Governance in financial institutions: key elements and preventing the failures

Purpose – The need for robust governance standards in financial institutions requires no overemphasis. However,instancesofgovernancefailureshavebeenarecurringglobalphenomenon.Thispaperexaminesthe keyelementsofgovernanceinfinancialinstitutions,evaluatesreasonsforfailuresandsuggestswaystostrengthengovernanceandpreventsuchfailures. Design/methodology/approach – The author follows a descriptive design and a behavioural approach to understand the governance issues in financial institutions. Findings – The author identifies key elements of governance, and the potential reasons for failures and highlights that the structure of boards, thrust on the adoption of best practices and regulatory guidelines are necessary but not sufficient to ensure failsafe governance standards. The author emphasises the need for recognitionofbehaviouralfactorsandafocusoncontinuousmonitoringandredflaggingoftheconductofkeystakeholdersbythethirdandfourthlinesofdefence.Aneffectivewhistle-blowerpolicy,aclearfocusonorganisationalcultureandthesubjugationofindividualstothesystemscanimprovetherobustnessofthe governancestandardsinfinancialinstitutions. Originality/value – Tothe bestoftheauthor ’ sknowledgeandbelief,theobservationsandsuggestionsmade in the paper are original. The paper contributes by offering a nuanced perspective for strengthening governance in financial institutions.


Introduction
Governance remains the cornerstone of any organisation and financial institutions are no exception.However, in an increasingly integrated financial system, risks quickly spill over across different verticals of financial institutions, exacerbate through the financial system and have a contagion effect on the real sector.Therefore, it is obvious that financial institutions must have robust governance standards and failsafe systems and controls.Any weakness in the governance edifice exposes the financial institutions to operational risk which quickly translates into credit, market, liquidity or reputation risk, or into a combination of these.It is, therefore, natural that financial institutions and their regulators have put in place systems, controls and processes to ensure robust governance standards.These processes have evolved over a period and are continuously subjected to internal, external and supervisory scrutiny.However, instances of governance failures and bad corporate behaviour have recurred not only in India but across the globe.In the Indian context, the financial system has witnessed instances of system or governance failures in banks, NBFCs, and market intermediaries with different dimensions and magnitudes.Generally, such cases come to light through whistle-blowers, usually after a considerable time lag and consequent financial and reputational damage.Common threads across such instances are managerial misconduct, the concentration of power, dubious incentive structure, the lack of market discipline and inadequacies of external oversight.
The emergence of cases of governance failures from time to time indicates that certain maladies, notwithstanding the internal control systems, governance processes, audit mechanisms and regulatory structures, could not be nipped in the bud.This puts additional pressure on the supervisory mechanisms as one of the common challenges with control, audit and oversight functions is that any single failure, at least in public perception, tends to obliterate all the previous instances of effectiveness.Moreover, most of the cases of governance failures do not occur because of insufficient regulations but due to a tendency to get around these rather than following their spirit and intention.Hence, the solution lies in form of strengthening the governance framework in financial institutions by way of nudging good corporate behaviour but perhaps there may not be any straight-jacket approach to ensure good governance.From a regulatory standpoint, there is a need to strive for failsafe systems and processes to the best extent possible and the need to know the precise reasons for governance failure in financial institutions.This involves the assessment of several behavioural issues besides the regulatory aspects.To examine these elements in totality, it is important to look at the following aspects and key questions, which could put the efficacy of governance in jeopardy (Table 1).
This paper examines the above critical questions and is structured as follows.Section 2 provides an overview of the corporate governance edifice with special reference to financial institutions and Basel principles.Section 3 explains the four lines of defence model of governance.Section 4 touches on the corporate governance standards and issues in an Indian context.Section 5 looks at the most probable and time-tested reasons for governance failures.Finally, Section 6 deals with steps for strengthening governance, followed by conclusions in Section 7.

