Article published by the Center for Corporate Governance
Today’s economic landscape poses considerable interim and structural challenges for banks: an economic crisis caused by the pandemic with a sharp decline expected in the quality of their assets; very low interest rates (negative in certain operations), with any expected return to normality receding further into the distance with each passing day; radical innovations in IT management, a cornerstone of banking; the onset of new competitors in the provision of financial services (payment services, consumer credit, corporate lending, etc); and increasingly strict banking regulations, to name but a few.
Against this backdrop of great change, banks must adapt, but regardless of the scenario, one thing will never change: the need for good corporate governance. Banks may be on the high street or online, be retail, corporate or investment, national or global, on the way up or down – but they will always need good governance.
The 2008 crisis was followed by fierce debate and it became obvious that banks needed professionalised corporate governance structures
It is obvious that, unlike during the great financial crisis, this issue is no longer a hot topic in the press, social networks and academic journals, possibly because this time round banks have not been part of the problem. The 2008 crisis, on the other hand, was followed by fierce debate and it became obvious that banks needed professionalised, effective corporate governance structures able to align the risks taken by each one with the desired exposure to risk.
We will begin this article with a look at the basic features of the EU regulations that emerged in the wake of the great financial crisis. We will then examine the main talking points arising from these regulations, and finally we will consider the conclusions stemming from the real-life implementation of the new regulations after the periodic revisions carried out by the banking superintendent.
EU regulations about corporate governance in banking
Before the financial crisis, it was not obligatory to abide by the rules. They were not only vague and difficult to implement but monitoring compliance was not a priority for financial superintendents. Stricter regulations regarding banks’ corporate governance obviously required a certain strategic alignment between superintendents’ aim of ensuring financial stability and the interest of banks’ depositors and creditors in such controls existing.
In the European Union, the outcome of this debate was Directive 2013/36/EU of the EU Parliament and Council dd. 26 June about access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms (henceforth CRD IV), which constitutes the basic regulations in this sphere. This directive marked a significant shift in the focus of regulations governing the corporate governance of financial entities by introducing mandatory regulations and disciplinary provisions.
The implementation of this directive made corporate governance one of the main priorities for the Single Supervisory Mechanism (SSM) and one of the key elements in the annual supervisory review and evaluation process (SREP). As a result, the corporate governance of banks has a considerable impact on their risk profile and the sustainability rating of their business model .
What good corporate governance entails
In general, good corporate governance refers to the effective and proactive control of a bank’s fate by its board and senior management, i.e. it implies control and management and means that the bank’s top managers lead it in such a way that it can fulfil its corporate mission.
Experience has shown that good governance is crucial for a bank’s future. During the previous crisis, very close correlation was seen between well-run banks and banks needing no bail-outs, and vice versa. As a result, it became a major focal point of regulations and supervision.
Experience has shown that good governance is crucial for a bank’s future
Good governance has several aspects:
- Leadership from the very top. Boards of directors must clearly be in charge of defining and controlling the bank’s strategy in areas such as in-house organisation and corporate culture, risk control, business management, etc.
- Risk control. Boards must understand the risks as a whole facing the bank. In the previous crisis, many boards of directors lacked a global vision of their bank’s risk management or the capability and experience necessary to supervise this management or even understand and conduct the financial business itself.
As a result of the crisis, a risk control model known as the three lines of defence was developed. One thing the directive pays great attention to is the regulation of in-house control functions (risk management, regulatory compliance and internal auditing) with a view to avoiding serious problems such as those which, to a large extent, triggered the great financial crisis. These functions must be at a level of the hierarchy on a par with their responsibilities; must be independent of the business lines and units they control; must report directly to the board and the board must evaluate their performance, etc.
- Capabilities. The adequate leadership and risk control described above calls for technical capabilities and suitable staff. Hence the regulations specify a high standard of training for board members and require them to assume greater individual and group responsibilities.
