Collective suitability: Do you have the right mix of experience at board level?

By David Herrera

In recent years, financial regulators the world over have greatly stepped up their scrutiny of governance within the financial services industry. The rationale is straightforward: weak corporate governance contributes to excessive and imprudent risk-taking, which can in turn lead to institutional failure and systemic repercussions, as evidenced in the global financial crisis.

One increasingly important area of scrutiny is the structure and composition of the supervisory management of banks and investment firms. At root is the ability of an institution’s board and committees to fully appreciate its risk profile and the implications of its business strategy, allowing it to exercise effective challenging and oversight of its executive management.

The challenges faced at this level are multi-faceted, and include issues relating to the size and structure of boards and committees, their degree of independence and interaction, their understanding of emerging and evolving risks, the degree of diversity around the boardroom table, their collective knowledge and the relevance of their knowledge to the role. A study conducted this year by, for instance, found that of the 82 people sitting on the board risk committees of 15 large global banks, only four are former chief risk officers, though roughly two-thirds have some background in finance.

Introducing suitability assessments

At European level, this regulatory drive is captured in the joint ESMA and EBA Guidelines on the Assessment of the Suitability of Members of the Management Body and Key Function Holders, which entered into force on 30 June 2018. These guidelines are applicable to all banks and investment firms irrespective of board structures and institutional size, although the principle of proportionality is to be considered in their application. Furthermore, significant institutions face heightened scrutiny and more regular reviews.

Institutions are required to conduct regular self-assessments on the suitability of members of their board and committees, and their key function holders (e.g. CEO, CFO), both in terms of their individual suitability and in terms of the collective suitability of the management body to direct the institution’s activities and manage its risks. Competent authorities also have a clear remit to carry out their own assessments.

The guidelines also seek to promote the development of a diverse pool of members, including different educational and professional backgrounds, gender, age, and, for institutions that are active internationally, geographical provenance. Apart from the mix of skillsets and personalities brought to the table, diversity also fuels constructive dissent and better opportunities to challenge management on a multitude of issues.

Linking the individual to the collective

Individual suitability assessments are intended to target the complete spectrum of hard and soft skills that key personnel are expected to bring to the table. These are underpinned by four key criteria, being that members of the management body should: (1) have sufficient knowledge, skills and experience to manage the areas for which they are responsible; (2) be of good repute, honesty and integrity; (3) be able to make sound, objective and independent decisions and ask the right questions; and (4) be able to commit sufficient time to perform their functions in the institution, both in periods of business as usual and in times of stress.

These exercises largely mirror the fit and proper assessments undertaken by supranational and national supervisors during the licensing stage and ongoing development of banks and investment firms.

Apart from determining personal suitability, individual suitability assessments also serve as an input for an examination of the collective suitability of an institution’s board and committees. Jointly, directors are expected to possess sufficient knowledge, skills and experience to manage all significant areas of expertise associated with a bank or investment firm’s business and risk profile.

Whilst the guidelines published by ESMA and EBA incorporate a collective suitability matrix that may serve as an end product for a suitability assessment, various assessment techniques may be introduced to complement or facilitate the process of analysing individual and collective suitability. These include board dialogues, stakeholder meetings, documentation review, observation of board and committee interaction, and individual self-assessments.

The case for continuous assessment

The evolving nature of risk lends credibility to the regulatory demand for the implementation of ongoing assessments of management’s suitability. Indeed, traditional avenues of credit, market and operational risk are in many ways being matched in importance by new, emerging and evolving non-financial risk categories, foremost of which are cybersecurity and managing fintech disruption, data governance and privacy, anti-money laundering and other reputational hazards. Accordingly, material changes to the institution’s business model, risk appetite, infrastructure and strategy should invariably be supported by suitability assessments.

The ultimate objective of the suitability assessment exercise is to identify the strengths and weaknesses of the institution’s board and committee setup and constitution, and outline considerations for future planning and composition of the board and its committees. This includes the further training and development of existing board members as well as potential additions to the board in line with the institution’s strategy.

To this end, the regulatory expectation is that board level expertise should be monitored on a continuous basis, at a minimum of once a year for significant credit institutions and once every two years for all other institutions. Notwithstanding this baseline expectation, institutions are also required to assess suitability whenever a new member is earmarked for appointment, an existing member is appointed to a new role or position, or any number of members resign, affecting the balance of the board and its committees.

In the spotlight

The new regulatory requirements on internal governance and suitability assessments have continued to add teeth to regulatory oversight of the corporate governance of institutions. These are matched by a growing suite of local and European regulatory decisions that have targeted directors personally, rather than the institutions they serve.

Increased focus on corporate governance of financial institutions is catalysing a change in mindset. As stated by Stephen Creese, Citi’s Head of Operational Risk Management in Europe, the Middle East and Africa, “boards have gone from turning up once a quarter for a prawn sandwich to being down in the weeds of what you do.”

Conducted well, suitability assessments can add much more value to corporate governance than merely achieving regulatory compliance. They can support institutions in managing the full spectrum of risks they face, and bring minds to the table that can meet their ambitions and address emerging challenges in this new era of open banking and disruption in the financial services industry. 

About the author

David Herrera is a member of the Deloitte Risk Advisory team. For more information, please visit  

Did you find this useful?