Applying the CAPM to Performance Measu ...
After completing this reading, you should be able to: Calculate, compare, and evaluate... Read More
After completing this reading, you should be able to:
Corporate governance can be defined as the way the firms are run. That is, corporate governance postulates the roles and the responsibilities of a company’s shareholders, a board of directors, and senior management. The relationship between corporate governance and risk has become fundamental since the 2007-2009 financial crisis. The critical questions to be answered in the following text are about the relationship between corporate governance practices and risk management practices, the organization of risk management authority through committees, and the transmission of risk limits to lower levels so that they can be observed in daily business decisions.
Lack of transparency, lack of correct and sufficient information about economic risks, and a breakdown in the transmission of relevant information to the board of directors are some of the leading causes of corporate failures in nonfinancial as well as financial sectors in 2001-03 and 2007-09. The subprime crisis was caused by the relegation of risk management activities in the boom years. The risk associated with structured financial products was almost ignored, and this resulted in failed institutions and a global financial crisis.
The post-discussion of corporate governance includes some key issues, especially in the banking industry. These include the composition of the board, the risk appetite, compensation, and stakeholder priority.
The regulators have forced banks to come up with a formal and board-approved risk appetite that reflects the firm’s willingness to accommodate risk without the risk of running insolvent. This can be amplified to enterprise risk limits while engaging the board.
The boards have been tasked with the responsibility to cap overcompensation settings. The payment structure should capture the risk-taking adjustment to capture the long-term terms’ risks. A good example is where some banks have limited the bonus compensation schemes and also introduce delayed bonus structures.
The financial crisis led to a discussion on the firm’s board’s independence, engagement, and financial industry skills. However, statistical analysis on the failed banks does not show any correlation between the prowess of a bank and the predominance of either the insiders or outsiders.
The 2007-2009 financial crisis analysis led to the realization that there was little attention to controlling the tail risks and worst-case scenarios. This has led to discussions on the stakeholders of a bank and their impact on corporate governance.
After the crisis, the significance of the boards being proactive in risk oversight became a significant issue. Consequently, the boards have been educated on the risks and the direct relationship of the risk management structure, such as delegating CRO’s power to report to the board directly.
To determine risk behavior, the board takes control over compensation schemes. Boards should assess the impact of pay structures on risk-taking and also examine whether risk-adjustment mechanisms carters for all key long-term risks. Several banks have already started practicing this for example, by limiting the spread of bonuses in compensation schemes, deferred bonus payments, and clawback provisions.
A clear understanding of business strategies and associated risks and returns is necessary for risk governance. The risks associated with business activities should be made transparent to the stakeholders. Appropriate risk appetite should be set for the firm, and the board should oversee the managerial operations and strategy formulation process. Risk management should be involved in business planning, and risks associated with every target should be adequately assessed to see if they fit into the firm’s risk appetite. The choices in risk management are as follows:
Risk management strategies should be directed to impact economic performance rather than accounting performance. Policies, directives, and infrastructure related to risk management should be appropriately placed in a firm. The seriousness of a firm about its risk management process can be gauged by assessing the career path in the risk management division of the firm, the incentives awarded to the risk managers, the existence of ethics within the firm, and the authority to whom the risk managers report.
The primary responsibility of the board of directors is:
As stated earlier, the 2007-2009 financial crisis reflected the weakness in the risk management and oversight of the financial institutions. Consequently, the post-crisis regulatory has emphasized risk governance with an aim to check both the financial risks.
Risk governance is all about coming with an organizational structure to address a precise road map of defining, implementing, and authoritative risk management. Moreover, it touches on the transparency and establishment of channels of communication within which an organization, stakeholders, and regulators engage.
For instance, the board of directors has the responsibility for shaping and authority in risk management. The board of directors to analyze the major risk and rewards in a chosen firm’s business strategy.
In other words, the risk governance must ensure that it has put a sound risk management system in place to enable it to expand its strategic objectives within the limits of the risk appetite.
A statement of risk appetite is one of the critical components of corporate governance. RAS contains a precise aggregated amount and types of risks a firm is willing to accommodate or avoid to achieve its business objectives.
