The current public controversy notwithstanding, valuable governance lessons arise from JPMorgan Chase’s internal analysis of the highly public 2012 losses in its synthetic credit portfolio; the saga of the so-called “London Whale”. The internal JPMorgan analysis should not be confused with the March 15 report on the “Whale Trades” issued by the Senate Permanent Subcommittee on Investigations. [1] Neither should its credibility be undermined by the Subcommittee’s critical report.

JPMorgan’s primary findings were contained in an exhaustive report of the trading strategies and management activities that led to these losses, prepared by a management task force. [2] Additional findings and recommendations were included within a much shorter companion report prepared by the board’s Review Committee. This companion report concentrated on the board’s risk oversight practices. [3] To a certain extent, the “sizzle” was contained in the lengthier management task force report, with its focus on what happened, why it happened, and who was to blame for it happening. But from a governance perspective, the lessons for corporate America are in the companion report, with its focus on improving the process by which risk information is reported to the board. These governance recommendations are highly relevant today, because the broader fiduciary landscape has been dominated of late by concerns about the quality of board oversight of risk.

…continue reading: Board Oversight of Risk Management: Valuable Guidelines from JPMorgan Chase

In the paper, It’s (Not) All About the Money: Using Behavioral Economics to Improve Regulation of Risk Management in Financial Institutions, forthcoming in the University of Pennsylvania Journal of Business Law, I focus on the Dodd-Frank Act’s risk management provisions, and specifically the requirement that financial institutions create separate risk committees. The goal of this regulation is to mitigate risks to the financial stability of the US, because despite media attention to financial institutions and great regulatory efforts, including the focus on risk management, little has changed in financial institutions’ business cultures. Indeed, excessive risk-taking by such institutions is still rampant. In the article, I argue that risk-related decision makers do not make decisions about risk-taking in a vacuum, but in an environment where multiple factors, noticed and unnoticed, can influence the decisions. Such factors include cognitive-related biases and group-related biases, and there are tools, which have not yet been analyzed in literature that regulators can use to reduce undesired or excessive risk-taking. Indeed, by shaping such environmental factors in which risk-related decisions in financial institutions are made, regulation can help actors make better, less pro-risk-taking, choices. With the goal of reducing excessive risk-taking by financial institutions, this article builds on an emerging focus in behavioral law and economics on prospects for “debiasing” actors through the structure of legal rules. Under this approach, legal policy may reduce biases’ effects and judgment errors by directly addressing them. Doing so will then help the relevant actors either to reduce or to eliminate these effects and errors. Accordingly, the article suggests using behavioral economic-based legal guidelines to supplement the Dodd-Frank Act‘s risk committee’s requirement. Such legal guidelines would help reduce the degree of biased behavior that risk committees exhibit.

…continue reading: It’s (Not) All About the Money

It is generally accepted that the full board has overall responsibility for risk oversight, mirroring the board’s responsibility for overseeing strategy. In deciding how to organize itself to oversee risk and risk management, the question arises as to whether the board should establish a separate risk committee. This article explores that question and provides examples to clarify the role and responsibility of a separate risk committee in situations where the board decides to establish one.

Through the risk oversight process, the board of directors obtains an understanding of the critical risks inherent in the corporate strategy, accesses useful information from internal and external sources about the critical assumptions underlying that strategy, remains alert to organizational dysfunctional behavior that can lead to excessive risk taking, and provides input to executive management regarding critical risk issues on a timely basis. How the board views risk oversight as a process should dictate how it chooses to organize itself for purposes of executing that process. The risk oversight process enables the board and management to develop a mutual understanding regarding the risks the company faces over time as it executes its business model for creating enterprise value. In organizing itself for risk oversight, what are some of the factors for boards to consider and when should boards establish a separate risk committee?

…continue reading: Should Your Board Have a Separate Risk Committee?