CORPORATE GOVERNANCE AND RISK MANAGEMENT

 CORPORATE GOVERNANCE AND RISK MANAGEMENT

On July 30, 2003, SOX went into full effect in the United States. This regulation had several important practical implications:
  • (CFOs) and (CEOs) must personally verify and certify the accuracy of financial filings with the Securities and Exchange Commission (SEC). 
  • CFOs and CEOs must attest that all disclosures provide an accurate picture of the firm. 
  • Certain internal controls (e.g., board of director and audit committee composition) are required, and any deficiencies (including uncovered fraudulent activity) must be promptly and accurately disclosed to investors and regulators. 
  • The firm’s reporting procedures and internal controls must be audited annually. 
  • Audit committee member names must be publicly disclosed, and they must 
    • be able to understand accounting principles, 
    • be able to comprehend financial statements, 
    • and have audit experience.
  • key lessons learned from risk management failures during the financial crisis
    • Stakeholder priority. Some firms have a diverse set of stakeholders, such as depositors (banking sector), borrowers (banking sector), regulators, employees, bondholders, and shareholders. At times, this widely diverse group has competing needs, which makes risk management challenging.
    • Board composition. The financial crisis did not provide clear guidance on the traditional advice for board composition to be independent, engaged in the process of supervision, and a collection of professionals who hold a level of industry expertise. In particular, the banking sector showed no difference in outcome, whether board directors were internal or external stakeholders. This reality confounds traditional logic and was probably the result of external forces that could not be mitigated by independence. 
    • Board risk oversight. Education for board members is necessary to ensure recognition of the importance of this role and the link between the board and the risk management infrastructure. 
    • Risk appetite. The board needs to clearly articulate and communicate the firm’s risk appetite to stakeholders. This risk budget should be translated into an enterprise level risk limit system. 
    • Compensation. The board should exercise control over management compensation regimes to not incentivize undesired risk-taking behavior. Compensation structures that use deferred bonus payments and clawback provisions should be considered.
  • Basel I. The Basel Accord of 1988 (Basel I) -Basel I flowed out of the preceding Latin American debt crisis. This accord focused on managing credit risk by recommending minimum capital of 8% of a bank’s risk-weighted assets. 
  • Basel II. -2006. This regime included both trading and lending activities in capital adequacy standards. Basel II also imposed disclosure suggestions and standards for bank supervision by regulators. 
  • Basel III. In a direct response to the financial crisis of 2007–2009, Basel III was born. This system factors both company-specific (idiosyncratic) risk and market-level (systematic) risk. 
  • Basel III) limits Tier 1 capital (a core measure of a bank’s strength) to include common equity and retained earnings. It also imposes a liquidity coverage ratio, where banks must hold enough highly liquid assets to fund 30-day’s worth of cash needs. A net stable funding ratio was also established to encourage banks to have at least one year’s worth of stable cash flow to fund required operations. The last step was to add a macroprudential overlay to lessen systematic risk and procyclicality. This overlay consists of five elements
    • A leverage ratio (Tier 1 capital/total consolidated assets) cap of 3%. . 
    • A countercyclical capital buffer. . 
    • All global systemically important banks have minimum total loss-absorbing capital standards. . 
    • Because of concerns about systemically important markets and infrastructures, Basel III is encouraging as many trades as possible to be centrally cleared. This step is to minimize counterparty risk. .
    •  Risk modeling and stress testing are being modified to better capture tail risk.
  • In 2015, the BCBS issued revised guidelines for banking sector risk management. They are summarized as follows:
    • Responsibility of the board of directors. 
    • Board composition. 
    • Policies of the board. 
    • Senior management. 
    • Governance for a conglomerate. A conglomerate is a business that is a compilation of several other businesses. This is often structured with a parent firm and several child firms which conduct daily operations in different functions. The board of the parent firm needs to have ultimate oversight over the operations of all members of the conglomerate. . 
    • Risk management function. 
    • Risk identification, monitoring, and control.
    • Risk communication. 
    •  Compliance. board is ultimately responsible for overseeing compliance risk management. .
    •  Internal audit. 
    • Compensation. The board should organize and supervise the firm’s compensation structure such that management is held financially accountable for risk decision making.
    • Disclosure. firm’s risk management process should be adequately disclosed to stakeholders.
  • In 2016, Basel III was expanded to include the Fundamental Review of the Trading Book (FRTB). This framework is intended to broaden the inclusion of market risk exposures.
  • While the financial crisis of 2007–2009 prompted Basel III, it also resulted the DoddFrank Act
    • Previous to 1999, banks operated under the Glass-Steagall Act, which prohibited commercial banks from operating investment banking divisions in the same firm.
    • The Graham-Leach-Bliley Act (introduced in 1999) removed this barrier and permitted bank holding companies to reform as financial services holding companies (FSHCs). These FSHCs could combine commercial (depository) banking under the same corporate umbrella as investment banking, insurance, and broker-dealer services.
  • After the financial crisis, the Dodd-Frank Act was enacted (in July 2010) to address several issues related to financial consumer protection and market stability. A list of seven key elements of Dodd-Frank follows:
    • Strengthen the Fed.  Fed given oversight over all systemically important financial institutions (SIFIs) with assets greater than $50 billion. 
    •  Ending too big to fail. This legislation ended the too big to fail theory and created an orderly liquidation authority to deal with failure of a large financial institution. 
    • Resolution plan. All SIFIs are required to submit a living will to the Fed. This document should outline governance resolution planning in the event of corporate distress.
    • Derivatives markets. Dodd-Frank attempted to create more transparency in derivatives markets by reducing counterparty risk. 
    • The Volker Rule. This infamous rule would re-impose some of Glass-Steagall by prohibiting banks from engaging in proprietary trading (trading with the bank’s money).
    • Consumer protection. Dodd-Frank created the Consumer Financial Protection Bureau to regulate consumer-facing financial products. 
    • Stress testing. Robust and dynamic stress testing must include a top-down approach that incorporates macroeconomic shocks and their impact on several types of risk (e.g., credit risk, liquidity risk, market risk, and operational risk). This stress testing must be incorporated in a bank’s liquidity planning process, and the outcome will be evaluated at the bank level and at the economy level by the Fed. 
      • There is one stress test performed by the Fed for banks with assets above $10 billion (i.e., the DoddFrank Act Stress Test) and another test for banks with assets exceeding $50 billion (i.e., the Comprehensive Capital Analysis and Review). 

