Tuesday, October 13, 2009

Three Lines of Defence - Dead or Alive?

I went to a hearing at the European Commission yesterday. They wanted to know what professionals, experts, regulators, bankers and others thought about Corporate Governance, the role of shareholders, and risk management. There were three panels, but the one that I participated on, and which is prompting this post, was the one on risk management. One of the panelists put forward the view that internal control and risk management really needs the Three Lines of Defence (1: Line Mangers manage risks, 2: Risk Managers set policy, 3: Internal audit confirms compliance with policy etc).

I argued that Three Lines of Defence (TLD from now on) had not worked... witness RBS and HBOS and others in the States etc. To which this participant replied, but had it been done better it would have provided clear guidance on what should have been done.

My contention is that TLD allows assurance (actually that should be Assurance with a capital A) should not be divided. What we need is: a balanced view to risk, ethical programmes, mature risk management, a risk management and assurance framework, and an organisational structure that works. Now TLD might do that, but it is not the only way at all.

So I am arguing that TLD is fine if you really want it, but don't depend on TLD to protect you next time round. It wasn't that we were slightly wrong in our approach to risk management, we were fundamentally inadequate and TLD did not spot that...

I would welcome your comments, either here, on LinkedIn, or via my website.



Friday, October 2, 2009

Risk oversight committees in Banks and Other Financial Institutions

You will all be aware that Sir David Walker issued his consultation paper on Corporate Governance in UK Banks and Other Financial Services Entities (BOFIs for short) on 16 July. There may well be some overlap here with the SEC recommendations. In my view there is a lot to be welcomed in Sir David's report, however there are a few areas where further fresh thinking would be merited.

My main recommendations are fourfold (excuse the numbering...):
  1. I continue to believe that we need to see a paradigm shift in Corporate Governance. In order to make incumbent boards and individual directors take this seriously we need to see new fiduciary duties relating to Corporate Governance responsibilities, which should be discharged with due and diligent care.
  2. I applaud the recommendation to create effective board risk oversight committees. I happen to believe that the remit as described in Sir David's paper is insufficient for the purpose. The remit and mechanics should:
  • Encompass the development of a balanced view of risk;
  • Include the oversight of the development and implementation of a robust ethics programme;
  • Encompass the periodic assessment of the maturity of risk management maturity;
  • Include the development of a risk management and assurance framework that is fit for purpose; and
  • Address the development of an appropriate risk management organisation.
  1. Although it may well be difficult, in the context of the worst dereliction of Corporate Governance responsibilities of recent economic history, I continue to believe that we should find ways to make a form of permanent, full time non-executive director role work in BOFIs (and other organisations) that have a major societal impact.
  2. I continue to believe that the most important attribute of a non-executive director is an ability to act in a challenging, and yet supportive manner. Akin to risk management, the role of such directors is to periodically pierce the “perfect place arrogance” that develops in large corporate organisations. I am therefore less interested in the sectoral background, while of course acknowledging the need for a number of the directors to have BOFI backgrounds.

I set out more detail supporting my recommendations in my letter to Sir David, a copy of which can be found at http://randerson-assocs.co.uk/WalkerConsultationPaper.aspx. I would be pleased to hear what you think of (a) Sir David's consultation paper, (b) my responses and whether you believe Corporate Governance will improve as a consequence of his work.

Kind regards