CROs: The high-wire act in the financial sector

Abstract

This paper proposes that the financial crisis of 2008–2010 demonstrates the need for a robust enterprise-wide risk management programme at financial institutions. Responding to the significant deficiencies that were found in risk management practices at some larger financial institutions, the ‘Dodd–Frank Wall Street Reform and Consumer Protection Act’ (Dodd–Frank) was enacted, effective 21st July, 2010 by the 111th US Congress. Dodd–Frank Section 165 requires, among other requirements, that certain financial institutions create independent board-level risk committees and practise enterprise-wide risk management. As required by Dodd–Frank, The Board of Governors of the Federal Reserve proposed Regulation YY, which brings greater clarity and detail to Section 165. This paper also proposes that, while Regulation YY provides for a sound structural foundation for the practice of risk management at financial institutions, the regulation cannot prescribe the human interaction and constructive dialogue between the chief executive officer, chief financial officer and chief risk officer with the board of directors required to prevent future risk management failures. The paper concludes by proposing possible solutions to this governance issue.