IMPORTANT FINANCIAL DISCLAIMER: The content on this page was generated by an Artificial Intelligence model and is for informational purposes only. It does not constitute financial, investment, legal, or tax advice. The author of this site is not a licensed financial professional. The information provided is not a substitute for consultation with a qualified professional. All investments, including cryptocurrencies and stocks, carry a risk of loss. Past performance is not indicative of future results. Do your own research and consult with a licensed financial advisor before making any financial decisions. Relying on this information is solely at your own risk.
The role of a bank director has shifted from a position of community prestige to one of heavy legal and fiduciary accountability. In today’s volatile economic climate, the federal banking system remains sound, with capital and liquidity ratios high by historical standards [1]. However, directors face an increasingly complex landscape defined by shifting interest rates, commercial real estate (CRE) weakening, and the rapid adoption of artificial intelligence.
This handbook provides a prescriptive framework for management oversight, financial stability, and regulatory compliance.
Table of Contents
- 1. Fiduciary Duties and Governance Oversight
- 2. Managing the Leading Credit Risks
- 3. Financial Performance and Market Risk
- 4. Operational Risk: Cyber, Fraud, and AI
- 5. Navigating the Regulatory Horizon
- Summary of Key Takeaways
- Sources
1. Fiduciary Duties and Governance Oversight
The board of directors is ultimately responsible for ensuring that a bank operates in a safe and sound manner. While the board delegates daily managerial duties, it cannot delegate its oversight responsibility.
Duty of Care and Loyalty
- individualized Analysis: Directors must make decisions based on objective, risk-based analyses rather than politicized trends. This follows the 2025 executive order “Guaranteeing Fair Banking for All Americans,” which prohibits “unlawful debanking” based on protected beliefs [1].
- The Problem Bank List: As of late 2025, approximately 1.3% of FDIC-insured institutions are on the “Problem Bank List” [3]. Directors must proactively review CAMELS ratings (Capital, Assets, Management, Earnings, Liquidity, Sensitivity) to stay off this list.
The duty of care requires directors to make informed, objective, and risk-based decisions, while the duty of loyalty ensures they act in the bank’s best interest rather than for personal or political gain. Recent orders emphasize that these duties include preventing ‘unlawful debanking’ based on protected beliefs.
Directors must proactively review CAMELS ratings, which evaluate Capital, Assets, Management, Earnings, Liquidity, and Sensitivity. Regularly monitoring these indicators helps identify stability issues before they lead to regulatory intervention.
2. Managing the Leading Credit Risks
Credit risk is currently bifurcated. While retail performance remains manageable, commercial sectors are showing significant stress.
Commercial Real Estate (CRE) Exposure
Directors should closely monitor the bank’s exposure to office and multifamily properties. Demand for office properties is currently sensitive to macroeconomic conditions and remote work trends [1].
The Indicator: Noncurrent loan rates for multifamily CRE have recently risen above their 1991–2019 averages [1].
Prescriptive Action: If your bank’s CRE concentration exceeds 300% of total capital, your board must implement enhanced stress testing and portfolio-level reviews as outlined in our Banker’s Guide to Risk Management.
Agricultural and C&I Loans
Agriculture lending is stabilizing, yet headwinds remain for soybean and cotton exports. Furthermore, middle-market borrowers in the Commercial and Industrial (C&I) sectors are seeing tighter underwriting standards due to an uncertain economic outlook [1].
| Sector | Risk Indicator | Required Action |
|---|---|---|
| CRE (Office/Multifamily) | Noncurrent rates above 1991-2019 avg | Stress test if concentration > 300% capital |
| Agricultural | Export headwinds (Soy/Cotton) | Monitor global trade volatility |
| Middle-Market C&I | Tightening underwriting standards | Review portfolio-level sensitivity |
If a bank’s CRE concentration exceeds 300% of its total capital, the board is required to implement enhanced stress testing and conduct detailed portfolio-level reviews to mitigate heightened risk.
Underwriting standards for Commercial and Industrial (C&I) loans are tightening due to an uncertain economic outlook and increased pressure on middle-market borrowers. This shift aims to protect the bank from potential defaults in a volatile market.
3. Financial Performance and Market Risk
A director must be able to interpret the Net Interest Margin (NIM) and liquidity ratios to assess viability.
Interest Rate Sensitivity
Recent federal funds rate cuts have led to a reconfiguration of bank balance sheets. In the first half of 2025, banks with assets under $1 billion realized higher NIMs due to higher loan pricing and decreasing deposit costs [1].
- Unrealized Losses: While unrealized investment portfolio losses have fallen to half of 2023 levels, they remain elevated. Directors should ensure the bank is not “locking in” losses on low-yield securities that could impair capital if interest rates remain higher for longer than anticipated [2].