Governance of Risk Management Best Practices

  • The board of directors should be comprised of a majority of independent members to maintain a sufficient level of objectivity with regard to making decisions and approving management’s decisions. 
  • All members should possess a basic knowledge of the firm’s business and industry, even if they are outside of the industry.
  • Conflicts of interest is a major focal point for the board. This is traditionally thought of as agency risk, which is risk associated with owners and operators of a business being different groups of people.
  • Conventional wisdom suggests that the board should remain independent from management
  • board should take the following steps in executing their risk management duties:
    • Clearly articulate an enterprise-level risk appetite. . 
    • Determine whether known risks should be retained, avoided, mitigated, or transferred. . 
    • Establish and maintain a CRO role that reports directly to the CEO with ongoing access to the full board as needed. . 
    • Establish a risk committee that is comprised of individuals who are knowledgeable in the risks faced by the firm. . 
    • Connect the work of the compensation committee with the firm’s risk appetite and the work of the risk committee. . 
    • Maintain an independent audit committee that can monitor relevant actions.
MF Global
  • In 2010, Jon Corzine held the dual roles of CEO and chairman of the board of MF Global.
  • Corzine ignored the warnings of his CRO and placed substantial proprietary trades in European debt instruments. 
  • The Greek government was in the middle of a debt crisis, which spilled over into many other European sovereign issues. The result was catastrophic losses of approximately $1.6 billion for MF Global that ultimately resulted in their bankruptcy. 
  • There was no counterbalance to the CEO’s decision-making because the CEO was also the chairman of the board. These roles should be separate and independent for stakeholder protection. 

Risk Appetite vs. Business Strategy

  • There must be consistency between the firm’s risk appetite and its business strategy
  • Understanding the risk supervision hierarchy is important in pursuit of linking risk tolerance to business strategy. The board sets the enterprise-level risk appetite through the risk committee, which is a subset of the full board. The CRO is responsible for day-to-day risk supervision and is able to approve temporary breaches of communicated risk limits as long as the enterprise-level risk limits are still within board-established tolerance bands. The CRO should report to the CEO; however, the CRO functionally operates as a liaison between the board and senior management. 
  • The risk appetite is operationalized through risk limits, which can be monitored through stress testing and value at risk (VaR) analysis at both the asset-class-level and at the business unit level.
  •  In the wake of the financial crisis of 2007–2009, the G20 countries recommended a specific series of managerial compensation reforms, which are enumerated as follows:
    •  Eliminate multi-year bonus guarantees. . 
    • Make supplementary compensation symmetrical by using deferred payment features and clawback provisions to encourage long-term thinking. . 
    • Limit the amount of incentive-based compensation (often set at 100% of salary or 200% with shareholder approval). . 
    • Establish disclosure requirements to make compensation packages more transparent for stakeholders. . 
    • Affirm the independence of the compensation subcommittee of the full board.
  • Recently, compensation committees have devised a new structure known as a bonus bond, which is a bond that only pays a benefit if certain thresholds are met. The Swiss bank, UBS, uses this system, and their executives will lose the bonus bond if regulatory capital ratios fall below 7.5%.


