Risk Management and the Board of Directors
By Daniel Clark
Credit Unions and Community Banks are facing increased scrutiny over their risk
governance practices primarily focused on the role and effectiveness of the Board of
Directors. Having the members of the Board of Directors appropriately engaged is no
longer a luxury but definite need. Unfortunately, obtaining the right level of Board
engagement is not always easy and, honestly, not always well received. Regardless of
desire, there are three key reasons BOD’s have to be engaged in risk management:
1. Fiduciary Responsibilities
2. Regulator expectations
3. Litigation
Obviously, in addition to the above, members of the BOD can provide insight, balance and guidance to management teams in their risk management efforts. But in the case where the spirit is willing but the knowledge is weak let’s look at several actions senior management can take today that ensures stakeholders that the BOD meets their responsibilities.
Educate the board on emerging risks: Some members of the Board will be very well versed in risks impacting financial services. Regardless of the level of knowledge, risks are emerging or changing quickly and at times dramatically. Utilizing time during quarterly Board meetings to educate the Board on emerging risks may not be enough. We would recommend that Board members be required to receive a certain amount of formal training on risk, risk management and risk governance every year.
Understand the difference between “ risk oversight” and “risk management”: It is the role of management to “manage” the risks impacting the business. This is not what Board members should be focused on. Instead, the Board should place their efforts on oversight, i.e., requiring senior management to establish proper risk management infrastructure, resources and practices for the organization.
Create and define the organizations “risk vision”: Working along side senior management, Board members should be assisting in the definition, design and implementation of an organizational risk vision. The vision includes risk appetites and risk tolerances, risk policy, risk practices and infrastructure.
Maintain accountability for Risk oversight at the Board Level: Many Boards of Directors will assign risk discussions to committees, such as the Credit Policy, Audit or Risk Committees. While this is good for more detailed discussions, and yes, we know that Board members sit on those committees, it may not be sufficient in regulators eyes. Further, lawyers, and judges, may actually see that as a weakness to be exploited in any litigation. We recommend that organizations dedicate sufficient time to discuss risks management at the Board level not just at the Committee Level.
Risk management is an organization challenge and the Board of Directors can contribute positively to this challenging area. For additional information on risk governance and risk management check out our website as ZHORSE.net.
Copyright 2021 by Z-Horse