Corporate Governance for Banking Institutions Is Different

by Paul L. Lee

Observers have often asked whether corporate governance for banking institutions, i.e., banks and bank holding companies, is (or should be) different from governance for other corporations.  The resounding answer from the bank regulatory authorities is that the governance of banking institutions is (and should be) different from the governance of other corporations because of the special credit and liquidity functions performed by banking institutions.[1]  These special intermediary functions have historically led to a highly regulated environment for banking institutions, which has directly affected governance processes.  The bank regulatory authorities maintain that the directors of banking institutions are responsible to a broader set of stakeholders than just shareholders.  The additional stakeholders include depositors (and indirectly the federal deposit insurance fund), creditors and the regulators themselves.

The bank regulatory authorities assert that the primary duty of the directors of a banking institution is to ensure that the banking institution operates in a safe and sound condition.  In pursuit of this goal, the bank regulatory authorities have adopted an extensive body of regulations and supervisory guidance for the governance of banking institutions.  Because of the additional regulatory and supervisory requirements imposed on directors of banking institutions, the exclusive focus of the directors cannot be on maximization of shareholder value (as would normally be the case under general corporate law).  Instead, the directors of a banking institution must also take into account the interests of other stakeholders, such as depositors and other creditors, under the general rubric of “ensuring” the safety and soundness of the bank.

Regulatory and supervisory requirements create a comprehensive mandated framework for compliance and risk management systems in banking institutions that does not exist for most other types of corporations.  These regulatory and supervisory requirements are monitored by the bank regulatory agencies through reporting requirements, regular examinations and other surveillance techniques.  The bank regulatory agencies rate the management and the board of large banking institutions on an annual basis on their risk management and oversight.  The combination of the existence of these regulatory and supervisory requirements and the monitoring of these requirements by the bank regulatory agencies means that the first test for director oversight liability under Delaware corporate law, i.e., a sustained or systematic failure of the board to exercise oversight such as an utter failure to assure that any reporting system exists, will very rarely be met.[2]

The second test for director oversight liability under Delaware corporate law, i.e., a conscious failure to monitor or oversee the operations of the corporation based on the reporting systems, will also very rarely be met.[3]  Criticisms of a banking institution’s systems for monitoring compliance and risk management processes may be made in an examination report prepared by the bank regulatory agency, but the examination report will expressly require those criticisms (styled as “matters requiring attention” or “matters requiring immediate attention”) to be addressed by the institution under the oversight of its board of directors.  This external monitoring mechanism generally does not exist for other types of corporations.  While there may be cases of repeat criticisms in examination reports, it is unlikely as a practical matter that a criticism will go unaddressed for such a prolonged period as to constitute a “sustained” failure, the Delaware corporate law test for director oversight liability.  Thus, there is a very low probability that a shareholder will be able to meet the very high hurdle for asserting a derivative claim under Delaware corporate law against the directors of a banking institution.

As I explain in a recent article, the experience with the disposition of derivative actions against banking institutions both before and after the financial crisis confirms this hypothesis.[4]  Derivative claims against directors of banking institutions rarely survive a motion to dismiss.  As a practical matter, the regulatory requirements for board oversight of banking institutions substantially exceed the threshold for establishing director oversight liability under Delaware corporate law.  The incremental level of protection against liability for the board of a banking institution following from the high regulatory standards for board monitoring, however, comes at a price:  the scope of the exercise of business judgment by the board is constrained by the extensive regulatory and supervisory provisions directing specific oversight activities for the board.  In the aftermath of the financial crises, even more extensive regulatory and supervisory requirements have been imposed on large banking institutions and their boards.  The effect of these new regulatory and supervisory requirements is to expand the responsibilities of a board of a large banking institution to encompass the protection not just of shareholders, depositors and creditors of the banking institution, but also of the financial system as a whole.

A report issued by the American Association of Bank Directors in 2014 catalogs the extensive body of laws and regulations that impose duties on directors of banking institutions.[5]  In addition to hundreds of laws and regulations, the report also identifies 225 provisions in “guidance” documents issued by the Office of the Comptroller of the Currency (the federal regulator of national banks) imposing responsibilities on directors as well as 173 similar provisions in guidance documents issued by the Board of Governors of the Federal Reserve System (the federal regulator of bank holding companies and state-chartered banks that are members of the Federal Reserve System).  The report warns that this large body of regulatory and supervisory requirements is forcing bank boards to become “compliance” boards, leaving little time for business and strategic planning.

A report issued by The Clearing House Association in May 2016 provides an even more extensive listing of regulatory and supervisory requirements imposed on directors of banking institutions. [6] Like the report from the American Association of Bank Directors, the report from the Clearing House Association also confirms that many of these requirements impose on boards’ responsibilities for routine matters that appropriately lie with management.  The ultimate effect of the inexorable addition of new regulatory and supervisory requirements to the extensive existing body of requirements is to overload a board and to diminish its ability to devote heightened attention to areas that a board itself believes require such attention.  The bank regulatory agencies should review this large body of supervisory guidance to remove provisions that relate to the routine operations of the banking business and prioritize the remaining items to permit bank boards to play the strategic oversight role that is appropriately in their domain.


[1] See, e.g., Renee Adams & Hamid Mehran, Is Corporate Governance Different for Bank Holding Companies?, 9 FRBNY Econ.  Pol’y Rev. 123 (2003).

[2] In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959, 971 (Del.Ch. 1996).

[3] Stone v. Ritter, 911 A.2d 362, 370 (Del. 2006).

[4] Directors’ Duty to Monitor:  Experience in the Banking Sector – Part I, 133 Banking L.J. 405 (2016).

[5] David Baris & Loyal Horsley, Amer. Ass’n of Bank Dirs., Bank Director Regulatory Burden Report 16 (2014).

[6] The Clearing House, The Role of the Board of Directors in Promoting Effective Governance and Safety and Soundness for Large U.S. Banking Organizations (2016).

Paul L. Lee is of counsel at Debevoise & Plimpton.  Mr. Lee is the former Co-Chair of the firm’s Banking Group and is a member of our Financial Institutions Group. He has extensive experience in the banking industry as a corporate lawyer, both as a general counsel and in private practice, as well as experience in the public sector with leading bank supervisory agencies.


The views, opinions and positions expressed within all posts are those of the author alone and do not represent those of the Program on Corporate Compliance and Enforcement or of New York University School of Law.  The accuracy, completeness and validity of any statements made within this article are not guaranteed.  We accept no liability for any errors, omissions or representations. The copyright of this content belongs to the author and any liability with regards to infringement of intellectual property rights remains with them.