The brief section on governance and risk management is nontheless interesting in that it illustrates the thrust of likely changes. I have reproduced this section in full below
2.8 Risk management and governance: firm skills, processes and structures
Analysis of the causes of the crisis suggests that there is a limit to the extent to which risks can be identified and offset at the level of the individual firm. Chapter 1.1 described how the origins of the crisis lay in macroeconomic imbalances and systemic developments: Chapter 1.4 argued that there are limits to the effectiveness of market discipline; and Section 1 of this chapter stressed that the crucial shift required in regulatory philosophy is towards one which focuses on macro-analysis, systemic risks and judgements about business model sustainability, and away from the assumption that all risks can be identified and managed at a firm specific level. As a result most of the changes proposed in this review relate to the redesign of regulation combined with a major shift in supervisory approach.
But improvements in the effectiveness of internal risk management and firm governance are also essential. While some of the problems could not be identified at firm specific level, and while some well run banks were affected by systemic developments over which they had no influence, there were also many cases where internal risk management was ineffective and where boards failed adequately to identify and constrain excessive risk taking.
Achieving high standards of risk management and governance in all banks is therefore essential. Detailed FSA proposals will await the outcome of the Walker Review (described below) but the key dimensions of required improvement are likely to be
- Improved professionalism and independence of risk management functions. As already outlined in Section 2.7 above, the FSA will therefore in future play a more active role in assessing the technical competence of senior risk managers. And it will consider whether governance structures for risk oversight need to be changed, with a more direct relationship between senior risk management and Board risk committees
- Risk management considerations embedded in remuneration policy, in the fashion described in Section 2.5 (ii). This has implications for the remit of remuneration committees and for the non-executive time commitments required
- Improvements in the skill level and time commitment of non-executive directors. The crisis has revealed the extreme complexity of large banking groups and the difficulties which nonexecutive directors (NEDs) face in understanding all dimensions of the risks being taken, within the time commitments typically required of NEDs. It has also raised questions about the degree of technical skill and experience required to perform risk committee functions, and whether existing bank boards have sufficient people with these technical skills. In addition it has demonstrated the vital importance of non-executive challenge to dominant chief executives pursuing aggressive growth strategies
- Shareholder discipline over corporate strategies. As Section 1.4(iv) described, shareholder influence seems to have been relatively ineffective in the past in constraining risky strategies. There may be ways of improving the effectiveness with which shareholder views are communicated to non-executives
These issues and the implications for overall governance principles and structures need to be looked at in an integrated fashion. One question they prompt is whether the governance arrangements appropriate for banks are different from those which apply to the generality of companies, and whether therefore codes and rules which go beyond the general Combined Code are required
These issues will be in part addressed by the review of bank governance being conducted by Sir David Walker which the government announced on Monday 9 February and which will report in October 2009. The FSA, which is providing the secretariat for this review, will work closely with Sir David Walker in consideration of these issues. Once the review has reported, the FSA will consider what changes to its rules and process are required to ensure that problems are addressed, making specific proposals by the fourth quarter of 2009
It will be interesting to see how this turns out under both the FRC review of the Combined Code and also the Walker review. For what it is worth, my view is that there is nothing intrinsically different about the governance of financial institutions just because they are financial institutions. While clearly there are differences in the technical aspects of risk, what seems to me to be more important is the potential societal impact of poorly handled risk in an organisation. Poorly handled risk in say chemical companies can be as (or even more) devastating than in banks: look at Bhopal or the BP refinery problems in the US. I am more interested in big v small impact organisations. One key difference may be whether there are Critical National (or International) Infrastructure implications, or whether there is scope for major disasters. I add the latter, because I am not sure whether Pharma companies are part of the CNI, but they can have devastating impacts (eg Thalidomide)
For the full detail of the Turner Report, click here...