Opinion - The Ever-Evolving Process of Risk Oversight

By: Dorothy A. Berry

As published in BoardIQ on May 10, 2011

Guest columnist Dorothy A. Berry is chair of the Independent Directors Council. Berry is an independent director of PNC Funds and independent chair of Professionally Managed Portfolios.

Risk oversight is clearly an issue on directors’ minds and has been a frequent topic of discussion at recent fund governance conferences and events. The market events of 2007 to 2009 prompted many fund directors to take fresh looks at their practices and resources and to incorporate lessons learned. Additionally, the SEC’s new disclosure requirement has brought even more attention to the role of the board.

But despite all the recent attention given to this area, risk oversight is nothing new. After all, fund advisers and other service providers have long been managing the risks inherent in the structure and operation of a mutual fund, and fund boards have long overseen those risks. Indeed, the roles and responsibilities of advisers and fund boards with respect to risk management have generally been constant. What has changed and is evolving are the methods they use and the practices they follow to fulfill their responsibilities to the fund and its shareholders.

As these processes change, directors must still remember that the main role of the fund board is one of oversight. Boards do not manage the fund’s investments or its business operations, nor do they manage the associated risks. The board’s focus is on the risks to the fund, not to the adviser. The board does not oversee the adviser’s risks (or those of its parent), except to the extent they impact the fund. In fact, the adviser may have its own board of directors or staff overseeing the adviser’s risk management processes. At the same time though, boards must understand that the adviser’s risks are relevant. A failure in the adviser’s services to another client has the potential to affect the adviser’s reputation and its overall business and, consequently, could also have repercussions for the funds. Where to draw the line between the risks that are relevant to the fund’s board and those that are not is a challenging question. Boards and advisers both would benefit from having a discussion about this concept and establishing a common understanding.

Any review of board risk oversight duties can also benefit from re-examining board committee structure and mandates, as well as the nature and frequency of board reports. Not surprisingly, practices vary and continue to evolve.

Different approaches have been utilized by boards. Some boards have created a risk committee focused on the enterprise or aggregated risks. Some have assigned enterprise risk oversight to an existing board committee, such as the audit committee. Others have decided to address risk oversight at the board level and not through a particular committee. Certain committees, though, as part of their individual mandates, might oversee particular risks. For example, a performance committee might oversee investment risk. There is no one approach to this, and each board will have its own reason for choosing a specific process.

The format and frequency of board reports relating to risk also vary. Some risk reporting can be embedded in the regular reports to the board. Compliance risks can be reported, for example, in the chief compliance officer’s reports, and investment risks in portfolio management’s reports. In addition, or alternatively, boards might receive periodic reports on risk management. These reports could include, among other details, a description of the adviser’s risk management processes; in-depth reviews of a particular risk topic, such as counterparty risk; dashboards or other summaries of risks; and an account of escalated risk events or issues. The challenge with board reporting, in general, is ensuring that the fund receives useful information and not simply a data dump.

To assist in their evaluation of risk oversight practices, boards might consider:

• Including risk oversight in their annual evaluation of board effectiveness

• Scheduling risk oversight as part of any long-term planning or strategy session

• Seeking feedback on their risk oversight approach from board counsel or other independent sources as well as from management

• Participating in continuing education opportunities to stay apprised of industry and regulatory developments, including in the area of risk management and oversight.

In general, fund directors’ responsibilities to oversee risk management are derived from their general fiduciary duties of care and loyalty and are part of their overall responsibility to oversee the management and operation of the funds. The federal securities laws do not impose any obligations on fund directors specific to board oversight of risk management (although the SEC recently began to require companies, including funds, to disclose the board’s role in overseeing risk).

The Independent Directors Council has provided, and will continue to provide, educational resources for fund directors on risk oversight. The annual conference in October 2010 included three sessions relating to this topic, and IDC has hosted educational conference calls on the subject. Later this year, IDC plans to publish a paper on risk oversight to further assist directors in fulfilling this important responsibility on behalf of fund shareholders.

Risk oversight will always be an important function of fund boards, and fund directors must continue to be vigilant in overseeing this vital and evolving area.