In the wake of the 2008 financial crisis, Wall Street bankers, government regulators, academics, and the general public all asked one simple question: 'Why?" The answer to this question is important to the task of figuring out how to prevent such an event from happening again.
Some have argued that the financial crisis resulted - at least in part - from poor risk management by U.S. financial institutions. This observation has led to a call for more active engagement of boards of directors in the risk management process, as well as for the selection of board members who have the relevant industryspecific experience necessary to effectively meet that responsibility.
While the assumption that relevant industry-specific experience would enhance a board's ability to effectively oversee the risk management process is intuitively pleasing, it is not empirically supported. This article describes a study of the boards of 21 financial institutions - 11 that survived the recent financial crisis and 10 that did not survive. The authors examined the management biographies of the directors and found that the majority of both surviving bank directors and failing bank directors demonstrated little or no background or experience in the financial service or banking industries. The authors expected to find that the boards of the surviving banks had more industry-specific experience than those of the failed banks; they found in the study, however, that the opposite was true.
The Role of Boards
In his speech, "Lessons of the Financial Crisis for Banking Supervision," Federal Reserve OEairman Ben S. Bernanke discussed ways to strengthen the banking system and mitigate future crises (Federal Reserve Bank of Chicago Conference on Bank Structure and Competition, May 7, 2009). One of the key elements of "safe and sound banking" that he identified was effective risk management. He stated that the federal government puts "a high priority on ensuring that management and board of directors are well informed about the various risks that confront the organization and that they are actively engaged in management of those risks."
Enterprise risk management (ERM) is a critical part of effective internal controls. The Committee of Sponsoring Organizations of the Treadway Commission (COSO) defined it as "a process, affected by an entity's board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives." (COSO Enterprise Risk Management - Integrated Framework Executive Summary, September 2004, p. 2) While day-to-day responsibility for managing risk lies with management, effective governance practices call for active engagement of the board in that process.
In a 2009 publication, "Effective Enterprise Risk Oversight: The Role of the Board of Directors," COSO highlighted the following four components of that role:
* Establishing a mutual understanding with management regarding the entity's risk philosophy and overall risk appetite;
* Assuring that management has established an effective ERM process;
* Reviewing the entity's portfolio of risks and comparing it to its risk appetite; and
* Monitoring significant risks and determining if management is responding appropriately to them.
Active engagement by the boards means that, in addition to providing oversight of management's ERM efforts, they also lend insight, advice, and support to the ERM process. To meet this responsibility, board members must have a deep understanding of the operating, compliance, and financial reporting issues the entity faces. While some risks may be relevant to all entities, no matter what the industry, other risks are specific to the industry in which the entity operates. …