Tag: Risk


Outsourcing: How Cyber Resilient Are You?

Dan Ryan is Leader of the Financial Services Advisory Practice at PricewaterhouseCoopers LLP. This post is based on a PwC publication by Bruce Oliver, Roozbeh Alavi, Garit Gemeinhardt, Amandeep Lamba, and Joe Walker.

Cyber attacks on financial institutions continue to increase, both in number and impact. While the industry’s defenses against cyber criminals have been improving, recent high-profile breaches indicate that many cyber risk areas remain under addressed.

Regulators are particularly concerned that the industry’s third-party service providers are a weak link that cyber attackers can exploit. [1] Financial institutions have become increasingly reliant on the information technology (IT) services these providers offer, either directly through the outsourcing of IT or indirectly through outsourced business processes that heavily rely on IT (e.g., loan servicing, collections, and payments). [2] Regardless, banks remain ultimately responsible—they own their service providers’ cyber risks.

READ MORE »

Chamber of Commerce Airs Grievances Related To Internal Controls Inspections

Jason M. Halper is a partner in the Securities Litigation & Regulatory Enforcement Practice Group at Orrick, Herrington & Sutcliffe LLP. This post is based on an Orrick publication by Mr. Halper and William J. Foley Jr.

In recent months, issues related to internal control systems and reporting have taken on an increased profile and significance. For example, as previously noted by the authors here and here, the SEC has sought to prioritize compliance with internal controls by initiating a growing number of investigations into companies based on allegations of inadequate internal controls.

By way of background, “internal controls” refers to the procedures and practices that companies use to manage risk, conduct business efficiently, and ensure compliance with the law and company policy. Public companies are required to maintain sufficient internal controls by the securities laws. In particular, Section 404 of the Sarbanes-Oxley Act (as amended by the Dodd-Frank Act) requires, among other things, that: (i) company management assess and report on the effectiveness of the company’s internal control over its financial reporting, and (ii) the company’s independent auditors verify management’s disclosures. Sarbanes-Oxley also created the Public Company Accounting Oversight Board (“PCAOB”) to oversee public company audits, including the audits of internal control reporting. The PCAOB, in turn, conducts regular inspections to ensure compliance with laws, rules and professional standards.

READ MORE »

The Next Frontier for Boards, Oversight of Risk Culture

Matteo Tonello is managing director of corporate leadership at The Conference Board. This post relates to an issue of The Conference Board’s Director Notes series authored by Parveen P. Gupta and Tim Leech. The complete publication, including footnotes and Appendix, is available here.

Over the past 15 years expectations for board oversight have skyrocketed. In 2002 the Sarbanes-Oxley Act put the spotlight on board oversight of financial reporting. The 2008 global financial crisis focused regulatory attention on the need to improve board oversight of management’s risk appetite and tolerance. Most recently, in the wake of a number of high-profile personal data breaches, questions are being asked about board oversight of cyber-security, the newest risk threatening companies’ long term success. This post provides a primer on the next frontier for boards: oversight of “risk culture.”

Weak “risk culture” has been diagnosed as the root cause of many large and, in the words of the Securities and Exchange Commission Chair Mary Jo White, “egregious” corporate governance failures. Deficient risk and control management processes, IT security, and unreliable financial reporting are increasingly seen as mere symptoms of a “bad” or “deficient” risk culture. The new challenge that corporate directors face is how to diagnose and oversee the company’s risk culture and what actions to take if it is found to be deficient.

READ MORE »

Basel III Liquidity Framework: Final Net Stable Funding Ratio Disclosure Standards

Andrew R. Gladin is a partner in the Financial Services and Corporate and Finance Groups at Sullivan & Cromwell LLP. This post is based on a Sullivan & Cromwell publication authored by Mr. Gladin, Mark J. Welshimer, Andrea R. Tokheim, and Christopher F. Nenno.