Audit Committee 

  • The audit committee (a subcommittee of the full board) has traditionally been responsible for the reasonable accuracy of the firm’s financial statements and its regulatory reporting requirements.
  • They need to ensure that board-established policies are being followed and that those policies are sufficient to adequately monitor and control risk exposures.
  • The firm’s internal auditors report to the audit committee and they are responsible for monitoring risk management procedures, tracking the progress of existing systems, and affirming the efficacy of the existing policies/systems
  •  internal auditors should also verify adherence to compliance standards and offer an opinion on the validity of calculated risk metrics like VaR
  • When market risk is involved, the audit function should validate any pricing models (e.g., derivatives valuation) used for risk monitoring.
  • Another key role is to offer an opinion on the assumptions (i.e., volatility, correlations, etc.) used in internal risk estimation. 
  • The audit function needs to remain independent from the day-to-day implementation of risk management policies
  • As a collective, there should be a proper balance of independence, knowledge of the business, and ability to ask probing and relevant questions.
  •  The audit committee is largely meant to be independent of management, but it should work with management and communicate frequently to ensure that any issues arising are addressed and resolved

Comments

Post a Comment

Popular posts from this blog

Market Risk : Estimate VaR using a historical simulation approach

  What is VaR? Value at Risk (VaR) measures the potential loss in value of a portfolio over a defined time period for a given confidence level. It answers the question: "How much could I lose with x % x\% x % confidence over t t t days?" Historical Simulation Approach This is a non-parametric method that uses actual historical returns to estimate potential future losses. It assumes that the past distribution of returns is representative of the future. Steps to Estimate VaR using Historical Simulation Collect Historical Data Gather historical price data for the assets in the portfolio. Calculate daily returns for each asset using: r t = P t − P t − 1 P t − 1 r_t = \frac{P_t - P_{t-1}}{P_{t-1}} r t ​ = P t − 1 ​ P t ​ − P t − 1 ​ ​ where P t P_t P t ​ is the price on day t t t . Simulate Portfolio Returns Compute the daily portfolio return for each historical period. For a portfolio with n n n assets: R t = ∑ i = 1 n w i ⋅ r i , t R_t = \sum_{i=1}^n w_i \cdot r_{i,t} R ...
Read more

Market Risk Problem 1 - Calculate VaR using Parametric approach

 Assume that the profit/loss distribution for XYZ is normally distributed with an annual mean of $15 million and a standard deviation of $10 million. Calculate the VaR at the 95% and 99% confidence levels using a parametric approach. Given Data Distribution : Normal. Mean ( μ \mu μ ) : $15 million (annual). Standard deviation ( σ \sigma σ ) : $10 million (annual). Confidence levels : 95% ( z = 1.645 z = 1.645 z = 1.645 ). 99% ( z = 2.33 z = 2.33 z = 2.33 ). Formula for VaR The parametric VaR formula is: VaR = ∣ z ∣ ⋅ σ − μ \text{VaR} = |z| \cdot \sigma - \mu VaR = ∣ z ∣ ⋅ σ − μ ∣ z ∣ |z| ∣ z ∣ : z-score corresponding to the confidence level. σ \sigma σ : Standard deviation (risk/volatility). μ \mu μ : Mean (expected gain/loss). Step-by-Step Calculations 1. VaR at 95% Confidence Level ( z = 1.645 z = 1.645 z = 1.645 ) VaR 95 = ∣ 1.645 ∣ ⋅ 10 − 15 \text{VaR}_{95} = |1.645| \cdot 10 - 15 VaR 95 ​ = ∣1.645∣ ⋅ 10 − 15 VaR 95 = 16.45 − 15 = 1.45  million . \text{VaR}_{95} = 16.45 -...
Read more

Market Risk : Estimate VaR using a Parametric Approach

What is the Parametric Approach? The parametric approach assumes that portfolio returns follow a specific type of mathematical distribution (like a bell-shaped curve for normal distribution). Using some simple formulas, we calculate how much you could lose at a certain confidence level (like 95% or 99%). Steps to Estimate VaR 1. Get the Data You need: Portfolio value (how much your portfolio is worth today). Mean return (average return, usually based on past data). Volatility (how much the returns fluctuate, measured as a standard deviation). Confidence level (how certain you want to be about the worst-case loss, like 95% or 99%). 2. Use a Formula VaR is calculated as: VaR = z ⋅ Volatility ⋅ Portfolio Value \text{VaR} = z \cdot \text{Volatility} \cdot \text{Portfolio Value} VaR = z ⋅ Volatility ⋅ Portfolio Value Here: z z z is a number from statistics that depends on the confidence level: For 95%, z = 1.645 z = 1.645 z = 1.645 . For 99%, z = 2.33 z = 2.33 z = 2.33 . Multipl...
Read more