Question 2

Banks are exposed to financial, operational, and environmental risks and a series of key
stakeholders or players are accountable for corporate governance and various
dimensions of financial risk management. (Greuning and Bratanovic, 2020). Identify
and explain the roles of any five key players in risk management in the banking sector
(50).

Greuning and Bratanovic (2020) state that banks are subject to a wide array of risks in the
course of their operations and these risks fall into three categories namely, financial,
operational, and environmental risks. Corporate governance from the banking perspective is
defined by relationships between a bank’s management, its board of directors, risk and other
committees, its shareholders, and other stakeholders.

Good corporate governance provides a disciplined structure through which banks set
objectives and means of attaining them, as well as maintaining the performance to achieve
these objectives (Mashavira, 2005). Risk management is the responsibility of several key
stakeholders or players in the corporate governance structure. Each key stakeholder is
accountable for the same dimension of risk management. The key stakeholders are regulators
or supervisors, shareholders, directors, executive management, internal and external auditors,
as well as the general public.

Regulators or Supervisors

According to Greuning and Bratanovic (2020), bank regulation refers to the establishment
and approval of laws that govern the conduct of banking activities in a country whereas bank
supervision refers to the monitoring of bank financial conditions and risk management. The
responsibility of bank supervision may be shouldered by the same institution in some
countries, whereas in other countries, bank regulation may be the prerogative of the ministry
of finance and the responsibility of bank supervision may be saddled in the arms of central
banks (Mashavira, 2005).

The primary role of bank regulators and supervisors is to facilitate the process of risk
management and to enhance and monitor the statutory framework for risk management
(Greuning and Bratanovic, 2009). Bank regulators and supervisors cannot prevent the failure
of banking institutions but they create a sound, enabling environment, and have a critical role
to play in influencing other stakeholders.
Bank regulators may take either a prescriptive or market-oriented approach to their task. The
choice is determined by the regulator’s understanding of the philosophical underpinnings of
the economy as a whole (Greuning and Bratanovic, 2020). A prescriptive regulatory approach
usually limits the scope of activities of financial institutions. It often results in regulations for
all risks known to the regulators. Mashavira et al (2005) argue that the main drawback of this
approach is that regulations become outdated and cannot address the risks stemming from
financial innovation. A market-oriented regulatory approach believes that markets function
effectively, are capable of managing related financial risks, and should therefore be allowed
to operate as freely as possible. With this approach, the regulator’s role is focused on
facilitating the implementation of risk management.

In terms of risk management, regulators’ responsibilities are centred on improving the quality
at entry through licensing and minimum capital requirements as well as capital adequacy
rules. Moreover, regulators are mandated with toughening fiduciary responsibilities and
standards regarding bank owners, directors, and management personnel (Greuning and
Bratanovic, 2009. In the same vein, bank regulators provide guidelines on risk management
and related policies, and set statutory guidelines with respect to risk positions, as well as
evaluating compliance and overall risk management in a bank or banking system.

Shareholders. Shareholders are the principal bank owners and are responsible for the
appointment of people who are saddled with the responsibility of the day to day corporate
governance. Larger shareholders must be approved by regulators and supervisors to ensure
full integrity of the bank’s business and risk management (Greuning and Bratanovic, 2009)

Mashavira et al (2005) argue that shareholders play a key role in the promotion of corporate
governance as well as risk management. By electing a supervisory board of directors and
approving the board of directors, the audit committee, and external auditors, shareholders are
in a position to determine a bank’s business strategy and direction. Banks are unique and
different from other forms of corporate ownership in that the responsibilities of management
and the board are not only to shareholders but to depositors, who provide leverage to
shareholders’ capital.

The importance of shareholders and directors is recognized by banking laws. The modern
market-oriented approach emphasizes the fiduciary responsibility of shareholders and is
reflected in several trends including stringent bank licensing requirements, and standards that
a bank’s shareholders must to be considered “fit and proper”. Actions may also be taken
against shareholders who fail to discharge their responsibilities to ensure the appointment of
“fit and proper” persons for the corporate governance process.

RBZ (2006) states that central banks are saddled with the responsibility of approving all
changes in the bank’s shareholding structure. The central banks usually review and approve a
bank’s charter and the critical by-laws that determine the specific relationship of a bank with
its shareholders. Shareholders should play a vital role in overseeing a bank’s affairs.
Shareholders should select a competent board whose members are experienced and qualified
to set sound policies and objectives.