Last week, the Basel Committee on Banking Supervision (the “Basel Committee”) published final standards (the “Final Disclosure Standards”) for the disclosure of information relating to banks’ net stable funding ratio (the “NSFR”) calculations. [1] The Final Disclosure Standards were adopted substantially as proposed in December 2014. [2]

The NSFR, which the Basel Committee adopted in final form in October 2014, [3] is one of the key standards, along with the liquidity coverage ratio (the “LCR”), [4] introduced by the Basel Committee to strengthen liquidity risk management as part of the Basel III framework. The NSFR is designed to promote more medium- and long-term funding of the assets and activities of banks over a one-year time horizon. The Final Disclosure Standards, in turn, are part of the broader so-called Pillar 3 disclosure regime (along with disclosure requirements in capital rules as well as the LCR-related disclosure framework) and are designed to “improve the transparency of regulatory funding …, enhance market discipline, and reduce uncertainty in the markets as the NSFR is implemented.” [5]

READ MORE »

Managerial Ownership and Earnings Management

Phil Quinn is Assistant Professor of Accounting at the University of Washington. This post is based on an article by Mr. Quinn.

In my paper, Managerial Ownership and Earnings Management: Evidence from Stock Ownership Plans, which was recently made publicly available on SSRN, I exploit the initiation of ownership requirements to examine the relation between managerial ownership and earnings management. Prior work provides mixed evidence on the relation between managerial ownership and earnings management. Many studies provide evidence of a positive relation between managerial ownership and earnings management, which is consistent with an increase in stock price increasing the portfolio value of high-ownership managers more than the value of low-ownership managers (i.e., the “reward effect”) (Cheng and Warfield 2005; Bergstresser and Philippon 2006; Baber, Kang, Liang, and Zhu 2009; Johnson, Ryan, and Tian 2009). Other work notes that earnings management is a risky activity and posits that risk-adverse managers will be less likely to engage in risky activities as their ownership increases. Consistent with the “risk effect” increasing with managerial ownership, several studies find no relation or a negative relation between earnings management and managerial ownership (Erickson, Hanlon, and Maydew 2006; Hribar and Nichols 2007; Armstrong, Jagolinzer, and Larcker 2010). Armstrong, Larcker, Ormazabal, and Taylor (2013) note that the theoretical reward effect and risk effect are countervailing forces, and the countervailing forces may explain why prior empirical work finds mixed evidence on the relation between ownership and earnings management. By examining stock ownership plans, a governance reform that limits the reward effect, I seek to inform the discussion on the relation between ownership and earnings management.

READ MORE »

Wham, Bam, Thank You Spam! Don’t Click on the Link!

Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on a Weil Alert authored by Mr. Ferrillo and Randi Singer; the complete publication, including footnotes, is available here.

It seems that just like in old times (in cyberspace that means last year) the existence of “snake-oil” salesmen on the Internet is getting worse, not better. Rather than selling something medicinal or at the very least useful, these snake-oil salesmen of today have one intent only: to steal your personal information or worse, to distribute malware to your computer. One recent report issued by Symantec in April 2015 literally details scores of scams all designed to steal information and potentially ruin your computer (and others’ as well) and steal your personal information. We detail them not out of morbid curiosity of the utter gall of the snake-oil salesmen, but to hopefully inform and prevent the inadvertent “click on the link” circumstances which you and your company would rather avoid. We also point to other recently issued reports noting that other scams like phishing and spear phishing continue to be a bothersome and dangerous component of company emails. At the end of the day, continuous employee training and awareness of these sorts of scams is truly a strong part of the Holy Grail of Cybersecurity, along with certain network hardware components that can help stop “bad” emails before they get to your employees’ desktops.

READ MORE »

Remarks at the 4th Annual Fixed Income Conference

Michael S. Piwowar is a Commissioner at the U.S. Securities and Exchange Commission. This post is based on Commissioner Piwowar’s recent remarks at the University of South Carolina and UNC-Charlotte 4th Annual Fixed Income Conference, available here. The views expressed in the post are those of Commissioner Piwowar and do not necessarily reflect those of the Securities and Exchange Commission, the other Commissioners, or the Staff.

This conference is one stop on a bit of a tour I have been on lately, speaking with academics around the country. In each of those conferences, meetings, and other events I have been encouraging increased dialogue between academic researchers and the SEC. Just last month, I spoke to a group of equity market microstructure researchers at the University of Notre Dame, with a message similar to what I intend to share with you today [April 21, 2015]. [1] That message is simple: your work is vital to helping the SEC accomplish its core mission to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation.

Given the talent and collective focus of the people in this room, I do not need to recite statistics about the size of the fixed income markets, the degree to which issuers rely on bonds for debt financing, or the pervasiveness of fixed income products from the largest institutional investor portfolios to the smallest retail investor accounts. Suffice it to say that well-functioning fixed income markets are a concern of nearly all participants in our securities markets.

