Community Bank Board Governance: What Examiners Expect From Your Minutes - Aprio

Community Bank Board Governance: What Examiners Expect From Your Minutes

Aprio is a board portal built for community bank boards, with legally binding e-signatures, a complete audit trail, and board records that are ready when the examiner asks, used by community banks like Centinel Bank of Taos, 1st Security Bank of Washington, Buckeye State Bank, TruBank, and others. Bank directors sit in one of the most documented seats in American business: examiners read every set of minutes between exams, a federal rule starts a 36-hour clock on cyber incidents, and when a bank fails, the record of what the board knew and decided is what protects its directors. This guide lays out what the numbers and the examiner manuals actually say.

How fast is the community banking landscape consolidating?

The number of FDIC-insured institutions peaked at 14,496 in 1984. By the end of 2025 it was 3,806, a decline of 73.7% over four decades, according to the FDIC’s BankFind Suite historical data. The decline is driven by mergers and, above all, by the near-disappearance of new charters: de novo formation collapsed from an average of 183 new banks a year between 1985 and 2011 to about 4 a year since 2012, per the FDIC Community Banking Study.

Four decades of bank consolidation

FDIC-insured institutions, year-end

0 4,000 8,000 12,000 16,000 14,496 12,347 9,943 8,315 7,523 6,519 5,340 4,379 3,806 1984 1990 1995 2000 2005 2010 2015 2020 2025

Source: FDIC BankFind Suite, Annual Historical Bank Data, 1984 to 2025.

What has not shrunk is the community bank’s role. Community banks held 92% of all bank charters in 2019, carried 36% of the industry’s small business loans and 70% of its agricultural loans while holding just 15% of total industry loans, and in more than 600 U.S. counties they were the only physical banking presence, per the FDIC Community Banking Studies. Fewer institutions carrying that load means each surviving board matters more, and is watched more closely.

What do examiners actually expect from board minutes?

This is the part most boards learn the hard way. The OCC’s Director’s Book, the Federal Reserve’s Commercial Bank Examination Manual, and the FDIC’s Risk Management Manual of Examination Policies all describe minutes the same way: they are the evidence that directors were informed, deliberated, and acted. Between exams, that evidence accumulates; at the exam, it gets read. Here is what the three manuals, taken together, expect a minute set to document.

Minutes should document Why the examiner looks for it
Attendance of each director and other attendees Shows who was in the room and whether directors participate regularly
Votes, abstentions, and dissents with reasons The FDIC manual is explicit that prudent dissenting directors, for their own protection, insist on their negative vote being recorded with reasons
Review and discussion of material agenda items, actions taken, and follow-ups Evidence of informed deliberation, not rubber-stamping
Approval of prior minutes and board-approved policies A named item on the OCC’s examiner checklist
Insider or conflict-of-interest deliberations and the interested director’s abstention A defined examiner test; the basis for insider decisions must be fully documented
The board’s review of exam reports, audit findings, and regulator correspondence, and the corrective actions taken Examiners specifically look for documented follow-through on their own findings
All materials distributed to the board, retained with the record Examiners pull a sample board package and expect the full set kept

Sources: OCC Director’s Book (2020) and Corporate and Risk Governance Handbook (2019); Federal Reserve Commercial Bank Examination Manual, section 5000; FDIC Risk Management Manual of Examination Policies, section 4.1.

There is one more expectation that surprises people: there is no single federal retention period for board minutes. The regulators require that adequate records be maintained and stay accessible to examiners, and industry practice is to keep the minute book permanently. When the whole record, minutes, packages, votes, signatures, lives in one system with an audit trail, that expectation takes care of itself. That is precisely what Aprio does for a bank board, and why the record is exam-ready instead of being reassembled from inboxes every cycle.

Could you hand the examiner 18 months of complete minutes today?

Aprio keeps board packages, minutes, votes, e-signatures, and the audit trail in one secure place, ready for the exam.

How often does the exam come, and what gets pulled?

The Federal Deposit Insurance Act requires a full-scope, on-site examination at least every 12 months, extended to an 18-month cycle for qualifying banks. Since the 2018 regulatory relief act, that extended cycle covers well-capitalized, well-rated banks under $3 billion in assets, which is most community banks. The Federal Reserve’s examination procedures then tell the examiner exactly what to do on arrival: obtain the board and shareholder minutes, the charter, and the bylaws, and read the minutes of every board meeting since the last examination, alongside a sample board package to judge whether directors are getting adequate information.

In other words, a bank on the 18-month cycle is graded on a year and a half of record-keeping at once. The benchmarks say that is a heavy file: about three quarters of bank boards meet monthly, and the median board packet runs 200 pages with directors spending a median four hours reviewing it, per Bank Director’s 2025 Governance Best Practices Survey.

