Transcription
Developing an effectivegovernance operating modelA guide for financial servicesboards and management teams
Contents1Introduction3What is a governance operating model?4From framework to operating model6Components of a governance operating model8The power and benefits of a governance operating model9Designing the governance operating model12Enhancing or establishing a governance operating model13Getting governance doneA governance operating model has thepotential to address this need and thusenhance management’s ability toimplement governance and the board’sability to exercise proper oversight.
IntroductionIn recent years, many boards of directors in the financialservices industry (FSI) have been working to bolster theeffectiveness of their organizations’ governance models.For example, boards appear to have strengthened theirgovernance frameworks and policies and reasserted theirgovernance roles, established board-level risk committees,clarified the responsibilities of other board committees, andappointed chief risk officers (CROs) or reinforced theindependence of existing CROs. Concurrently, seniorexecutive teams have committed resources to enhancinggovernance frameworks.However, many FSI companies may have come to realizethat work remains if they are to operationalize thestructures and institutionalize the principles they haveadopted. Moreover, the expectations of regulators,investors, and other stakeholders regarding governancehave shifted over the past few years (see sidebar: Driversand expectations). Stakeholders now see boards as moreaccountable for the effectiveness of their overallgovernance process. This shift is real, and it is significant,and is likely to amount to an expectation of greater boardinvolvement in the means by which governance isorganized and effected, and for more active oversight bythe board and its committees.Greater involvement and more active oversight may beevident, but governance is also a work in progress, asreflected in Deloitte’s experience and research. A Deloittereview of bank board risk committee charters found thatboard members “want to clearly identify areas in whichthey are responsible for approval of decisions; where others(usually, senior executives) are responsible for approvaldecisions that they must as board members oversee,further approve, or simply be aware of; and how.” Agovernance operating model supplies the “how”1 thatboard members seek and can reveal gaps or shortcomingsin board or management committee charters.A Deloitte2 study of disclosures in proxy statements foundthat while FSI companies are bolstering governance andoversight, only 33 percent of those surveyed have123management risk committees, 41 percent disclose whetherrisk management/oversight is aligned with strategy, and 19percent note the board’s oversight with regard to corporateculture.3 The trend toward increasing disclosure regardinggovernance and risk oversight implies a need for reliablemethods of operationalizing governance.While the board is accountable for oversight of thegovernance process, management is responsible forimplementing the policies and procedures through whichgovernance occurs within the organization. The board isresponsible for understanding—and for advisingmanagement on—the processes through whichgovernance occurs within the organization, and isaccountable for the results of those processes.Management is responsible for the governance processesand their workings, and for their results.A governance operating model may assist the board andmanagement in fulfilling their governance roles. Such amodel is likely to enable the board and the executiveleadership to organize the governance structure and themechanisms by which governance is implemented. By thesame token, the lack of a governance operating modelmay lead to an incomplete or faulty governance structure,or to inconsistencies, overlaps, and gaps amonggovernance mechanisms. Such inadequacies may lead tofailure to enact governance policies that the board andmanagement have put in place.The sheer complexity of governance and the huge numberof related procedures and other mechanisms in a globalfinancial institution may indicate a need for a governanceoperating model. The elements of such a model may existwithin many large FSI companies. However, those elementsmay not have been connected, rationalized, and organizedto provide the consistent guidance and incentives thatexecutives, risk managers, and business unit leadersrequire. A governance operating model has the potential toaddress this need and thus enhance management’s abilityto implement governance and the board’s ability to exerciseproper oversight.Improving Bank Board Governance: The bank board member’s guide to risk management oversight, Deloitte Center for Financial Services, 2011,deloitte.com ocal%20Assets/Documents/FSI/US FSIImprovingBankBoardGovernance 122911.pdf As used in this document, “Deloitte” means Deloitte & Touche LLP , which are separate subsidiaries of Deloitte LLP. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attestclients under the rules and regulations of public accounting.Risk Intelligent proxy disclosures – 2011: Have risk-oversight practices improved?, Deloitte Center for Corporate Governance, 2011, HYPERLINK"http://www.deloitte.com" deloitte.com oxy%20Disclosures%202011 Deloitte 083011.pdf Developing an effective governance operating model 1