Corporate governance in financial institutions
Corporate governance refers to a set of structures, processes and relationships between a company's management, its board, its shareholders as well as other stakeholders, through which objectives are defined and processes are set for achieving those objectives along with monitoring tools.The primary objective of corporate governance is to safeguard stakeholders' interests in a sustained manner by ensuring that work is undertaken in a legitimate, responsible, and ethical manner.In the case of banks and deposit-taking financial institutions, shareholders' interest must not precede the depositors' interest.Basel Committee

Four lines of defence model
As evident from the BCBS principles of corporate governance, there is a substantial emphasis on how the corporate governance procedures of financial institutions could be used to improve risk management and internal controls (Figure 1).
The four lines of defence model enhance coordination between external parties and internal auditors, thereby minimising the asymmetric information amongst the parties involved.This model places the risk owners and managers operating at the frontline as the first line of defence with defined management controls and internal control measures, such as the delegation of authority, sanction limits, expenditure rules, maker-checker system, etc. to ensure defined and judicious risk-return trade-off.Effective risk management, robust internal control system and corporate culture are integral parts of the governance mechanism in which a specific role is assigned to different functionaries.All the control units such as compliance, risk, finance, etc. serve as the second line with a responsibility of oversight over the first line, besides reporting to the board and/or its audit committee.Internal audit provides independent assurance by way of its auditing function as the third line of defence.Finally, the external audit and supervisors are supposed to regularly interact with the controllers and internal auditors to scrutinise, guide, as and when necessary and promptly suggest improvements and remedial measures.
The BCBS principles and the above model provide a comprehensive guide for strengthening corporate governance in financial institutions and accordingly, financial system regulators have put in place appropriate regulatory requirements.

Governance in financial institutions: the Indian context
Financial sector regulators in India (RBI, SEBI, IRDAI and PFRDA) have put in place regulatory architecture aimed at strengthening governance in the regulated entities.The focus of these regulations remains on the constitution and conduct of the board and senior management, such as the chair and meetings of the board, the composition of certain

Governance in financial institutions
committees of the board, notably, audit, nomination and remuneration, risk management, age, tenure, qualification and remuneration of directors and appointment of the whole-time directors/managing director and chief executive, independent directors and their role, as also the role and responsibilities of key management personnel (KMP), etc. Regulations also prescribe a code of conduct and code of ethics, fit and proper norms, disclosure of compensation for directors and KMP, and reporting structures.Regulatory provisions stipulate that the directors should not interfere in the day-to-day functioning, abstain from influencing the employees and should not be directly involved in the function of appointment and promotion of employees.However, directors are not expected to turn a blind eye if they observe noncompliance to regulations or irregularities in the day-to-day functioning or working of KMP.
Figure 2 presents various elements of the governance system which are intended to achieve good corporate behaviour in financial institutions.It requires a synergic combination of all the components to achieve governance objectives of integrity, truthfulness, honesty, integrity, objectivity, fairness and transparency in the working of financial institutions.A sound system of governance promotes due diligence and oversight, no conflict of interest, ethical, legal and prudential conduct, and the achievement of public interest and the common good of all the stakeholders.It is quite natural that regulations focus on strengthening all the elements of the governance system, inter alia, by mandating independent/public interest directors, direct reporting by compliance, risk and audit functions to the board committees, and specifying robust disclosure requirements.
Almost all the episodes of governance failures, however, present similar stories where all the elements of the governance system perhaps remain present, direct reporting structures exist, independent directors sit on the boards and audits and external evaluations take place, but unfortunately, desired results are not achieved as the persons responsible for curbing the malfeasance or making timely reporting either become a party to the unscrupulous acts or look the other way and fail to find and/or report the shrouded misconduct.The next section examines the reasons for governance and control failures in financial institutions, in a broader context.

