Tag: Risk management


Risk Management and the Board of Directors

Martin Lipton is a founding partner of Wachtell, Lipton, Rosen & Katz, specializing in mergers and acquisitions and matters affecting corporate policy and strategy. This post is based on a Wachtell Lipton memorandum by Mr. Lipton, Daniel A. Neff, Andrew R. Brownstein, Steven A. Rosenblum, and Adam O. Emmerich.

Introduction

Overview

Corporate risk taking and the monitoring of risks have continued to remain front and center in the minds of boards of directors, legislators and the media, fueled by the powerful mix of continuing worldwide financial instability; ever-increasing regulation; anger and resentment at the alleged power of business and financial executives and boards, including particularly as to compensation during times of economic uncertainty, retrenchment, contraction, and changing dynamics between U.S., European, Asian and emerging market economies; and consistent media attention to corporations and economies in crisis. The reputational damage to companies and their boards that fail to properly manage risk is a major threat, and Institutional Shareholder Services now includes specific reference to risk oversight as part of its criteria for choosing when to recommend withhold votes in uncontested director elections. This focus on the board’s role in risk management has also led to increased public and governmental scrutiny of compensation arrangements and the board’s relationship to excessive risk taking and has brought added emphasis to the relationship between executive compensation and effective risk management. This post highlights a number of issues that have remained critical over the years and provides an update to reflect emerging and recent developments.

READ MORE »

Outsourcing: How Cyber Resilient Are You?

Dan Ryan is Leader of the Financial Services Advisory Practice at PricewaterhouseCoopers LLP. This post is based on a PwC publication by Bruce Oliver, Roozbeh Alavi, Garit Gemeinhardt, Amandeep Lamba, and Joe Walker.

Cyber attacks on financial institutions continue to increase, both in number and impact. While the industry’s defenses against cyber criminals have been improving, recent high-profile breaches indicate that many cyber risk areas remain under addressed.

Regulators are particularly concerned that the industry’s third-party service providers are a weak link that cyber attackers can exploit. [1] Financial institutions have become increasingly reliant on the information technology (IT) services these providers offer, either directly through the outsourcing of IT or indirectly through outsourced business processes that heavily rely on IT (e.g., loan servicing, collections, and payments). [2] Regardless, banks remain ultimately responsible—they own their service providers’ cyber risks.

READ MORE »

The UK’s Final Bonus Compensation Rule

Dan Ryan is Leader of the Financial Services Advisory Practice at PricewaterhouseCoopers LLP. This post is based on a PwC publication by Mr. Ryan, Roozbeh Alavi, Mike Alix, Adam Gilbert, and Armen Meyer. Related research from the Program on Corporate Governance includes Regulating Bankers’ Pay by Lucian Bebchuk and Holger Spamann (discussed on the Forum here); The Wages of Failure: Executive Compensation at Bear Stearns and Lehman 2000-2008 by Lucian Bebchuk, Alma Cohen, and Holger Spamann; and How to Fix Bankers’ Pay by Lucian Bebchuk.

On June 23rd, the UK’s Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) [1] finalized a joint bonus compensation rule that was proposed last July. While the industry (including subsidiaries and branches of US banks in the UK) had hoped for a more lenient approach, the final rule generally retains the proposal’s stringent requirements, especially with respect to bonus deferral periods and clawbacks. [2]

The rule applies to “senior managers” [3] and other “material risk takers” [4] at UK banks and certain investment firms. As finalized, the rule establishes the toughest regulatory approach to bonus compensation of any major jurisdiction, going beyond the EU-wide CRD IV. [5] Therefore, unless regulators in other major jurisdictions take a similar approach, institutions that are active in the UK are placed at a competitive disadvantage compared to their peers elsewhere.

READ MORE »

Chamber of Commerce Airs Grievances Related To Internal Controls Inspections

Jason M. Halper is a partner in the Securities Litigation & Regulatory Enforcement Practice Group at Orrick, Herrington & Sutcliffe LLP. This post is based on an Orrick publication by Mr. Halper and William J. Foley Jr.