Clear articulation of the risk appetite for a firm helps maintain the equilibrium between the risks and return, cultivating a positive attitude towards the tail and even risks, and attaining the desired credit rating.
The RAS should contain the risk appetite, and the risk tolerance measures the maximum amount of risks taken at the business level as well as an enterprise risk. Moreover, it should be the relationship between the risk appetite, the risk capacity, the risk profile, and the risk tolerance.
Risk tolerance is the number of acceptable results relative to business objectives (dotted line on the diagram above). Risk tolerance is a tactical measure of risk, while risk appetite is the aggregate measure of risk. Note that the risk appetite is below the risk capacity of a firm. A firm operating within the risk tolerance can attain the risk-adjusted return objectives relative to the amount of risk.
In the banking industry, the board of directors charges the committees like risk management committees, among others with ratifying policies and directives for activities related to risk management. The committees frame policies related to division-level risk metrics in relation to the overall risk appetite set by the board. They also look after the effective implementation of these policies.
The audit committee’s responsibility is:
The members should ideally be nonexecutives to keep the audit committee clear from executive influence. The audit committee should interact with the management productively and should keep all channels of communication open.
There may be a few nonexecutives on the board of directors, who may not have the necessary expertise to understand the technicalities behind the risk management activities of a sophisticated firm. In this case, executives may dominate the nonexecutives, and this may lead to corporate scandals. Training programs and support systems may be put in place to aid such nonexecutives. Another method is to have a specialist in risk management as a risk advisory director on the board. Its functions are:
The risk management committee in a bank independently reviews different forms of risks like liquidity risk, market risk, etc., and the policies related to them. The responsibility of approving individual credits also usually rests with the risk management committee. It monitors securities portfolios and significant trends in the market as well as breakdowns in the industry, liquidity crunch, etc. It reports to the board about matters related to risk levels, credits, and it also provides opportunities for direct interaction with the external auditor, management committees, etc.
Its responsibility is to determine the compensation of top executives. Since the CEO could convince the board to pay the executives at the expense of shareholders, compensation committees were put in place to check such occurrences. In the previous decade, compensation based on short-term profits, without much concern about long-term risks, have sealed the fate of many institutions. Since then, compensation based on risk-adjusted performance has gained recognition. Such compensation helps in aligning business activities with long-term economic profitability.
Various caps have also been put in place on the bonuses of executives across the world to prevent a reckless risk-bearing attitude while eying for the upside but bearing no responsibility for the downside of the risky activity. Stock-based compensation may encourage risk-taking as the upsides are not capped while the downsides are. To make employees concerned about the firm’s financial health, they may be made the firm’s creditors by providing compensations in the form of bonds. For example, UBS has adopted such a strategy.
Many firms wish to examine how the regular activities of a firm run within the confines of the set risk appetite and limits defined by the board and executive committees. The process of examining the firm’s risk appetite include:
The CRO is a member of the risk committee whose responsibilities are:
As realized in the global crisis, the executive compensation schemes at many financial institutions motivated short-run risk-taking, leading to management ignoring the long-term risks. That is, the bankers were rewarded based on short-run profits. Consequently, it led to the formation of the compensation committee to cap executive compensation. This prevents a scenario where the CEO can convince the board member to compensate themselves at the expense of other shareholders.
The compensation is part of the risk culture of a firm. Thus, it should be made in accordance with the long-term interest of the shareholders and other stakeholders and the risk-adjusted return on the capital.
For instance, the central bank governors and the finance ministers of the G-20 countries met in September 2009 to discuss the framework for financial stability, one of which is reforms on compensation. The reforms included:
Primary responsibility is put on the firm’s staff to implement the risk management at all scopes of the firm. The executives and the business line managers should work collaboratively to manage, monitor, and report the various types of risk being undertaken. The figure below illustrates the risk management lows and divided by various management functions.
