Risk Management At The Top (eBook)

1

Introduction

In the years since the 2007–2009 financial crisis, a number of expectations and requirements for financial institutions have changed and been published. Alongside technical issues, such as changes to capital requirements, stakeholders have outlined their expectations for revitalised oversight of risk issues by the Board.

This book is intended to support Non-Executive Directors (NEDs) in their oversight of risks to which the firm is exposed. While some NEDs will specialise in particular topics, such as risk, the Board has overall responsibility for risk oversight. This oversight of risk is part of the Board's responsibility for supervising the activities of the Executive and establishing boundaries within which they act. To promote an effective dialogue there needs to be shared terminology and concepts, which in turn lead to improved communication and appreciation between the NEDs, the Executive and the risk managers.

1.1 INTRODUCTION

The topic of risk oversight at the Board level and the materialisation of risk issues have a higher profile since the financial crisis. In response to expectations of NEDs and risk, some firms have established a Board-level Risk Committee, while others may nominate one or more NEDs to be the risk specialist representing the Board on the Enterprise or Group Risk Committee. Risk is an aspect of many, if not all, discussions at Board meetings. For example, risk is expected to feature in the discussions on compensation, business tactics and strategy.

Over the past 30 years the discussion of risk has become increasingly technical. This evolution has been stimulated by initiatives of regulators of the financial sector. Basel I, II and III, European Directives and Dodd–Frank are examples of these initiatives. Very often, these initiatives are transposed into national requirements, each with their own variations that correspond to national priorities or perspectives. For firms that operate in many countries, the complexity generated by national differences can substantially expand the details that affect the Executive and influence Board decisions.

In the post-financial crisis landscape some firms are winners. The winners were either lucky or had something that provided competitive advantage. Unfortunately, luck is not reproducible. A perceived aspect of the competitive advantage through the financial crisis is risk management. There are tales of firms reducing their exposure to particular activities or changing their long/short positions before others and weathering the crisis better than others. Whilst some firms got through the financial crisis, the winners were able to grasp opportunities.

This competitive advantage through risk management did not arise by accident; it developed over time and is an integral part of how these firms operate. Not all firms are the same, not all firms face the same risks to the same extent and so a single template is not appropriate. Nevertheless, there will be common themes such as the risk appetite, monitoring compliance with the risk appetite, risk and return, and the variety of risks with different emphases. Pro-active oversight of risk by the Board is now an expectation of many powerful stakeholders to prevent crises and reinforce the competitiveness of the firm. To meet this objective the Board needs to have a meaningful dialogue on risk with the Executive. With the technical evolution of risk, this is not a simple objective.

Some risk management queries are universal, but will only take the risk oversight and challenge dialogue so far:

The Board, and their designated risk specialists, need sufficient knowledge to enable a productive dialogue with the Chief Risk Officer (CRO) or their risk specialists, such as the Chief Credit Risk Officer (CCRO), but without replicating the full extent of their knowledge. Risk is also expected to be an integral part of the Board's dialogue on strategy with heads of businesses and countries or regions. Without going into extensive detailed technicalities, this book supports that productive dialogue.

The rest of this chapter looks at:

1.2 BOARDS

Irrespective of the jurisdiction in which it operates, one of the Board's responsibilities is the oversight of risk.

In non-legal terms, the Board has a number of responsibilities:

• strategy formulation,
• policy making,
• oversight of Executives, and
• accountability to the owners of the company.

Risk is a subtext to all of these responsibilities.

The expectation is that the NEDs on the Board will be able to provide “constructive challenge to the decisions and effective oversight” of the Executive.1 The European Banking Authority (EBA) expectation is that NEDs “should be able to demonstrate that they have, or will be able to acquire, the technical knowledge necessary to enable them to understand the business of the credit institution and the risks that it faces sufficiently well”.

One approach to meeting this objective is to have a NED who has the role of being more expert than others on risk issues. Nevertheless, the Board has shared responsibility, even in the presence of specialists. The optimal attributes required of a risk specialist NED have been grouped into the following categories:2

• risk management acumen
• personal attributes
• business acumen
• education.

Each of these categories is supported by subcategories such as “an understanding of how incentive and compensation design influence risk taking”. Alongside these headings is the necessary experience, for example having been a CRO and experienced a complete business cycle. These attributes, when considered as a set, are challenging. As not all firms are the same, so the importance of meeting certain attributes will vary by firm. Depending upon the exact role, the variety of experience may be more important than its duration, for example 20 years' practical knowledge of a narrow aspect of banking may be of limited value. The suitability of experience needs to be proportional to the firm's activities in terms of scope, scale and complexity.

1.3 WHY NOW?

Following the 2007–2009 financial crisis there were many initiatives by:

• governments,
• trans-government bodies (such as the G20),
• financial regulators (national and international), and
• industry bodies.

These initiatives are intended to prevent reoccurrence of an equally grave crisis and fall into two broad categories – governance and technical. The initial rush of initiatives appears to be over and the focus is upon migrating from concept to rules and requirements. Firms are implementing various processes in response to these rules and requirements and are being “encouraged” by regulators, regulatory groups (such as the Basel Committee) and politicians with deadlines.

1.3.1 Governance Expectations

Stakeholder expectations on governance have been published, including:

• the Walker Report,3
• documents from the Financial Reporting Council4 and the International Corporate Governance Network,5 and
• the UK Report of the Parliamentary Commission on Banking Standards.

In some instances the expectations and requirements apply to the entire corporate sector, in others they relate specifically to banks and other financial institutions.

The EBA has produced a set of guidelines to focus on the experience of individuals on the Board and key Executive functions.6 These guidelines apply to unitary as well as two-tier Boards. These functions can also be known as significant influencing functions (SIFs). Several national regulators had SIF regimes established before the publication of the EBA guidelines. These regulators were able to raise their expectations and implement the new standards almost immediately. In some cases, this has been accompanied by greater assertiveness by the regulators about SIFs meeting these expectations. These guidelines were adopted by EU banking regulators in May 2013.

For regulators that already had a SIF regime, the interviews may, originally, only have been conducted pre-appointment. A satisfactory outcome influenced whether the appointment could proceed. With the changed environment, it is expected that these interviews with regulators will occur on a regular basis when the individual has been in position for a period of time.

Some regimes are expected to go beyond the SIF interview prior to appointment and these ``in-position'' inverviews.7 The UK regime has a proposal that SIFs, “in a case of failure, should demonstrate that they took all reasonable steps to prevent or mitigate the effects of a specified failing”.8 This obligation is reinforced by the suggestion that a criminal offence should be created for SIFs “carrying out their professional responsibilities in a reckless manner”. It is not clear if other jurisdictions will adopt similar expectations and sanctions.

1.3.2...