A wide range of post-crisis regulatory reforms has created a more complex governance framework for banks when it comes to managing their local subsidiaries.
In the past decade, regulators have implemented measures at both a global and local level, aimed at protecting depositors and taxpayers, and ensuring local subsidiaries are adequately capitalised to avoid contagion in the event of another banking crisis.
As a result, banks now have home and host country regulation to contend with. For example in the UK, the Financial Conduct Authority has forced lenders to separate their retail operations by erecting a ring-fenced institution with its own board and management team.
Meanwhile, in the US, Europe’s systemically important banks have been forced to create intermediate holding companies—independently capitalised subsidiaries that are subject to rigorous stress tests from their local regulator, the US Federal Reserve.
While regulation has become more local, big banks continue to operate as global entities as they serve the increasingly international needs of all their clients. It is still down to the group board to ensure they have effective oversight and risk management to ensure their far-flung subsidiaries have the right level of local expertise while continuing to manage capital, resources and products on a global basis.
With the general direction of travel by regulators towards increasing levels of subsidiary independence, this has inevitably led to the proliferation of subsidiary boards and management structures that in some cases rival their parent companies for heft and complexity. Taken to its logical conclusion, this could hamper the ability of the parent to exercise effective control over the activities and strategic direction of their own subsidiaries.
On the other hand, holding too much control at central group level can create a one-size-fits-all approach without taking into account the unique specificities of each subsidiary, and create a culture of complacency where the board of a subsidiary does not take sufficient responsibility for its own actions.
Given these often competing developments—more local regulation on the one hand, and more globally connected banks on the other—there is an inherent tension between the home jurisdiction of the parent and the host jurisdiction where its subsidiaries are located.
“Home regulators typically want banking groups to be able to exercise more parent control over subsidiaries while host regulators typically want to deal with sufficiently independent subsidiaries, able to constructively challenge decisions that may be in the interest of the wider group but not necessarily of the specific subsidiary,” says Cliff Ekwem, a senior analyst at governance advisory firm Nestor Advisors.
Therefore, banks face a complicated and costly mixture of global and legal entity management and controls that consume significant board and senior management time as they figure out the best structure and composition for the boards of their subsidiaries.
According to the Basel Committee banks must have a group governance policy with clearly defined responsibilities at both a parent company and subsidiary level. Meanwhile, the European Banking Authority, the regulator for the region’s lenders, established guidelines for internal governance in 2011 that require boards of a banking subsidiary to adhere to the “same internal governance values and policies as its parent company.”
The board must ensure that risk systems are robust and uniform, and have clear oversight of issues such as auditing, technology, selection, culture, whistleblowing and fraud. Despite the stricter regulatory environment and clear guidelines, serious breaches and lapses still occur. The uncovering of money laundering and fraud this year at Danske Bank’s Estonia branch highlighted how much work needs to be done at board level to ensure oversight of compliance of bank subsidiaries in different countries.
From the outset, parent companies must rely on extensive control mechanisms to ensure that the group has an effective subsidiary governance programme in place to assure itself that all companies within the group have the same values, ethics, controls and processes in place as at the parent board level, known as “downstream governance”.
Downstream governance is assured through the subsidiary board, whose task it is to enable, complement and lead. At the same time, the local board should act in an independent and objective manner from the parent board and focus on safeguarding the corporate interests of the subsidiary.
“The composition of subsidiary boards should reflect an adequate balance of promoting downstream guidance and acting independently from the parent. Finding the right board composition for each subsidiary will depend on its intended function and strategic importance,” says Lisa Andersson, head of research at Aktis, a leading provider of bank governance data.
Research by Aktis (Fig. 1)on Europe’s 14 biggest banks, as defined by the Financial Stability Board as globally systemically important (G-SIBs), revealed that subsidiary boards typically comprise six key profiles: subsidiary non-executive directors, subsidiary executives, parent/other subsidiary executives, joint company non-executive directors, joint company executives and employee representations.
According to Aktis, the largest proportion of directors are classified as subsidiary NEDs, who are typically seen to bring the independent viewpoint needed to differentiate the parent board from the subsidiary board. The second biggest group of directors were NEDs, who held executive positions elsewhere in the group (P/O subs exec). As these directors serve as executives elsewhere in the group, they will typically be seen to provide “downstream governance” to the subsidiary board.
Subsidiary executives, who typically oversee the day-to-day operations of the subsidiary, represent 14% of directors. Finally, the presence of joint NEDs and execs who serve on both the subsidiary board and the parent/management board may indicate a subsidiary of strategic importance to the group.
Analysis of subsidiary chairs by Aktis revealed that almost half are subsidiary NEDs, while more than a third are executives of the parent or other subsidiaries. When it comes to the independence of the chair, there is a big discrepancy between the subsidiary, where 22% were considered independent, and the parent, where almost two-thirds were considered to be independent.
