Risk Governance at
Large Banks: Current Status
and The Way Forward
As the role of the board of directors in risk oversight has come under
scrutiny, questions have been asked about the independence of the risk
management function. Though some progress has been made, there is still
lots of room for improvement in risk governance at many large banks.
BY ALESSANDRA MONGIARDINO AND CHRIS PLATH
he current financial crisis has made apparent
the importance of robust board risk oversight
in safeguarding the creditworthiness of a financial institution. Over the past year, calls for
an enhanced board role in risk oversight have
been made not only by regulatory authorities,
including the Basel Committee on Banking Supervision, but
also by industry groups, such as the Institute of International
Finance (IIF) and the Group of 30. This article highlights best
practices and discusses the current status of risk governance at
large banks.
Key characteristics of a robust risk oversight of a financial
institution include an explicit articulation of the risk tolerance
of the firm (approved by the board of directors) and full awareness and understanding by the board of the risk profile of the
firm. A strong risk culture, championed by the board, is also a
crucial element of an effective risk management framework.
In order to perform its role in an effective fashion, a firm’s
board needs to have a sound committee structure, with sufficiently frequent meetings to ensure a thorough and timely
review of the risk profile of the bank and discussion of any
T
remedial action that might be required. The most effective
board committees will often include, among its members, individuals with extensive and proven experience in banking and
risk management.
The independence of the committee members and the presence of an authoritative CRO are also key elements of robust
risk governance.
Current State
While there has been quite extensive discussion in the banking industry on the importance of risk management oversight,
there has been less debate on ( 1) the current status of risk oversight at large banks; and ( 2) what needs to change in order
to ensure that boards are in a position to meet effectively the
enhanced role that has been outlined for them.
In our assessment of the current state of risk governance,
we examined publicly available data for 35 banks from Europe, North America, Europe and Asia Pacific, most with assets in excess of US$300 billion as of year-end 2008 (see Appendix for details). The institutions examined included both
highly complex institutions and large commercial and univer-
