Posts Tagged ‘Risk management’

Governance, Risk Management, and Risk-Taking in Banks

Posted by René Stulz, Ohio State University Fisher College of Business, on Wednesday October 8, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: René Stulz is Professor of Finance at Ohio State University.

One might be tempted to conclude that good risk management in banks reduces the exposure to danger. However, such a view of risk management ignores that banks cannot succeed without taking risks that are ex ante profitable. Consequently, taking actions that reduce risk can be costly for shareholders when lower risk means avoiding valuable investments and activities that have higher risk. Therefore, from the perspective of shareholders, better risk management cannot mean risk management that is more effective at reducing risk in general since reducing risk in general would mean not taking valuable projects. If good risk management does not mean low risk, then what does it mean? How is it implemented? What are its limitations? What can be done to make it more effective? In my article, Governance, Risk Management, and Risk-Taking in Banks, which was recently made publicly available on SSRN, I provide a framework to understand the role, the organization, and the limitations of risk management in banks when it is designed from the perspective of increasing the value of the bank for its shareholders and review the existing literature.

…continue reading: Governance, Risk Management, and Risk-Taking in Banks

Risk Governance: Banks Back to School

Posted by Kobi Kastiel, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Sunday September 14, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Dan Ryan, Leader of the Financial Services Advisory Practice at PricewaterhouseCoopers LLP, and is based on a PwC publication.

On September 2, 2014, the Office of the Comptroller of the Currency (“OCC”) finalized its risk governance framework for large banks and thrifts (“Guidelines”) that was proposed in January 2014. [1] The Guidelines formalize the heightened risk management standards that the OCC has been communicating through the supervisory process for several years, but do so somewhat more flexibly than the January proposal (“proposal”) did. Although many firms have been working to enhance their risk management programs to meet the proposal and supervisory communications, most still have work to do in order to meet the Guidelines’ requirements.

The Guidelines maintain the proposal’s emphasis on risk governance at the bank level to ensure safety and soundness, and affords the OCC greater flexibility (prescribed under regulations) to take enforcement actions in response to a bank’s compliance failure. The responsibility to oversee risk management remains with the Board of Directors which retains its ultimate risk governance oversight role; however, the Guidelines clarify that the Board need not take on responsibility for day-to-day managerial duties as the proposal had suggested.

…continue reading: Risk Governance: Banks Back to School

Cyber Security and Cyber Governance: Federal Regulation and Oversight—Today and Tomorrow

Posted by Paul Ferrillo, Weil, Gotshal & Manges LLP, on Wednesday September 10, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: Paul A. Ferrillo is counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation. This post is based on an article authored by Mr. Ferrillo and David J. Schwartz.

In our June 4, 2014 article on cyber security and cyber governance [1] we noted that for many reasons, boards of directors and executives of U.S. companies needed to reexamine how they protect (and respond to the successful hacking of) their most critical intellectual property and customer information. One of the reasons was that all signs out of Washington, D.C. pointed towards increasing federal regulation and oversight of cyber security for public and private companies, and particularly for those in the financial services sector. Further, we foresaw not only heightened scrutiny from regulators, but increasing class action litigation, with plaintiffs accusing boards and management of not taking the appropriate steps to protect company and client data. Our predictions were correct on all fronts.

…continue reading: Cyber Security and Cyber Governance: Federal Regulation and Oversight—Today and Tomorrow

Understanding and Implementing the NIST Cybersecurity Framework

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Monday August 25, 2014 at 9:03 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo and Tom Conkle.

Why the Cybersecurity Framework was created and why it is so important

Despite the fact that companies are continuing to increase spending on cybersecurity initiatives, data breaches continue to occur. According to The Wall Street Journal, “Global cybersecurity spending by critical infrastructure industries was expected to hit $46 billion in 2013, up 10% from a year earlier according to Allied Business Intelligence Inc.” [1] Despite the boost in security spending, vulnerabilities, threats against these vulnerabilities, data breaches and destruction persist. To combat these issues, the President on February 12, 2013 issued Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity.” [2] The EO directed NIST, in cooperation with the private sector, to develop and issue a voluntary, risk-based Cybersecurity Framework that would provide U.S. critical infrastructure organizations with a set of industry standards and best practices to help manage cybersecurity risks.

…continue reading: Understanding and Implementing the NIST Cybersecurity Framework

Ten Key Points from the SEC’s Final Money Market Rule

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Monday August 11, 2014 at 9:13 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Dan Ryan, Leader of the Financial Services Advisory Practice at PricewaterhouseCoopers LLP, and is based on a PwC publication.

After six years of debate over the risks and operations of money market funds (MMFs)—and events such as the fall of Lehman Brothers, breaking the buck at the Reserve Primary Fund, rancor between financial regulators, and hundreds of industry comment letters—the SEC finally adopted MMF reform on July 23rd. The final rule will fundamentally alter certain aspects of MMF operations and accounting, and the way these funds are viewed by investors.

…continue reading: Ten Key Points from the SEC’s Final Money Market Rule

Cloud Cyber Security: What Every Director Needs to Know

Posted by Yaron Nili, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Wednesday August 6, 2014 at 9:00 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo and Dave Burg and Aaron Philipp, both of PricewaterhouseCoopers LLP.

There are four competing business propositions affecting most American businesses today. Think of them as four freight trains on different tracks headed for a four-way stop signal at fiber optic speed.

