• Risk governance: What to expect

    For years, risk governance meant risk management, with a relatively narrow focus on specific areas: loans, legal, and possibly IT. Then, everything went sideways in 2008-2009, and regulators saw the need for a more proactive, comprehensive risk governance strategy. Within the past five years, new rules and guidelines have begun changing the flaws regulators could see boards of directors were not engaged at the right level; board members and executives weren’t getting the right information to make informed decisions; and management didn’t have tools in place to facilitate a timely and comprehensive analysis of overall risk.