The audit function is responsible for an independent assessment of the framework and implementation of risk management. It reports to the board about the strategies of business managers and executives, and whether these strategies are in line with the board’s expectations. Regulatory guidelines require audit groups to monitor the adequacy and reliability of documentation, the effectiveness of the risk management process, etc. For example, suppose the market risk is under consideration. In that case, auditors are required to assess the process by which derivative pricing models are examined, changes in measures for quantifying risks, and the scope of risks captured by the models in use. The integrity and independence of position data should also be examined.
There should be an evaluation of the design and conceptual soundness of risk metrics and measures, and stress testing methodologies. The risk management information system, including the process of coding and implementing models, should also be checked and evaluated. The same would include examining controls over market position data capture and that over the process of parameter estimation. The audit function reviews the design of the financial rates database, which is used to generate parameters for VaR models, and things like risk management system upgrade, adequacy of application controls in risk management information system, etc. Documentation related to compliance should be examined, and the audit function should independently assess VaR reliability. The guidelines for the audit function are provided in the International Professional Practices Framework (IPPF). The audit should, essentially, be independent of operational risk management. This ensures that the assessment done by the audit function is reliable.
It is not possible to control the financial health of a firm without an excellent risk management function and appropriate risk metric. Historically, many corporate failures have been associated with the relegation of risks, which would turn fatal later. An important example of this is the subprime crisis in the United States. Therefore, a clear risk management policy should guide the strategies of the firm, and an appropriate risk appetite should limit the exposures of the firm. Such directives make it easy for the executives down the business line to understand their role in the risk management activity.
The risk committees should participate in framing risk management methodologies, and they should have appropriate knowledge of all the risks as well as their metrics so that they can clearly understand the risk reports. A careful delegation of authorities and responsibilities to each risk management mechanism should ensure that all the gaps are filled, and all the activities are complementary to each other. After taking risk into account, risk measures like VaR, economic capital, etc. can be used to set risk limits, and also be used to determine the profitability of various business lines.
Risk infrastructure can be used as a tool in the analysis and pricing of various deals. It can also be used to formulate incentive compensation schemes so that business decisions and strategies are aligned with risk management decisions.
Question
A recently appointed risk management director at an investment firm is concentrating on enhancing the company’s governance structures to strengthen its risk oversight. The director reviews possible challenges in the initiation phase. Which of the following is most likely a corporate governance obstacle for the risk manager?
A. The executive board and portfolio managers have differing priorities.
B. The firm establishes a consistent risk assessment framework across all departments..
C. The compliance committee is independent of the risk management team.
D. The firm’s remuneration system aligns with the company’s ethical standards and risk appetite.
Solution
The correct answer is A.
This option identifies a common challenge in corporate governance. Portfolio managers may be motivated by short-term gains and higher returns, even if they involve higher risks, whereas the executive board may focus on the long-term stability and reputation of the firm. This conflict of priorities can create obstacles in implementing coherent risk management practices. Therefore, this is the correct answer.
B is incorrect. This statement describes a desirable situation rather than a challenge. Having a consistent risk assessment framework ensures alignment across different parts of the organization and helps in the systematic evaluation of risks, thus supporting the risk management process.
C is incorrect. While independence can sometimes lead to communication challenges, it is generally seen as a good practice in corporate governance. It helps to maintain checks and balances and ensures that the compliance committee can objectively evaluate the risk management practices without any bias.
D is incorrect. This statement describes a scenario where the firm’s pay structure is designed to promote ethical behavior and align with the company’s risk tolerance. This is a positive aspect of governance, not a challenge, as it encourages behavior that is in line with the firm’s risk management objectives
Things to Remember
- Corporate governance refers to the system by which companies are directed and controlled. It encompasses practices and policies to ensure the company’s integrity, transparency, and alignment with stakeholders’ interests.
- A misalignment between the priorities of different stakeholders (such as the executive board and portfolio managers) may lead to challenges in implementing consistent risk management practices.
- This conflict of interests might arise from differing short-term and long-term goals, where some stakeholders focus on immediate profitability, and others prioritize long-term stability and reputation.
- Effective risk management requires the alignment of goals and shared understanding between different levels of the organization to create a cohesive strategy that balances risk and reward.