Rapidly Evolving Risk Landscape is a Growing Governance Challenge for Boards, Say Directors
Board members, chief risk officers, and other key executives from 13 countries have issued guidance to boards of directors on how to best govern risk via specialized board risk committees.
As political and economic interactions become more complex, and as disruptive technologies and processes make innovation cycles massively shorter, boards of directors are paying more attention to risk. This week, the Directors and Chief Risk Officers group (“the DCRO”) published Guiding Principles for Board Risk Committees to help boards and those who depend on them enhance the risk governance practices of their organizations.
The guiding principles are based on the idea that all organizations must take risks to innovate and to achieve their goals. “Taking risk is in entrepreneurs’ DNA,” said Florence Anglès, Chief Risk Officer of REYL & Cie Ltd, an independent banking group in Switzerland. Getting the most out of an organization’s ability to take risk — its risk capacity — is enhanced by a board governance function that includes specialized focus on risk-taking. At the same time, boards have a duty of care that requires an appropriate framework be in place to ensure that such risk-taking is commensurate with their desired levels and expectations. “Having these guiding principles available is a great help to allow my organization make sure that the right oversight and infrastructure to measure and monitor risks at all stakeholder levels is in place,” said Maria Paula Calvo, Vice President Service and Global Technology and Operations Lead Mexico, for MetLife.
Within the guiding principles document is a tool for organizations to evaluate whether it is appropriate and therefore helpful for their board to establish and/or maintain a board risk committee providing the specialized skills and attention that good risk governance may require. “All directors are constantly evaluating risks to the corporation in all board and committee meetings,” noted Carol Gray, a board member at both IFM Investors Pty in Australia and Amex Bank of Canada. “However, with the appropriate forward-looking reporting metrics for a board risk committee to oversee the risk-taking activities of the corporation, all directors’ evaluations should be better informed with insight on management’s development and deployment of strategy from a return on risk perspective.”
According to Todd Davies, member of multiple boards in Australia, “the DCRO Guiding Principles for Board Risk Committees sets the aspirations and practices for a modern risk committee that is fit for purpose for the challenges and opportunities of our times.” He added that “many of today’s risk committees are often concerned with risk control and assurance — something that is important now as it always has been — but in a world of exponential complexity, uncertainty, and change, limiting risk’s focus on these domains is a recipe for opportunities missed and value destroyed.” The guiding principles note that one of the key functions of a board risk committee is to be forward-looking in its focus, linking the organization’s risk taking to the drivers of its success — something essential for value creation.
Board risk committees are prevalent among large banks in many countries, having been made a requirement by regulation following the financial crisis of 2007–09. But studies show that these governance committees are of growing importance across many industries and not just at large entities. “It is critically important that every organization understands the risks it faces and has developed an assessment of each of them,” noted Cyril Maybury, who chairs companies and audit and risk committees in Ireland. “The guiding principles document provides extremely useful guidance on the principles underlying the operation of board risk committees,” he continued. Gray, who also serves on the Board of Governors of Trent University in Canada, emphasized the guidelines’ applicability to non-financial entities as well, saying, “the DCRO Guiding Principles for Board Risk Committees provides me with an instructive document for the non-bank boards on which I serve to evaluate the merits of a board risk committee. Taking the learning from the financial sector into non-bank industries to develop fit-for-purpose risk committee mandates will complement the board’s responsibility for oversight on strategy and delivering results.”
The DCRO is an international organization with members from over 115 countries. It is unique in that it is an all-volunteer initiative where board members, chief risk officers, and other c-level executives share their knowledge and experience with others in order to advance the governance of risk-taking worldwide. “Such a breadth and depth of experience among DCRO members and especially among our governance council members allows the DCRO to put forward uniquely helpful guiding principles documents,” said David R. Koenig, the founder of the DCRO and chair of the DCRO Board Risk Committee Governance Council. “Our guiding principles documents are designed to be used day one by boards across many geographies and industries,” he added.
While some companies have either assigned the role of risk governance to an existing audit committee or have created hybrid audit and risk committees, these guiding principles note some cautions about those approaches. “The authors of the DCRO guiding principles envisage a role and focus that is complementary to but very different from the audit and risk committees that you might be familiar with, displacing and clarifying much of the existing thinking for those working in this space,” said Davies. “If you are responsible for leading or shaping board and committee activities at your organization, you’d be well-served by using this document.”
Further, it is also important to note that a board risk committee has a different function than the management of risks practiced by some company executives. They are connected, though, in an important manner. “Defining the right risk appetite aligned with a sustainable strategy is the ingredient of success and is done at the board level,” noted Anglès of REYL & Cie. “To reach this goal, every organization needs a risk champion within management, often a chief risk officer, with the support from the board and a dedicated committee composed of experts in order to oversee risk effectively.”
The seven key guiding principles in the document focus on:
1. The importance of full board ownership of risk governance and that such oversight responsibility can be enhanced by the specific focus of a board risk committee.
2. Linking risk-taking activities to strategic objectives and evaluating them from a return-on-risk perspective.
3. Developing board risk committee agendas that focus on key risk governance principles around corporate culture, tolerance for loss, and both internal and external communication about risk.
4. The importance of an organization’s governors gathering information from many sources to develop a full narrative of an organization’s risk-taking activities.
5. Interaction of a board risk committee with other board committees to enhance the overall risk governance of an organization.
6. The use of Qualified Risk Directors when forming the membership of board risk committees.
7. Using the work of the board risk committee to help organizations communicate simple-language risk disclosures to the public.
“The DCRO Guiding Principles for Board Risk Committees is a great accomplishment to provide a more certain level of effectiveness in our risk governance,” concluded Calvo.
The DCRO Guiding Principles for Board Risk Committees is the fourth in this series of practical documents being offered globally. Prior to this release, the DCRO issued guiding principles documents on Cyber Risk Governance, Compensation Committee Risk Governance, and identifying Qualified Risk Directors to serve on boards. All these documents are available without charge at www.dcro.org/guiding-principles.
Anglès, Calvo, Grey, Davies, and Maybury joined Koenig and nearly 20 other board directors, chief risk officers, and c-level executives from various industries as members of the DCRO governance council. In total, representatives from 13 countries collaborated to assemble the most recent guiding principles.
About the Directors and Chief Risk Officers group — The DCRO was formed in 2008 to focus on the top-level governance of risk in practice. Bringing together leading board members, chief risk officers, and other c-level officers whose jobs include a fiduciary responsibility for governance and risk management, the DCRO counts more than 2,000 members from large and mid-size for-profit and nonprofit organizations, coming from over 115 countries. DCRO members participate in facilitated meetings, conference calls, benchmarking research, and governance councils that allow them to compare current practices with those adopted by fellow members, those being required by regulatory bodies, or those expected by investors. Membership in the DCRO is strictly limited to active or recently active, board members, chief risk officers, or c-level executives with risk governance responsibilities. It is an all-volunteer initiative.