Search results

In most industries, legal entities of a certain size and complexity must have a compliance function. Such requirement is either set forth by regulatory law or the governance rules of the relevant organisation. In the highly regulated credit industry, the role and responsibilities of the compliance function are more precisely defined than in other industries. This paper aims to analyse the personal accountability of senior compliance officers in a bank’s compliance function when there is a failure of proper compliance.

This paper is based on a keynote addressed at Jesus College, University of Cambridge, 7 September 2016. The author approaches the issue of senior compliance management by analysing development of international financial regulation with respect to legal requirements for compliance function. Subsequently, the author determines what constitutes senior compliance management and applies the various legal regimes to situations of compliance failures.

While the accountability of the chief compliance officer and deputy for compliance failures is not set forth in regulatory law, courts and scholars have acknowledged such personal responsibility exists resorting to principles of civil law (contracts or torts), criminal law or employment law. Approaches and questions for this legal analysis are similar in a civil law as well as in common law jurisdiction. The most relevant breach of contract of the chief compliance officer will be an omission to act (forbearance), i.e. the failure to properly organize the compliance function and/or to immediately report a compliance risk to the board.

Scholarly work in the law of compliance is still somewhat limited, thus the research also includes practitioners’ observations. The accountability of senior compliance management for compliance failures represents a growing trend in corporate governance to seek individual accountability for corporate misconduct; see, for example, US Department of Justice (DOJ) in its so-called Yates memorandum on “individual accountability for corporate wrongdoing”.

In incidents of non-compliance, banks and their compliance officers should be able to exculpate themselves if they can demonstrate proper organization of the compliance function.

The originality of this general review is to focus the analysis of accountability of senior compliance management on the credit industry and to consider latest developments in international financial regulation, such as the supervisory review and evaluation process (SREP) by the European Central Bank (ECB) in the single supervisory mechanism (SSM) or the corporate governance principles for banks by the Basel Committee on Banking Supervision (BCBS).

Traces the history of the development of the chief risk officer. Considers where the value of such a role lies. Outlines the skills required by the individual and discusses the competing issues which firms must bear in mind.

There are two main industry-sanctioned enterprise risk management (ERM) models, that is, COSO 2004 and ISO 31000:2009, that firms refer to when implementing ERM programs. Taken together, the two ERM models specify that firms should implement ERM programs to meet a strategic need, improve operations and reporting or to comply with government regulations or industry best practices. In addition, the focus of ERM implementation should be either the subsidiary, business unit, division, firm/entity or global level. The purpose of this study is to investigate whether firms are aligning their ERM implementations with these tenets: strategy, operations, reporting, compliance and the level of implementation.

The proxy for ERM implementation is the hiring of a Chief Risk Officer (CRO). The research data come from a sample of 122 US firms that issued a press release following the hiring of a CRO between 2010 and 2014. The press releases were retrieved and aggregated through content analysis in LexisNexis Academic.

The results reveal that many ERM implementations are occurring at the firm/entity level, and with the exception of reporting, firms consider ERM to be a strategic firm resource capable of improving business operations and compliance initiatives.

There is a dearth of research studies specifically investigating whether ERM programs adopted by firms are aligned with the specification of COSO 2004 and ISO 31000:2009 frameworks. The apparent lack of a clear understanding of the alignment between the firm ERM programs and the industry’s ERM frameworks may limit the development and implementation of ERM and the eventual realization of the benefits associated with a successful ERM implementation.

Does the adoption of the Enterprise Risk Management (ERM) improve bank profitability? Does ERM also reduce bank risk? By analyzing a sample of banks located in European emerging markets between 2005 and 2013, the aim of this chapter is to empirically investigate the determinants of firm performance, both in terms of bank profitability and risk, with respect to the adoption of Enterprise Risk Management (ERM). In order to capture the effect of the ERM program adoption on banks’ performance, we both use market-based measures as well as accounting-based indexes. Following the seminal literature on the topic (Aebi, Sabato, & Schmid, 2012; Eckles et al., 2014; Ellul & Yerramilly, 2013; Hoyt & Liebenberg, 2003, 2011; Lin, Wen, & Yu, 2012; Pagach & Warr, 2010), we adopt a binary proxy variable, that is, the appointment of a Chief Risk Officer (CRO), to define whether the firm is currently undertaking an ERM program. Our results show that a post-ERM firm experiences an increase in the risk-adjusted profits and a reduction of the overall risk.

