Risk Experts on Boards Still Not a Given

April 10, 2017
By Tony Chapelle, Agenda Week
Governance observers disagree about designating board members to serve as risk experts.

Fewer than 20% of Fortune 500 directors serve on a board that has designated any member as a risk expert. That’s an “astonishingly low number,” according to an investigation that reviewed the biographies of more than 5,000 directors.

Assigning a risk expert to the board is mandated for big banks. But do other types of public companies also assign such roles?

Governance and risk management observers have varied opinions.

Nice, but Not Significant

“I was shocked to hear that there were even 20%,” exclaims David Koenig, who runs The Governance Fund, which rates companies’ governance quality. He gives rating points to companies that include risk structures such as seating risk experts at the board level since he considers that a sign of better-run companies. MSCI and Sustainalytics also have added similar measures of scoring board quality in the last two years. Still, Koenig believes only about 1% of firms are assigning risk experts.
“I’m not seeing a prevalence of boards with risk experts,” says Mike Useem, a management professor at the Wharton School at the University of Pennsylvania. The co-author of the book Boards that Lead , Useem is working on a new book on corporate disruption for which he has recently spoken with more than 100 S&P 500 company directors and executives.

“Directors have to represent everything and all shareholders. So there’s a formal reluctance to identify one particular member as the voice on any particular issue,” he explains. “Aside from the Dodd-Frank requirement for bank boards, I’d be surprised if many boards would move in this direction.”

On the other hand, Joseph Prochaska, Jr., risk committee chairman at Synovus Financial and former chief accounting director at MetLife, thinks the formal disclosure is nice, but not necessarily significant.

“The fact that a lot of boards don’t have a designated expert may just mean they haven’t gone through a formal designation,” he says.

Under Section 165 of Dodd-Frank, bank holding companies that are publicly traded and that hold at least $10 billion in consolidated assets are required to have a board risk committee and a risk expert. For banks larger than $50 billion, the bar is set higher. The board or the risk committee must seat an expert who had risk management experience at a bank or in a finance capacity.

For example, in November, Comerica Inc. — one of the country’s 25 largest financial institutions — appointed Michael E. Collins to the board and its enterprise risk committee. Collins is a former bank examiner who went on to become executive vice president at TD Bank as well as executive vice president over supervision, regulation and credit at the Federal Reserve Bank of Philadelphia.

“As a former banking and finance executive with nearly 40 years of regulatory experience,” stated Comerica’s proxy, “Mr. Collins has experience identifying, assessing, and managing risk exposures of large, complex financial firms.”

Yet Prochaska points out that even prior to Dodd-Frank, a lot of boards had skills in evaluating risks. “They just didn’t specifically identify that they had a risk expert, even though they may have had people on the board who were qualified to evaluate risks. I still think you have risk specialists who are familiar with evaluating risk.”

To be sure, the Comerica filing also outlines extensive structure and lines of responsibility for the management committees in charge of managing risk and the board committee that oversees that.

The 2016 Spencer Stuart Board Index, which surveyed board practices at Fortune 500 companies, found that 11% of those firms convene risk committees. That was up from 4% in 2006. Holding a seat as a risk committee member — much less being named in-board risk expert — brings high expectations.

Four years ago, shareholder advisory firm ISS recommended that investors oppose reelection for three members of the four-person risk policy committee at JPMorgan Chase. ISS considered the group to be in over their heads after the company suffered the embarrassing London Whale trading episode.

All three survived that 2013 shareholder vote, although each garnered less than 60% of shareholder support. But directors Ellen Futter, who was president of the American Museum of Natural History, and David Cote, then CEO of Honeywell International , stepped down a few months later. James S. Crown, who operated the investment office for the billionaire Crown family, is still a member of the committee.

ISS and shareholders did not have a problem with reelecting the fourth member of the committee, Timothy Flynn , a former KPMG executive.

Standards for Risk Directors?

Rob Yellen of insurance broker and consulting firm Willis Towers Watson finds two perspectives on the issue of risk experts.

As executive vice president and the leader for Willis insurance products for financial-service firm directors and officers, he observes, “You can’t find a board seat for everything that’s technical.”

Were members of a board to completely defer to any subject specialist, the group would lose the benefit of the collective wisdom, Yellen explains. It’s every board member’s responsibility to represent stakeholders on every decision and to ensure that capital is used in the right structure, and via the right execution.

“Does the board need an expert for all of those decisions, or to only rely on the chief risk officer, or chief financial officer?” Yellen asks. Instead, he counters that experts are not assigned to dictate to directors, but to help the full board understand issues.

Meanwhile, Koenig is advocating for boards to install what he calls qualified risk directors. That’s because risk governance currently falls to audit committees at most companies. Those committees are already overburdened with other activities, and, he claims, overseeing risk is far down their priority list.

Koenig chairs a committee at the Directors and Chief Risk Officers Group, a group of board members and C-suite executives who in various capacities oversee risk. The DCRO is promulgating guidelines to standardize qualified risk directors. Those would be similar to Sarbanes-Oxley’s qualifications for audit committee financial experts.

The DCRO standards include a long list of risk management, business and educational attributes. Candidates are expected to have a majority of the attributes, but not necessarily all of them.

Under risk management acumen, for example, one of the 11 attributes that a qualified risk director should have is experience managing the types and complexity of risk that the board organization faces. They should also have a sound knowledge of financial reporting, not limited to balance sheets, income statements, cash flow statements and internal control processes.

Board member Prochaska seems to agree. He says that the concept of a risk expert conjures someone who’s an expert in a specific field. Conversely, a specialist could still help you evaluate and define how you mitigate risks. He says that most companies and industries such as mining or retail do mention in their charters that they do designate someone to evaluate their risks.

Koenig points to E*Trade as having a qualified risk expert in board member James Lam, and to Herman Miller Inc. as a company whose board risk committee charter shows a complete understanding of risk and strategic planning.

One danger of poor risk governance, he says, is that organizations will put away unreasonable amounts of capital as a buffer to ensure survival.

“But capital costs money,” Koenig explains. “A risk specialist is trying to turn an uncertain future into actionable ways to accept the kinds of risks the board wants to accept, to transfer the risks they don’t want, and, even more, to build an organization that can respond to risks that you didn’t expect.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s