If you are the general counsel of a small or medium size
company in an unregulated industry, you may think risk management is an
interesting topic, but that it isn’t a critical issue in your industry. This
may not be the case.
In some respects banks may provide a preview of your future
compliance efforts. Evidence of this can be found in many of the corporate
governance certifications and controls for public companies that are now
mandated by Sarbanes-Oxley. These controls have been part of the banking
industry’s control infrastructure for years pursuant to banking laws and
regulations.
For a long time now, bank general counsel
have known all too well the importance of risk management to the success of
their companies. Banking laws and regulations have helped make risk management
a higher priority for us, and the experience has proven beneficial. As risk
management increases in importance across industries, a look at the banking
industry and one general counsel’s experience may offer some useful tips for
the future.
Given the importance of banks as financial intermediaries,
banking institutions are among the most highly regulated entities in the United
States. As a result, in addition to the internal control procedures generally
applicable to public corporations, the U.S. bank regulatory agencies have
issued several extensive directives to banks on their need to manage a wide
range of risks.
These regulations are not random. They reflect an
understanding that a solid risk control foundation and risk management
framework are key to the health of the institution as well as the confidence of
customers, shareholders and the markets at large.
Each major bank has an integrated risk management framework.
The objective of this framework is to identify, measure, monitor, report and
manage risk throughout an organization.
It encompasses credit risk, market risk, reputational risk,
operational risk, compliance risk and, of course, legal risk. The framework is
established at the board of director’s level, implemented at the management
level and monitored by the board’s audit committee and special purpose
subcommittees, which have subject matter expertise. Relevant policies are
developed and integrated to ensure that the risks are mitigated.
The process starts with the identification of requirements,
which may include laws, regulations and internal policies. From these
requirements controls are created and implemented, such as procedures,
communications, training, management oversight and systems.
A monitoring program is then established to ensure that
controls are operating effectively. While monitoring the controls, issues will
arise, and an issues management process will provide the most critical
component of the framework. This process can serve to enhance controls so that
an organization can further its compliance with the requirements, ensure
effective risk management efforts and achieve overall business objectives.
Top 10 Reasons
As someone who has been at the front end of the risk
management trend, I share with you the top 10 reasons why risk management
really matters to the general counsel:
1. Your shareholders, board of directors and senior
management are expecting you to focus on, and address risk management.
2. Your external auditors are expecting the same.
3. It provides a formal framework to manage potential issues
that may impact your business.
4. It will help you identify small and seemingly
insignificant issues and address them before they become “problems.”
5. It will cause you to focus on important areas that do not
routinely get the attention of management.
6. If you are in a regulated industry, it will make your
regulators very happy.
7. Failure to do so could have a negative impact upon your
company’s share price.
8. It will enable you to provide a higher quality of legal
advice and counsel to your client.
9. It makes good business sense.
10. You will sleep better at night.
I would encourage you to tap the extensive experience that
banks have garnered in this area and incorporate these concepts into your legal
department’s business plan. You will find that the benefits a risk management
program provides will far outweigh the burdens of developing and implementing
the program.
You will have a healthier company, a company positioned to
identify, evaluate and respond to risk. Just remember that risk management really
matters.
Joel Brickman is senior vice president, secretary and general
counsel of Citizens Financial Group, Inc.