The aim of this study is to advance research on the position of the CISO by investigating the role that CISOs play before and after an IT security breach. There is a dearth of academic research literature on the role of a chief information security officer (CISO) in the management of Information Technology (IT) security. The limited research literature exists despite the increasing number and complexity of IT security breaches that lead to significant erosions in business value.

The study makes use of content analysis and agency theory to explore a sample of US firms that experienced IT security breaches between 2009 and 2015 and how these firms reacted to the IT security breaches.

The results indicate that following the IT security breaches, a number of the impacted firms adopted a reactive plan that entailed a re-organization of the existing IT security strategy and the hiring of a CISO. Also, there is no consensus on the CISO reporting structure since most of the firms that hired a CISO for the first time had the CISO report either to the Chief Executive Officer or Chief Information Officer.

The findings will inform researchers, IT educators and industry practitioners on the roles of CISOs as well as advance research on how to mitigate IT security vulnerabilities.

The need for research that advances an understanding of how to effectively manage the security of IT resources is timely and is driven by the growing frequency and sophistication of the IT security breaches as well as the significant direct and indirect costs incurred by both the affected firms and their stakeholders.

Enterprise risk management (ERM) has become an important subject of increasing interest among companies throughout the world. It is gaining global attention among risk management professionals and academics. However, little is known about the extent of ERM implementation in the Tunisian context. More importantly, there are limited studies in literature that examine the determinants of this implementation. The purpose of this study is threefold, to propose an index to measure the level of ERM implementation, to examine the level of ERM implementation in Tunisian companies and to propose a conceptual framework for the determinants of this implementation. From the review of literature, several factors are found to be determinants of ERM implementation. Such factors are the presence of a Chief Risk Officer, the appointment of an internal auditor, the type of industry and the firm size.

To further understand the relation between ERM implementation and its determinants, a questionnaire survey was conducted in 2016 and administrated to 80 companies. Respondents were CRO and more often internal auditors or financial directors. Other data were collected from annual reports and notes to the financial statements. Along with this, the ordinal regression was applied to test the dependence between ERM implementation and its determinants.

Based on the data gathered, Tunisian companies have shown an increasing interest in risk management in the post-revolution context; however, an integrated approach of ERM implementation is still at an early stage. Descriptive statistics suggest that ERM is essentially developed in financial institutions, especially in banks and some large companies operating in non- financial industries. With regard to the multivariate regression results, the level of ERM implementation is positively related to the presence of a Chief Risk Officer, internal auditor, the type of industry and the firm size.

This study attempts to contribute to the risk management literature in two ways. Conceptually, this study proposes an ERM index to assess the level of ERM implementation. Empirically, it provides some empirical evidence that highlights factors which determine the level of ERM implementation. Therefore, this study will extend the scope of literature by providing novel empirical evidence by exploring the Tunisian context.

This paper aims to explore uncertainties in the interaction between Basel II and banking practices.

The research setting is a centralized bank’s risk control organization and its commercial lending operations. The bank, despite its early adoption of the Basel II Accord, experienced severe credit losses during the global financial crisis. The data consist of interviews with twelve decision-makers and risk specialists at the bank and interviews with four professionals outside the bank after the global financial crisis.

This paper finds that there are three types of uncertainties in the interaction between Basel II and banking practices. The paper also describes corroborative examples of efforts to reduce such uncertainties. Among such efforts, the decision-makers excluded the risk specialists from decision-making and decentralized decision-making to branch offices.

Although the literature generally portrays bank decision-makers and risk specialists as opposing groups, this research finds that the bank interviewees present complementary and confirmatory accounts on three types of uncertainties.

The findings suggest that increased regulatory pressure have operational implications for banking practices.

The paper has contemporary relevance with its sole focus on credit risk after the transition period provided for Basel II Accord.