Board of directors. This constitute independent, non-executive as well as executive

directors. The board of directors is responsible for the setting up of the business of the bank
as well as its risk management strategy (RBZ, 2006), appointment of management and the
establishment of operational policies with systematic control of the bank’s financial condition
and risk management practices.

The ultimate responsibility of the board of directors involves reviewing and guiding corporate
strategy, major plans of action, risk policy, and annual budgets and business plans,
monitoring bank performance and overseeing major capital expenditures, acquisitions and
disposals, information technology, and stakeholder relations, while still retaining full and
effective control over the bank ( Greenbury Report, 2004). Moreover, the ultimate
responsibility for the manner in which the bank’s business is conducted lies with the board of
directors. The board sets the strategic direction, appoints management, establishes operational
policies, and takes responsibility for the soundness of the bank (Combined Code, 2003).

The board is answerable to depositors and shareholders for the lawful, informed, efficient and
able administration of the institution (Bessis, 2003). The members of the board delegate the
day-to-day management of the banking institution to officers and employees, but board
members are responsible for the consequences of unsound or imprudent policies and practices
concerning lending, investing, protecting against internal fraud, and any other banking
activity.

A board of directors attracts significant interest from regulators and supervisors because a
risk-adjusted approach to bank supervision emphasizes the board’s fiduciary responsibilities
and seeks to ensure that its directors are qualified and able to effectively carry out such
responsibilities (RBZ, 2004). Laws and regulations typically govern the election, required
number, qualifications, liability and removal of board members and officers, as well as the
disclosure requirements for directors’ outside business interests (RBZ, 2004).

The composition of the board is also critical. In failed banks, board members either lack
banking knowledge or were uninformed and passive regarding governance of the bank’s
affairs. A strong managing director and a weak board are a recipe for disaster. A banking
institution requires a board, that is both strong and knowledgeable.

The King Report on Corporate Governance (2010) posits that one of the most important
duties of the board is to ensure that the management team has the necessary skills,
knowledge, experience, and sense of judgment to manage the bank’s affairs in a sound and
responsible manner. An effective board should have a sound understanding of the nature of
the bank’s associated activities and risks (RBZ, 2006). The board should ensure that the bank
has adequate audit arrangements and risk management committees in place and that risk
management systems are properly applied at all times.

The board should also ensure compliance with the banking laws and regulations applicable to
a bank’s business. It should take all reasonable steps to ensure that the information in the
bank’s disclosure statements is transparent and accurate and that adequate procedures are in
place, including external audits or other reviews where appropriate, to ensure that the
disclosed information is not misleading (Greuning and Bratanovic, 2020).

Management and Staff. Senior management is the first line of defence in ensuring a good
business perspective and financial condition of a bank and ultimately of the banking system
and markets. Mashavira et al (2005) contends that the strategic positioning of a bank, the
nature of a bank’s risk profile, and the adequacy of the systems for identifying, monitoring,
and managing the profile reflect the quality of both the management team and the directors’
oversight of the bank.

The most effective strategy to promote a sound financial system is to strengthen the
accountability of directors and management and to enhance the incentives for them to operate
banks prudently (RBZ, 2004). The role of senior management is a fundamental component of
a risk-based approach to regulation and supervision. Regulators aim to strengthen the
participation and accountability of senior management for the maintenance of a bank’s safety
and soundness.
The quality and experience of the individuals in a senior management team are important. In
a banking institution, the risk management process starts when a prospective employee is
screened for appointment to the organization or for promotion to a senior position (Greuning
and Bratanovic, 2020). The board and management complement each other even though each
has its own distinct roles and responsibilities to fulfill. The Chief Executive Officer and
management team should run the bank’s day-to-day activities in compliance with the board’s
policies, laws, and regulations, and they should be supported by a sound system of internal
controls (Mashavira et al, 2005).

Management should provide directors with the information they need to meet their
responsibilities and should respond quickly and fully to board requests (Cadbury, 1992).
Moreover, management should use its expertise to generate new and innovative ideas and
recommend them to the board. The duties and responsibilities of senior management include
appointment to middle-level management positions of people with adequate professional
skills, experience, and integrity, the establishment of adequate performance incentives and
personnel management systems, and staff training (Combined Code, 2003). Management
should ensure that the bank has an adequate management information system and that the
information is transparent, timely, accurate, and complete.

