Perhaps one of the greatest shocks from the financial crisis has been the widespread failure of risk management in what were widely regarded as institutions whose specialty it was to be masters of the issue… . [T]he corporate governance aspects of risk management failed in too many instances in financial companies.
In the wake of the recent financial crisis, the importance of risk management in financial institutions is evident. Conflicts of interest and insider loyalties have deprived the corporate control centers responsible for risk management ofadequate power and independence in dealing with risk Recent changes in corporate governance reflect an awareness of this problem.
This article examines the publicly disclosed corporate governance practices of twenty-five of the largest bank holding companies, focusing on the control centers of the corporations relevant to risk management. The risk management departments, the audit and internal audit function, and the contingent of independent directors on the board. This survey shows that in the aftermath of the financial crisis, a new consensus on best practices is beginning to emerge in assessing risk management. However, there still remains a need for more progress in assuring the independence of the risk management and internal audit functions by linking them more closely to the board.
This article also analyzes the recent rules facilitating shareholder access to the management proxy for director elections as a possible means to improve risk management. The new rules may serve to better connect the board to the shareholder base and provide an independent voice to the board, serving as an antidote to board “groupthink.” While prospects of this regulatory scheme are uncertain, this article suggests that the success of the new regulation will be measured by the extent to which it stimulates a process of collaboration with shareholder groups allowing the governance committee to participate in vetting prospective shareholder nominees.