Impact of Risk Oversight Functions on Bank Risk: Evidence from the Dodd-Frank Act
A study by Naveen Daniel, PhD, Associate Professor of Finance at Drexel University’s LeBow College of Business, and coauthors, shows that mandating the appointment of a risk committee and a chief risk officer in banking institutions has no impact on bank risk.
- The 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act required that banks, depending on their size, adopt a risk committee (RC) and a chief risk officer (CRO) to improve their risk management. The purpose of the Dodd-Frank Act was to promote financial stability in the US banking sector. Banks had five years to comply with the legislation.
- The mandated presence of the RC and the CRO has not led to any reduction in bank risk in publicly-traded banking institutions. Specifically, the introduction of the RC has had no impact on risk, while there is weak evidence that the establishment of a CRO has caused an increase in risk. This finding indicates that either other aspects of risk management are more important that RCs and CROs, or that banks that benefit from these additional risk management functions already had them in place before the Dodd-Frank Act.
- The number of times the word “risk” appeared in US banks’ proxy statements doubled between 2005 and 2015. However, this apparent increased focus on risk management was not caused by the Dodd-Frank Act mandate.
Summary of Complete Findings
The oversight role of the board of directors is pivotal to good corporate governance. The board monitors management decisions including the choice of a firm’s optimal risk profile. This study assesses whether the presence of a board-level risk committee (RC) and a chief risk officer (CRO) improves bank risk management and, specifically, whether it reduces bank risk. In particular, it uses the passage of the Dodd-Frank Wall Street Reform and Consumer Protection Act to investigate the causal link between bank risk and the RCs and CROs.
Regulations pursuant to the Dodd-Frank Act mandated that bank holding companies with assets over $10 billion have a board risk committee and those with assets over $50 billion have a chief risk officer in place by January 1, 2015. Similar to other macroprudential regulation, these aspects of the Dodd-Frank Act attempted to encourage banks to internalize systemic risk and correct governance failures that had led to the 2008 financial crisis.
The study analyzes publicly traded banks with book value of assets of at least $3bn in any year between 2005 and 2015. It compares banks that were forced by the law to adopt risk oversight functions against banks that were subject to the law but were already compliant at the time of the passage of the Dodd-Frank Act in 2010.
To measure bank risk, the researchers use two proxies: tail risk and aggregate risk. Tail risk captures the risk of large losses and it is defined in the study as the negative mean return on the 5% worst-return days of the year. Aggregate risk aims to capture the several other risks that firms care about, such as capital risk, market risk, legal risk, operational risk, reputational risk, and liquidity risk. The study defines aggregate risk as the annual volatility of daily returns. The level of bank risk is then assessed against three variables of risk oversight in the firm: the presence of an RC, the presence of a CRO, and whether the RC is compliant with the regulatory requirements.
The key finding is that neither the RC nor the CRO reduce bank risk. While there is no impact on risk whatsoever from the RC, the CRO seems to increase both the aggregate risk and the tail risk. The result suggests that either other aspects of risk management are more important than RCs and CROs, or that banks that benefit from these additional risk management functions already had them in place before the Dodd-Frank Act.
As part of the validation of their finding, the researchers use the number of times the word “risk” is mentioned in proxy statements as an alternative measure of risk. Interestingly, they show that firms almost doubled the use of the word “risk” between 2005 and 2015 (Figure 1). Nonetheless, they also show that this increased focus on risk was unrelated to the RC and CRO mandates. Therefore, these aspects of the Dodd-Frank act, on their own, did not improve the attention to risk management.
In conclusion, mandating the appointment of a committee and an officer dedicated to risk management through regulatory intervention does not make firms less risky. Some specialized oversight functions of directors might be better tailored to the specific challenges of a firm, rather than imposed through general legislation.
“Impact of Risk Oversight Functions on Bank Risk: Evidence from the Dodd-Frank Act” by Lakshmi Balasubramanyan (Case Western Reserve University), Naveen Daniel (Drexel University), Joseph Haubrich (The Federal Reserve Bank of Cleveland), Lalitha Naveen (Temple University), August 2022.