Tuesday, February 4, 2014

Both OCC and Fed Now Embracing ERM

I have long argued that Enterprise-Wide Risk Management (ERM) holds the potential to revolutionize corporate governance. Thus, in 2008, I argued (along with co-author Betty Simkins) that the SEC should require that pubic firms: 
 


On January 16, 2014, the OCC took a giant leap in this direction and combined with prior regulatory releases by the SEC and the Federal Reserve (which acted pursuant section 165(h) of the Dodd-Frank Act) the stage is set for a more rationalized corporate governance law and regulation. Here are the requirements of the new risk management guidelines in the OCC's own words:

Image: Office of the Comptroller of the Currency

The OCC’s risk management guidelines apply to all banks with over $50 billion in assets. Therefore virtually every large bank in the U.S. will now be required to adopt some form of ERM.

These new requirements are additional risk management mandates to those the Fed proposed in late 2011. The Fed’s ERM mandates apply to all systemically important financial institutions with a primary focus on bank holding companies with over $50 billion in assets. The Fed's proposal mandates an independent risk management committee, risk management expertise and an ERM function that is independent of the CEO.

The SEC, for its part, already requires that all public firms disclose their risk management practices to investors pursuant to the mandatory disclosure requirements applicable to such firms. These regulations took effect in 2009. 

Taken together, it is clear that a new paradigm is emerging in corporate governance, and ERM is at the center of that paradigm. To the extent that independent risk management committees emerge that directly supervise a chief risk officer and more risk management expertise is brought to bear in the public firm (and the financial sector in particular), perhaps corporate governance can evolve toward a regime that gives investors more precisely the risk profile they bargain for. That would be a major improvement. After all, deeply deficient risk management pervaded all aspects of the Great Financial Crisis of 2008.

ERM as refined by the OCC and the Fed holds the potential to define a new "best practices" in corporate governance for communication of a firm's risk profile and the control of risks within the firm to meet that profile.

Law review article forthcoming. . .  

No comments:

Post a Comment