VIEWPOINT: Risk Management Overhaul Do's, Don'ts
Prutzman, Deborah, American Banker
Byline: Deborah Prutzman
All signs indicate that the lasting legacies of the financial crisis will include an increased focus on how financial services companies manage risk and how regulators and shareholders hold board directors ultimately responsible for inadequate risk management oversight.
In the United Kingdom, the government-commissioned "Walker Report" found that "governance failures contributed materially to excessive risk taking in the lead up to the financial crisis." Moody's Investor Service has said that the effectiveness of a financial firm's management will be an important rating consideration. The SEC has proposed greater disclosure concerning the role of the board in this area. And a growing number of regulatory enforcement orders require boards of banks to increase their oversight of the bank's affairs in specific ways.
Directors, senior management and the regulators have a unique opportunity to address these concerns and demonstrate awareness, cooperation and competence before irresistible pressure builds to pile on weighty demands and requirements.
Two challenges must be met. First, regulators and legislators must avoid the understandable reflex to overload institutions with prescriptive "thou shall"-type rules. Second, during a period of great uncertainty and change with many day-to-day pressures, boards and senior management need to take the time to engage in a real dialogue about risk.
Let's address the regulators first. The natural tendency, when something has gone awry, is to pile on specific and detailed requirements. As understandable as this is, in a heavilyregulated industry such as banking, the number of specific requirements often exceeds what any human could reasonably be expected to handle - especially on a cumulative basis.
Experienced bank managers can tell you that a thick, overlydetailed board package often leads to an unproductive discussion. A more targeted package, that raises the right questions and provides the necessary details, enables the board to focus on those matters warranting its attention. Still, banking laws and regulations are drafted in such a way as to encourage a check-the-box approach.
For example, bank management is required to notify its board (or a committee) of every suspicious activity report the bank files. These reports advise law enforcement agencies of the possibility of a crime occurring and must be filed whenever there is reasonable suspicion. Institutions file literally hundreds, if not thousands, of these reports each month. Do we really want the board, or one if its committees, to review each one? Likewise, by regulation the board of a national bank must review its banking hours. The hours during which a bank is open are important, but this is clearly a management, not a board, issue.
Bank directors who conscientiously address these detailed and voluminous requirements would have insufficient time to consider more significant matters. …