First, with a significant potential for cost savings, American business has adopted cloud computing as an efficient and effective way to manage countless bytes of data from remote locations at costs that would be unheard of if they were forced to store their data on hard servers. According to one report, “In September 2013, International Data Corporation predicted that, between 2013 and 2017, spending on pubic IT cloud computing will experience a compound annual growth of 23.5%.” [1] Another report noted, “By 2014, cloud computing is expected to become a $150 billion industry. And for good reason—whether users are on a desktop computer or mobile device, the cloud provides instant access to data anytime, anywhere there is an Internet connection.” [2]

…continue reading: Cloud Cyber Security: What Every Director Needs to Know

Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus

Posted by Luis A. Aguilar, Commissioner, U.S. Securities and Exchange Commission, on Tuesday June 17, 2014 at 9:06 am
  • Print
  • email
  • Twitter
Editor’s Note: Luis A. Aguilar is a Commissioner at the U.S. Securities and Exchange Commission. This post is based on Commissioner Aguilar’s remarks at the recent “Cyber Risks and the Boardroom” Conference; the full text, including footnotes, is available here. The views expressed in the post are those of Commissioner Aguilar and do not necessarily reflect those of the Securities and Exchange Commission, the other Commissioners, or the Staff.

I am pleased to be here and to have the opportunity to speak about cyber-risks and the boardroom, a topic that is both timely and extremely important. Over just a relatively short period of time, cybersecurity has become a top concern of American companies, financial institutions, law enforcement, and many regulators. I suspect that not too long ago, we would have been hard-pressed to find many individuals who had even heard of cybersecurity, let alone known what it meant. Yet, in the past few years, there can be no doubt that the focus on this issue has dramatically increased.

…continue reading: Boards of Directors, Corporate Governance and Cyber-Risks: Sharpening the Focus

Cyber Governance: What Every Director Needs to Know

Posted by Kobi Kastiel, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Thursday June 5, 2014 at 9:23 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Paul A. Ferrillo, counsel at Weil, Gotshal & Manges LLP specializing in complex securities and business litigation, and is based on an article authored by Mr. Ferrillo.

The number, severity, and sophistication of cyber attacks—whether on our retail economy, our healthcare sector, our educational sector or, in fact, our government and defense systems—grows worse by the day. [1]

Among the most notable cyber breaches in the public company sphere was that hitting Target Corporation (40 million estimated credit and debit cards allegedly stolen, 70 million or more pieces of personal data also stolen, and a total estimated cost of the attack to date of approximately $300 million). [2] Justified or not, ISS has just issued a voting recommendation against the election of all members of Target’s audit and corporate responsibility committees—seven of its ten directors—at the upcoming annual meeting. ISS’s reasoning is that, in light of the importance to Target of customer credit cards and online retailing, “these committees should have been aware of, and more closely monitoring, the possibility of theft of sensitive information.” [3]

…continue reading: Cyber Governance: What Every Director Needs to Know

Compliance and Risk Management: Area for Legal Teaching and Scholarship?

Posted by June Rhee, Co-editor, HLS Forum on Corporate Governance and Financial Regulation, on Thursday May 22, 2014 at 9:25 am
  • Print
  • email
  • Twitter
Editor’s Note: The following post comes to us from Geoffrey P. Miller, Stuyvesant P. Comfort Professor of Law at New York University School of Law.

Compliance is hot.

Pick up the New York Times or the Wall Street Journal and you are likely to find a story about yet another huge fine for regulatory infractions.

In early May, to take a recent example, BNB Paribas, the big French bank, admitted that the $1.1 billion it had set aside for infractions involving sanctions regimes would not be nearly enough to cover its expected liability.

A billion dollars is a big number, but it is hardly the largest penalty we have seen in recent years. It is dwarfed, for example, by the more than $13 billion JPMorgan Chase agreed to pay to various regulatory agencies for mortgage infractions.

Numbers like these command attention.

…continue reading: Compliance and Risk Management: Area for Legal Teaching and Scholarship?

Risk Management and the Board of Directors—An Update for 2014

Editor’s Note: Martin Lipton is a founding partner of Wachtell, Lipton, Rosen & Katz, specializing in mergers and acquisitions and matters affecting corporate policy and strategy. This post is based on a Wachtell Lipton memorandum by Mr. Lipton, Daniel A. Neff, Andrew R. Brownstein, Steven A. Rosenblum, and Adam O. Emmerich.

Introduction

Overview

Corporate risk taking and the monitoring of risks have remained front and center in the minds of boards of directors, legislators and the media, fueled by the powerful mix of continuing worldwide financial instability; ever-increasing regulation; anger and resentment at the alleged power of business and financial executives and boards, including particularly as to compensation during a time of economic uncertainty, retrenchment, contraction, and changing dynamics between U.S., European and emerging market economies; and consistent media attention to corporations and economies in crisis. The reputational damage to boards of companies that fail to properly manage risk is a major threat, and Institutional Shareholder Services now includes specific reference to risk oversight as part of its criteria for choosing when to recommend withhold votes in uncontested director elections. This focus on the board’s role in risk management has also led to increased public and governmental scrutiny of compensation arrangements and their relationship to excessive risk taking and has brought added emphasis to the relationship between executive compensation and effective risk management. For the past few years, we have provided an annual overview of risk management and the board of directors. This overview highlights a number of issues that have remained critical over the years and provides an update to reflect emerging and recent developments.

…continue reading: Risk Management and the Board of Directors—An Update for 2014

Next Page »
 
  •  » A "Web Winner" by The Philadelphia Inquirer
  •  » A "Top Blog" by LexisNexis
  •  » A "10 out of 10" by the American Association of Law Librarians Blog
  •  » A source for "insight into the latest developments" by Directorship Magazine