The FDIC proposed enforceable guidelines on corporate governance and risk management that would apply to all state non-member banks with assets greater than $10 billion.  The proposal would impose a number of very detailed and highly prescriptive governance requirements on banks and, in doing so, blurs the line between board and management responsibilities.

Key takeaways

The Federal Deposit Insurance Corporation (FDIC) has proposed enforceable guidelines on corporate governance and risk management that would apply to all state non-member banks with assets greater than $10 billion (the Proposed FDIC Guidelines).  The proposal was issued over two dissents.[1]  Among the issues the dissents highlighted is that the proposal would seek to impose an enforceable federal overlay on state fiduciary duty standards, which would extend beyond the scope of the Office of the Comptroller of the Currency’s (OCC) governance guidelines[2] and of the Federal Reserve Board’s (FRB) governance guidance.[3]  The proposal also would muddy the waters between board and management responsibilities and impose a number of very detailed and highly prescriptive governance requirements.

It is understandable that, after the March turmoil in the banking sector, the FDIC would want to encourage state non-member banks to have high-quality corporate governance.  But it is an open question whether the Proposed FDIC Guidelines, which have a heavy emphasis on process, strike the right balance between process and core safety and soundness concerns,[4] especially when viewed in light of the traditional oversight role of a board and the more modulated viewpoints of the other banking agencies.

Our key takeaways are:

  • Significant new duties for directors.  The proposal would impose sweeping duties on directors by, for example, stating that a director should consider “the interests of all its stakeholders, including shareholders, depositors, creditors, customers, regulators, and the public.”  This directive may be at odds with the typical fiduciary duty focus on shareholder value.  Moreover, the directive may also conflict with duties applicable to directors under stakeholder standards because, although those standards broaden duties beyond shareholder value, the particular formulation can vary by state.  Whether and how the proposed standards would be enforced by various parties could lead to confusion and related litigation risk.
    • Other banking agencies have dealt with this issue.  For example, the OCC states in its Director’s Book that the corporate governance provisions discussed in the book are not intended to, nor do they, exceed applicable state law requirements.
    • Given the significance of the duties and obligations that the Proposed FDIC Guidelines would impose, one question is whether such standards should be subject to an interagency policy process to encourage consistency across the banking system.
  • Overuse of “ensure” and other similar verbs would muddy the waters between board and management responsibilities.  The proposal frequently states the board would be required to “ensure” actions take place, rather than oversee management’s actions or hold management accountable.
    • For example, the proposal would require that the board “ensure” that management corrects deficiencies that auditors or examiners identify in a timely manner.  Aside from the fact that this enforceable requirement does not take into account the possibility of an appeal of identified deficiencies, or the possibility that an examination team or auditor might not be correct, it is not feasible for a board to “ensure” such actions by management.  The FHFA’s similar requirement,[5] which requires that a board “assure its oversight” of the “responsiveness” of executive officers in “addressing all supervisory concerns” is a much more sensible formulation that takes into account the role of the board in holding senior management accountable without muddying the role of the board and the role of management.
    • The proposal would also assign other types of actions to the board that do not fully appreciate the oversight role of a board, such as requiring the board to “establish” a corporate culture and policies more generally.
    • The overuse of “ensure” was also part of the OCC proposal in 2014 but, in response to extensive comments, the OCC eliminated this aspect of the proposal in the final OCC Guidelines.  In addition, the most recent OCC Director’s Book eliminated the “ensure” concept.  Similarly, the FRB Guidance avoids use of such a standard. 
  • Requirement of majority independent directors is broader than the OCC’s requirement for two independent directors.  The proposal would require a majority independent board and, for this purpose, an independent director of the bank’s holding company does not automatically count as an independent director of the bank, contrary to the commonly used model of total overlap between directors of a holding company and a state non-member bank.
    • In order for a director of the bank’s holding company to count as an independent director of the bank, the holding company must conduct limited or no additional business operations outside of the bank.  It is unclear how the FDIC would define “limited or no additional.” 
      • Many non-member state banks could be affected by this difference.
    • In addition, the FDIC should clarify that it does not mean to prohibit an independent director from serving on the board of “any other institution” but instead only the board of “an affiliate of the institution” (here, the bank).  The FDIC should also clarify that serving on the board of an operating subsidiary of the bank would not prevent a director from being considered independent; such a clarification would be consistent with the definition of “affiliate” in Regulation W, which addresses similar policy concerns.
    • Banks with insider boards or that do not have a majority of outside directors at the bank level may find that they need to make board level changes.
  • Dominant policymaker.  The Proposed FDIC Guidelines contain a caution about a board being influenced by a “dominant policymaker,” whether this is management, a shareholder or a director.  The dominant-policymaker concept is unique to the FDIC.  Although this term may make sense for a privately held or family-controlled company, its application to a non-member bank whose parent is publicly traded risks creating confusion.
    • The FDIC has previously addressed the concept of a “dominant official” in its RMS Manual of Examination Policies – Management, where it describes “the risks associated with institutions controlled by an official that has material influence over virtually all decisions involving the bank’s policies and operations.” 
    • While the examination manual refers to this scenario using the terms “control” and “official,” the Proposed FDIC Guidelines refer to a “dominant policymaker.”  It is unclear whether the FDIC intends to broaden the scope with its use of “policymaker.”
  • Highly prescriptive, with more governance and process.  The Proposed FDIC Guidelines are highly prescriptive and would require more director time and management process to achieve the same result as the OCC Guidelines and FRB Guidance.[6] 
    • Where the OCC made a conscious decision not to require approval of many policies by the board, the FDIC would impose a more burdensome requirement on boards to approve a broad swath of policies on an annual basis.
    • The FDIC also would impose more frequent reviews and updates with certain requirements imposed quarterly as opposed to annually by the OCC.
    • The guidelines also contain highly prescriptive requirements with respect to the board’s involvement in the selection of executive officers and their competence. 
    • The FDIC’s requirement that the board, as part of its yearly self-assessment, also evaluate whether it has met the guidelines, means that boards may find themselves engaging in a check-the-box exercise that would not be necessary under the more principles-based approach of the OCC and the FRB.  This type of exercise could undermine the spirit of qualitative and dynamic self-assessments, whose focus may change from year to year depending on a board’s priorities and focus.
  • Guidelines, guidance and enforcement.  Guidance does not create enforceable, binding legal obligations.  Guidelines issued under Section 39 of the Federal Deposit Insurance Act (FDIA), however, are enforceable by the agency.[7]  As such, the FDIC has chosen to propose guidelines that “would be enforceable under Section 39.”  This technique is in contrast to the FRB’s approach of adopting principles-based guidance.  It is also in contrast to the OCC which has chosen the path of enforceable guidelines, but carefully calibrated its corporate governance guidelines to be general principles.  The FDIC’s combination of enforceable guidelines, very detailed and highly prescriptive requirements and an obligation for a board to assess, on a yearly basis, whether it is meeting the guidelines, risks imposing burdens on boards that do not further the spirit of seeking to encourage and to facilitate robust, dynamic and healthy governance.  For example, if an institution does not meet the guidelines promulgated under Section 39, the agency has the option of requiring a plan to do so.  If an institution fails to submit a timely, acceptable plan, the agency can issue a “safety and soundness order.”  This is the legal equivalent of a cease-and-desist order, i.e., it is public and legally enforceable, including through the assessment of civil monetary penalties.  Accordingly, a board may become more focused on a check-the-box exercise to avoid such a result, rather than the more important work of robust, dynamic and healthy governance.

