2010 and the Dodd-Frank Act ("DFA") brought to the fore Say-on-Pay and certain other delights for those investing in shares of financial institutions.
DFA enhances the SEC's enforcement abilities, while creating an additional watchdog (the Consumer Financial Protection Bureau) which has both examination and enforcement capabilities. It also demands that both companies and regulators reduce their dependence on credit ratings: over-reliance on credit ratings served to exacerbate the depth of the financial crisis, as rating downgrades precipitated further pricing pressures.
Indeed, in our experience several regulatory bodies have approached the new regulatory landscape with a zest and energy that was perhaps absent in the years leading up to the crisis.
Having said that, many critics feel that financial reform measures fell short; some are critical of the regulators' enforcement intent (see here and here), especially as they experience budget constraints; others are skeptical of the newly-created FSOC's ability to even define systemic risk, never mind recognize or measure it.
What other improvements, then, can be introduced to protect against large-scale business risks at financial institutions?
Risk Must Have a Voice
We would like to see Risk have a voice. Certainly, many risk managers were very good at measuring risk. But their institutions failed anyway. Why? Often, the objectives of risk management (preservation of capital reserves) run counter to the growth objectives of the CEO, who is incentivized to put capital to work. One could argue that the too-big-to-fail banks are or were long risk, knowing that they had large potential short-term upside and low downside given the (implicit) government guarantee. The government or the taxpayer, in this scenario, is short risk. One option is to ensure that the chief risk officer reports directly to the board, rather than to the CEO. Again, if the CEO is the chairman of the board, risk's voice may be dampened and this may provide a warning sign.
Risk and Compliance Must be Independent
Similarly, it is crucial that risk managers and compliance officers are incentivized, and safe, to voice their concerns. As a cost center with relatively limited bonus potential, shareholders ought to recognize that "at-will" risk and compliance managers -- especially if they are (intentionally) over-paid -- often have little advantage for being right but significant downside for being wrong. (Click here for an example of objections ending poorly for "at will" employees.)
-End Part 1
We will be exploring further avenues for improvement in subsequent pieces of this series, including a discussion of management's communication of its risk appetite. If you have any corporate governance suggestions you would like us to consider or include, feel free to email them to us or leave them in the comments section below this post.