With the recent bank collapses, the inevitable question has once again been raised — where were the banks' boards? Were they in part responsible for these financial debacles? The answer is a bit complicated. First, until the complete facts are finally revealed, it is hard to assign responsibility one way or another. Second, in an odd way, blame may in some part be assigned to some poorly thought-out corporate governance reforms of over two decades ago. But there are several important governance lessons that will probably emerge from the ashes of this recent financial disaster.
The failures of these institutions stemmed from a classic bank run. The financial weaknesses that were identified as the cause of the run, in retrospect, had little to do with the institutions' loan portfolios — which were the source of the 2008 financial crisis — but were on the liquidity side of the banks' holdings.
To cover deposit liabilities, these institutions had invested in U.S. Treasury bonds, generally considered the safest, most conservative investments. However, these obligations were long-term in duration. Thus, with the rapid spike in interest rates brought on by the severe inflationary pressures caused in part by the current administration's massive spending programs, the bonds fell quickly and dramatically in value. Suddenly, it was rumored that these banks could not cover their deposits, and the classic bank run occurred.
So, whose fault was this? Certainly, the current political administration has some responsibility, though, of course, they will deny it. The management of the afflicted banks who heavily invested in the long-term Treasury market bears some blame, particularly when the administration's spending proposals were clearly attacked as inflationary at the time they were made. But what about the boards themselves?
However, the bureaucratization of risk management — initially a product of the Sarbanes-Oxley Act of 2002 (SOX) and further extended by the Dodd-Frank Act — bears significant responsibility for these current developments. Back in 2002, with the addition of Section 404 to the SOX legislation, an annual review of a public company's internal controls was legislatively mandated. As internal controls relate to risk assessment and review, risk assessment groups, both internal and external, became a standard part of corporate organizations. This led to the formalization, and later the bureaucratization, of corporate risk management as these groups were crafted primarily as a response to the legislative mandate.
This is a much more difficult question. How much focus did the directors devote to the liquidity portion of the portfolio as opposed the lending side? Is a U.S. Treasury obligation ever risky in the micro sense? While focus on the credit side of the bank is a natural expectation of boards, how much attention should or can be paid to macro forces affecting the Treasury market? And, most importantly, what did these boards know about the risk, when did they know it and what did they do or not do about it? The answers will eventually be revealed though the inevitable dispositions and documentary review that will occur. But it is too early to pass judgment today on the facts that we now have.
Despite the prevalence of such departments in most businesses, particularly the financial services industry, the 2008 financial crisis, because of incorrect assessments of the risk of many mortgage obligations, devastated the U.S. financial industry and led to the passage of the Dodd-Frank Act.
Regrettably, the risk bureaucracy survived the passage of Dodd-Frank in an even more central position in the corporate hierarchy. And the existence of such enhanced bureaucratic structures only gave corporate boards a greater false sense of confidence as to risk control within the enterprise. Searching questions that might have arisen in the absence of such “professional” review were easy to dismiss based on the existence of an “intelligent and comprehensive” risk evaluation process.
I am not being critical at all of organizational risk assessment. A thoughtful program can be most helpful to both the board and management, However, I am troubled by the existence of such an effort that is simply a response to some legal requirement. Such responses seem to exist merely to meet a governmental mandate and may function with little actual value-added effectiveness. Reliance on these kinds of structures may protect a board legally but it does little to protect the institution itself.
Over the next few years, there will be many postmortems on the causes of the recent bank failures. While their boards may or may not have been partially responsible, I have a feeling that a great deal of the blame will fall on the government itself. The spending-inspired inflationary spiral led to the higher interest rates that damaged the banks' liquidity portfolios. And, the false sense of security that governmentally mandated risk bureaucracies created not only for corporate directors, but also, sadly, for the investing public itself, will eventually be focused upon. In the final analysis, though, regardless of who is really to blame, we all lost on this one.