I recently spoke to a group of mutuals on the topic of director liability.
I discussed the James Hardie and Centro cases but instead of focussing on penalties for breaches I looked at risk management and linked it to the business judgement rule: can a director be held liable for every unforeseen business risk? What do directors need to do personally and as a Board?
In the end it is a question of what directors of financial institutions do to manage other people's money and how they control the risks. Are your customers the focus of everything you do?
In a recent speech APRA Chair John Laker identified the following factors in the boards of successful financial institutions:
- professionalism of the board: does the board have the financial industry experience and understanding of market complexities to ensure they can perform their fundamental role of independent and objective oversight?
- risk governance: does the board have the ability to accurately identify and understand the risks inherent in their business and ensure there are robust structures for managing and reporting on these risks?
- risk appetite: Has the board clearly defined the degree of risks they are prepared to assume in pursuing their strategic and business objectives? Does the risk management function have the authority and independence to challenge the business areas; are there clear risk management lines of reporting to the board?
- the flow of information to the board: does the board receive timely, relevant and comprehensive risk information? Is there too much information or too little? Do the reports provide an enterprise-wide perspective? Does information reach the board late and/or distorted? Is the information sufficient to give the board a holistic view of the risk exposures of their institution? Are there defined warning triggers?
- A values and risk culture: Is there a culture which drives people to do the right thing even when no one is looking. Is it consistent with the risk appetite of the board or with the personal values they expect of their staff?
Print This Post
Posted 27th March 2013 by David Jacobson in Legal, Risk management