Tag Archive: Corporate Governance Report

The Risks of the Risk Committee

Published by

The following article was recently published in Bloomberg BNA’s Corporate Governance Report. In addition, it was uploaded to all Bloomberg terminals, which are used globally by approximately 350,000 investors, financial traders, and corporate governance experts. For the rest of the article, click here. 

Risk Oversight: Risk Committees Can Play a Role, But They Are Not the Whole Story

In the wake of the financial meltdown of 2008, and before the Dodd-Frank Wall Street Reform and Consumer Protection Act was introduced, there were rumblings in the marketplace calling for all companies to have board-level risk committees. Such calls stemmed from the assumption that if corporate America had specific committees of independent directors to oversee all of the company’s risks, the problems that led to the banking crisis and the subsequent meltdown of Lehman Brothers and Bear Stearns could have been avoided. The concept went so far as to be included in early drafts of Dodd-Frank, but the act was eventually narrowed to require risk committees only on the boards of financial institutions.

Interestingly, most, if not all, of the financial institutions that failed during the most recent recession already had risk committees on their boards before the crisis, so the requirement within Dodd-Frank was not earth shattering. However, when the National Association of Corporate Directors (NACD) examined the board structure and committee responsibilities outside of financial companies, a much different approach came to light. Risk at most non-financial companies was over seen by the audit committee of the board prior to the failure, and still is.

NACD believes that the full board should approve and oversee the risk management policies developed and recommended by management. Risk oversight by a board risk committee—especially one that works in isolation from management and other board committees—could weaken both risk management and risk oversight.

The 2009 Report of the NACD Blue Ribbon Commission on Risk Governance states:

The full board should have primary responsibility for risk oversight, with the board’s standing committees supporting the board by addressing the risks inherent in their respective ar­eas of oversight. It is rare that any one committee—such as the audit committee or a risk committee—would have the time, resources, and expertise to oversee the full range of risks facing a company. Moreover, the critical link between strategy and risk points to the need for the full board—rather than any one committee—to have responsibility for risk.

A risk committee cannot, and should not, replace the board’s ac­tive engagement in risk oversight. Active, proper, and effective risk oversight requires the full board’s attention.

High-Profile Risk Issues

In a blast of legislation, the 2010 Dodd-Frank Act mandated that financial institutions have risk committees. Jumping ahead two years to this spring, the Federal Reserve Board recently proposed rules to put this mandate into place, requiring certain financial institutions (any publicly traded non-bank financial company supervised by the Board of Governors and any publicly traded bank-holding company with consolidated assets of $10 billion or more) to establish board level risk committees. These committees would be explicitly responsible for oversight of the enterprise risk management practices of the company.

However, recent events have proven that risk requires more thought than simply forming a committee dedicated to its oversight. While corporate crisis is not a new story, several high-profile stories have led some to question the current structures in place to oversee risk. In many of these cases, companies have not been able to recognize the ultimate level of risk presented in strategies. Especially in large corporations with multiple business units, it can be difficult to identify the total level of risk presented, given inter- and intra-business correlations.

The inability to recognize the interconnectivity of risk can skew the balance of risk and reward companies believe they have in place. Absent the recognition of interrelation within the organization—which can amplify the risk presented—the board may believe it has established an appropriate balance of risk and reward based on what the company can bear. Factoring in interconnectivities, the board may find itself in hot water if strategies take a turn for the worse.

In addition to the required risk committees already possessed by most large financial institutions, the Federal Reserve Board included an additional provision: that each committee include at least one risk management ‘‘expert.’’ However, the given definition of ‘‘risk-management expertise’’ was vague at best, ultimately lacking a comprehensive explanation of acceptable experiences and background.

To read the rest of the article, click here.