Good governance - an asset for all seasons

Keynote speech by Danièle Nouy, Chair of the Supervisory Board of the ECB, at the farewell seminar of Jan Sijbrand "From Lehman to Bitcoin - trends and cycles in financial supervision", Amsterdam, 21 June 2018

Jan Sijbrand can rightly claim to be one of the founders of European banking supervision. In June 2012 he joined what was known as the “High-Level Group on Supervision”. This was the group in charge of all the technical preparatory work for the Single Supervisory Mechanism, the SSM. And once the SSM was set up, Jan became a voting member of the ECB’s Supervisory Board, the SSM’s main decision-making body.

In January 2014, the Supervisory Board met for the very first time. And naturally, Jan was sitting at the table when we developed the foundations of European banking supervision. He was there when we discussed the legal framework and the Supervisory Manual. He was there when we talked about the composition of Joint Supervisory Teams. And he was there when we established the rules for the Supervisory Board, its procedures and its code of conduct.

Since then, the Supervisory Board has met 112 times. Given that each meeting lasts one and a half days, on average, this amounts to 168 days or around five and a half months. So we’ve certainly spent a lot of time together, Jan!

And these five and a half months do not even include all the preparatory work. Some De Nederlandsche Bank (DNB) colleagues have told me that Jan always prepared so thoroughly for each meeting of the Supervisory Board that they sometimes found it quite a challenge. It seems that Jan’s eagle eyes could spot a typo, a single incorrect figure or a minor inaccuracy buried in a long, complex document, which he would then ask the drafter to clarify. Though this was not always easy for staff, it also made them feel that their work was needed and acknowledged. And in the end, we all benefited from Jan’s meticulous preparation.

Because after all, being a member of the Supervisory Board means being part of a team. Each member must take a European point of view, put aside any national interests and defy any political pressure he or she might face at home. Jan, you have always been such a reliable team player, and I thank you for always taking and promoting the European point of view.

But it’s not just Jan, of course; it’s all of DNB. DNB’s supervisory strategy for the years 2014-2018 has a clear goal: to make European banking supervision effective, practicable and enforceable.

Jan, I congratulate you on fulfilling this objective. DNB has become an important part of European banking supervision thanks to its sharp analysis and its emphasis on supervising the integrity of banks and on transparency. And there is also the great team spirit among the Dutch Joint Supervisory Team (JST) members, the many innovative and interactive tools they have developed and the solid expertise of DNB staff in general.

Governance – a genuine specialisation of DNB

Today, I would like to talk about one of the topics DNB has focused on: governance. DNB has worked hard on understanding and supervising how banks’ boards and senior management work and interact, and how they shape banks’ risk culture and risk management.

I very much welcome this work because governance is one of our top supervisory priorities. Good governance is always essential for stability – it is an asset for all seasons. So as supervisors we must always point towards the goal of good governance, just as a compass needle always points north no matter where you are, and no matter what the weather is.

After the financial crisis, DNB made governance one of its main supervisory themes, focusing on conduct and culture, strategy and business models, outsourcing and reporting accuracy. Since then, DNB has gathered a lot of experience and conducted many analyses, developing expertise which has proved very valuable for European banking supervision.

Even before European banking supervision was launched, DNB worked hard to identify banks’ high-risk strategies and over-ambitious or unrealistic goals. It then shared its knowledge with us when we were designing our own methodologies.

Let me recall a few of the initiatives and projects to which DNB contributed under Jan’s leadership.

First, let’s take the work of the Financial Stability Board’s Supervisory Intensity and Effectiveness Group. The outcome of this work was a document entitled “Guidance on Supervisory Interaction with Financial Institutions on Risk Culture”, which was published in 2014. We all know that a weak risk culture was one of the root causes of the financial crisis. This guidance aims to help supervisors identify and mitigate the practices, behaviours and attitudes that may weaken a bank’s risk culture.

In 2015, DNB chaired an SSM Task Force on Behaviour and Culture. The aim of this task force was first to examine the methods used by DNB to assess the behaviour, culture and effectiveness of banks’ boards, and then to consider whether they could be implemented throughout the SSM.

I heard that DNB’s work in this area had an impact on Jan’s personal views. Initially he was not convinced of the merits of this type of assessment. As a Doctor of Mathematics, Jan had always been a supervisor who was very focused on hard data. However, soon after taking up his position at DNB, Jan became convinced of the potential of behaviour and culture supervision, especially after reading the findings and conclusions about the private banks where he had previously worked, because those findings highlighted behaviour that Jan himself had experienced.

And this year, DNB worked with our colleagues from Ireland to assess behaviour and culture in five Irish banks. This project is a great example of cross-border cooperation within European banking supervision. A team of five Dutch supervisors and ten Irish supervisors worked together for a couple of months, developing a framework for analysis, conducting interviews, attending board meetings of the five banks, developing and analysing surveys and drafting conclusions. The results of their joint work – the Culture Review Report – will be presented to the Irish Department of Finance at the end of this month.