- Appropriate incentives structure. During the previous crisis, some suitably trained and experienced boards championed the managers’ strategy of making their balance sheets considerably larger or getting involved in all sorts of complex products. They set themselves very ambitious growth targets, and incentives were designed to encourage this growth. This strategy clashed with the interests of banks’ creditors (including depositors and employees) who needed to be able to recoup their deposits or collect the loans they made to such entities, hence the need to be feasible in the long term and take fewer risks .
- Seriousness. Recent criminal proceedings have revealed the need for transparent, well-documented and detailed decision-taking by the boards and senior managers of banks, and maximum compliance with regulations.
- Involvement of shareholders. Board members must safeguard the interests of the bank and all its shareholders. As a result, the superintendent calls for increasing numbers of independent board members. In 2010, the EU Commission  mentioned other reasons why shareholders were not very involved in more balanced, long-term bank growth: risk diversification led to investments in the portfolios of different companies, and this blurred the company “proprietor” concept; the high costs of “activism” for institutional investors, particularly when their stake in an entity is not significant; and certain legal difficulties regarding shareholders’ control of administrators and managers (in certain cases, the impossibility of having any say as regards the salaries of board members and managers, legal uncertainty regarding the concept of shareholder agreements, the complexity of public information about the bank’s exposure to risks, etc).
Matters to be discussed
The regulations and superintendents recommend non-executive presidencies but banks can argue that an executive president is necessary. Although there is no clear empirical evidence in favour of the first option, it is generally upheld because it facilitates the control of boards of directors as opposed to the management role of the CEO and senior management.
The appointment of increasing numbers of independent board members is related to the complex supervisory functions of boards and the stricter requirements imposed by superintendents on these functions. This has led to independent members working more and the need to pay them adequately. Is this independence compatible with a relatively high annual salary? It is difficult to imagine a reduction in salaries when supervisory tasks are increasing therefore other ways of ensuring suitable degrees of independence must be found: long mandates, but not renewable; the appointment of persons of high professional standing; effective appointment methods; specified reasons for dismissing these board members, etc.
The regulations and superintendents recommend non-executive presidencies but banks can argue that an executive president is necessary
As mentioned earlier, there has been a shift from non-mandatory rules to obligatory regulations, although it must be said that because they are specified in a directive, the requirements and details may vary from one member State to another. Likewise, the nature of the rules in CRD IV (which are basically vague legal concepts) does not facilitate the homogeneous and objective verification of compliance. It stipulates, for example, that “the board members of the entities shall be of sufficiently good repute and have the knowledge, skills and experience essential to perform their duties … all board members shall devote sufficient time to performing their functions … The management body shall have sufficient collective knowledge, skills and experience to understand the entity’s activities including its main risks. The general composition of the management body shall appropriately reflect a wide range of experiences … Each member shall behave with honesty, integrity and independent ideas and shall, if necessary, effectively evaluate and query senior management decisions.” (Article 91, CRD IV)
In the end, the need to supervise how boards operate makes it necessary to have more specific, homogeneous criteria, which is what the guidelines issued by the European Banking Authority (EBA) aim to provide .
Board members’ skills must include authenticity, resolve, leadership and persuasion
Although the purpose is clear, the result is debatable: board members’ skills must include authenticity (they must openly convey their intentions, ideas and feelings, and encourage an open, honest atmosphere), resolve (they must take well-informed decisions at the right time), leadership (be able to lead the group, develop and maintain team work and motivate employees), persuasion (be able to influence others’ points of view, be persuasive and employ moral authority and tact), etc. Is it easy to assess such skills objectively? It would seem not, and let’s not forget that this process depends on whether or not the appointment or retention of certain board members is authorised.
Many lawyers  probably feel that this medley of a directive and a national transposition of said directive together with EBA guidelines (which specify entities’ obligations) is not ideal, particularly when the supervisory function can lead to considerable sanctions for banks. This model will not change, at least not in the medium term, because as Yves Mersch, SSM vice president announced recently , the institution will be issuing guidelines to enable “stricter, more thorough assessments of board members’ suitability.” It is anticipated that the more demanding requirements will be accompanied by greater transparency about the superintendent’s expectations in this terrain.