The purpose of this paper is twofold: first to add to the debate on good governance and ethics of enterprise risk management (ERM) and second to describe an ethical maturity scale based on duty and responsibility for practical implementation to ensure better governance.

The methodology has centred on risk governance as a way for many organisations to improve their risk management (RM) practices from an ethical perspective based on responsibility and on fulfilling one's duty within the organisation.

While companies in Australia, for example, are more mature than those in Russia in terms of governance systems life cycle, there are a number of common international challenges in risk governance implementation. These relate to a link between risk framework, enterprise value model and strategic planning; to a definition of risk appetite, the embodiment of RM in organisational culture, internal audit and ERM function, the evolving role of a chief risk officer (CRO) and senior management buy‐in and sponsorship of the integrated ethical RM from a chief executive officer.

ERM – a way for many organisations to improve their RM practices – is a key component of the applied ethics of corporate governance. It has developed into a philosophy to assist organisations with the process of protecting shareholders' value while also increasing the bottom‐line profitability. Effective ERM is based on ethical risk governance. Internal audit needs to be involved in the process of integrating RM and compliance. It should maintain a degree of independence when assisting with ERM establishment. CRO is most effective when reporting to the board.

Global companies are becoming more accountable to multiple stakeholders. It is the adoption of an ethical code to arrest the lack of clarity of roles ascribed to the audit committee and risk committee and management's accountability or lack thereof that remains the challenge across different jurisdictions. In attempting to implement good governance and meet the challenges, the paper introduces an ethical maturity scale as an internal measure that could be embedded in an organisation's strategy.

In most financial institutions, chief risk officers (CROs) and their risk management (RM) staff fulfill a role in managing risk exposures, yet their lack of involvement in the governance has been cited as an influential factor that contributed to the financial crisis of 2007-2008. Various legislative and regulatory bodies have pressured financial firms to improve their risk governance structures to better weather potential future crises. Assuming that CROs and risk committees are given sufficient power to influence the corporate governance of financial institutions, can CROs and risk committees protect financial institutions from violating litigable securities law? Can they improve bank performance? The paper aims to discuss these issues.

The authors employ a principal component analysis to construct a single measure that captures various aspects of RM in a firm. The authors compare the risk governance characteristics of sued firms with their non-sued peers and consider one of the final outcomes of risky behavior: shareholder litigation. The authors compute ROA and buy-and-hold abnormal returns to capture operating and stock performance and examine whether risk governance improves bank performance by reducing litigation risk.

Proper risk governance reduces a firm’s litigation probability. The addition of the RM factor to models that have been previously proposed in the literature improves the accuracy of those models in identifying companies that are most susceptible to class action lawsuits. Better RM improves the financial and stock price performance of financial institutions.

The data collection is laborious as the information about CRO governance has to be hand-collected from the 10-K report. A broader sample employing, e.g., non-US banks may provide additional insights into the relationship between RM practices, shareholder litigation, and bank performance.

The study shows that a bank’s RM functions play a critical role in improving bank and operating performance and in reducing shareholder litigation. Banks should emphasize the RM function.

This is the first study to examine the mechanism behind the positive association between RM and bank performance. The study shows that better RM improves overall bank performance by decreasing litigation risk.

This study aims to explore the relationship between risk governance characteristics (chief risk officer [CRO], chief financial officer [CFO] and senior directors [SENIOR]) and regulatory adjustments (RAs) in Organization for Economic Cooperation and Development public commercial banks.

Using principal component analysis (PCA) and regression models, the research analyzes a representative data set of these banks.

A significant negative correlation between risk governance characteristics and RAs is found. Sensitivity analysis on the regulatory Tier 1 capital ratio and the total capital ratio indicates mixed outcomes, suggesting a complex relationship that warrants further exploration.

The study’s limited sample size calls for further research to confirm findings and explore risk governance’s impact on banks’ capital structures.

Enhanced risk governance could reduce RAs, influencing banking policy.

The study advocates for improved banking regulatory practices, potentially increasing sector stability and public trust.

This study contributes to understanding risk governance’s role in regulatory compliance, offering insights for policymaking in banking.