How financial services boards provide effective challenge

There has been much discussion in financial services about “effective challenge” by boards of directors over the last decade. But how do boards exhibit such behavior and have it resonate throughout the whole organization?

In brief

• Financial services regulators have increasingly put the onus on boards to exhibit and document effective challenge over management.
• The reality is most boardroom challenge is not that easy to observe and not well documented to be “on the record.”
• Effective challenge is part of  a broader organizational risk culture, not just something for boards.

A risk management concept that has migrated into the boardroom

The original use of the term “effective challenge” in the financial services regulatory community focused on risk management (versus board-level) matters. It still remains a concept deeply entwined with the three-lines-of-defense risk management model, especially as it relates to second-line effective challenge of the first line (e.g., the business lines and key support functions, such as technology and operations).

However, effective challenge has increasingly become synonymous with board effectiveness. A board oversees strategy, hires the CEO, oversees corporate performance and risk management, and so on. But above all, the board holds management to account for achieving the organization’s long-term strategy in line with its purpose, mission and values, and within the bounds set out in the board-approved risk appetite. It does so by credibly and effectively challenging management’s decision-making and performance.

Supervisory guidance has shifted in recent years to outline expectations more explicitly for effective challenge. For example, in its 2014 paper on risk culture, the Financial Stability Board (FSB) made their expectations explicit regarding board challenge of risk and strategy:

“The board and senior management have clear views on the business lines considered to pose the greatest challenges in the management of risk, such as business lines with unexpected or unexplained results or business lines with nonfinancial risks that may not necessarily lend themselves to immediate and easy quantification, and these are subject to constructive and credible challenge about the risk-return balance.”¹

More recently, in 2021, the U.S. Federal Reserve Board (FRB) issued guidance on attributes of board effectiveness that provided a window into the evolving regulatory expectations:

“To facilitate accountability, an effective board engages senior management in a variety of ways … Directors consider whether and how senior management's conclusions and recommendations align and support the firm's strategy and risk appetite. If weaknesses or gaps are identified, the information provided is incomplete, or as otherwise warranted, directors challenge senior management's assessments and recommendations.”²

There is no one-size-fits-all for board effective challenge

Board approval for material decisions that would significantly impact the organization’s risk profile is a key starting point for where challenge is most required. This can relate to acquisitions, aggregate credit exposures and limits, and new products and services, as well as major technology or risk management transformations.

However, boards provide effective challenge across a range of topics, not just those requiring formal approvals. Effective challenge often creates important, but imperceptible, change. For example, management may decide or shape its thinking, or choose an alternative sequence of decisions or discussions, simply on the basis of how they expect their board to react. The changes made by management as a result of board challenge or questioning may be subtle but material in the aggregate.

In practice, governance is complex. The board (and its committees) has to challenge management across a range of matters, from strategic to tactical, and business-as-usual matters and differing modes of governance are required.

Minimizing factors that inhibit boardroom dialogue effective challenge

Setting the necessary conditions for effective challenge isn’t easy. It calls for credible, knowledgeable and confident directors; mature, transparent and open management; strong board and management relations, based on mutual respect and trust; and disciplined governance and decision-making processes (including effective meeting preparation, minute-taking, and follow-up on actions).

Arguably, the most important constraints to effective challenge relate to ineffective agenda-setting (too much is crammed into every meeting) and meeting management (even if the agenda is well planned and timed before the meeting, agenda items in the first half of the meeting take too much time, so the second half gets rushed or pushed to the subsequent meeting). There is often not enough distinction between critical and information-only items, in practice. Board and committee chairs have to play an essential role in making sure the agenda is realistic as well as driving meeting dialogue in line with the planned agenda.

Some of these factors illustrate information flows from management to the board are a critical component of board challenge, so it is not surprising that more firms are revisiting their reporting to the board (especially on risk matters) and planning or making significant enhancements. See NextWave of financial services board risk reporting | EY - US.

Evidencing director challenge

Even when the quality of director questioning and management responses is high, meeting minutes rarely capture it well. Minutes may show what was discussed, but they don’t capture how well the board or committee chair managed the meeting, enabled inclusive and effective board and management dialogue, and kept the meeting focused on the most important matters. Similarly, directors and executive discussions between meetings can be frequent and have a material impact on management decisions or meeting agendas, but few such interactions are documented, if any.

Increasingly, financial institutions are revisiting how they document challenge, especially in minutes, with more specific efforts to memorialize when the board or committee requested an additional explanation, analysis or information; further presentations or discussions at subsequent meetings; or a delay to board (or committee) approvals. It doesn’t mean all challenge is documented, but it provides evidence for when regulators, or other stakeholders (e.g., internal audit), seek to evaluate the firm’s corporate governance.

Effective challenge is an organization-wide expectation

In its risk culture paper, the FSB highlighted the board has an important role in not only providing the effective challenge of management, but in modeling this behavior for others. It identified a number of ways effective challenge stems from the board of directors but spans the entire organization (emphasis added):

• Tone at the top: “The board and senior management, consistently within their specific roles and responsibilities, promote through behaviors, actions and words, a risk culture that expects integrity and a sound approach to risk management as well as promotes an open exchange of views, challenge and debate. The board and senior management promote healthy skepticism that encourages and supports openness to challenge by providing alternate points of view that may result in a better decision, ensuring that all directors have the tools, resources and information to carry out their roles effectively, particularly their challenge function.”
• Effective communication and challenge: “A sound risk culture promotes an environment of open communication and effective challenge in which decision-making processes encourage a range of views; allow for testing of current practices; stimulate a positive, critical attitude among employees; and promote an environment of open and constructive engagement.”
• Open to alternate views: “Mechanisms are in place so that alternate views can be expressed in practice, as well as regular assessments of the openness to robust challenge at all layers of governance and how it is embedded within the decision-making process … Evidence of a culture that is open to challenge is often reflected in decision-making processes as well as broader interactions and processes.”

Challenge, balanced with support

Directors have to strike the right balance between providing effective challenge of management and building rapport with, and supporting, management. The board oversees the management team and is vested in them being a success, for the sake of all stakeholders. So, while the board must show its independence in challenging management, it must do so in a way to drive better decision-making at the management level and motivate management to succeed.

In the end, a challenging, but supportive, relationship between the board and management is what really drives board effectiveness and oversight.