Another project to which DNB contributes aims to identify the lessons learned from our past Supervisory Review and Evaluation Processes. One of the sub-groups of this project is chaired by DNB and seeks to improve the internal capital adequacy assessment processes of banks.

And finally, DNB has helped to develop our methods for fit and proper assessments and the relevant policy stances, particularly with regard to fit and proper interviews. This came about quite naturally as DNB was already conducting fit and proper interviews before European banking supervision was created. Later on, DNB trained supervisors from countries which were inspired by the Dutch approach to also conduct fit and proper interviews.

ECB Banking Supervision’s approach to supervising governance

Jan, you can be proud of how much DNB has contributed to the work of European banking supervision. We made a quantum leap in supervising governance and risk management. It only took us a few years to fully develop a European framework based on a new European regulation, which implements the recommendations of the Basel Committee on Banking Supervision. I must say, though, that the regulation itself could have come a bit earlier.

ECB Banking Supervision has built a holistic and comprehensive approach to assessing governance. Let’s take a look at some of the tools we use.

I already mentioned the fit and proper assessments which we use to check whether banks’ board members are suited to their position. We assess their experience, their reputation, their independence of mind, their time commitment and their potential conflicts of interest. In doing so, we help to ensure that those who manage banks are fit and proper for the job.

Another tool is our Supervisory Review and Evaluation Process, or SREP for short. It allows us to see whether the risks that a bank takes are in line with its risk capacity and strategic objectives. Governance is one of the four central elements that make up the SREP.

In the SREP, we assess banks’ risk appetite frameworks, or RAFs. More specifically, we assess whether banks fully integrate the policies, processes, controls, systems and procedures set out in their RAF into their decision-making processes and risk management. We also assess whether the RAF is aligned with banks’ business plans, strategies, capital planning and remuneration schemes.

Then, there is the “deep-dive” tool, which allows us to take a closer look at individual banks and better understand certain processes or approaches related to governance and risk assessment.

Another tool is on-site inspections. These allow us to discuss governance and risk management in a supervisory dialogue with banks. Like several other national supervisors, DNB did not have an internal on-site department before European banking supervision was launched. So I would like to thank the Dutch on-site inspectors – we acknowledge the progress you have made so far, and we appreciate how you are tackling this very challenging type of supervisory work, which includes cross-border inspections.

Benchmarking is another tool we use. As a European banking supervisor we can benchmark banks from across the euro area. We do this through thematic reviews, for instance. A thematic review on governance and risk appetite was completed in 2015. We addressed the topic from many angles, such as risk culture, the composition and organisation of management bodies and decision-making. And again, DNB made a significant contribution. Based on this 2015 review we have, for example, enhanced the SREP methodology.

More recently, we conducted another thematic review, this time on risk data aggregation and risk reporting. It was guided by the principles established by the Basel Committee on Banking Supervision, also known as BCBS 239. All national supervisors, including DNB, contributed to this review. Its results will feed into the next SREP cycle and help us determine the actions banks and supervisors need to take.

What have banks achieved so far?

All the tools I just mentioned have proven to be quite useful, and we can already see that banks have significantly improved their governance and risk management.

They have started to follow our recommendations on fit and proper assessments, which will ensure that their boards are comprised of people who are suited to the position.

Moreover, self-assessment has become a common practice for bank boards. They are reflecting on many topics, such as having more time for preparation, readable and comprehensive documentation and efficient discussions.

We have also seen an overall improvement in the quality of the agendas and minutes of banks’ board meetings.

Banks are striving to enhance the structure and organisation of their boards in line with the highest international standards. Some banks have split risk and audit committees; others have set up clear reporting lines to the risk and audit committees for certain functions.

Finally, banks have made progress in designing their risk appetite frameworks. They have clarified the roles of the different stakeholders, and internal audit functions have become increasingly involved in the independent review of their RAFs. We are also seeing banks refining their risk appetite dashboards, which help them to monitor their risk profiles.

What do banks still need to improve?

So banks have made a lot of progress. But much remains to be done.

Banks’ boards should increase the oversight of their senior management. This is independent from the actual governance structure; it is as valid for single-tier boards as it is for the two-tier boards which are common in the Netherlands.[1]

The size of banks’ boards should not impede their decision-making. Sometimes it is hard to reach a decision when too many people sit around the table. This is especially relevant in crisis situations when decisions need to be taken quickly.

The collective knowledge of boards can still be improved. In-depth knowledge is particularly important for challenging senior management on more technical topics such as digitalisation, IT, internal models and regulation.

Banks also need to maintain an adequate level of control. We see that many banks outsource, standardise and optimise business processes in order to achieve more agile and flexible ways of working. Our concern is that this might impact the quality of their controls. Under no circumstances should banks cut costs at the expense of risk management and of the quality of risk data aggregation and reporting. On the contrary, they should fortify their operational management, risk control and compliance, as well as their independent internal audit function. They should make sure that, for each risk, accountability and ownership are defined and well understood throughout the organisation.