Management’s role in identifying, appraising, pricing, and managing financial risk is well-
defined by most regulators, who have stated that any corporation that uses new financial
instruments had to ensure that all levels of management acquire knowledge and
understanding of inherent risks and adopt internal accounting systems to ensure adequate
control (Greuning and Bratanovic, 2009). Management should also ensure that the bank has
adequate internal controls, including appropriate audit arrangements because risk
management failures often result not from unanticipated or extraordinary risks but from the
ineffective decision-making process and weak controls ( Mashavira et al 2005).

Audit committee and internal auditors. The audit committee is generally regarded as an
extension of the board’s risk management function. An audit committee is primarily
responsible for ensuring an effective internal control framework and the preparation and
presentation of financial statements to conform to the generally accepted accounting practices
(King, 2010). The committee is a valuable tool to help management with the identification
and handling of risk areas in complex organizations (The Combined Code, 2003). The
Cadbury Report (1992) posits that the audit committee must be chaired by an independent
board member, and the chief executive officer should have a direct reporting line to the audit
committee chair.

Greuning and Bratanovic (2020) argue that the importance of audit committees is a
controversial subject. The authors further state that boards often cling to audit committees in
an endeavour to address risk management issues. The Higgs Report (2003) contends that it is
logical that a board faced with risk management problems will rush to the historical source of
information about problems in the company, namely auditors. The proponents of this view
often point out that the auditors are simply checklist experts, while risk management has
never been such a simple pursuit and should not be delegated to any committee, department,
or team.

Monitoring and directing the internal audit function is an integral part of the audit
committee’s overall responsibilities (RBZ, 2004). The board and management have a tool to
help ensure that policies are being followed and the risks are being managed. The role of the
audit function transcends beyond matters directly related to administrative controls and
accounting (King, 2010). It comprises all methods and measures adopted within the business
to safeguard the business’s assets and manage its risks, check the accuracy and reliability of
accounting and management information, promote operational efficiency, and encourage
adherence to management policies. The Greenbury Report (2004) states that the internal audit
function can be viewed as an independent appraisal function and because it is established
within an organization to examine and evaluate its activities, as a valuable service to the
organization.

According to RBZ (2006), the most important duties of internal auditors are to provide
assurance regarding corporate governance, control systems, and risk management processes.
The Cadbury Report (1992) contends that internal auditors should also review annual
financial statements before their submission to the board of directors, ensuring that
appropriate accounting policies and practices are used in the development of financial
statements. The internal auditors also consider compliance with regulatory and legislative
requirements and identify all significant discrepancies and disclosure problems.

Internal auditors and the audit committee, therefore, make an invaluable contribution to the
risk management process. In general terms, risk management responsibilities include
monitoring the institutions’ financial risk profile and reviewing management procedures.
Internal auditors are also expected to evaluate the external audit function and to ensure
follow-up by management, of problems identified in the auditor’s reports.

Reference List

1. Bessis J (2003) Risk Management in Banking, Third Edition, John Wiley and Sons.
2. Cadbury A (1992). The Financial Aspects of Corporate Governance. Gee and
Company Limited.
3. Greuning H and Bratanovic S.J (2009) Analysing Banking Risk. A Framework for
Assessing Corporate Governance and Risk Management. Second Edition. The World
Bank Group
4. Greuning H and Bratanovic S.J (2020) Analysing Banking Risk. A Framework for
Assessing Corporate Governance and Risk Management. Fourth Edition. The World
Bank Group
5. Higgs D (2002) Review of the role and effectiveness of Non-Executive Directors,
London United Kingdom.
6. King Mervin E (2016) The King IV Report on Corporate Governance, Johannesburg,
South Africa.
7. Mashavira C.B and Jubenkanda RR (2004) Corporate Governance. Zimbabwe Open
University, Harare Zimbabwe
8. Reserve Bank of Zimbabwe (2004) Corporate Governance Guidelines. Harare
Zimbabwe.
9. Reserve Bank of Zimbabwe (2006) Risk Management. Harare Zimbabwe
10. The Combined Code on Corporate Governance (2003). Financial Reporting Council.