Did this Board fatally misunderstand “Hands-out, noses-in”?
Each spring I enjoy leading Masters in Finance students through a business case I developed that covers real-world topics on Governance, Ethics and whistleblowing. This year, I wished we had waited another month.
Just yesterday, New York Community Bancorp, Inc. (NYCB) filed its Annual Report with the US Securities and Exchange Commission revealing a material weakness in its financial reporting controls. So far as we know, NYCB’s material weakness has nothing to do with ethics or whistleblowing but it has everything to do with Governance.
During our class we watch a rather dated video of Warren Buffett discussing the role of the Board in what feels like an extreme version of the adage of ‘hands out, noses in’. We then debate the ‘hands-out’ piece of this and whether expectations of Board members are changing. We talk about Director liability under the Caremark standard and how this continues to evolve and we even look at the COSO Framework as a means for a Board to think about the control environment. It all became real for the Directors at NYCB.
NYCB and its auditors – KPMG – described several material weaknesses leading with the Control Environment component of COSO which was declared unfit because:
“the Company’s Board of Directors did not exercise sufficient oversight responsibilities, which led to the Company lacking a sufficient complement of qualified leadership resources to conduct effective risk assessment and monitoring activities”
Precious little detail is offered on exactly where the Board failed in its oversight responsibility, but from the fixes promised by the Company, we can infer that there was a lack of commitment to competent leadership at NYCB’s risk function (sound familiar, SVB?) and several critical faults in the risk review process of the Bank’s loan book. For example, it appears that too much reliance was placed on data from inside the Bank’s business operations, rather than being independently challenged. 7 members of the 11-member Board have resigned and another has stated his intent to resign when a successor is appointed. New Board members have been appointed, bringing financial expertise and risk backgrounds to the Board.
Directors of companies – public and private alike – should take several lessons about their fiduciary duties of oversight:
- The CEO is not the only person whose credentials and competence you need to be satisfied with. Key executives in important functions like finance, risk and compliance (for a Financial Service provider) or Quality control (for an airline) are in your scope;
- Go deep. Learn how key functions operate.
- Broaden your Board. If we need expertise on cybersecurity and AI why not risk and compliance?
Do we see the pendulum swinging?