Article 1 Section 8 of the US Constitution establishes the power of Congress to regulate commerce. The 2007-08 financial crisis exposed a general failure among businesses to follow sound risk management policies and raises questions about the extent to which Congress’ authority can be used to regulate corporate risk taking. The specific question to ask is not if Congress has the authority to impose general risk management standards on businesses, but rather is it able to effectively determine appropriate risk management guidelines itself?
Congress’ authority over the money supply makes financial and operational risk management in the banking sector an ongoing exercise that can leverage basic economic principles and risk tolerance guidance from the Basel Accords. But the outrage over risk management failures and their domino effect across the global economy has congressmen targeting corporate risk management practices in industry sectors beyond finance.
Most government regulations and standards set accountability rules and add costs that reflect the need to conduct business while considering externalities associated with the greater public good. In contrast, the regulatory requirements of the Dodd–Frank Wall Street Reform and Consumer Protection Act attempts to directly set how businesses are managed and their risk appetite.
Balancing Risk Aversion and Global Competitiveness
The current ideological battle in Washington over how a government can best manage the nation’s welfare has given ground to preferences for more business regulations that impose risk aversion. But public policy efforts that intend to rein in risk appetite in general, and tighten specific risk tolerances, face slim chances of success when most companies still struggle to implement efficient risk management programs and policies for their own unique business environment. Can we expect government regulation to guide the right course while maintaining competitiveness in the global economy?
The Dodd-Frank Act moves beyond regulating systemic financial sector risks to influence individual corporate risk management strategy. Using SEC rules to enhance shareholder power and setting a preference for the separation of the CEO and chairman roles, the latest government regulations ultimately aim to limit corporate risk appetite. The intention is to create a board and management team that is more responsive to shareholder risk aversion. The problem is this is only theoretical.
At the 2010 University of Connecticut School of Law symposium on Regulating Risk, Ohio State University Assistant Law Professor Paul Rose highlighted reasons why we should be suspicious of the outcome of the Dodd-Frank Act. In his paper, Regulating Risk by “Strengthening Corporate Governance,” Rose notes the dubious relationship between governance frameworks and corporate performance. The board structure outlined in Dodd-Frank has shown no empirical evidence for better risk management outcomes in the US or the United Kingdom.
His conclusion is the Dodd-Frank Act, in the worst case, exacerbates risks by empowering stakeholders that have a tendency toward a risky crowd mentality and, in the best case, is “merely a pointless exercise in political crisis management that will have no significant positive or negative effect on corporate governance or risk management.” Shareholders simply do not demonstrate any greater affinity toward risk aversion than tightly-controlled corporate boards.
The case for government involvement in guiding risk appetite and risk tolerance relies on the concern that executives tend to ignore, discount, or even eliminate the bearers of bad news and warnings in potentially volatile markets. The opposing argument observes risk management is difficult enough to enact for a single company let alone for entire industry sectors or country risk management.
Government Policies Favor Risk Mitigation Over Risk Optimization
Accurately planning for dynamic business conditions is critical. A politically-charged, government decision-making process slowed by bureaucracy has minimal chances of timing any specific risk management policy guidance as shifting business conditions call for reassessing risk appetite levels.
A 2010 OECD study, Risk and Regulatory Policy: Improving the Governance of Risk, observes most countries have not developed a coherent risk policy framework for managing regulations across agencies as they are largely reactive to changing public risk concerns. The report states governments need a deeper understanding of the interconnection and tradeoffs of public risks and could gain greater insights by leveraging private sector knowledge on risk management. Politicians and government officials almost always focus on risk mitigation rather than risk optimization.
Successful enterprise risk management requires a unique blend of risk knowledge, data collection, information systems, decision rules, processes, reporting, governance structure, and corporate culture for each business entity. Despite public outrage over glaring risk management failure examples among US corporations, government policymakers cannot dictate specific governance and risk management processes. This must emerge from the natural pressures of market dynamics and shareholder oversight for each organization.
We may not have perfect risk management frameworks in place today, but we are improving the tools and processes to achieve more sound risk-aware business decision making processes. Risk management best practices and supporting technology and information sources are set to evolve quickly in the coming years.