READ MORE »

CEO Stock Ownership Policies—Rhetoric and Reality

The following post comes to us from Nitzan Shilon at Peking University School of Transnational Law. This post is based on his recent study, CEO Stock Ownership Policies—Rhetoric and Reality. He conducted this study while being a Fellow in Law and Economics and an S.J.D. (Doctor of Laws) candidate at Harvard Law School.

I recently published a study titled CEO Stock Ownership Policies—Rhetoric and Reality. This study is the first academic endeavor to analyze the efficacy and transparency of stock ownership policies (SOPs) in U.S. public firms. SOPs generally require managers to hold some of their firms’ stock for the long term. Although firms universally adopted these policies and promoted them as a key element in their mitigation of risk, no one has shown that such policies actually achieve the important goals that they have been established to achieve. My study shows that while SOPs are important in theory, they are paper tigers in practice. It also shows that firms camouflage the weakness of these policies in their public filings. Therefore I put forward a proposal to make SOPs transparent as a first step in improving their content. My findings have important implications for the ongoing policy debates on corporate governance and executive compensation.

READ MORE »

The Prudent Investor Rule and Market Risk

Robert H. Sitkoff is the John L. Gray Professor of Law at Harvard Law School.

In a new working paper, entitled “The Prudent Investor Rule and Market Risk: An Empirical Analysis,” we examine fiduciary management of market risk. The backdrop for our study is a law reform that was meant to overcome a long tradition in fiduciary investment of equating stock with speculation. By focusing categorically on risk avoidance, traditional law did not account for the difference between idiosyncratic risk and market risk, the relationship between risk and return, or beneficiary risk tolerance. Worse still, courts considered the riskiness of each investment in isolation rather than in light of overall portfolio risk.

Twentieth century advances in economics and finance, however, led to extensive reform to the law of trust investment. The centerpiece of this reform is the prudent investor rule, which reorients fiduciary investment from risk avoidance to risk management in accordance with modern portfolio theory. Because the rule has been adopted in every state, because it applies to the entire field of fiduciary investing, including pension funds and charitable endowments, and because it has been adopted across the British Commonwealth, the rule governs the investment of many trillions of dollars in assets.

READ MORE »

The Influence of Board of Directors’ Risk Oversight on Risk Management Maturity and Firm Risk-Taking

The following post comes to us from Christopher Ittner of the Department of Accounting at the University of Pennsylvania and Thomas Keusch of the Department of Business Economics at Erasmus University Rotterdam.

A variety of external events, including inquiries into the causes of the 2008 financial crisis and changes in regulations and listing rules have fostered rising expectations for boards of directors to exert greater oversight of their organizations’ risk management processes. The primary impetus behind these external pressures is the belief that stronger board oversight over risk management processes will lead to substantive improvements in risk management and more informed risk-taking. Many observers, however, argue that board members often lack the time, skills, and information necessary for effective risk oversight. They contend that the adoption of governance practices that are advocated or mandated by external parties is often window-dressing. This point of view suggests that board risk oversight will have little effect on companies’ risk management practices or risk-taking.

READ MORE »

  • Subscribe

  • Cosponsored By:

  • Supported By:

  • Programs Faculty & Senior Fellows

    Lucian Bebchuk
    Alon Brav
    Robert Charles Clark
    John Coates
    Alma Cohen
    Stephen M. Davis
    Allen Ferrell
    Jesse Fried
    Oliver Hart
    Ben W. Heineman, Jr.
    Scott Hirst
    Howell Jackson
    Robert J. Jackson, Jr.
    Wei Jiang
    Reinier Kraakman
    Robert Pozen
    Mark Ramseyer
    Mark Roe
    Robert Sitkoff
    Holger Spamann
    Guhan Subramanian

  • Program on Corporate Governance Advisory Board

    William Ackman
    Peter Atkins
    Joseph Bachelder
    John Bader
    Allison Bennington
    Richard Breeden
    Daniel Burch
    Richard Climan
    Jesse Cohn
    Isaac Corré
    Scott Davis
    John Finley
    Daniel Fischel
    Stephen Fraidin
    Byron Georgiou
    Larry Hamdan
    Carl Icahn
    David Millstone
    Theodore Mirvis
    James Morphy
    Toby Myerson
    Barry Rosenstein
    Paul Rowe
    Rodman Ward