By Lam, James; Potter, Steve
The RMA Journal
United States. Securities and Exchange Commission--Surveys
United States. Securities and Exchange Commission--Laws, regulations and rules
Disclosure (Securities law)--Surveys
Disclosure (Securities law)--Laws, regulations and rules
Banks (Finance)--Laws, regulations and rules
Risk management--Laws, regulations and rules
Legal liability--Laws, regulations and rules
Regulatory compliance--Laws, regulations and rules
Financial disclosure--Laws, regulations and rules
Banking law--Laws, regulations and rules
Investor relations--Laws, regulations and rules
In the aftermath of the 2008 global financial crisis, bank boards are taking a much more active role in overseeing enterprise risk management (ERM) at their institutions. Bank directors face greater liability from shareholders and regulators, (1) more stringent regulatory and disclosure requirements, and higher expectations from key stakeholders. At the same time, banks face significant risks, including geopolitical turmoil, economic and business uncertainty, and business model challenges posed by greater regulatory constraints and costs.
Bank directors recognize the significant uncertainties they face, and recent surveys indicate that risk management has emerged as one of their top concerns. So what can bank directors do to improve risk oversight? The key levers include establishing an effective governance structure to oversee ERM, approving a risk policy that includes a risk appetite statement, and establishing reporting processes to monitor risk management effectiveness. (2)
To fulfill their fiduciary responsibility for risk oversight, however, bank boards must obtain the requisite human capital and talent. And indeed, industry observers have reported a sustained high demand for risk professionals from corporate boards and executive suites, regulatory agencies, consulting firms, and other organizations. This demand is seen across traditional and emerging sectors (3) as well as global markets. (4)
Given the growing demand for top-notch risk talent, boards should address the following key questions:
1. Which key regulatory requirements must bank directors consider as part of their risk governance and oversight?
2. What are the current industry practices in board risk governance, and which professional credentials are found at bank boards today?
3. What should the criteria and job description be for a "risk expert" at the board level?
4. To improve their risk governance, which actions should all bank boards consider taking today?
The level of regulatory scrutiny on risk management at financial institutions has never been greater. Moreover, directors and officers of failed institutions face substantial exposure to professional liability lawsuits from regulators and shareholders. Consider the following regulatory mandates faced by bank boards:
* Dodd-Frank Act. Section 165 of the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act established new requirements for risk management oversight by bank boards. This provision mandates that each publicly traded bank holding company with total consolidated assets of over $10 billion establish a risk committee of the board that includes at least one risk management expert. The risk committee of the board is responsible for "the oversight of the enterprise-wide risk management practices." The Federal Reserve Board may also require a risk committee at smaller publicly traded bank holding companies. There are parallels between Section 165 of the Dodd-Frank Act and Section 407 of the 2002 Sarbanes-Oxley Act (also known as the Public Company Accounting Reform and Investor Protection Act), which called for the creation of audit committees staffed by independent directors and at least one "financial expert." However, unlike Sarbanes-Oxley rules that define the attributes of a financial expert, (5) Dodd-Frank does not provide specific criteria on what would qualify a board member to be a "risk expert."
* SEC Disclosure Requirements. In December 2009, the Securities and Exchange Commission released a new set of rules designed to enhance transparency around the role of the board in risk oversight. These rules require publicly traded companies to disclose board risk governance and oversight processes in proxy and information statements. These disclosure requirements apply to board risk governance structure, the relationship between compensation policy and risk management, and the extent to which executive compensation may lead to excessive risk taking. …