Outcome of SSM reviews 
On the basis of the reviews carried out by SSM, these are the areas in which banks must improve:
- Banks must adopt more precise policies about the composition of their boards of directors, selection of candidates, appraisal of their suitability, replacement of board members and the board’s own assessment of how it operates.
- Boards must have fewer members and define the tasks of their committees adequately.
- Boards must have more independent members and must define the concept of independence more accurately.
- There must be closer links between the board and the functions of in-house control. Those in charge of said functions must report regularly and directly to the board and its committees even if the senior management of the bank is not present. Likewise, the board must assess more often whether the in-house control functions are being carried out adequately.
- Risk appetite policies must include the definition, notification and monitoring of the amount of risk the bank is willing to bear. These policies must be operative but have specific risk constraints. The salary and incentive policies of each bank must be in keeping with its risk appetite frameworks. Likewise, these policies must be assimilated at all levels of the organisation.
- Banks must improve their IT management: it is essential for decision taking, particularly as regards risks.
- Boards must be able to challenge senior management about IT issues and must, therefore, have knowledgeable, experienced people, and be able to devote sufficient time to discussing these matters . Banks must also adapt their three lines of defence model to the new digital world. The first line must consist of defining additional controls to ensure the availability and security of their IT systems. The second line must consist of defining a digital risk strategy (to clarify their appetite for these risks). And as a third line, banks must incorporate IT systems into their auditing processes and plans.
After the great financial crisis, the reasons behind it were fiercely debated around the globe. The conclusion was that financial institutions must have effective, professional corporate governance structures able to align the risks that banks bear with their desired risk profile.
This meant a shift from recommendations to mandatory regulations in the form of CRD IV, and corporate governance becoming one of the SSM’s main priorities when assessing banks’ risk profiles and evaluating the sustainability of their business model.
The supervisory authorities themselves acknowledge that the governance of banks involves many cultural factors  that make it complicated to carry out analyses and suggest improvements. Such improvements must, therefore, be made gradually, giving positive results in the medium and long term.
It is clear that regardless of what tomorrow’s banks may be like, their feasibility and competitive edge, and their ability to be sustainable and make a worthwhile contribution to society will depend to a great extent on their adopting the best corporate governance practices.
 The author is grateful to Mario Delgado, Enrique Ezquerra and Carlos Caballer for their invaluable comments.
 EU Banking Authority: Guidelines on the revised common procedures and methodologies for the supervisory review and evaluation process (SREP) and supervisory stress testing, 19 July 2018.
 This group of creditors could also include the State as a possible participant in funding a bank liquidation or resolution.
 EU Commission: Green Paper on corporate governance in financial institutions and report on remunerations, 2010.
 EBA Guidelines on internal governance under Directive 2013/36/EU” and “Joint ESMA and EBA Guidelines on the assessment of the suitability of members of the management body and key function holders under Directive 2013/36/EU and Directive 2014/65/EU, both dated 26 September 2017.
 For a well-reasoned analysis of regulations governing the composition and operating of boards, see Carmen Alonso Ledesma: Precisiones de la Autoridad Bancaria Europea en relación con determinados aspectos del gobierno corporativo de las entidades de crédito, Revista de Estabilidad Financiera, n. 33 (Nov. 2017), Banco de España.
 Yves Mersch: El BCE aumenta el nivel de control sobre la gobernanza bancaria, Expansión, 1 October 2020.
 This section is a summary of Good governance for good decisions, Danièle Nouy’s talk at the second banking supervision conference, Governance expectations for banks in a changing financial environment, Frankfurt, 22 March 2018.
 The many challenges of digital change are outlined by José Manuel Campa: “Corporate governance challenges within the financial sector“, ICA’s XVII International Conference on Good Corporate Governance, Madrid, 10 November 2020.
 Danièle Nouy: Ethics in banking – from Gordon Gekko to George Bailey, speech in the 7th Congress of the Solvay Schools and their Alumni, Brussels, 15 de octubre de 2018.
Join the Do Better community
Register for free and enjoy our recommendations and personalised content.