Only a fraction of the nation’s banks are required to have a board-level risk committee. Under the Federal Reserve’s enhanced prudential standards coming out of the Dodd-Frank Act, publicly traded bank holding companies with assets of $10 billion or greater and all other bank holding companies with assets of $50 billion or greater must have a risk committee.
But banks of all sizes are going ahead and adding risk committees anyway. The Bank Director 2014 Risk Practices Survey, sponsored by FIS, identified that 76 percent of banks with assets between $5 billion to $10 billion and 54 percent of banks with less than $5 billion in assets had proactively implemented a board-level risk committee even though they did not have to by law.
A key finding from the survey was that banks that implemented a separate board-level risk committee performed better financially and reported a higher median return on assets (ROA) of 1.00 and median return on equity (ROE) of 9.50, compared to banks that govern risk with a combined audit/risk committee or within the audit committee. Having a board-level committee focused on how risks can be mitigated to enable attainment of financial and strategic plan objectives will result in a higher level of performance.
The other key benefit that a separate board-level risk committee can provide is proactive oversight of risk management. Effective risk management is identifying and mitigating risks before they become a material problem. It is forward-looking, not reviewing after the fact. So trying to oversee risks with a combined audit/risk committee or within an audit committee is extremely challenging and conflicting, since the focus of the audit committee is looking in the rear view mirror and after the fact. A risk committee can stay focused on overseeing risk limits and tolerances, and look for systemic risks and emerging risk trends. This way, material problems and surprises can be avoided before they arise and negatively impact earnings, capital or reputation.
So how can one go about implementing a highly effective board-level risk committee? The key to success is to get it right from the beginning. Start with the committee charter. The charter sets the tone and is the foundation for a highly effective risk committee.
The following PDF is a risk committee self-assessment checklist based on the Federal Reserve requirements for bank holding companies and industry best practices. A Yes answer will confirm either compliance with a regulatory requirement or a best practice. A No answer will identify a weakness. So if you have a risk committee, use the checklist to identify gaps and areas for improvement. If you do not yet have one, use the checklist below to jump start devising the risk committee charter.