During the pandemic, many community banks needed to change how they operated. For this and other reasons, now is a good time to review and refresh articles, bylaws and committee charters to ensure resilience and bolster risk management.
By Susan Springer
For organizations that view corporate governance as a checklist, it’s a burden. But if they see it as a risk management tool, it’s a game changer. It can clarify roles and responsibilities, encourage timely communication and help community banks operate more efficiently.
Rather than being a periodic task, corporate governance assessment should be an ongoing discussion.
“[These] should be living and fluid documents that you update periodically based on changing risk and the bank’s ability to manage and mitigate that risk,” says Ron Green, CEO of $675 million-asset Oregon Pacific Bank in Florence, Ore.
Exploring the “what ifs”
When the pandemic hit in early 2020, mitigating risk took on a whole new meaning for community banks. Oregon Pacific Bank had to close lobbies and send half of its workforce home. Before the pandemic, there were four associates working remotely. Now, there are 60 employees who can. In response, Green says his bank scrambled to buy scarce laptops and accelerated its existing efforts to move more data to cloud storage to avoid being reliant on physical core servers.
The key COVID-19 issue in this workforce pivot was ensuring that Oregon Pacific could secure customer and proprietary data with employees working from their kitchen tables. Potential security risks ranged from inadvertent breaches if sensitive data became visible to people outside the bank, to bad actors accessing data through the back door. As a small bank, it equipped work-from-home employees with VPNs but now needed to assess risk on a greater scale.
Oregon Pacific realized that responding to the length and severity of COVID-19 meant it needed to update its business continuity plan—which it quickly modified, along with adopting new practices with the board’s approval.
Green recommends community banks ask hard “what if” questions when developing a business continuity plan to prepare for emergencies as severe and long-term as the pandemic. He also recommends not updating the resiliency document as only a “table-top exercise.” Instead, banks should run real-life tests to expose and fix any weaknesses.
4 → 60
The change in the number of Oregon Pacific Bank’s employees able to work from home before and during the pandemic
Poring over documentation
The past two years have brought a growing list of issues for bank boards to solve in rapid succession. Decisions needed to be made, weighing shareholder, employee and customer expectations, amid uncertainty about the severity and duration of the global health crisis.
However, whether in crisis or “normal” mode, clear committee charters in governance documents help develop effective and independent members. Charters that spell out committees’ specific responsibilities allow members to better fulfill their duties. For example, committee members should know if they are being asked to review versus approve issues before them.
Karen Grandstrand, attorney, shareholder and chair of the bank & finance department at Fredrikson & Byron, P.A., says one of the significant issues that arose during COVID-19 for banks of all sizes was uncertainty about legally holding shareholder meetings by electronic means.
Some state statutes still require that shareholder meetings be held in person unless articles or bylaws allow for them to be held remotely. If these articles or bylaws exist, community banks should consider updating their own articles and bylaws to allow remote meetings. Grandstrand, who specializes in bank regulation, notes that it’s important to distinguish between shareholder meetings at the holding company level and at the bank level, as different statutes and regulations may apply.
She also notes that if catastrophic events prevent your board from assembling, some state statutes allow the board of directors to adopt bylaws that are effective only in an emergency, unless the articles of incorporation provide otherwise. “There may be provisions in emergency planning where you could quickly designate either additional or substitute directors,” she says.
Grandstrand says factors that prompt banks to review their governance documents include preparing for an acquisition or sale, starting a new line of business, succession planning, raising capital or a corporate restructuring.
“[These] should be living and fluid documents that you update periodically based on changing risk and the bank’s ability to manage and mitigate that risk.”
—Ron Green, Oregon Pacific Bank
She recently advised one family-owned bank that was excited to work on succession planning because they recognized governance was core to whether the bank stayed in their family and community. These bankers discussed how best to bring in the next generation, what roles they would be interested in and if the committee structure should be changed to provide family members with more opportunities.
While common governance documents include articles, bylaws and committee charters, Grandstrand counsels banks to also consider the importance of board packages. “Boards are not supposed to manage but provide oversight,” she notes, so communication flow is key. A central reporting mechanism for the board can ensure members receive timely and complete information.
Finally, corporate governance documents may need to be reviewed and updated as a community bank nears an asset threshold. For example, regulatory requirements stipulate that the makeup of a bank’s independent audit committee must change after it hits the $1 billion-asset mark.
Susan Springer is a writer in Oregon.