By: Ben J. Carnevale
Is the passage of time erasing our memories of the risk management failures committed by so many of our major economic institutions during the 2008-2009 financial crises?
A recent article posted in Business Week entitled “Behold the Ghosts of Bubbles Past” would certainly seem to indicate that to be the case.
This article listed several events which would seem to imply that business continuity planners perhaps needed to quickly re-evaluate their business impact assumptions and even consider re-writing many of their disaster preparedness strategies related to future economic risks potentially facing their organizations.
Also implied was that, perhaps, Wall Street is returning to some old habits that proved to create some serious risks to businesses back in 2008-2009, and, could again be a creating a new risk environment for business impact analysis teams to evaluate.
Reasons for potential concern involve the facts that:
- Banks are back to hawking complex derivatives that magnify bets on corporate debt,
- For the first time since the financial crisis of 2008-2009, JP Morgan Chase is set to resume selling securities tied to home loans that are not backed by the government, and
- There appears to be a feverish new development of revival for the U.S. housing market, with new home sales surging to levels not seen since August 2008.
Could a meltdown-minded observer reasonably get to thinking — Here we go again?
For the record, this Business Week article was trying to primarily address the current debate regarding whether or not banks are “too big to fail” if in fact those banks are not successful in trying to satisfy investor’s searches for better yields against a backdrop of historically low interest rates.
However, the purpose of citing this information within this posting is to bring attention back to the fact that our business leaders and Board of Director members of entities both large and small need to be aware of these developments and how they could relate to keeping the doors of their business open.
And, the fact that a financial crisis similar to that of 2008-2009 might happen if mistakes are made again whenever banks (and other investment banking entities) reach too far to satisfy those investors willing to increase their risks to chase higher yields —could become a worst case scenario that needs to be watched carefully before it challenges even the best business continuity plan.
In nothing else, perhaps these events simply point to the fact that it is time for a Board to review its level of oversight of management’s risk appetite and tolerance.
Facing this kind of potential risk mitigation scenario, BOD members would benefit from reading the guiding principles for improving board oversight of risk found in the October 2009 National Association of Corporate Directors (“NACD”) Blue Ribbon Commission Report titled “Risk Governance: Balancing Risks and Rewards”.
As risk oversight objectives may vary from company to company, this NACD report clearly states that every Board of Directors should be certain that:
- The risk appetite implicit in every company’s business model, strategy, and execution is appropriate for that particular company,
- The expected risks are commensurate with the expected rewards,
- Management has implemented a system to manage, monitor, and mitigate risk, and, that system is appropriate given that company’s business model and strategy,
- The risk management system at that company informs the Board of the major risks facing that company,
- An appropriate culture of risk-awareness exists throughout the organization, and
- There is full recognition and action plans addressing the management of any risk deemed essential to the execution of that company’s strategic plan and achievement of those agreed upon and stated strategic objectives.
If these reasons were not enough, other developments appear to also be escalating board risk oversight due diligence expectations globally:
- Security regulators want more disclosure,
- Credit Rating agencies are starting to score risk oversight,
- Institutional investors are now recommending due diligence processes include an evaluation of corporate governance and board risk oversight,
- New professional practice standards explicitly require internal auditors assess and report their opinion on the effectiveness of their company’s risk management processes to the board of directors, and
- An increase in authoritative guidance on board risk oversight is influencing judicial views about what constitutes a reasonable director’s “duty of care”.
While there is no message of immediate urgency implied in this posting, there is a clear statement that while risk management methodologies may vary from company to company and from job to job within those companies, risk oversight is a duty and responsibility shared by all of the organization members.
If you think your organization might be unprepared to face another potential financial crisis even close to the level of 2008-2009, then you may want to discuss these issues with your company’s management team.
To provide additional information and guidance on this potential risk scenario, the following list of resources is available to you:
- Harvard Law School Forum on Corporate Governance Whitepaper “Board Oversight of Management’s Risk Appetite and Tolerance” posted by Matteo Tonello, Dec 17, 2012.
- NACD Summary Report “Risk Governance: Balancing Risk and Reward” sponsored by the Center for Board Leadership
- “Executive Perspectives on Top Risks for 2013” by Protiviti and the Enterprise Risk Management (ERM) Initiative at North Carolina State University’s Poole College of Management.
As always, our staff welcomes your comments …..