It is also important that banks’ budgetary processes are aligned with their risk appetite frameworks. If, say, a bank forecasts loan growth in its budget, which looks appealing from the business perspective, the impact of this loan growth should be reflected in the RAF.

RAFs should be further enhanced, particularly for non-financial risks such as compliance, reputational, IT, legal and conduct risks.

And, more generally, banks should work towards a balance between risk and reward, a balance that is sustainable over the cycle. Remuneration schemes should also be better aligned with RAFs.

Finally, data quality should be improved, especially for data underlying the risk reports presented to banks’ boards or data used in designing the IT architecture. IT and management information systems are crucial for the ability of banks’ boards to easily obtain key information on the bank’s risk capacity, risk appetite, risk limits and risk profile across business lines and subsidiaries.

Where can supervisors still improve?

So, the banks still have some homework to do. And the same is true for supervisors and regulators. We can further improve our toolkit. Fit and proper rules are a case in point. They are an “old” part of the CRD IV, drafted under “minimal harmonisation principles” and would benefit significantly from further harmonisation.

To achieve this goal, I see three main issues that should be addressed by policymakers as soon as possible.

First, all fit and proper assessments should be carried out ex-ante, that is before the candidate is appointed and takes up the new function.

At present, only half of all national supervisors perform such ex-ante suitability assessments. The other half only performs them ex-post. From a prudential point of view, advance assessments are more effective in ensuring that banks are governed soundly and prudently. They minimise the risk that banks are badly managed by unsuitable managers, which has been the root cause of many problems that were identified in the recent past. In addition, ex-post assessments might lead to situations where members of the management body would have to be removed after their appointment. This would be bad for the reputation of the banks.

Second, we need to have a single methodology to determine whether members of the management body are truly independent, that they have no conflicts of interest.

Currently, national law and supervisory practices on independence differ across the euro area, resulting in an uneven playing field for banks.

And third, we need to have full clarity on the definition of “key function holders”.

European law obliges national supervisors to also assess the suitability of “key function holders”, but it fails to provide a clear definition of the term. For large banks, national supervisors should assess, as a minimum, the heads of internal control functions and the chief financial officer, if they are not assessed as members of the management body. But beyond that, national supervisors can interpret the CRD IV however they want. So until there is a clear and mandatory definition of what key function holders are, we are unlikely to see a harmonised approach.

Good governance – a timeless asset for every bank

Ladies and gentlemen, as you can see we expect a lot from banks, which some of them might find excessive. But our expectations are all to the point and I will explain why.

First, what we expect banks to do will help them to withstand the next storm, and that is in their own best interests. Let me give you an example. Experience from the financial crisis shows one thing very clearly: banks’ boards were not always in a position to take sound business and risk management decisions. This needs to change because risks can only be mitigated if banks’ boards fully understand them. One day, the next crisis will come. And banks will only be able to withstand it if they understand the full picture and are in the habit of taking informed decisions.

Second, what choices do banks have? Bad governance and risk management can hamper the decision-making process and even lead to financial losses. So, it might be less costly for banks to just improve their governance and risk management. In fact, our expectations offer banks a great opportunity to improve governance at a reasonable cost.

Third, clearly allocating tasks and setting the right incentives can help motivate staff. I am sure that all the managers in this room agree that highly motivated staff is a success factor that should not be underestimated.

Conclusion

Ladies and gentlemen,

To conclude, I would like to compare good governance to a healthy lifestyle. Like all good things it requires both moral and physical effort from us. And not everybody is disciplined enough to make this effort. Exercising or taking a walk is harder than staying at home or driving somewhere – especially if it is raining outside. Making a fresh salad or a soup is more time-consuming than just grabbing fast food from the shop around the corner. Refusing sweets, alcohol or cigarettes, especially when everybody around us is enjoying them, may be difficult.

But for many of us the day may come when we are faced with a health problem, and our doctor explains to us that a small amount of effort earlier in life would have stopped us needing to undergo expensive and unpleasant medical procedures, or having to rely on a variety of medications. And suddenly we start regretting that we were not more disciplined.

It’s the same with good governance. Today, some might consider governance requirements not worth the time and effort they require. But it is still better to make all the necessary changes now than to face a serious “diagnosis” from European banking supervisors later on.

As some advocates of a healthy lifestyle say: love yourself enough to work harder! Good governance will only make banks sounder and safer, just like a healthy lifestyle will only have a positive effect on your wellbeing.

European banking supervision will always retain its focus on good governance and risk management. They are essential elements for banks to be safe and sound, not only on sunny days but also on rainy days. We have taken some important steps which will help improve governance and risk management across the euro area. DNB, and Jan personally, have contributed a lot to this, and we owe them a great deal of gratitude – as do the banks.

Thank you for your attention.

[1]In a one-tier management body, a single board performs both management and supervisory tasks. In a two-tier management body, the supervisory function is performed by a separate supervisory board which has no executive functions, and the executive function is performed by a separate management board which is responsible and accountable for the day-to-day management of the bank.

Media contacts