Earlier this week, Joe Nocera of the New York Times cited my views in a scathing column on bank debt-collection practices. He said I said – and I indeed do so say – that banks should be responsible for those who act on their behalf. This has sparked a lively e-mail debate, to which I’m indebted to all of you for raising challenging questions about just how high bank corporate-governance standards should be set. Critics of the industry sometimes argue that banks and their boards want absolution for everything as long as shareholders get their due, but this isn’t the point those of you contesting my tough approach have offered. Rather, you say, it’s that I’ve drawn the line too far and, thus, made the job of being a bank director too hard, transferring to directors much of the managerial responsibility belonging instead to salaried top brass. This is a valid point – defining where the board’s duties start and stop is tricky – so let me here expand on suggestions about how both to hold directors responsible and, at the same time, let them keep their own day jobs.

I agree that directors – among whom I number myself from time to time – are too busy to be burdened by impenetrable three-ring binders on every risk-management detail. But, this doesn’t absolve them of a vital element of their fundamental fiduciary duty: ensuring that they know what even the very largest banking organizations are doing and saying no when they don’t like it. So, how to balance this duty with the complexity of large financial organizations?

First, bank management needs to know that directors aren’t dopes. If they are, then the senior management that drives their appointment should be canned since dumb directors do little more than cosset duplicitous management. If management is good, so too should be the board. And, if neither is, then large shareholders have only themselves to blame when things go bad and small investors should call their lawyers.

So, directors aren’t dopes. How then to give them the tools with which to execute their responsibility for risk management across the full scope of bank products, including structured financial instruments? Even in the most complex banking organizations, this isn’t as hard as it looks.

First, a simple rule: if management can’t explain the business, then the bank shouldn’t be in it. Perhaps due to a long-ago scientific background, finance still doesn’t seem all that hard. Sure, transactions are complex tos and fros among numerous counterparties, especially in daunting sectors like the tri-party repo market. But, Einstein came up with a simple equation to explain one of the most profound concepts in physics and risk managers can darn well do the same. And I learned years ago at MIT, if an equation takes multiple white boards going up and down so fast you can’t quite follow it, the equation is almost certainly wrong.

Second, the solution in the financial equation is the “risk tolerance.” That is, it’s an informed decision made by the board about how much of whose money the bank is prepared to bet. Again, if this can’t be clearly explained, then the bet’s off. And, the clear explanation should be on a forward-looking basis hard tested under stress scenarios clearly explained to the board so directors can assess whether factors they anticipate are included in the variables to which the risk tolerances are subjected.

Is this really all that hard? In some ways, yes – and that’s what quants are for. They should run all the models and devise all the scenarios to see how well products fare under different situations and, then, divine what happens to capital and liquidity. Of course, these aren’t the only risks to which big banks are heir, so risk managers, counsel and policy analysts need to understand the business model to kick-test it from an operational, legal and reputational risk perspective. Again, not easy, but that’s also what we’re here for. If we can’t give directors bottom-line conclusions and, when we do, if these don’t stand up under scrutiny or stress, then we aren’t doing our job and the board should be sure we aren’t kept on to confuse them.

And, back to the Nocera column: its point was that banks and their boards can’t hide the pony because someone else is riding it. To this, we wholly concur. In any product or service, the bank and its board needs to look horizontally and vertically through the venture’s life cycle. The bank is the father, mother, obstetrician, guardian, nursing-home operator and undertaker all at the same time for everything it does. If it originates a mortgage for sale into the secondary market, it needs to take responsibility for the mortgage from both a borrower and investor perspective. If it doesn’t, it can’t escape the reaper – look at the current mortgage crisis to see how sharp the scythe can be. If the bank hires a debt collector on its behalf, then the debt collector is its agent, and the bank can’t credibly say it had no responsibility for the debt-collectors actions even as it collects the ill-gotten proceeds.

And, so too through the cycle for other bank products, services and financial instruments. One might once have thought that banks could cleanse their hands of that which they touched on its way into the financial market, but law, rule and public opinion say that dirt once touched is now soil immutable. This is a fundamental change in many bank business models, but it’s actually a healthy restart. Once, banks drew their market power from market confidence in their probity. With this restored, real power without systemic risk could return to a renewed banking industry – big ones included.

.