The following article was recently published in Bloomberg BNA’s Corporate Governance Report. In addition, it was uploaded to all Bloomberg terminals, which are used globally by approximately 350,000 investors, financial traders, and corporate governance experts. For the rest of the article, click here.
Risk Oversight: Risk Committees Can Play a Role, But They Are Not the Whole Story
In the wake of the ﬁnancial meltdown of 2008, and before the Dodd-Frank Wall Street Reform and Consumer Protection Act was introduced, there were rumblings in the marketplace calling for all companies to have board-level risk committees. Such calls stemmed from the assumption that if corporate America had speciﬁc committees of independent directors to oversee all of the company’s risks, the problems that led to the banking crisis and the subsequent meltdown of Lehman Brothers and Bear Stearns could have been avoided. The concept went so far as to be included in early drafts of Dodd-Frank, but the act was eventually narrowed to require risk committees only on the boards of ﬁnancial institutions.
Interestingly, most, if not all, of the ﬁnancial institutions that failed during the most recent recession already had risk committees on their boards before the crisis, so the requirement within Dodd-Frank was not earth shattering. However, when the National Association of Corporate Directors (NACD) examined the board structure and committee responsibilities outside of ﬁnancial companies, a much different approach came to light. Risk at most non-ﬁnancial companies was over seen by the audit committee of the board prior to the failure, and still is.
NACD believes that the full board should approve and oversee the risk management policies developed and recommended by management. Risk oversight by a board risk committee—especially one that works in isolation from management and other board committees—could weaken both risk management and risk oversight.
The full board should have primary responsibility for risk oversight, with the board’s standing committees supporting the board by addressing the risks inherent in their respective areas of oversight. It is rare that any one committee—such as the audit committee or a risk committee—would have the time, resources, and expertise to oversee the full range of risks facing a company. Moreover, the critical link between strategy and risk points to the need for the full board—rather than any one committee—to have responsibility for risk.
A risk committee cannot, and should not, replace the board’s active engagement in risk oversight. Active, proper, and effective risk oversight requires the full board’s attention.
High-Proﬁle Risk Issues
In a blast of legislation, the 2010 Dodd-Frank Act mandated that ﬁnancial institutions have risk committees. Jumping ahead two years to this spring, the Federal Reserve Board recently proposed rules to put this mandate into place, requiring certain ﬁnancial institutions (any publicly traded non-bank ﬁnancial company supervised by the Board of Governors and any publicly traded bank-holding company with consolidated assets of $10 billion or more) to establish board level risk committees. These committees would be explicitly responsible for oversight of the enterprise risk management practices of the company.
However, recent events have proven that risk requires more thought than simply forming a committee dedicated to its oversight. While corporate crisis is not a new story, several high-proﬁle stories have led some to question the current structures in place to oversee risk. In many of these cases, companies have not been able to recognize the ultimate level of risk presented in strategies. Especially in large corporations with multiple business units, it can be difﬁcult to identify the total level of risk presented, given inter- and intra-business correlations.
The inability to recognize the interconnectivity of risk can skew the balance of risk and reward companies believe they have in place. Absent the recognition of interrelation within the organization—which can amplify the risk presented—the board may believe it has established an appropriate balance of risk and reward based on what the company can bear. Factoring in interconnectivities, the board may ﬁnd itself in hot water if strategies take a turn for the worse.
In addition to the required risk committees already possessed by most large ﬁnancial institutions, the Federal Reserve Board included an additional provision: that each committee include at least one risk management ‘‘expert.’’ However, the given deﬁnition of ‘‘risk-management expertise’’ was vague at best, ultimately lacking a comprehensive explanation of acceptable experiences and background.
To align with the changes brought on by the Dodd-Frank Act, NACD updated its most widely read publication, the Report of the NACD Blue Ribbon Commission on Director Professionalism. The report has served as the gold standard for the roles and responsibilities of corporate directors over the past 15 years and is the go-to guide for directors, corporate secretaries, general counsels, accounting firms, law firms, universities, and other corporate governance leaders.
The idea of “director professionalism” was pioneered by NACD with the original release of this landmark Blue Ribbon Commission (BRC) report. It is based on the understanding that the board is at the center of corporate governance, and the actions and attitudes of the individual board members shape the culture of the board. So, to build an effective board, directors must take their responsibilities seriously and work together as professionals.
The Director Professionalism BRC report focuses on four main areas that a board should consider and work collaboratively together to accomplish:
Responsibilities: What the board should do
Processes: How the board fulfills those responsibilities
Selection: Who the directors should be
Evaluation: How the boards and individual directors should be judged
Increased scrutiny on governance practices and additional demands being placed on public company directors inspired the re-issue of this report. The new version takes into consideration regulatory changes, including Dodd-Frank, say on pay and new SEC disclosure requirements for proxy statements, enabling directors to stay current on corporate governance practices.
The Report of the NACD Blue Ribbon Commission on Director Professionalism lays the foundation for a number of NACD programs and services, including the Director Credentials Program, which helps directors demonstrate their commitment to boardroom excellence, and NACD’s new Board Benchmarking Analysis Tool, which allows boards to benchmark their governance structures and practices against their peers.
The landscape for companies has changed more dramatically over the past 24 months than at any point in recent history. That makes NACD’s ongoing work to drive director professionalism more relevant than ever in helping boards meet new challenges. Leading authorities and experts, including members of the United States Congress and the Delaware Supreme Court, have referenced BRC reports and their detailed information about leading boardroom practices.
As noted in yesterday’s NACD Director’s Daily, the Boston Globe reported that the Federal Deposit Insurance Corporation (FDIC) issued final rules on recovering cash compensation from executives and directors of financial institutions that have been liquidated by the federal government. The Dodd-Frank Act empowered the FDIC to recover compensation when a current or former senior executive or director is “substantially responsible” for the failed condition of a covered financial company. The FDIC’s final rule clarifies that an executive or director would be considered “substantially responsible” if that person failed to act “with the degree of skill and care an ordinarily prudent person in a like position would exercise under similar circumstances.” In other words, executives and directors stand to lose their compensation from the previous two years if they are shown to be negligent in the performance of their duties.
While this new FDIC rule only applies to banking institutions, other clawback provisions in the Dodd-Frank Act will affect all public companies. The Act directs the Securities and Exchange Commission (SEC) and national listing exchanges to require companies to recover incentive-based compensation from any current or former executive if the company is required to prepare an accounting restatement due to the material noncompliance with any financial reporting requirement under the securities laws. The specifics of the rule are yet to be developed; the SEC is scheduled to release a proposed rule near the end of 2011 with final adoption in early 2012.
Both clawback provisions set a fairly low bar to recoup compensation. The FDIC will recover compensation in cases of negligence. In banking institutions on the verge of collapse, it may be a heavy burden for an executive or director to prove lack of a breach of a fiduciary obligation and exercised “prudent” business judgment. The SEC and national listing exchanges will recover compensation in the event of noncompliance with “any financial reporting requirement.” This seemingly provides many opportunities to clawback incentive compensation from an executive. Final rules from the SEC will shed more light on the practical implications of the law.
Clawbacks may have more lasting effects than simply revoking an executive’s pay. Therefore, boards must monitor the corporation’s well being and closely align executive pay with performance.