Moody’s thinks corporate risk governance is still lacking at many large banks.
In a Special Comment, Moody’s said there is significant room for improvement in the risk governance of many large banks and added that it will be looking closely at the issue in determining bank credit ratings. Moody’s singled out JP Morgan Chase (NYSE:JPM), Macquarie and Santander (STD) as exceptions, with all three banks having a powerful Chief Risk Officer reporting to the CEO and the Board. By contrast the CROs at Barclays (NYSE:BCS), Goldman Sachs (NYSE:GS) and HSBC (HBC) report to the CFO. Santander also leads in the frequency of risk committee meetings at 120, followed by BBVA at 45.
With a focus on 35 large banks in Europe, North America and Asia-Pacific the report reviews risk governance practices, covering risk committee structure and frequency of meetings, risk committee composition and the existence, reporting line and status of the Chief Risk Officer (CRO).
- Only half of the banks we examined have a dedicated board-level risk committee covering all risks.
- Even in those firms with a board-level risk committee, meetings of this committee are not as frequent as we would expect, in particular considering the current market crisis.
- For many banks the actual independence1 of the risk committee is not adequate and/or the professional experience and background of the committee members are not fully in line with the demands of the role.
- Most banks have a dedicated CRO, but there is still a minority of banks where this is not the case.
- For those banks that do have a CRO, not all report to the CEO. Moreover, a joint reporting line of the CRO to the CEO and the board occurs in only three banks (JPMorgan Chase, Macquarie and Santander).
“Only half of the banks we examined have a dedicated board-level risk committee covering all risks and meetings are not as frequent as we would expect. Moreover, for many banks, the actual independence of the risk committee is not adequate and/or the professional experience and background of the committee members are not fully in line with the role.” says Alessandra Mongiardino, a London-based Moody’s Vice President — Senior Credit Officer and main author of the report.
The report also notes that whilst most banks have a dedicated CRO, there is still a minority of institutions where this is not the case. “For those banks that do have a CRO, not all report to the CEO. A joint reporting line of the CRO to the CEO and the board, consistent with best practices, occurs in only three banks” adds Mongiardino.
Moody’s believes that strong checks and balances to a financial firm’s management, provided by the board, are an important rating consideration.
The quality of a financial institution’s risk governance is a main input in the overall assessment of a firm’s risk management, representing one of the qualitative factors (incorporated in Moody’s methodology) with which to assess stand-alone financial strength of banks and other financial institutions.
Moody’s expects to see a strengthening of the risk governance of large financial institutions in the near-to-medium term, and will monitor this closely; in particular, the rating agency will look for any loss of momentum once the global financial crisis starts easing. Moody’s notes that its analysis is company-specific and considers the appropriateness of the changes in the context of the business model and the risk profile of each bank. The rating agency also observes that weaknesses in risk governance — if not adequately addressed — will continue to exert downward pressure on ratings in the current environment, and could constrain upward rating movement after the current financial crisis subsides.