Governance failures contributed materially to the excessive risk taking leading to the financial crisis and improved governance is key to decreasing the chance of these events recurring. This paper, published by The Walker Review, examines corporate governance in the UK banking industry and many of the conclusions and recommendations are also relevant for other major financial institutions.  This review was conducted with input from many interested parties including bank executives and board members.  Goals of the review included making recommendations regarding several areas:

  • Risk management effectiveness at the board level
  • Remuneration policies and their risk management incentives
  • Required skills, experience, and independence of board members
  • Effectiveness of board practices and performance of audit, risk, remuneration, and nomination committees
  • Role of institutional shareholders in monitoring and engaging with boards
  • Whether the UK approach is consistent with international practice
  • Recommendations applicable to other financial institutions

This review is a preliminary version, with the final version of the report and recommendations due in November after the consultation period ending October 1st.

The banking industry requires more extensive governance policies than those that may be considered sufficient for non-financial businesses because of the pervasive impact the banking industry has on the economy and society in its normal course of business.  For banks, a balance must be struck between regulatory policies and constraints and the ability of boards to make decisions on business strategy they consider to be in the best interest of the shareholders.  The balance is important because one goal is to minimize the risks of crises while still permitting boards to be innovative and take risks.  Balances must occur in other areas as well, between executives and non-executives on bank boards and between short and long-term performance objectives.  The ability to effectively manage all of these competing goals depends on the abilities and experience of individuals as well as room for judgment and flexibility.

There are five key themes of the review:

  1. The Combined Code of the Financial Reporting Council is still fit for its purpose, although some modifications and better observance of the rules may be needed.
  2. Principal deficiencies in bank boards are much more related to patterns of behavior than to organization.  There is a critical need for a board environment where effective challenge of executives is expected when there are major risk and strategic decisions being made.
  3. Board-level engagement in the high-level risk process should be materially increased.  Particular attention should be paid to monitoring of risk and discussion leading to decisions on the entity’s risk appetite and tolerance.
  4. Major shareholders need to engage more productively with their investees to support long-term performance improvements and boards should be receptive to this interaction.
  1. There is a need for substantial enhancement in board level oversight of remuneration policies to ensure sufficient focus on the long-term and better alignment of interests. 

The draft recommendations presented in the review are proposed as best practices with the belief that their adoption will benefit banks and other financial institutions, their shareholders, and the public interest.  These recommendations are intended to provide a substantive contribution to improved governance in the banking industry and may provide benchmarks for emulation in other areas.  While there are 39 recommendations presented, only those most relevant to risk management are discussed here.

Board Size, Composition, and Qualification

With regard to the board’s role, there is a clear need for heightened and intensified board focus on monitoring risk and setting the risk appetite and relevance parameters central to a bank or financial institution’s strategy.  Boards also need greater insight and diligence in identifying low probability, high impact risks.

One recommendation suggests that more attention in the supervisory process of boards should be paid to the overall balance of the board in relation to the risk strategy of the business and to the relevant experience of individual directors as well as their access to an induction and development program providing an appropriate level of knowledge and understanding to equip them to proactively participate in board deliberation on risk strategy.

Because of the complexities in the banking industry in setting risk strategy and controlling risk, there is a strong need for industry experience on boards.  Risk strategies in the banking industry can be very vulnerable to market changes and the whole board, in addition to the executive team, needs to pay attention to developments in the risk space.  The greater the prospective risk appetite and complexity of the instruments used by an entity, the greater the need for financial industry expertise among non-executive directors on boards.

Functioning of the Board and Evaluation of Performance

One recommendation in the review is that non-executive directors should be prepared to challenge executive proposals on strategy, satisfying themselves that board discussions and decision making on risk matters are based on accurate and appropriately comprehensive information.  For this to occur, there needs to be a clearer expectation of behavior that involves increased readiness of boards to test and challenge executive management.  Also, boards should consider the merits of seeking external advice that could provide added critical input enhancing board awareness and improvement in areas such as strategic development and risk management.

Governance of Risk

Boards in the banking industry are constrained as to the type and extent of financial risk they can take due to regulation and supervision that will likely increase.  In order to prevent these increased regulations from taking away the ability of boards to innovate, boards will need to prove their ability to provide effective risk governance.  This can be accomplished by ensuring that risks are promptly identified and assessed and properly controlled and that strategy is aligned with and informed by the board’s risk appetite.

Several of the recommendations related to the governance of risk at banking and other financial institutions are highlighted here:

  • Boards should establish a risk committee separate from the audit committee with responsibility for oversight and advice to the board on current risk exposures and future risk strategy.
  • There should be a CRO, independent from individual business units, who participates in the risk management and oversight process at the highest level on an enterprise-wide basis.  The CRO should report internally to the CEO or CFO, as well as to the board risk committee.
  • A board risk committee report should be included separately within the annual report and accounts.  This report should describe the entity’s strategy in a risk management context, including information on key exposures inherent in the strategy and the entity’s associated risk tolerance.  The report should also provide high level information on the scope and outcome of the stress-testing program.  This report would help shareholders improve their understanding of the governance of risk-taking and of the risk appetite and performance of their investee, which are consequences of the business strategy being pursued. 

Establishment of a board risk committee is a key component to effective governance of risk.  The committee should be chaired by a non-executive director and a majority of its members should be non-executive directors.  The focus of the committee should be on major issues, leaving other matters to be resolved through the executive risk structure.  The committee should also consider whether receiving external advice would be helpful in making decisions.

The risk committee’s role should be to advise the board on risk appetite and tolerance for future strategy.  In order to make recommendations to the board about risk appetite, an integral part of the committee’s risk analysis should relate to current and targeted overall leverage.  The risk assessment process should involve qualitative and quantitative metrics to track risk management performance in implementation of the strategy agreed upon by the board.  The risk committee should also provide qualitative and quantitative advice to the remuneration committee on risk weightings to be applied to performance objectives incorporated in the incentive structure.


The recommendations related to remuneration aim to improve risk management by making remuneration structures that do not incentivize employees to pursue risky policies and undermine systems in place to control risk.  One recommendation is that the remuneration committee should cover all aspects of remuneration on a firm-wide basis, with emphasis on the risk dimension.  This would extend the remuneration committee’s purview over the entire firm to ensure there is appropriate oversight and capacity to determine the risk dimension of remuneration policies.  This is important because there are often executives below board level whose compensation lacks board oversight although they receive similar compensation and are in positions to potentially materially influence the direction and risk profile of the entity.

Another recommendation is that deferral of incentive payments should be the primary risk adjustment mechanism aligning rewards with sustainable performance for the most highly paid executives.  Also, the remuneration committee should communicate with the board risk committee to gain advice on specific risk adjustments to be applied to performance objectives in incentive packages.  Through these recommendations there will be increased explicit risk input to the remuneration process and better incentive alignment that should have a significantly positive impact.

Click link below to download the full report.

Link: Sir David Walker, “A Review of Corporate Governance in UK Banks and Other Financial Industry Entities,” Walker Review, July 16, 2009.

Subscribe to ERM Insights

The latest research, insights and opportunities from the NC State ERM Initiative to help
you and your organization lead with confidence.

ERM Enterprise Risk Management Initiative 2009-07-16