Drivers and expectationsThree main drivers familiar to FSI leaders have likelyintensified the need for improved governance: thegrowth imperative, organizational size and complexity,and regulatory change. Growth must continue. Customers, investors,and the public recognize that a sound, robust,competitive financial services sector is a keycomponent of a healthy economy. Customerswant products and services, and investors wantreturns; meanwhile, regulators and the public wantaccountability, responsibility, safety, and soundnessin institutions and the financial system. Balancingthese desires calls for FSI companies that can growwithin the purview of sound governance Size and complexity are permanent. While thedebate about whether financial institutions are “toobig to fail” continues, many are significantly largerthan they were before 2008. For the largest firms,global reach is a reality, as is complexity of products,markets, and regulations. Given this, boards shouldconsider reliable methods of enabling executivesand managers to implement governance Regulations have proliferated. In response tothe financial turbulence of the past years, manyregulatory agencies and advisory groups haveissued guidance relevant to board governance. Yetregulatory change and lapses in governance arelikely to continue. This indicates a potential needto extend the governance process deeper into theorganizationThis document, prepared for board members, boardcommittee members, senior executives, and risk managersat FSI companies, aims to assist boards and others with keygovernance roles in developing a robust governanceoperating model. This document also provides suggestionsto consider on how to begin implementation, althoughthat is not its primary focus. Such a model may foster theinformation flows and visibility into processes that enableboth the board and management to fulfill their respectivegovernance responsibilities. For FSI companies with agovernance framework and policies in place, this document42Each of these documents is available at deloitte.com.Coupled with governance and risk managementlapses before and since the downturn, these drivershave likely shaped regulators’ and other stakeholders’expectations in the following ways: The board’s governance role includes responsibilityfor reviewing corporate strategies, shapingthe culture, setting the tone at the top, andpromulgating the organization’s vision, values, andcore beliefs The board is expected to oversee seniormanagement’s collective ownership and individualaccountability for regulatory compliance and riskmanagement The board should attain enough visibility intobusiness operations, processes, and risks tounderstand the risks management is taking andhow they are being managed The board is accountable for all aspects ofgovernance, including:– Decision-making authority that codifies who isresponsible for making key decisions– Organizational structures that define and clarifyresponsibilities for operational, control, andreporting processes– Organizational design that is understood bymanagers, employees, and external stakeholdersAlthough many FSI companies may have respondedto these drivers and expectations (for example, bydeveloping committee structures and establishingpolicies), they may still be grappling with operationalizinggovernance. A governance operating model couldpotentially assist in addressing this challenge.outlines a next step—moving governance to the level ofpeople’s day-to-day job responsibilities.This document assumes that readers are broadly familiarwith recent FSI regulatory developments and with keyprinciples of governance, including those Deloitte hasidentified over the past several years in documents such asRisk Intelligent Governance: A Practical Guide for Boards:Improving Bank Board Governance, and The RiskCommittee Resource Guide for Boards.4
What is a governanceoperating model?Exhibit 1 depicts the major components of a governanceoperating model and their relationship. This high-level viewshows the major components—structure, oversightresponsibilities, talent and culture, and infrastructure—andtheir key subcomponents. The nuts and bolts of the model(layers below the subcomponents in this depiction) includeprocess flows, procedures, and reporting mechanisms thatimplement governance at the level of job responsibilities.Board and management choices regarding eachcomponent should define how the governance operatingmodel will be implemented by management.In practice, a governance operating model should: Organize operational, financial, risk management, andreporting processes such that the board receives theinformation it requires to effect good governance andmanagement and the business units can conduct theiractivities in ways that comply with regulations and servestrategic ends Bring the organization’s governance framework down tothe level of roles, responsibilities, reporting lines, andcommunications to bridge the gap between thegovernance framework (discussed in the followingsection) and operational realities Help people to answer questions such as, “Why are wedoing this?” “Is this okay?” “Whose call is this?” and“Who do we need to tell about this?” and to know whento ask such questions Sustain governance by creating a feedback loop inwhich the board and management can identify andrespond to new business, operational, competitive, andregulatory needsExhibit 1Illustrative governance operating modelStructureOrganizationaldesign andreporting structureCommittee(s)structureand chartersOversight responsibilitiesBoard oversightand responsibilitiesManagementaccountabilityand authorityCommittee(s)authorities andresponbilitiesTalent and culturePerformancemanagement andincentivesBusiness andoperating principlesLeadershipdevelopment andtalent programsInfrastructurePolicies andproceduresReporting andcommunicationTechnologyCopyright 2013 Deloitte Development LLC. All rights reserved.A governance operating model may contribute tosolving the common problem of “management bymemo” in governance. It is rarely enough for the boardor management simply to articulate principles and issuepolicies, no matter how clearly and forcefully they do so.They should also see to it that people have theunderstanding, motivation, and means to implementthem, and that they do so.Developing an effective governance operating model 3
From framework tooperating modelThe starting point, which many FSI companies have likelyaddressed, is the governance framework, such as thatdeveloped by Deloitte or another organization. TheDeloitte Governance Framework (see Exhibit 2) wasdeveloped to help boards and executives assess theirorganizations’ governance programs. Whether theExhibit 2Deloitte governance frameworkCopyright 2013 Deloitte Development LLC. All rights reserved.4board and management adopt or develop a governanceframework, it articulates the various elements of thegovernance program, clarifies the governance roles ofthe board and management, and illustrates anappropriate relationship between governance, riskmanagement, and organizational culture.
