Risk Management, Corporate Governance, and Bank Performance in the Financial Crisis

By Vincent Aebi, Gabriele Sabato, and Markus Schmid


The recent financial crisis has raised several questions with respect to the corporate governance of financial institutions. This paper investigates whether risk management-related corporate governance mechanisms, such as for example the presence of a chief risk officer (CRO) in a bank‟s executive board and whether the CRO reports to the CEO or directly to the board of directors, are associated with a better bank performance during the financial crisis of 2007/2008. We measure bank performance by buy-and-hold returns and ROE and we control for standard corporate governance variables such as CEO ownership, board size, and board independence. Most importantly, our results indicate that banks, in which the CRO directly reports to the board of directors and not to the CEO (or other corporate entities), exhibit significantly higher (i.e., less negative) stock returns and ROE during the crisis. In contrast, standard corporate governance variables are mostly insignificantly or even negatively related to the banks‟ performance during the crisis.


This paper investigates whether the presence of a chief risk officer (CRO) in the executive board of a bank, the line of reporting of the CRO, and other risk management related corporate governance mechanisms (which are also termed “risk governance”) positively affect bank performance during the recent financial crisis. The paper combines and further develops relevant previous findings from three major areas of research: corporate governance, enterprise risk management (ERM), and bank performance. Whereas scandals such as Enron and Worldcom gave primarily rise to new developments in accounting practices, the financial crisis following the subprime meltdown in the U.S. has led to a further growing awareness and need for appropriate risk management techniques and structures within financial organizations. In quantitative risk management, the focus lies on how to improve the measurement and management of specific risks such as liquidity risk, credit risk, and market risk.

On a structural level, the issue of how to integrate these risks into one single message to senior executives is being addressed. Earlier literature on risk management focused on single types of risk while missing out on the interdependence to other risks (Miller, 1992). Consequently, only in the 1990‟s, the academic literature started to focus on an integrated view of risk management (e.g., Miller, 1992; Miccolis and Shaw, 2000; Cumming and Mirtle, 2001; Nocco and Stulz, 2006; Sabato, 2010). In addition, public policy makers around the world have started to question the appropriateness of the current corporate governance applied to financial institutions. In particular the role and the profile of risk management in financial institutions has been put under scrutiny. In many recent policy documents, comprehensive risk management frameworks are outlined in combination with recommended governance structures (e.g., Basel Committee on Banking Supervision, 2008; FSA, 2008; IIF, 2007; Walker, 2009).

One common recommendation is to “put risk high on the agenda” by creating respective structures. This can involve many different actions. As already claimed by the SarbanesOxley Act (SOX) in 2002, financial expertise is considered to play an important role. Other, more specific measures involve either the creation of a dedicated risk committee or designating a CRO who oversees all relevant risks within the institution (e.g., Brancato, Tonello, Hexter, and Newman, 2006; Sabato, 2010).