Lest anyone be in any doubt: risk management and governance improvements are on the EU’s agenda. At a recent speech, Charlie McCreevy, European Commissioner for Internal Market and Services spoke on Corporate Governance at the Institute of Chartered Secretaries and Administrators (ICSA) EU Corporate Governance Summit in Brussels on 8 October 2008. He said:
It is clear that poor, indeed, sometimes disastrous, risk management by financial institutions was partly to blame for the current financial turmoil. In the final analysis, such poor risk management is, in part, a result of failing internal governance.
Financial institutions will have to examine their internal governance framework with a view to embracing risk management. Risk management should be part of the strategy of the firm, and indeed the culture of the organisation.
It is the duty of senior management in financial institutions to address this and it is the role of the board to oversee it. In their respective roles, both senior management and the board need to ensure a holistic approach to firm-wide – and group-wide - risk management.
I do not want to go into details how best to integrate a firm's internal risk management strategy. But one area which I think would provide a good early warning of faults in a firm's risk management system is the firm's approach to transparency.
Transparency has to be meaningful for it to mean anything. Disclosures about risk exposures, risk management and accounting policies are crucial. Disclosures in these areas must be targeted and relevant if shareholders are to make sense of them and exercise their role.
This goes to the very heart of the "comply-or-explain" principle. Only if industry delivers on the quality and accessibility of information provided to shareholders and investors alike, can we make this system function in practice.
Then, the ball will be in the court of shareholders and investors.
They should then use this information to ensure the proper management of firms. This would mean applying their judgement to the financial institution’s overall risk management strategy. From the risk exposures of the products that have been sold in the case of investors, to remuneration incentives of employees and executives in the case of shareholders. It would also greatly assist policy makers and regulators who would then have a feel for the exposures of financial institutions.
Sounds to me like some organisations might be encouraged to get their act together on risk management rather quicker than they might have expected and to take it more seriously than they might have done in a bull market! For the full details of the speech see http://europa.eu/rapid/pressReleasesAction.do?reference=SPEECH/08/518&format=HTML&aged=0&language=EN&guiLanguage=en.