Prior to 2008, it was not uncommon for a bank to assign its risk oversight responsibilities to the audit committee of its board of directors, or in some cases, to even divide those tasks between a number of other committees. Since then, a number of policies and guidelines have been enacted (including, notably, the Basel Committee for Banking Supervision's Corporate Governance Principles for Banks in July 2015) that set new standards and procedures with respect to how financial institutions are to monitor and moderate risk.

PricewaterhouseCoopers recently completed a study entitled Board Governance: Higher Expectations, but Better Practices?, which considers the policies and practices of the ten largest banks in the United States, focusing on boards of directors that have undergone significant changes including structural and functional transformation. The study finds that the impetus for these changes has largely been: (1) the need to comply with new or increasingly stringent regulatory requirements (that began and continue to emerge in the post-2008 environment); and (2) the recognition that better internal risk governance policies can empower boards to monitor—and if necessary, challenge—management on key operational decisions.

The study found that since 2008, all ten of the largest banks in the United States have created dedicated audit committees, compared to only twenty percent in 2008, prior to the financial crisis.

Although the formation of risk committees is now a requirement, the banks have supplemented the regulatory frameworks imposed by the U.S. Federal Reserve's Enhanced Prudential Standards with additional in-house policies. For example, nine of the ten largest banks require a minimum number of directors to sit on the risk committee, despite the fact that the Federal Reserve has not set any such requirement. Increased committee sizes typically signal an increased desire for direct engagement in a specific area. In addition, 60% of the subject banks have self-imposed a rule that the risk committee be entirely independent, regardless of the fact that the Federal Reserve only requires that there be at least one independent director. Other refinements over the regulated standards include having at least one director with directly relevant risk management experience and including former regulators on the risk committee.

There are, however, areas where banks still fall short. Significantly, roughly one-third of the ten largest banks do not require their respective risk governance policies to be approved by the risk committee and roughly one-fifth do not require either the board of directors or the risk committee to approve risk appetite standards. In addition, only half of the banks require the chief risk officer to report to the risk committee. Issues such as these can raise the concern that these committees are devoid of actual influence on institutional direction and daily operations.

The study makes a number of recommendations. Banks should: (1) enshrine regulatory expectations in risk committee charters; (2) augment their boards with additional independent directors with relevant experience; (3) ramp up risk-related board training sessions; (4) establish internal standards for risk issue escalation, ownership and resolution; and (5) increase the risk committee's engagement with  the chief risk officer. In order to prevent another big short, financial institutions must give greater attention to the risks they are willing to take on, and a large part of that is through empowering the risk committee in such a way so as to most effectively carry out its mandate.

Norton Rose Fulbright Canada LLP

Norton Rose Fulbright is a global legal practice. We provide the world's pre-eminent corporations and financial institutions with a full business law service. We have more than 3800 lawyers based in over 50 cities across Europe, the United States, Canada, Latin America, Asia, Australia, Africa, the Middle East and Central Asia.

Recognized for our industry focus, we are strong across all the key industry sectors: financial institutions; energy; infrastructure, mining and commodities; transport; technology and innovation; and life sciences and healthcare.

Wherever we are, we operate in accordance with our global business principles of quality, unity and integrity. We aim to provide the highest possible standard of legal service in each of our offices and to maintain that level of quality at every point of contact.

Norton Rose Fulbright LLP, Norton Rose Fulbright Australia, Norton Rose Fulbright Canada LLP, Norton Rose Fulbright South Africa (incorporated as Deneys Reitz Inc) and Fulbright & Jaworski LLP, each of which is a separate legal entity, are members ('the Norton Rose Fulbright members') of Norton Rose Fulbright Verein, a Swiss Verein. Norton Rose Fulbright Verein helps coordinate the activities of the Norton Rose Fulbright members but does not itself provide legal services to clients.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.