Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

The role of bank directors in managing risk

Mary Ellen Biery
April 12, 2016
Read Time: 0 min

The FDIC is offering a fresh take on how a bank’s board of directors should understand and manage risk. This insight could be helpful to share with a financial institution’s directors.

The regulator’s April edition of Supervisory Insights provides what the FDIC called a “refresher” on its Pocket Guide for Directors, the 1988 booklet outlining the basic duties and responsibilities of a bank’s board of directors. The core principles for directors have not changed materially since 1988, the FDIC said. Nevertheless, the Supervisory Insights publication “incorporates more recent guidance and technical resources, including significant bank-governance insights and experiences that have been gained since 1988.”

Directors overseeing a bank’s operations are important partners in supervisory efforts, the FDIC noted in the article (“A Community Bank Director’s Guide to Corporate Governance: 21st Century Reflections on the FDIC Pocket Guide for Directors.”).

“Prudent oversight is rooted in the directors sending a clear message to staff that they value a strong risk management culture that includes a strong ethical culture,” the FDIC said.

Risk management culture

What exactly is a risk management culture? The system of goals, objectives, policies, controls, values and behaviors present in an organization that influence risk decisions.

A risk management culture is the system of goals, objectives, policies, controls, values and behaviors that influence risk decisions. 

As part of working with management to establish the bank’s short- and long-term business objectives, community bank directors should have a solid understanding of the institution’s risk profile, the FDIC said. Having a solid understanding involves more than simply reviewing the bank’s financial condition as of today. It also includes:

1. Assessing how risky the business model is. This means understanding the types of products and services the bank offers and how they are delivered.

2. Evaluating risk management. How does the bank manage the risks associated with its business model and growth plans?

3. Considering external threats. This means looking outside the financial institution to consider what about the operating environment could pose a hazard.

The FDIC noted that some community banks may seem similar to each other on some levels, but they can have vastly different risk profiles. “The FDIC would expect community banks with a higher risk profile to have stronger risk management practices and a higher degree of board oversight,” the article said.

Streamline the reserve calculation process and impress examiners.

Request More Information »

Setting the risk appetite

Once the board of directors understands the bank’s risk profile, directors should set an appropriate risk appetite for the institution, according to the FDIC. “Risk appetite means a set of objectives and risk parameters within which senior management should operate,” the regulator said. Directors should establish “prudent limits” around risk areas that could affect the condition of the bank.

Risk appetite: A set of objectives and risk parameters within which senior management should operate.

The areas for which banks should set risk objectives and parameters may vary from institution to institution, but at a minimum, the FDIC expects objectives and parameters for:

• Overall credit risk

• Asset concentrations, by business line and by borrower or issuer, as appropriate

• The bank’s funding mix

• Interest rate risk.

When to ramp up oversight

The FDIC noted that how much oversight a board provides will vary among institutions, and the level of oversight also should be adjusted as the nature and complexity of the bank’s operations change and as external factors warrant. It provided a list of 13 situations that would warrant a higher level of board oversight:

1. A CAMELS composite or component rating of 3, 4 or 5, the existence of an enforcement action, or both

2. Elevated asset or funding concentrations

3. Complex or highly specialized products or activities

4. High levels of historical or planned growth

5. Rapidly shifting balance sheet structure

6. Low or shrinking levels of liquid assets

7. Plans to change the business model or enter into significant new lines of business

8. Deviations from bank policy or prudent banking practice, violations of laws and regulations, or heightened examiner or auditor criticism

9. Poor operating results

10. Low capital levels or poor access to new capital

11. Operational problems in BSA/ AML, information technology and cybersecurity

12. Deterioration in local economies or in business line fundamentals

13. Low Community Reinvestment Act or consumer compliance ratings, or high levels of consumer complaints

The FDIC said it strongly encourages directors of community banks to be involved in the examination and supervision process. “In addition to reviewing reports of examination, this includes attending board meetings where results are being discussed, and following up with the examiner-in-charge, field supervisor, or case manager with any questions or concerns about FDIC expectations on any aspect of the supervisory process,” it said.

An institution’s risk rating system often forms the basis for broader risk management practices, including setting the ALLL reserve, stress testing and strategic planning. For more on creating a strong risk rating system, access this archived webinar: Risky Business – Revamp Risk Ratings for Your ALLL.

About the Author

Mary Ellen Biery

Senior Strategist & Content Manager
Mary Ellen Biery is Senior Strategist & Content Manager at Abrigo, where she works with advisors and other experts to develop whitepapers, original research, and other resources that help financial institutions drive growth and manage risk. A former equities reporter for Dow Jones Newswires whose work has been published in

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.