Encircling all elements of the framework is the corporategovernance infrastructure. The governance infrastructure isthe collection of governance operating models—thepeople, processes, and systems—that management has putin place to govern day-to-day organizational activities. Thisinfrastructure also includes the processes used to gatherand report information to the board and externalstakeholders, as well as to management.The board’s role in various elements of the governanceinfrastructure ranges from overseer to active participant inthe actual processes. The top half of the framework abovedepicts areas where the board’s responsibility is typicallyheightened. In these areas, it is generally not consideredadequate for the board only to understand and monitorthe company’s operating models; in addition, the boardwill be expected to play a role in developing thecomponents and participating in the activities. These areasinclude governance (here meaning the board’s structureand composition), strategy, performance, integrity, talent,and risk governance. In these areas, due to legal orregulatory requirements or stakeholder expectations, theboard is an active party in the structures and processes,and in decisions and duties that cannot be delegated tomanagement, which vary by organization.The bottom half of the framework depicts areas where theboard’s responsibility can be described more as activemonitor. Here, the board understands the operating models,ascertains that they are adequately developed and resourced,and monitors results of business activities and any issuesidentified in the process. For many companies, the areas inthis category align to planning, operations, compliance,reporting, and risk management.5A governance operating model is the mechanism used by theboard and management to translate the elements of thegovernance framework and policies into practices,procedures, and job responsibilities within the corporategovernance infrastructure. In developing the governanceoperating model, the board balances competing goals (suchas the pursuit of growth and the preservation of assets),defines responsibilities (such as those of a business managerand those of a risk manager), and allocates resources toimplementing governance. (For more on the DeloitteGovernance Framework, see Framing the future of corporategovernance: Deloitte Governance Framework.5)The remainder of this document presents an enterprisegovernance operating model that may be suitable for a largeFSI company and discusses the characteristics of such amodel, elements that might be included, potential benefits,and development and implementation. As an enterprisegovernance operating model, this model could be adapted tothe needs of an entire company or those of specific businessunits or functional areas.A governance operating model is themechanism used by the board andmanagement to translate the elements ofthe governance framework and policiesinto practices, procedures, and jobresponsibilities within the corporategovernance infrastructure.Framing the future of corporate governance: Deloitte Governance Framework, Deloitte, 2012, deloitte.com oxy%20Disclosures%202011 Deloitte 083011.pdf Developing an effective governance operating model 5
Components of a governanceoperating modelA governance operating model defines the mechanismsand interaction points by which governance will beimplemented. It enables the board and the executiveleadership—as appropriate to their roles andresponsibilities—to organize these mechanisms andpoints of interaction across the organization’s businesslines, legal entities, and jurisdictions. An enterprise-levelmodel, like the one described here, may be adapted toany functional or operating area to promote effectiveimplementation of governance.As shown in Exhibit 1, the governance operating modelconsists of four major components: Structure, which includes organization design andreporting structure, committee structures and charters,and control and support function interdependencies Oversight responsibilities, which define boardoversight responsibilities, committee and managementresponsibilities, accountability matrices, andmanagement hiring and firing authority Talent and culture, which enable the behaviors andactivities required for effective governance byestablishing compensation policies (particularlyregarding incentives), promotion policies, business andoperating principles, performance measurement andmanagement, training, and leadership and talentdevelopment programs Infrastructure, which comprises governance and riskoversight policies and procedures, reports, measures andmetrics, and management capabilities, and the enablingIT and communications supportWithin these components, some of the key aspects of aneffective governance operating model to be addressedwill include:Board oversight and responsibilities: The board carriesout oversight responsibility across the organization in areassuch as business and risk strategy, organization, financialsoundness, and regulatory compliance. In this regard, thegovernance operating model should help the board to: Articulate the skills and knowledge it requires toeffectively execute its oversight responsibilities, and toassess its composition against those needs6 Engage management in providing the information theboard requires to exercise governance and risk oversight Advise management on policies that ultimately influencethe manner in which governance is conducted Understand governance activities that occur at variouslevels within the organization, and support managementin its efforts to enhance program efficiency, andeffectivenessCommittee authorities and responsibilities: Effectiveboard