JPMorgan, warned earlier over risk governance, highlights oversight challenges

May 15, 2012

By Emmanuel Olaoye, Julie DiMauro and Randall Mikkelsen

NEW YORK, May 15 (Thomson Reuters Accelus) – Corporate executives and boards face big challenges monitoring risk at complex banks like JPMorgan Chase & Co, which was warned by an investor group last year that its board had “serious deficiencies” and was not up to the task.

Challenges to connecting the dots to form a clear risk picture at sprawling global institution with multiple business units like JPMorgan include difficulties tracking data, differing regulatory jurisdictions, and crucially, inadequate corporate governance.The risks and challenges came into the spotlight last week with the announcement that a failed hedging strategy by JPMorgan’s Chief Investment Office in London cost the firm $2 billion.

But CtW Investment Group, a labor-backed shareholder group, last year warned JPMorgan in three letters to the board that the bank’s risk management committee was inadequate. The group urged replacing one of the three members of the risk committee on JPMorgan’s board — Ellen Futter, who was a director at American International Group Inc (AIG) before its near-collapse in and government bailout in the 2008 financial crisis — and increasing the committee’s authority and oversight responsibilities.

“We are deeply concerned that the current three-person risk policy committee, without a single expert in banking or financial regulation, is simply not up to the task of overseeing risk management at one of the world’s largest and most complex financial institutions,” an April 1, 2011 letter from CtW said.

“Without an overhaul of the committee’s mandate and membership, we are profoundly concerned for the committee’s ability to provide effective oversight of the risks being assumed across JPMorgan’s larger and more complex post-crisis operations,” the group said in a separate letter two weeks earlier.

A later letter indicated the group met with the head of JPMorgan’s risk committee that April, but the meeting did not alleviate all of CtW’s concerns.

JPMorgan’s trading loss this year brought the risk committee’s role to the fore.

“If we find out that this is yet another example like AIG where information was not trickling up to the risk committee, that is one kind of risk management problem that frankly should have been addressed a long time ago,” said Barbara Matthews, regulatory analyst at BCM Regulatory Analytics in Washington.

The Dodd-Frank financial regulatory overhaul requires major financial institutions to ensure boards are involved in the risk process and have a risk management committee that oversees activities within the bank. The Federal Reserve has proposed rules to implement the provision, which includes a requirement that at least one member of the committee be a risk management expert, but they have not been finished.

JPMorgan’s proxy statements say the bank’s chief executive is responsible for setting the overall risk appetite for the firm, while the heads of individual lines of business are responsible for setting the risk appetite for their respective units, subject to approval by corporation’s chief executive and its Chief Risk Officer.

JPMorgan says its risk management team is headed by a chief risk officer who reported to the board. It also said the risk management function operates independently to provide oversight of firm-wide risk management and controls.

While each business unit is responsible for managing its own inherent risk, overall oversight is provided by corporate-wide functions including the Chief Investment Office, the company said. That office was the source of JPMorgan’s trading loss last week.

GMI Ratings, a corporate governance analyst, gave its lowest rating – “F” – to JPMorgan’s corporate governance policies in general before disclosure of the loss, Reuters reported. Fewer than five percent of the companies rated by GMI get the bottom ranking, said Paul Hodgson, senior research associate at the GMI.

GMI also ranked JPMorgan’s financial statements lower than 92 percent of comparable firms in terms of accounting and governance risk.

JPMorgan Chief Executive Jamie Dimon acknowledged that the trading strategy that led to the loss was “flawed, complex, poorly reviewed, poorly executed, and poorly monitored.”


Efective risk monitoring for institutions like JPMorgan depends both on governance — with a clear policy and corporate mission statement — and accurate reporting on trading activity. “You cannot do the level of trading that JPMorgan did — with all of its layering and volume — without this type of corporate governance in place to manage the risk effectively,” said John Alan James, professor at Pace University’s Lubin School of Business.

Many banks face a challenge in collecting data about their business activities, and the situation hasn’t improved much since the financial crisis, said Edward Hida, global leader of the risk and capital management team at Deloitte & Touche LLP. Part of the problem is they are using old systems.

“The data issue really hasn’t been solved,” Hida said. “Its still a significant issue facing the industry overall,” Hida said.

The global nature of firms like JPMorgan also makes it hard for government regulators to have an accurate handle on a firm’s risks, Matthews said, and it was unclear what Britain’s Financial Services Authority knew or communicated to the U.S. Federal Reserve about the London investment office.

“We need to know if the regulators closest to the problem were aware of it. If they were aware of it were they able to share that information with the Fed? What was the relationship between the regulators? To have a global financial system, regulators need to function better together.”


Among the recommendations that CtW made to JPMorgan were charter amendments that would:

— Require that at least one member of the risk policy committee have an employment record in financial risk management.

— Authorize the committee to delinate risk limits for management, and require committee approval for transactions that exceed those limits.

— Authorize the committee to oversee the performance of the chief risk officer and oversee succession planning for the job.

— Give the risk policy committee the authority to retain outside advisers.

An August 26, 2011 letter from CtW to JPMorgan said that after the April meeting with the risk policy committee’s chairman, James Crown, JPMorgan had clarified some of its description of board risk oversight in its proxy statements. It also said it was encouragted that Crown had “endorsed the benefits” of bringing new independent directors to the board.

But CtW said it remained dissatisfied that Futter remained on the committee, and said an outside review of the board’s risk governance was essential. The size of the risk policy has not changed.

Hida said institutions can improve risk management at the firm level by understanding the organization’s ability to bear risk. Firms should also set risk limits in different areas of the business and monitor those limits on a continuous basis for events in the marketplace, he said.

Institutions should also take investors’ attitudes into account and compensate managers to take less risk, said Anat Admati, a professor of finance and economics at Stanford’s Graduate School of Business.

“The gap between what the bank chooses as its risk-management oversight capacity and what its investors would have chosen would be telling,” Admati said.

“As it is, managers are not given sufficient incentives for company-wide risk management. They seem to be compensated on measures that encourage risk in their own part of the company,” she said.

(This article was produced by the Compliance Complete service of Thomson Reuters Accelus. <a href=” ions/regulatory-intelligence/compliance- complete/” target=_new”>Compliance Complete</a> provides a single source for regulatory news, analysis, rules and developments, with global coverage of more than 230 regulators and exchanges.)

No comments so far

We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see