Evaluating Profitability
Industry-wide net income was approximately $79.3 billion in Q3 2025, driven by lower provision expenses [3]. Directors should verify if their bank’s profit growth is organic or driven by nonrecurring events like acquisitions. To understand how these profits translate into actual offerings for clients, see The Essential Guide to Banking and Financial Products.
Banks with assets under $1 billion have recently seen higher Net Interest Margins (NIMs). This is primarily driven by the combination of higher loan pricing and decreasing costs for deposits.
The concern is that banks might ‘lock in’ losses on low-yield securities, which could significantly impair capital if interest rates remain high. Directors must ensure the bank maintains enough flexibility to avoid selling these assets at a loss.
4. Operational Risk: Cyber, Fraud, and AI
The “innovation gap” is now a material risk. Banks that are slow or reluctant to evolve may face long-term viability issues [1].
Artificial Intelligence (AI) Implementation
Boards are currently overseeing generative AI use cases primarily for internal efficiency, such as coding and document summarization.
Risk: Algorithmic trading driven by AI can lead to correlated trading or market manipulation that is harder to detect than traditional methods [2].
Strategy: Approve an AI governance framework that includes “human-in-the-loop” reviews for any AI-driven credit underwriting.
Cybersecurity and Foreign Actors
The OCC has identified an increase in threats from foreign state-sponsored actors, specifically North Korean IT workers attempting to gain fraudulent employment to exfiltrate proprietary data [1]. Boards should mandate audit trails for any IT assets reaching their “End of Life” (EOL) to prevent firewall unauthorized access incidents.
Current strategy suggests using Generative AI primarily for internal efficiencies like document summarization and coding. Boards should approve a governance framework that mandates ‘human-in-the-loop’ reviews for any credit-related AI tasks.
Boards should implement strict identity verification for IT contractors and mandate audit trails for all IT assets reaching their ‘End of Life.’ This helps prevent unauthorized access from actors like North Korean IT workers attempting data exfiltration.
5. Navigating the Regulatory Horizon
The legislative environment is shifting towards more stringent oversight of digital assets and consumer compliance.
The GENIUS Act and Stablecoins
Passed in July 2025, the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act) limits who can issue payment stablecoins [1]. Directors of banks exploring digital asset custody must ensure compliance with these new federal standards. This evolving role of currency is heavily influenced by the activities of monetary authorities, similar to the trends seen in Central Banks’ impact on global politics.
BSA/AML Update
A June 2025 interagency order now permits banks to use alternative methods for collecting Taxpayer Identification Numbers (TINs) from third-party sources rather than directly from customers at account opening [1]. Boards should decide whether to adopt this optional method to reduce friction in the customer onboarding process.
The GENIUS Act establishes federal standards for who can issue payment stablecoins. Directors of banks involved in digital asset custody must ensure their operations comply with these new limits and reporting requirements.
Under a 2025 interagency order, banks are now permitted to collect TINs from reliable third-party sources rather than directly from the customer. Boards can choose to adopt this method to streamline the customer onboarding process.
Summary of Key Takeaways
- Credit Quality: Monitor multifamily and office CRE noncurrent rates; tightening standards suggest higher refinance risk for marginal borrowers in 2026.
- Innovation: Invest in technology or risk losing market share; generative AI should remain internal-facing until robust governance is in place.
- Cyber-Security: Implement strict identity verification for IT contractors to mitigate threats from state-sponsored actors.
- Compliance: Review “debanking” policies to ensure they are based on individualized risk assessments to comply with the 2025 executive orders.
Action Plan for Bank Directors
- Immediate: Verify your bank’s current CRE concentration levels and schedule a portfolio stress test if they exceed 300% of capital.
- Next 30 Days: Request an audit of IT worker hiring processes to ensure North Korean IT worker obfuscation techniques are not being utilized.
- Quarterly: Review the “unrealized loss” position of the available-for-sale (AFS) portfolio and its impact on the bank’s Tangible Common Equity (TCE).
- Annually: Update the bank’s strategic plan to include explicit AI and stablecoin regulatory responses following the GENIUS Act.
Bank management is no longer just about maintaining traditional brick-and-mortar operations; it is about navigating a high-speed digital and geopolitical landscape with unwavering fiduciary discipline.
| Priority Area | Key Risk/Focus | Board Requirement |
|---|---|---|
| Credit Quality | CRE Maturity & Refinance Risk | Enhanced portfolio stress testing |
| Technology | GenAI & Innovation Gap | Human-in-the-loop governance |
| Cybersecurity | State-sponsored Actors | IT contractor identity verification |
| Compliance | GENIUS Act & Debanking Orders | Update strategic plan & policy reviews |
The immediate priority is to verify CRE concentration levels and schedule stress tests if they are over the 300% threshold. Within 30 days, directors should also audit IT hiring processes to ensure security against fraudulent foreign actors.
The strategic plan should be updated at least annually to address evolving AI governance and stablecoin regulations. This ensures the bank stays compliant with new laws like the GENIUS Act while closing the innovation gap.