Reasons for governance and control failures
As discussed, boards of financial institutions strengthened with independent directors, wellstructured committees and supported by compliance, risk and audit functions have the  primary responsibility of ensuring sound systems and controls.However, the instances of governance failures not only in India but all over the world necessitate a closer look at the reasons for governance and control failures (Douglas et al., 2018).A review of several episodes of misconduct and financial imbroglio in financial institutions highlights the following points as the likely reasons for governance conundrums.
(1) Misaligned incentives at the frontline The fact that the first line of defence formed by the field executives and front-line functionaries is responsible for screening out unwarranted risk and blocking transactions with ethical, legal or proprietary issues, while taking on the responsibility for generating sufficient, or at times, targeted revenue for an enterprise, is a great source of misalignment.Many times, due to misaligned incentives, the pressure to achieve targets overwhelms the need for judicious risk-taking and can even pressurise the front-line staff to engage in mis-selling unscrupulous conduct, or concealment of unfavourable deals and positions.Tayan (2019) observe that the tensions between corporate culture, financial incentives and employee conduct were amply illustrated in the Wells Fargo cross-selling scandal.Ironically, Wells Fargo was listed as one of the great places to work for many years while its sales team adopted aggressive and toxic tactics to achieve its targets.So even though its corporate philosophy stated something entirely different, people indulged in what they were paid for, as the incentives were completely misaligned.Boards of financial institutions must, therefore, be conscious of this aspect while making business decisions and setting goals.
(2) Lack of independence and expertise at the second and third line The second and third lines supposedly take care of filtering the risk and misconduct at the front line through their oversight, monitoring and reporting responsibilities.While the compliance, risk and internal audit functions are expected not to have any dual hatting and business targets, and to have a direct reporting line to the Board, in reality, it is difficult for these functionaries to completely dissociate with business processes and functional heads.Hence, many times, compliance and risk functions toe the line taken by business verticals and chief executives, instead of framing their independent opinion.Behaviourally, it is not easy under all circumstances to be a part of the enterprise and develop an independent view and perspective.At times, the functional teams may have superior knowledge and expertise about their domain than that possessed by the risk, compliance and audit teams.It is very natural for the management to place their most talented executives in the roles responsible for business deliveries and revenue generation.Moreover, many business decisions for the want of a different perspective may look reasonable in real-time, while being proved catastrophic in the hindsight.A second-line functionary handling risk management could be called too conservative or a spoilsport for an adverse opinion, which may or may not be proved right in hindsight.The board, therefore, must take the initiatives to ensure expertise and independence in the second line and boost their confidence by demonstrating that the red flags raised by these executives are welcome and helpful.The right tone from the top helps.Further, the nudges such as separating office locations of functional teams and the second/ third line executives, insisting on formal modes of communications, cutting the chances of too much familiarity and at times bringing outside experts on these roles might help in improving the effectiveness of second and third line of defence.
(3) Personality cult is the worst enemy of governance Given the well-defined structure of boards, one wonders why despite having all the necessary structures in place, certain instances of managerial misconduct and governance malfeasance are neither curbed nor reported as expected.This brings us to the critical issue of individuals' Governance in financial institutions positions and behaviour.In institutions where individuals become too powerful either due to their long tenure, knowledge and skills, charisma, etc., their writ becomes too large to be subservient to systems, controls and procedures.Such persons due to their long-standing position develop strong connections and networks to manage things in their right or wrong ways.As already discussed, if any head of a business vertical or, the chief executive becomes very strong and well-connected, it turns out to be practically very difficult for compliance, risk and audit professionals to resist or report any unscrupulous decisions taken by such a person.Hence, financial institutions must not allow the development of personality cults either at the level of senior management or even at the level of the board, whereby individuals become stronger than systems.In the case of KMP the tenure and the zone of influence should be carefully calibrated and managed.Larckar and Tayan (2016) observe that, at times, the CEO could be the root cause of the governance problem because of certain reckless decisions, behaviour, and capture of the Board by his or her long-standing position in senior management.A failure in the Board's oversight role due to such capture could result in massive cultural and procedural collapse.
(4) Rot at the top is the most difficult thing to tackle While the boards and senior management of financial institutions are assigned the responsibility of putting in place the best governance standards and leading by example, at times, it may be possible that they might be involved in misconduct for personal gain.This would be a case of fence eating the grass and would be perhaps very difficult to be acted against by the first, second, or third lines of defence.In such cases, the onus falls on the fourth line by way of external scrutiny and consequent supervisory action.For the effectiveness of the fourth line, it is necessary to have coordination, market intelligence and information sharing between external auditors and supervisors.While both have similar objectives of ensuring strong financial institutions, their mandates and scope would be somewhat different.Aligning such differences by respecting each other's roles with a well-structured mechanism is important for effectiveness.Such alignment and coordination also ensure that any budding malfeasance may not linger undetected for a long time and is detected and curbed swiftly.
(5) Gatekeepers' inability to see through the corporate veil and the weak market discipline External oversight offered by the gatekeepers, namely, concurrent and statutory auditors, rating agencies, credit analysts, etc. provides a valuable fourth line of defence to financial institutions.However, at times, the gatekeepers may lack the incentive to dig deep to be able to see through the corporate veil.Secondly, the quality and access of information available to the gatekeepers may not be truly accurate and transparent, especially in situations of corrosion at the top or managerial misconduct (Core et al., 2006).An easy way out to save one's skin, therefore, could be to release an evasive qualified audit report instead of coming clear with numbers and offering unambiguous observations.Gatekeepers' inability to report unscrupulous transactions and malpractices also leads to poor market discipline because of a lack of credible information to stakeholders about the concerned financial institutions.Since supervisors are traditionally conservative and selective in sharing information, the market discipline hinges to a great extent on disclosures and reporting made by the gatekeepers.Since these are usually less than optimal, the market discipline remains on a weak footing.Kaawaase et al. (2021) observe that corporate governance and internal audit have a strong bearing on financial reporting quality.
Considering the above points, the next section provides insights for strengthening governance in financial institutions.

