Risk function.
We consistently find, in performing independent external assessments of oversight and control functions on behalf of boards under these requirements, that the assessments do in fact provide important insights, assurance and recommendations to both the audit and risk committees on the design effectiveness and implementation of key control programs—programs that extend well beyond the traditional realm of financial reporting.
The mandate of financial services audit committees has further expanded in recent years into oversight of very high-risk areas such as anti-money laundering, anti-terrorist financing, cyber security and outsourcing/vendor risk management. These risks are considered top-10 priorities by most financial institutions, as well as their regulators.
Financial reporting oversight itself has been dramatically increasing in complexity, with audit committees now required to oversee significantly expanded (and potentially overlapping) disclosures under IFRS, Basel Pillar 3 and the Financial Stability Board’s Enhanced Disclosure Task Force.
Although board members outside the financial services sector may not currently be subject to such onerous requirements, it is a question of when, not if, at least some of these expanded oversight responsibilities will begin to find their way onto corporate board and audit committee agendas.
Given this trend, there are some key questions to consider:
Clearly, the financial services sector is foreshadowing important corporate governance trends that could impact the broader business community. Board and audit committee members in all sectors should be paying attention.