• About us
  • Raising The Bar
  • Risk Committees
  • Team
  • Events
  • Blog
  • Contact
  • Menu

The Risk Coalition

  • About us
  • Raising The Bar
  • Risk Committees
  • Team
  • Events
  • Blog
  • Contact

Boards need to set their own agenda if they are to be effective

July 25, 2023

There is no shortage of guidance for boards of directors on how they should do their jobs.  The Joint Guidance on Director Suitability, published by European financial regulators the EBA and ESMA runs to 100 pages.  This summer, UK’s Financial Reporting Council is consulting on revisions and updates to the UK’s Corporate Governance Code.

Much of the focus in recent years has been on ensuring that there is sufficient technical knowledge on the board, in particular in relation to new or increasing areas of risk such as cyber security and climate change.

Beyond specific subject matter expertise, diversity, equity and inclusion (DEI) has also been an area of focus.  In the UK, the FCA last year expanded its requirements for listed companies’ reporting on their own diversity and inclusion metrics.

This attention to specific expertise and to diversity has tended to eclipse questions related to the conduct of board meetings and to the relationship between the board and the senior management team.

The notion that boards should be ‘challenging’ the executive team is well established.  The Global Financial Crisis exposed the extent to which boards had accepted optimistic narratives from their management team.  Most famously, it is now known that no member of Royal Bank of Scotland’s board proposed that the bank’s disastrous acquisition of ABN AMRO should not go ahead*.

But if challenge is a necessary part of a board’s work, it can hardly be sufficient.  Challenge implies that the board is responding to proposals, ideas and presentations from management; posing questions, testing assumptions, and bringing into discussions points of view that benefit from a detachment and a longer perspective.

It is not the job of the board to run the firm, but it cannot be enough for the board to address only what it put in front of it.

All too often, board meetings comprise huge powerpoint presentations in which management explains what it has been doing since the last board meeting.  Each department needs to have its moment in the spotlight, regardless of the significance of its operations at that point in the year.

Furthermore, subject matter presentations, and their content, are now frequently mandated by regulators. Last year I was assessing the governance practices of a bank in the Balkans on behalf of a regional development institution.  When I reviewed the board pack, I found long presentations covering local economic conditions, the risk outlook, capital planning, and a compliance update – much of which over-lapped, and some of which was the same material repeated in different presentations.  When I questioned this, I was told that much of the material was explicitly mandated by the local banking regulator.  The bank executives had no choice but to include it, and the board minutes had to show that the directors had reviewed it – for each separate presentation!

If boards are to be make a difference, they need to be able to control the agenda for board meetings, and management, and regulators need to give them space to do that.

An effective board, and an effective chairperson, will be deciding the key issues to discuss and the allocation of time to the discussion of those issues (and therefore, implicitly, their relative importance).

Some agenda items will occur at every meeting, and some, like approval of the annual budget, at certain, recurring points in the board cycle.  But one cannot have a situation in which the vast majority of board meetings comprise the same series of departmental presentations, with unusual or exceptional topics consigned to ‘any other business’ as the meeting starts to wind down.

This is particularly important in relation to discussions of risk.  Risk registers and scorecards are important, but does the board actively discuss risk, using its members’ past experience – before the risk register is presented – and then consider whether its own view on risk priorities and probabilities align with those in the risk register?  Simply put, is consideration of risk active or passive?

If the board controls the agenda, then it is easier for it to add value, and for it to show that it is adding value.

So, when I speak to directors about effectiveness, I don't start the conversation by asking whether they comply with a 100-page document from their regulator (important though such documents are).  I ask two simple questions: who sets the agenda for board meetings, and how is the discussion on risk structured?

(* page 229 of the FSA’s subsequent enquiry into the failure of RBS)

Andrew Cunningham is Chair of ARC Ratings, which is regulated by the FCA and ESMA.  He has spent more than ten years as a consultant to the IFC’s Corporate Governance Programme and has acted as an advisor to the European Bank for Reconstruction and Development and the United Nations Development Programme.

Tags: Andrew Cunningham
Prev / Next

Blog

Featured
Sep 4, 2024
Polly Williams, Mia Harris
Three key threats of phishing to be aware of
Sep 4, 2024
Polly Williams, Mia Harris
Sep 4, 2024
Polly Williams, Mia Harris
Aug 25, 2024
Felix Ritchie
Principles versus rules in data and corporate governance
Aug 25, 2024
Felix Ritchie
Aug 25, 2024
Felix Ritchie
Jul 16, 2024
Jane Hunter, Mia Harris
How can you maintain high standards in your business without suffering burnout?
Jul 16, 2024
Jane Hunter, Mia Harris
Jul 16, 2024
Jane Hunter, Mia Harris
Jun 2, 2024
Afshan Moeed
Enforcement of individual accountability in UK banking: a new boardroom recipe for change or continuity?
Jun 2, 2024
Afshan Moeed
Jun 2, 2024
Afshan Moeed
May 28, 2024
Craig Morris, Mia Harris
Three exciting new developments for AI in 2024 that you need to know about
May 28, 2024
Craig Morris, Mia Harris
May 28, 2024
Craig Morris, Mia Harris
May 24, 2024
Stefan Hunziker
The stuff of nightmares: risk management is shut down, and nobody notices
May 24, 2024
Stefan Hunziker
May 24, 2024
Stefan Hunziker
Mar 20, 2024
Neil Tinegate
What should boards know about digital technology?
Mar 20, 2024
Neil Tinegate
Mar 20, 2024
Neil Tinegate
Mar 15, 2024
Francis Kean
The insolvency risk for company directors - are you swimming naked?
Mar 15, 2024
Francis Kean
Mar 15, 2024
Francis Kean
Feb 29, 2024
Andy Watkins-Child
Are you sitting comfortably?  Cyber risk, board attestations and the implications for NEDs
Feb 29, 2024
Andy Watkins-Child
Feb 29, 2024
Andy Watkins-Child
Oct 24, 2023
Mamun Madaser
Risk management and internal audit should collaborate to navigate the poly-crisis of risk
Oct 24, 2023
Mamun Madaser
Oct 24, 2023
Mamun Madaser
Oct 18, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 2
Oct 18, 2023
Jim Watson
Oct 18, 2023
Jim Watson
Oct 13, 2023
Nisha Sanghani
Risk management and internal controls: much (needed) work to do as a result of the proposed changes to the UK Corporate Governance Code
Oct 13, 2023
Nisha Sanghani
Oct 13, 2023
Nisha Sanghani
Oct 9, 2023
Jim Watson
How to mitigate the risk of cyber security breaches – part 1
Oct 9, 2023
Jim Watson
Oct 9, 2023
Jim Watson
Sep 25, 2023
Chris Burt
The implications of the revised UK Corporate Governance Code
Sep 25, 2023
Chris Burt
Sep 25, 2023
Chris Burt
Sep 13, 2023
Andrew Cunningham
Financial regulators take aim at crypto-finance
Sep 13, 2023
Andrew Cunningham
Sep 13, 2023
Andrew Cunningham