Strengthening governance in financial institutions
Based on the above discussions, it would be useful to answer the questions raised in Section 1 of this paper, followed by a discussion about the most desired steps that can help strengthen governance in financial institutions.
Coming to the questions raised in Section 1, it is quite apparent that misalignment of incentives and misplaced priorities of senior management leading to gaps in the four lines of defence are the primary reasons for control failures.Objectives and incentives of the first line are unlikely to have a control orientation given their role in the enterprise in the medium to long term, especially if the financial and hierarchical incentives are adversely aligned.Hence, the first line may generally be focussed on short-term gains, and achievement of targets and maybe contend with a tick-the-boxes approach.Similarly, the second line may not be truly independent, and may, at times, lack the expertise and conviction to take things head-on.The same is true with the internal audit as the third line, and hence, the controls, audit and risk management functions embedded in the second and third lines could have a tendency to look the other way or fail to see through shrouded managerial misconduct.Finally, some gatekeepers as a part of the fourth line of defence may lack sufficient incentives, the will, and the ability to travel the extra mile to nip the malfeasance in the bud.The market discipline remains weak due to a limited flow of credible information and awareness in the public space.Developing the right balance of incentives and disincentives, strengthening market discipline, and encouraging whistle-blower mechanisms can contribute a lot to strengthening governance in financial institutions.Even the independent directors on the boards may merely get the information which is presented to them, and it is not easy for them to know if something wrong is happening somewhere deep outside the walls of the boardroom.Hence, it may be necessary for independent directors to keep asking questions and try to keep a tab on the market chatter and grapevine, even though it may not be easy to filter the real issues.
Considering the above, the following steps may help strengthen the governance in financial institutions.
(1) A robust whistle-blower policy is a must A robust and trustworthy whistle-blower policy is an important tool for ensuring effective governance systems by way of wider oversight and enabling timely corrective actions against any breeding or potential malfeasance within the organisation.Every financial institution including the regulatory bodies should have a well-structured whistle-blower policy properly operationalised and widely circulated so that all the stakeholders, including employees and the general public, are encouraged to communicate their concerns about illegal, unethical, and unscrupulous practices and misconducts.Confidentiality, ease of access, and protection of the identity and interests of whistle-blowers remain the most important elements for the effective operation of a whistle-blower policy.It needs no overemphasis that this requires trust both within and outside the organisation that cannot be developed overnight.This can be successful only when people are confident that their inputs would be taken in right earnest and there would be no direct or indirect retribution.Boards of financial institutions must put in place the necessary mechanisms to thoroughly process the inputs received and to provide full protection to the whistle-blowers.
(2) Never allow individuals to overpower the systems and the organisation Governance systems are most damaged when individuals due to their position as founders, major shareholders, family members or associates of directors or KMPs, and/or due to long tenure, superior knowledge or stellar contribution to establishing the financial institution are seen as indispensable and perceived as towering personalities that no one dares to challenge or put forth a contrarian view against the decisions of such persons.In such a situation, systems and processes take a back seat and the risk of governance failures increases manifold.The challenge, however, in such situations, is the assessment of the incipient risk in real-time as everything looks great from the surface.It is only after a fiasco happens that things start looking bad in the hindsight.The solution lies in ensuring the supremacy of the systems, bringing transparency and not allowing individuals, irrespective of their knowledge, skills, experience, seniority, contribution, etc. to continue for a long period and become like demigods for the institution.Further, overbearing senior management or directors could create perverse incentives in the organisation by curbing independent opinions and divergent views.In such a situation, malfeasance is easy to develop and difficult to figure out and address.
(3) The fourth line of defence must keep looking for the red flags of governance deficiencies for timely action.
Further, external auditors and supervisors as a part of the fourth line of defence, must keep looking for the red flag of governance weaknesses on an on-going basis and initiate corrective action, as and when required.Some of the typical red flags seen in financial institutions, inter alia, are long tenure of KMP and directors, presence of close relatives or associates in executive and board positions, heavy influence of one or two persons, too little or too high remunerations, lack of proper recordkeeping, complex systems and ambiguous procedures, very little or too much delegation of powers, almost no discussion or dissent in board meetings, weak internal audit, human resource and risk management departments, non-designation of some executives as KMPs despite being in key positions, a top-down approach in most cases, overbearing hierarchy and high-handedness of senior management.The list could be unending and requires sound judgement and experience on the part of supervisors and external auditors.The challenge remains, however, is to find such red flags in real-time rather than in the hindsight.While doing this, the fourth line could worry that it might be accused of being too hawkish, and there always remains a risk of being proved wrong in hindsight due to the interplay of several internal and external environmental factors.
(4) Never ignore the behavioural aspects The fact that quality of governance in financial institutions is such a complex and fluid phenomenon and has several behavioural elements that a simple check-the-boxes approach cannot be successful.In most cases, improvements in corporate behaviour and governance quality are a matter of conviction and the right incentives requiring thoughtful consideration by all the stakeholders.Besides, it is also important to understand the root cause of institutional failures before attributing everything to the boards.Only in cases, where the failures resulted from strategic errors, inappropriate risk-taking, weak oversight or involvement of board or senior management in frauds, the board should be held responsible but in the cases of failures due to market or external factors, the board may not necessarily be at fault.Moreover, regarding its oversight role, it may not be realistic to expect that the board can detect all instances of malfeasance but it would be fair to expect that the board of financial institutions would make efforts to have eyes and ears in form of institutional mechanisms to curb any potential vested interests, wrong incentives and structural weaknesses.Finally, the quality and efficacy of governance require the presence of several elements but the mere presence of everything may not necessarily ensure good governance due to the interplay of behavioural factors.Focussed attention on the conduct of the KMPs and other stakeholders, and timely action are necessary to ensure robustness in the governance architecture in financial institutions.