The attached chart is a deep dive that compares the Proposed FDIC Guidelines with the OCC Guidelines and the FRB Guidance.  If the Proposed FDIC Guidelines are finalized as proposed, it would not be surprising if they are a factor in many state non-member banks beginning to consider whether they should become a national bank or a Federal Reserve member bank.  Comments on the Proposed FDIC Guidelines are due on December 11, 2023.

Download guideline comparison chart

Law clerk Mitch Murphy contributed to this update.

[1] Statement by FDIC Vice Chairman Travis Hill on the Proposed Corporate Governance Expectations for Large and Midsize Banks (Oct. 3, 2023); Statement by FDIC Director Jonathan McKernan on the Proposed Guidelines Establishing Standards for Corporate Governance and Risk Management (Oct. 3, 2023).

[4] See Statement by FDIC Vice Chairman Travis Hill, supra note 1.

[5] 12 CFR § 1239.4.

[6] Recently, after many years of minor differences among them, the three banking agencies aligned on one standard for their risk management guidance for third-party relationships.  See Davis Polk’s Client Update on Bank Risk Management of Third-Party Relationships – Final Interagency Guidance.  A similar approach may be useful for corporate governance.

[7] Guidance and guidelines under Section 39 of the FDIA are very different despite the similarity of the words.  Banking agencies issue guidance—typically general, principles-based instructions which are not, as a technical legal matter, enforceable (although many banking organizations will rationally act as if they are and follow them).  The point is to permit variations if warranted by the circumstances.  See, e.g., Role of Supervisory Guidance (Mar. 2, 2021).  Guidelines issued under Section 39 of the FDIA are enforceable.  12 U.S.C. 1831p—1(e).

This communication, which we believe may be of interest to our clients and friends of the firm, is for general information only. It is not a full analysis of the matters presented and should not be relied upon as legal advice. This may be considered attorney advertising in some jurisdictions. Please refer to the firm's privacy notice for further details.