Banking Exchange Magazine Logo

A lesson in “credible challenge”

What community banks can learn from this big bank risk concept

A lesson in “credible challenge”

In my July blog,  “Defense! Three lines of defense!,” I examined insights for community bankers from the Comptroller’s requirements for big bank risk management, which it adopted in 2014. In this entry we’ll focus on the OCC’s use of the phrase “credible challenge” to describe what it expects of the role of the board of a national bank vis-à-vis bank management, and what it implies for community bankers.

Starting with the words themselves

Briefly, OCC states that it is the responsibility of the board to “provide a credible challenge to management.” 

The phrase itself is comprised of two interesting words, which are briefly defined below based on an amalgam of dictionary definitions:

“Credible”: believable; convincing to others

“Challenge”: dispute, confront; to arouse or stimulate, especially by presenting with difficulties

Parsing “Challenge”

Let’s start in reverse order with the word: “challenge.”

Challenge has a range of meanings. They span from “confrontational” and “hostile” to more of a sense of questioning, meant to be provocative in a positive, engaging way.

When we hear the word “challenge” used to describe the relationship of one person or group to another, I expect we think more about confrontation and hostility first.

Maybe it’s human nature.

However, when we hear the word used in the context of the relationship of a person or group to a situation or objective, we probably think of it more as a set of difficulties that need to be overcome to achieve a desired outcome. The sense is more one of confronting barriers.

OCC uses the word challenge in the context of one group (independent directors) in relation to another group (bank management). A normal reading therefore implies confrontation. OCC did not say “active, independent engagement,” although I expect the agency would say that is what was meant.

Use of the word challenge, I think, provides insight into both the failure of boards to engage management independently, and the view that OCC has of the respective roles of management and the board at the bank level.

OCC views bank board members as having a fiduciary obligation to the federal safety net, as some call it—FDIC insurance and the Federal Reserve’s Discount Window. OCC includes management in this as well, but the agency sees the board as the check on management, which OCC believes might see the world more through the principal-agent lens than they would like.  

All things considered, I am left with the view that challenge in this context is meant to be confrontational.

Parsing “Credible”

Use of the word “credible” may be even more interesting. What’s the message here? 

The challenge, to meet regulatory scrutiny, should be believable—capable of persuading an observer that it was real. Why choose that word? 

It may just be the focus of an agency that is in the business of regulating and examining banks. The job is a whole lot easier when there is a clear roadmap to demonstrate compliance than when it is more laborious to pull together.

Perhaps this is like the early years of re-emphasizing Community Reinvestment Act compliance, which the industry went through several decades ago.

The rule for good CRA ratings had been to document everything you do.

Later, all that paper review turned into a more results-oriented inquiry: Is the bank really putting resources to work to meet its CRA obligations—or just keeping good files?

I expect the credible in “credible challenge” may run a similar route.

Why consider this concept now?

Credible challenge is not a regulatory requirement, at this time, except for the largest banks. However, I expect that examiners will take the concept and begin to apply it for all other banks, over time.

As that begins to happen, one focus should be on documenting the process that actually occurs. Some examples to consider:

• How are business plans adopted? And by whom? 

• What risk and reward analyses accompany planned strategic initiatives, to enable informed decision-making?

• Is there a board risk committee? What is its role in strategic planning? 

Once you’ve assessed all this, and related questions, how should you ready the bank?

Documenting the process is the first step preparing for this regulatory expectation. For example, take care that the minutes of committees and the board reflect the essential elements of what actually occurred. This is always a balance, though, requiring expert minute writing. There should be just enough documentation, but not so much that nonessential elements can take on a life of their own in a review or litigation process.

Meaning behind the meaning…

What community bankers can take away from the big bank guidance is that OCC sees potential for great harm in management, and that it sees the board as the independent body necessary to hold management in check.

The agency has established that it expects confrontation, notably between the board and the management team.

In my own view, OCC should redirect its emphasis.

Rather than setting “credible challenge” as an expectation, it should expect effective engagement and interchange between management and the board in a process that is calculated to bring to light a realistic assessment of risks, rewards, and strategies for informed decision-making.

Deference to management is not part of that formula—but neither must the board demonstrate challenge in the sense of confrontation.

That too is what community bankers ought to target.

Take the time to document, by all means, but management and the board should attune their processes to achieve the desired outcome:  a realistic set of plans, strategic initiatives, and oversight mechanisms that are realistic, weigh both risk and reward, and are the result of respectful engagement between and among management and the board.

Daniel Rothstein

Dan Rothstein is CEO of DR Risk Solutions, a consulting firm specializing in enterprise risk management, loan portfolio management and regulatory relations.  Rothstein’s career spans more than 30 years, and he has spearheaded the development, implementation, and successful integration of best practice ERM programs, operational risk and control systems, and credit and loan portfolio management. He is also an attorney admitted in New York. You can reach him at [email protected]

back to top


About Us

Connect With Us