committee and management committee structurescan help define the number, terms, and qualifications ofmembers, committee responsibilities, reporting andescalation mechanisms, and ways in which board andmanagement committees will interact. For example, for amanagement committee, the model could: Include committee charters that define thecommittee's responsibilities and addresses linkagesbetween the committee, the broader executive team,and the board of directors Define the types of decisions, investments, events, risks,and other items that should come to the committee’sattention (and, when applicable, thresholds or amounts) Delineate methods of escalating and reportingsignificant matters to the appropriate person orcommitteeOrganizational design and reporting structure: A clear,comprehensive organizational structure normally definesreporting lines for decision making, risk management,financial and regulatory reporting, public disclosures, andcrisis preparedness and response. In an enterprisegovernance operating model, the organizational structurecould enable executive management to: Establish the independence and authority of the controlfunctions of compliance, risk, legal, finance, and audit Define a process of overseeing the spectrum of risksacross all regions and businesses, including strategic,operational, market, credit, liquidity, legal, compliance,property, IT, reputational, and other risks Maintain a governance structure that is understandableto internal employees and external stakeholders
Management accountability and authority: Wellunderstood authority and accountability for keyresponsibilities are needed at all levels and in all areas of theorganization. A sound governance operating model could: Balance global and regional strategies by delineating theauthority and accountability for key roles and specifyinga process for resolving or escalating disagreements Balance the decision-making authority of business unitsagainst that of risk managers, such that risk tolerancesand exposure limits are set and observed and riskmanagers have the authority to challenge those who aretaking the risks Define clear decision rights such that people understandthe authority—and the limits of the authority—associated with their positions Provide direction to control functions to assist overseersin determining that businesses are managed withinappropriate limits on both global and regional basesPerformance management and incentives: Goals,performance measures, compensation, and incentivesshould reflect an organization’s overall commitment togovernance as well as principles of asset preservation andrisk taking for reward. In this area, the model should helpthe board to: Establish performance objectives that balance assetpreservation and risk taking in the pursuit of valuecreation Align incentives to reflect a balance between assetpreservation and risk taking Specify qualifications and performance evaluations thatestablish and reinforce the desired corporate culture andtone at the topA robust enterprise governance operatingmodel helps enable the execution ofgovernance responsibilities at all levels.Striking a balance, repeatedlyIn practice, governance usually comes down to striking a balance among conflictingneeds and goals, which arise in various areas for many reasons.In general, roles, responsibilities, and decision rights should be conceived andpracticed so as to balance the business needs and control/risk-management needs oflocal operating units and those of the national or regional division and those of theglobal organization. This means reconciling two types of needs—business andcontrol/risk-management—along three geographic dimensions: local, national/regional, and global.For example, in terms of risk governance and management, the goals of value creationthrough risk taking for reward should be balanced against those of value preservationthrough risk mitigation and control. Given that risk management is not risk avoidancebut management of risks, it is useful to consider the three traditional lines ofdefense—business management, risk management, and internal audit—and how thegovernance model can define their respective roles and responsibilities.As in any situation of competing forces, balance is dynamic. In an organization, theyshould have mechanisms to guide their decisions, interactions, and upward anddownward communications. An effective governance operating model has thepotential to provide those mechanisms.A robust enterprise governance operating model helpsenable the execution of governance responsibilities at alllevels. It does so by clarifying reporting lines and linkages;identifying decisions, risks, and other matters to come tothe boards’ or its committees’ attention for review orapproval; and promoting an understanding amongmanagers of roles and responsibilities, limits of authority,and means of escalation, and of the balance to be soughtbetween centralization and decentralization, autonomyand collaboration, and risk and reward (see sidebar:Striking a balance, repeatedly).Developing an effective governance operating model 7