Conclusion
Robust governance standards are a prerequisite for financial institutions.Accordingly, a comprehensive set of governance processes, control systems, audit mechanisms, supervisory oversight and regulatory structures are put in place in financial institutions.However, instances of governance failures have been a recurring phenomenon, globally.Almost all the episodes of governance failures present similar stories where all the preferred elements of the governance system remain present, direct reporting structures exist, independent directors sit on the boards and audits and external evaluations take place, but unfortunately, desired results are not achieved as the KMP, directors and other gatekeepers responsible for curbing the malfeasance fail to identify the problems and shrouded misconduct in a pro-active manner or look the other way.For emerging economies like India which is aspiring to make a quantum jump in economic development, a robust financial system is a sine qua non.Hence, there is a need for failsafe systems and processes to the best extent possible and the need to know the precise reasons why and when governance fails in financial institutions.Once the reasons are precisely known, effective solutions in terms of what should and should not be done can be identified and implemented.
This paper looks at several key questions relating to governance in financial institutions and comes out with certain solutions by indicating the role played by misaligned incentives at the frontline, lack of independence and expertise at the second and third lines of defence, development of personality cults as the worst enemy of governance, rot at the top as the most difficult thing to tackle in real-time rather than in the hindsight, stakeholders' inability to see through the corporate veil, overbearing management and weak market discipline as principal reasons for governance failures.The involvement of several behavioural and situation-specific factors in the instances of governance failures should be paid close attention to.
This paper indicates that the implementation of an effective whistle-blower policy is a must, and one should never allow individuals to overpower the systems and due processes, howsoever lucrative and promising it might seem in real-time.Finally, the fourth line of defence must keep looking for the red flags of governance deficiencies that are mostly manifested in managerial and organisational conduct initially, and much later get reflected in the financials.Timely feedback and corrective action are of the essence, else, it would be a case of too little and too late.With thoughtful consideration and pre-emptive steps, the governance in financial institutions can be strengthened to prevent instances of failures, to a great extent, and to repair the damage quickly in case of rare occurrences.
Figure 1.Four line of defence model Figure 2. Governance elements and objectives Banking Supervision (BCBS) came up with a set of 13 corporate governance principles for banks in 2015.A summary of the principles is presented in Table2.These principles provide a comprehensive guide for developing suitable corporate governance systems commensurate with the size, complexity, systemic importance, substitutability and interconnectedness of banks and financial institutions.
❖Is the market discipline too weak to penalise and force course correction in case of bad corporate behaviour, and if more stringent regulations are the way forward?❖ Why do the instances of governance failures come to light after a considerable time lag leading to a situation of too little and too late?Source(s): Author on