The views expressed by contributors are their own and not the view of The Hill

Bank failures are wakeup call to address widespread bank board governance deficiencies

A person walks by the First Republic Bank headquarters on March 13, 2023 in San Francisco, California. First Republic shares lost over 60 percent on Monday even after regulators took actions Sunday evening to backstop all depositors in failed Silicon Valley Bank and Signature Bank and offer additional funding to other troubled institutions. (Photo by Justin Sullivan/Getty Images)

First Republic Bank, the 14th largest U.S. bank ($213 billion in assets as of the end of 2022), saw its shares decline by 75 percent at one point last week over concerns about Silicon Valley Bank (SVB) and Signature Bank. 

While First Republic’s problems are a bit different from the two recent bank failures, the concern over its survivability was great enough that a group of other large banks rushed in to inject an additional $30 billion in the bank to calm markets and depositors. Its plight represents an opportunity to examine the composition and expertise of this bank’s board risk committee, arguably the most important governance mechanism of any bank to ensure prudent risks are being taken. 

First Republic, as is the case of both SVB and Signature, is not subject to the heightened regulatory scrutiny imposed on banks that have over $250 billion in assets. Those largest institutions must abide by so-called heightened expectations for risk governance, which includes expectations of board responsibilities. 

Among them, boards are to engage in “credible challenge” with management to ensure that risks taken by the organization are well understood and properly assessed. I’ve seen board risk committee members at large financial institutions that didn’t survive the 2008 crisis that were passive, disengaged and otherwise uninterested in risk management.  

For First Republic, the composition and expertise of their board risk committee is notable. First Republic has five board committees: Audit, Compensation, Governance and Nominating, Enterprise Risk Management (ERM), and Information Security and Technology. Of interest, the ERM Committee is the smallest of the five, with only three members. 


The Compensation and Information Security and Technology Committees each have six members, the Governance and Nominating Committee has four members, as does the Audit Committee. In addition to the ERM Committee’s small size, none of the three members have direct banking risk management experience; their backgrounds are in health care, venture capital and academia, though they each are highly accomplished in their respective fields. 

First Republic does have an outside special adviser to the ERM Committee, but that does not obviate the board’s responsibility to dig into the roots of complex risk issues. Does it seem right that a bank as large as First Republic that is causing sizable market gyrations to have this representation for ostensibly their most important risk oversight body? Does it further make sense that the Compensation Committee has twice the number of board members as the ERM Committee? 

First Republic is not alone in having boards that have limited direct risk management experience. Most banks have few such members, and that is a significant gap in the sector. 

Thousands of pages of bank legislation and regulation after 2008 have not prevented major banking risk events. Think of JP Morgan’s London Whale event, the Wells Fargo Retail banking scandalCredit Suisse and ArchegosCitigroup and its Revlon loan event and now these bank failures, and clearly regulation is not always the answer to ensuring banks are effectively managing their risks. 

We need to add some teeth to bank regulatory requirements for boards that ensure not only that board risk committees are of sufficient size but also that committee members either possess the requisite experience or are being rigorously trained in risk management practices on an annual basis.  

There seems to be some confusion at times between risk and audit functions from observers outside the industry. And while audit is critically important, the diversity and complexity of risks require a very different set of skills, balanced between quantitative and qualitative. 

Bank board members need to be prepared to ask the tough questions of management, and the only way they can do that is to have a baseline knowledge of key risks, their measurement and management commensurate with the size and complexity of the bank. These latest bank failures should be a wake-up call to finally fix one of the biggest gaping holes in banking corporate governance.

Clifford Rossi, Ph.D, is professor-of-the-practice and executive-in-residence at the Robert H. Smith School of Business at the University of Maryland.