~75%
of bank boards meet monthly
200
pages in the median board packet
4 hrs
median director review time per meeting
47%
of boards run a performance assessment annually

Sources: Bank Director, Governance Best Practices Surveys (2023 and 2025); Federal Reserve community bank research.

What does the 36-hour cyber rule ask of a bank board?

Since 2022, a joint OCC, Federal Reserve, and FDIC rule requires a banking organization to notify its primary federal regulator of any computer-security incident that rises to the level of a notification incident as soon as possible, and no later than 36 hours after the bank determines one has occurred. The OCC states plainly that the rule applies to community banks. Bank service providers carry their own duty to notify affected customer banks when a covered service is materially disrupted for four or more hours.

The board’s role sits underneath that clock. Under the interagency information security standards implementing Gramm-Leach-Bliley, the board approves the written information security program and oversees it, reviewing management’s reports at least annually. And the stakes are measurable: the average cost of a data breach in the financial sector was USD 5.56 million in 2025 (down from 6.08 million in 2024), against a global all-industry average of 4.44 million, while the average U.S. breach across industries hit a record USD 10.22 million, per the IBM Cost of a Data Breach Report 2025.

Why well-kept minutes are your directors’ best protection

The FDIC does not sue directors who make reasonable business judgments on a fully informed basis and after proper deliberation. The minutes are the proof a decision met that standard. For the administrator, that reduces to three rules:

  • Show the deliberation. Minutes that capture what the board reviewed, questioned, and decided are what separate an informed judgment from a rubber stamp.
  • Record dissent, with reasons. The FDIC’s own manual says dissenting directors should insist on it for their own protection.
  • Assume the record will be tested. 41% of the banks that failed from 2008 to 2013 drew director and officer claims, part of $10.39 billion the FDIC has recovered since 1986. The 2024 Republic First failure review cited weak board oversight and board packages too thin to inform the directorate.

Aprio is built to keep that record automatically: the package in one secure place, minutes drafted from the agenda with votes, abstentions, and dissents captured as they happen, e-signatures, and a complete audit trail behind it all, with support from real people who answer. Community banks like Centinel Bank of Taos, 1st Security Bank of Washington, Buckeye State Bank, TruBank, and others run their boards on it.

Exam-ready board records, without the reconstruction project

Aprio keeps minutes, votes, e-signatures, and the audit trail in one secure portal, with support from real people.

Frequently asked questions

How many community banks are there in the United States?

The FDIC counted 4,022 community banks in the first quarter of 2025, out of roughly 4,400 to 3,800 FDIC-insured institutions depending on the count date. The total number of FDIC-insured institutions has fallen 73.7% since the 1984 peak of 14,496, per FDIC BankFind Suite data, yet community banks still hold 92% of all bank charters.

What must bank board minutes include?

Per the OCC, Federal Reserve, and FDIC examiner manuals: attendance of each director and other attendees; votes, abstentions, and dissents with reasons; the board’s review and discussion of material items, actions taken, and follow-ups; approval of prior minutes and board policies; insider and conflict-of-interest deliberations with the interested director’s abstention; and documented review of exam reports and audit findings with corrective actions. The full board package should be retained with the record.

How often are community banks examined?

A full-scope, on-site examination is required at least every 12 months, extended to 18 months for well-capitalized, well-rated banks under $3 billion in assets. Examiners read the minutes of every board meeting since the last examination and review a sample board package.

What is the 36-hour incident notification rule?

A joint OCC, Federal Reserve, and FDIC rule, in effect since 2022 and applicable to community banks, requiring a banking organization to notify its primary federal regulator no later than 36 hours after determining that a computer-security incident rises to the level of a notification incident. The board separately approves and oversees the bank’s written information security program under the Gramm-Leach-Bliley standards.

Is there a board portal built for community banks?

Yes. Aprio is a board portal built for community bank boards, with board packages, minutes, voting, legally binding e-signatures, and a complete audit trail in one secure system. Community banks like Centinel Bank of Taos, 1st Security Bank of Washington, Buckeye State Bank, TruBank, and others run their boards on Aprio.

For more on how banks run their boards on the platform, see Aprio’s board portal for banks, or book a demo.

Ready to upgrade your board management?

Let’s talk about what’s not working with your current setup and see if Aprio can help.
Board Management Software
Features Why Aprio Industries Pricing About News Start a Conversation
Resources Careers Support Contact

See how Aprio compares on pricing, security & support

Get a Custom Pricing Comparison

Before you go…

Get a personalized comparison of Aprio vs. your current board portal — including real pricing data, migration timeline, and security audit results.

Request Your Free Comparison
Platform Guides: Board Directors | Board Managers | Corporate Secretaries | IT Security | Portal Efficiency | Materials | Meeting Minutes | Security | Evaluating Software | ROI Calculator