In recent months, issues related to internal control systems and reporting have taken on an increased profile and significance. For example, as previously noted by the authors here and here, the SEC has sought to prioritize compliance with internal controls by initiating a growing number of investigations into companies based on allegations of inadequate internal controls.

By way of background, “internal controls” refers to the procedures and practices that companies use to manage risk, conduct business efficiently, and ensure compliance with the law and company policy. Public companies are required to maintain sufficient internal controls by the securities laws. In particular, Section 404 of the Sarbanes-Oxley Act (as amended by the Dodd-Frank Act) requires, among other things, that: (i) company management assess and report on the effectiveness of the company’s internal control over its financial reporting, and (ii) the company’s independent auditors verify management’s disclosures. Sarbanes-Oxley also created the Public Company Accounting Oversight Board (“PCAOB”) to oversee public company audits, including the audits of internal control reporting. The PCAOB, in turn, conducts regular inspections to ensure compliance with laws, rules and professional standards.

READ MORE »

The Next Frontier for Boards, Oversight of Risk Culture

Matteo Tonello is managing director of corporate leadership at The Conference Board. This post relates to an issue of The Conference Board’s Director Notes series authored by Parveen P. Gupta and Tim Leech. The complete publication, including footnotes and Appendix, is available here.

Over the past 15 years expectations for board oversight have skyrocketed. In 2002 the Sarbanes-Oxley Act put the spotlight on board oversight of financial reporting. The 2008 global financial crisis focused regulatory attention on the need to improve board oversight of management’s risk appetite and tolerance. Most recently, in the wake of a number of high-profile personal data breaches, questions are being asked about board oversight of cyber-security, the newest risk threatening companies’ long term success. This post provides a primer on the next frontier for boards: oversight of “risk culture.”

Weak “risk culture” has been diagnosed as the root cause of many large and, in the words of the Securities and Exchange Commission Chair Mary Jo White, “egregious” corporate governance failures. Deficient risk and control management processes, IT security, and unreliable financial reporting are increasingly seen as mere symptoms of a “bad” or “deficient” risk culture. The new challenge that corporate directors face is how to diagnose and oversee the company’s risk culture and what actions to take if it is found to be deficient.

READ MORE »

Governance Challenges Arising From “Corporate Cooperation” Concepts

Michael W. Peregrine is a partner at McDermott Will & Emery LLP. This post is based on an article by Mr. Peregrine, with assistance from Joshua T. Buchman and Kelsey J. Leingang; the views expressed therein do not necessarily reflect the views of McDermott Will & Emery LLP or its clients.

The current Department of Justice emphasis on “corporate cooperation” in the context of government investigations creates the potential for significant tension to arise between governance and executive leadership, which potential should be recognized and addressed proactively by the board.

The DOJ Criminal Division has, with notable frequency this spring, sought to increase public transparency as to the process it applies when making a decision with respect to corporate prosecutions. A principal goal of DOJ’s public effort is to clarify the parameters it considers in deciding how to proceed when made aware of alleged corporate wrongdoing. This goal includes making the value of cooperation, and the consequences of noncooperation, more clearly apparent to corporations and their advisors. [1]

READ MORE »

Quality Data and the Power of Prevention

Kara M. Stein is a Commissioner at the U.S. Securities and Exchange Commission. This post is based on Commissioner Stein’s recent address at Meet the Market North America, available here. The views expressed in the post are those of Commissioner Stein and do not necessarily reflect those of the Securities and Exchange Commission, the other Commissioners, or the Staff.

As many of you know, I care passionately about the success of the Legal Entity Identifier (or LEI).

With the financial crisis in the rear view mirror, it is sometimes easy to forget the forces that converged in 2007 and harmed both our financial markets and our economy. The events of 2008 are indelibly etched into my memory. I remember when many of our country’s economic leaders began closed-door briefings with members of Congress. Concerned about the unfolding financial crisis, the Chair of the Federal Reserve and the Secretary of Treasury plead for help and for an unprecedented financial intervention to stave off another Great Depression. They wanted tools to protect our nation from powerful forces that were pulling the financial system deeper and deeper into distress and potential chaos. At the edge of the abyss, our economic and policy leaders developed a strategy to stabilize our financial system and unlock the halting credit markets. [1]

READ MORE »

Wham, Bam, Thank You Spam! Don’t Click on the Link!

Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on a Weil Alert authored by Mr. Ferrillo and Randi Singer; the complete publication, including footnotes, is available here.

It seems that just like in old times (in cyberspace that means last year) the existence of “snake-oil” salesmen on the Internet is getting worse, not better. Rather than selling something medicinal or at the very least useful, these snake-oil salesmen of today have one intent only: to steal your personal information or worse, to distribute malware to your computer. One recent report issued by Symantec in April 2015 literally details scores of scams all designed to steal information and potentially ruin your computer (and others’ as well) and steal your personal information. We detail them not out of morbid curiosity of the utter gall of the snake-oil salesmen, but to hopefully inform and prevent the inadvertent “click on the link” circumstances which you and your company would rather avoid. We also point to other recently issued reports noting that other scams like phishing and spear phishing continue to be a bothersome and dangerous component of company emails. At the end of the day, continuous employee training and awareness of these sorts of scams is truly a strong part of the Holy Grail of Cybersecurity, along with certain network hardware components that can help stop “bad” emails before they get to your employees’ desktops.

READ MORE »

The Prudent Investor Rule and Market Risk

Robert H. Sitkoff is the John L. Gray Professor of Law at Harvard Law School.

In a new working paper, entitled “The Prudent Investor Rule and Market Risk: An Empirical Analysis,” we examine fiduciary management of market risk. The backdrop for our study is a law reform that was meant to overcome a long tradition in fiduciary investment of equating stock with speculation. By focusing categorically on risk avoidance, traditional law did not account for the difference between idiosyncratic risk and market risk, the relationship between risk and return, or beneficiary risk tolerance. Worse still, courts considered the riskiness of each investment in isolation rather than in light of overall portfolio risk.

Twentieth century advances in economics and finance, however, led to extensive reform to the law of trust investment. The centerpiece of this reform is the prudent investor rule, which reorients fiduciary investment from risk avoidance to risk management in accordance with modern portfolio theory. Because the rule has been adopted in every state, because it applies to the entire field of fiduciary investing, including pension funds and charitable endowments, and because it has been adopted across the British Commonwealth, the rule governs the investment of many trillions of dollars in assets.

READ MORE »

Three Practical Steps to Oversee Enterprise Risk Management

The following post comes to us from Latham & Watkins LLP, and is based on a Latham publication by Scott Hodgkins, Steven B. Stokdyk, and Joel H. Trotter.

Oversight of enterprise risk management, or ERM, continues to challenge boards and occupy a prominent place on the governance agenda. Effective ERM seeks to balance risk and opportunity while enhancing value-creation opportunities. Proxy advisors may recommend “against” or “withhold” votes against directors of companies that experience a material failure of risk oversight.

A leading ERM framework, developed by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission, directs boards to:

READ MORE »

  • Subscribe

  • Cosponsored By:

  • Supported By:

  • Programs Faculty & Senior Fellows

    Lucian Bebchuk
    Alon Brav
    Robert Charles Clark
    John Coates
    Alma Cohen
    Stephen M. Davis
    Allen Ferrell
    Jesse Fried
    Oliver Hart
    Ben W. Heineman, Jr.
    Scott Hirst
    Howell Jackson
    Robert J. Jackson, Jr.
    Wei Jiang
    Reinier Kraakman
    Robert Pozen
    Mark Ramseyer
    Mark Roe
    Robert Sitkoff
    Holger Spamann
    Guhan Subramanian

  • Program on Corporate Governance Advisory Board

    William Ackman
    Peter Atkins
    Joseph Bachelder
    John Bader
    Allison Bennington
    Richard Breeden
    Daniel Burch
    Richard Climan
    Jesse Cohn
    Isaac Corré
    Scott Davis
    John Finley
    Daniel Fischel
    Stephen Fraidin
    Byron Georgiou
    Larry Hamdan
    Carl Icahn
    David Millstone
    Theodore Mirvis
    James Morphy
    Toby Myerson
    Barry Rosenstein
    Paul Rowe
    Rodman Ward