Mark Lennihan/Associated PressJPMorgan Chase has announced several changes in its oversight since it disclosed a $6 billion trading loss.Michael W. Peregrine, a partner at the law firm McDermott Will & Emery, advises corporations, officers and directors on issues related to corporate governance, fiduciary duties and internal investigations.
Last month, JPMorgan Chase released the internal analysis of the $6 billion loss in its synthetic credit portfolio in 2012. While the losses may seem as if they were aberrations that couldn’t happen elsewhere, the governance recommendations that were released as part of the internal analysis are highly relevant across corporate America, not just financial institutions.
From the public’s perspective, the 129-page report written by a JPMorgan management task force – which focused on what happened, why it happened and who was to blame – was the most intriguing. But a shorter companion report prepared by a board review committee holds many lessons for corporate boards on risk oversight practices.
The JPMorgan review of the trading loss concluded that the credit portfolio risks weren’t presented to the risk policy committee in a timely manner. Even though losses were beginning to mount at the bank, traders in London increased their trades over several months rather than exiting and cutting their losses, according to the report.
The full extent of the loss wasn’t communicated to the board’s risk committee until late April, shortly before the bank publicly announced the loss. Because of that delay, the committee wasn’t able to address the issue in its early stage and potentially limit its loss. It wasn’t a question of deficient governance, but rather one of deficient reporting.
This was clearly not a case where the board was asleep at the wheel. Rather, the JPMorgan analysis suggested that if the board members had received the information fully and promptly, they would have been able to better exercise their oversight responsibility.
JPMorgan’s recommendations deal directly with the kinds of “real world” reporting failures found in many corporate and nonprofit organizations. That starts with the need to present information that is useful to the risk committee, and in a manner and context that are meaningful to the committee. Issues that “keep management awake at night” need to be immediately brought to the committee’s attention. The higher the quality of materials, the more efficient the committee meeting process will be.
In addition, the JPMorgan report highlights the need to re-examine the committee charter for clarity of scope and purpose. That would help prevent overlap and gaps in the duties of the various board committees (e.g., risk, audit and compliance). Such a review also extends to the need to coordinate the role of the internal auditor.
The report adds to the mix an acknowledgment that audit and risk committee members have greater responsibilities and demands than their peers on many other committees do, as well as the indirect suggestion that the qualifications for committee membership must be particularly sterling.
The reality of life in a highly regulated industry is reflected in the recommendation that the risk committee maintain, where appropriate, more frequent and informal contacts with regulators to better demonstrate the committee’s interest in understanding regulatory concerns.
One of the most direct recommendations in the report relates to the independence of compliance and risk managers. An emerging view is that these managers should now report directly to the chief executive and not to a company’s general counsel. (Last month, JPMorgan said it had changed the chain of command so that its head of global compliance and regulatory management will report directly to the bank’s chief operating officers).
Moreover, the title and compensation of compliance and risk officers should command the same heft and responsibility of the post. Also proposed is a greater link between executive compensation and satisfaction of the board’s risk reporting standards.
With this episode, the JPMorgan board has placed a serious emphasis on the critical connection between information reporting and governance oversight. That process indeed counts, because a failure of process can seriously compromise the effectiveness of governance checks and balances.
And the connection is made in the context of an extraordinary controversy involving huge corporate losses, reputational harm and regulatory inquiry. These were failures that are not unique to JPMorgan or to high finance, but can be found in any corporation, no matter the industry.
JPMorgan’s situation will be fodder for business schools for years. But its more practical legacy may be decidedly nonfiction in nature — setting new standards for board oversight of operational risk. It provides a highly practical template for other boards, across industry lines, to replicate.
Mr. Peregrine’s views do not necessarily reflect the views of McDermott Will & Emery LLP or its clients.