“The data indicates that parent companies opt for a chair with some connection to the parent entity, which is not unusual given the parent company is typically the ultimate owner of the subsidiary,” says Andersson.
This theme plays out across individual board members. According to Aktis (Fig.2), 68% of directors on parent boards are classified as independent, compared with only 29% at the subsidiary level, well below the traditional 50% minimum independence threshold sought in many jurisdictions.
There is no real general best practice when it comes to the composition of subsidiary boards but the most important element is finding the right balance between parent control and subsidiary independence. “For example,” says Ekwem, “group executives and group non-executive directors bring more parent control; subsidiary executives typically bring a more local perspective and intimate understanding of subsidiary operations; group outsiders such as subsidiary-level independent directors usually bring an external, out-of-the-box perspective, which may also be targeted to the specific country in which the subsidiary operates.”
Then there is the added complication that not all bank subsidiaries are created equally and banks give greater priority to some over others. For higher priority subsidiaries parents may endeavour to put similar governance practices in place as the parent company, with outside directors, scheduled board meetings, formal committees and even annual board evaluations.
For these subsidiaries, the parent company may want to have common directors on both the parent and subsidiary board or have joint meetings between the parent and subsidiary board/committees to ensure a clear line of sight and accountability between both entities.
By contrast for lower priority subsidiaries it may be the case that their boards are made up entirely of insiders, with no formal committees.
The higher priority the subsidiary, the more material it is likely to be to the parent in the event of a breach of risk management or other controls.
In seeking to understand what defines a high or low-priority bank subsidiary, Aktis defined it using two indicators—consolidated versus unconsolidated total assets; and the size of subsidiaries’ assets relative to group assets.
Depending on how assets are distributed, banks are categorised as “concentrated” where they have more than 55% of their assets in the parent entity; “balanced” when they have between 25% to 55%; or “dispersed” where less than 20% of assets are held within the parent company. The more dispersed the asset classification, the higher priority the subsidiaries are.
According to the Aktis, half of European G-SIBs fell into this category, requiring more executives on the ground to manage the day-to-day operations of the company. “The data showed that companies defined as being dispersed have the highest proportionality of subsidiary executives, joint NEDs and joint executives,” says Andersson. By contrast, centralised structures place less emphasis on the subsidiary, and the composition of the board is drawn from an internal pool of candidates where independence is not necessarily important.
But as the Danske scandal illustrated, “low priority” can also equate to “high risk” from a compliance and control perspective. In a report published in September 2018, Danske Bank admitted that the Estonian control functions did not have a “satisfactory degree of independence from the Estonian organisation” and that the branch operated “too independently from the rest of the Group with its own culture and systems, without adequate control and management focus from the Group.”
Since the scandal, Danske says it has strengthened governance and oversight with the introduction of a new pan-Baltic management. It has also improved its systems and instigated firm-wide anti-money laundering training. But, perhaps more importantly, it has implemented risk management and compliance in performance agreements of all members of the executive board and senior managers.
Creating local board structures at subsidiary level is not necessarily the only tool that group boards have at their disposal. Group boards can ensure that the group management team develops strong functional lines with a real group-wide remit, particularly for key control functions such as internal audit, risk and compliance.
Nestor’s Ekwem says: “This way, the control functions can act as the eyes and ears of the parent, guide the development of group-wide control processes/policies and ensure that the most important, risky, compliance-sensitive issues are brought to the attention of the group board via the group audit committees and risk committees.”
According to Aktis, audit and risk committees (Fig. 3) are the most important in relation to banking subsidiaries. Seventy-six percent of banks surveyed had both an audit and risk committee at subsidiary level, while 66% had a remuneration committee at local level and 51% had no nomination committee.
A possible explanation for this is that the appointment and recruitment process would be handled by the parent company rather than the subsidiary. The research revealed a high concentration of subsidiary NEDs on the audit and risk committees, reflecting the need for independence on these committees.
With so many conflicting priorities and in some cases divergence between host and home regulation, the solution recommended by Aktis is to introduce a group governance policy (GGP). But GGPs are not always formalised, and very little exists in the way of formal documentation. According to Aktis, Spain’s Banco Santander is the only big European bank that discloses a GGP to the general public.
Banks must spend time reflecting on the equation of how to balance parent control and subsidiary independence, and ensuring that their agreed solution is clearly documented in a policy, or set of group policies, that all internal stakeholders understand.
Ekwem concludes: “Several ‘best practice’ banks have actually reflected on and developed their own solutions for these matters in recent years; many, however, appear not to have written down this agreed solution in a clear group governance policy.”