Corporate Governance and Risk Management
Category: Corporate Governance
One of the aims of all corporate governance codes can be defined as ensuring effective and efficient risk management of all the issues — strategic, operational, compliance and financial — facing banks in today’s environment.
Risk management is an interactive process and corporate governance and controls should work around this interactive model. Identifying risks and simply reporting them, or reporting them incompletely does not help the bank and is likely to be considered unsatisfactory by bank supervision.
Corporate governance also implies the design, implementation and monitoring of the process of risk management and ensuring that it is integrated into the day to day activities of the bank.
It is the responsibility of the Supervisory Council of a Bank to:
— Set the risk strategy policies in liaison with Management Board.
— Ensure that the bank has implemented an effective ongoing process to identify risk and its potential impact on the business of the bank.
— Activate what is necessary to proactively manage these risks.
— Maintain a sound system of internal control to protect depositors, safeguard shareholders investment, the bank’s assets and the bank’s ongoing sustainability.
— Make disclosures to shareholders on the bank’s risk and management thereof.
By maintaining a sound system of risk management and internal control, Supervisory Council ensure that:
— Operations are run effectively and efficiently.
— The bank’s assets are safeguarded.
— Applicable laws, regulations and codes are being complied with.
— The processes and procedures are regularly reviewed to ensure the effectiveness of the bank’s internal systems of control and reliable reporting, so that the decision making and accuracy of reporting to shareholders is maintained at a high level.
— There is a system of checks and balances and reporting mechanisms in place that meet good corporate governance practices.
While some banks are implementing a bottom-up approach to governance and risk management (unless the Supervisory Council understands and participates in the monitoring, review and control processes) it is likely that eventually a glaring, big-picture omission will result in embarrassment, financial loss or worse — collapse of a bank.
There are three aspects to risk that Supervisory Council should be aware. It not only needs to decide on what to do with the inherent risk (the risk before any controls or actions). Residual risk (the risk that remains after the implementation of the risk management activity) and retained risk (the risk that the Supervisory Council decides to live with) must also be taken into consideration.
Example
As a good demonstration of interrelation between the corporate governance and risk management process one can refer to the 2002 annual report of ABN AMRO Bank (page 50 of annual report).
Risk governance organizational structure
The Managing Board establishes the strategic risk philosophy and policies for ABN AMRO under the supervision of the Supervisory Board. The Supervisory Board, as part of its oversight responsibilities, regularly monitors the risk of the bank’s portfolio Responsibility for the overall implementation of risk policy lies with the Chief Financial Officer, who is a member of the Managing Board.
Because market conditions and bank structures vary, no single risk management system works for all banks. Each bank should develop its own risk management program tailored to its needs and circumstances. The sophistication of the risk management system will increase with the size, complexity, and geographic diversity of each bank. All sound risk management systems, however, have several common fundamentals.
All sound risk management systems have several common fundamentals.
For example, bank staff responsible for implementing sound risk management systems should perform those duties independently of the bank’s risk-taking activities.
Regardless of the risk management program’s design, it should include mechanisms for identifying, measuring, controlling, and monitoring risks.