The power and benefits of agovernance operating modelThe power of a governance operating model can lie in itsspecificity. The required or desired level of specificity in theoperating model will vary from organization to organization.This is appropriate. Governance frameworks defineprinciples and, usually, responsibilities. But they largely leaveindividual organizations to define how governance roles willbe assigned, how roles will interact, and how responsibilitieswill be fulfilled.FSI companies may benefit from an effective governanceoperating model in the following ways: Improved clarity: The board and management face thechallenge of translating governance principles intopractices. The governance operating model could providea vehicle for the board and its committees to address thischallenge by clearly defining the roles, responsibilities,accountabilities, information flows, and guidelines thatpeople need in order to implement governance Greater visibility: To fulfill its governance responsibilities,the board should have clear lines of sight intomanagement’s decision-making and risk-managementprocesses. In the governance operating model, the boardcould establish those lines of sight, for example, bystating the types and amounts of investments andtransactions and the risk exposures that should come toits attention Improved coordination: Addressing the complexityinherent in governance of multiple businesses across aglobal organization requires coordinated action. It alsoentails balancing considerations regarding centralizationversus decentralization and considering local business,customer, compliance, legal, and other stakeholderneeds—which the model should be able to address Increased effectiveness: A model that specifies theinformation that the board and its committeesrequire—and from whom, how often, and underwhat circumstances they will receive thatinformation—may assist the board in executinggovernance more effectivelyThe model should arrange the governance and riskoversight process—and the related infrastructure and ITsupport—such that responsibilities are carried out in areliable manner. The overarching benefit of a soundgovernance operating model is that it could enable theboard and its committees to execute their responsibilitiesproperly and with greater assurance that they have done so.8
Designing the governanceoperating modelEach component of a governance operating model consistsof subcomponents comprised of activities, only a samplingof which are listed in Exhibit 3 by way of illustration. Agovernance operating model can provide substantial detailregarding the ways in which activities will be conducted toimplement governance. Indeed, one of the main reasons tocreate a governance operating model is to define anddocument the processes, procedures, and reportingmechanisms that will constitute governance, along with thetraining, IT, and other resources that will be needed.Exhibit 3Illustrative activities in designing the governance operating alent & cultureInfrastructureSubcomponents Committee structure and charters Organizational structureand reporting lines Control and supportfunctions’ rolesDescription Outlines board and management committee structures, mandates,membership, and charters Establishes design of governance framework Delineates organizational structure, reporting lines, and relationships Highlights role and independence of control and support functions frombusiness owners Committees authorities Outlines the type of committees (board and management) and associatedand responsibilitiesresponsibilities Management accountability Specifies functional accountabilities for day-to-day management of businessand authoritypractices across the enterprise Board oversight and responsibilities Delineates board and management approved policies supporting delegation Reporting, escalation,of authority (decision rights) including reporting, escalation, and veto rightsand veto rights Business and operating principles Core beliefs and risk culture Leadership development and talentprograms performance Management and incentives Aligns governance with operating and business principlesArticulates core beliefs and foundation for cultureHighlights characteristics of risk cultureOutlines leadership succession, assessment, and development responsibilitiesAligns performance management, approach, measures and responsilities tocompensation and incentive plans Policies and procedures Reporting and communication Technology Establishes design and content of policy manuals and associated proceduresOutlines type and frequency of internal reporting and communicationsDefines scorecards, measures, and metrics to track performanceAligns technology and governance requirementsCopyright 2013 Deloitte Development LLC. All rights reserved.Developing an effective governance operating model 9
Developing the governance operating model entailsdefining and documenting the subcomponents andactivities at the level of detail the organization requires toinform peoples’ decisions and actions. The goal is not todictate, but to define decisions and actions in ways that willbe meaningful from a governance standpoint. The processof documenting the governance operating model cancreate as much value as the resulting documents. If anorganization has an undocumented governance model,documenting it may focus decision makers on balancingcompeting objectives, defining responsibilities, allocatingresources, and devising solutions—activities essential toimplementing governance.In defining its governance operating model, theorganization may assess its current state, define its desiredfuture state, and identify the steps required to achieve thelatter, that is, to effect implementation. In this exercise, theorganization should consider addressing the followingconsiderations and objectives: Compliance issues:– Achieve compliance with multiple, sometimesconflicting, requirements– Reconcile business requirements with regional and/or parent-company country
financial institution may indicate a need for a governance operating model. The elements of such a model may exist within many large FSI companies. However, those elements may not have been connected, rationalized, and organized to provide the consistent guidance and incentives that exec
