1

Risk Governance and Bank Profit in ASEAN-5:

A comparative study and an empirical investigation

Etikah Karyani

Indonesia Banking School, Indonesia

Budi Frensidhy and Setio Anggoro Dewo

Faculty of Economics and Business, Universitas Indonesia, Indonesia

Wimboh Santoso

Financial Services Authority, Indonesia

Abstract

Purpose – This paper highlights the disparity between disclosures of risk governance categories, namely structures on both board and managerial level and risk governance practices among ASEAN-5 countries. The purpose of this paper also investigates the effect of this categories of risk governance and risk governance comprehensively on the bank profit.

Design/methodology/approach – Using 285 ASEAN-5 bank-year observations comprising hand-collected data for the period 2010-2014, the development of risk governance indexs is based on 12 of the 13 governance guidelines published by the Basel Committee.

Findings – The results show that some banks are found to be early adopters, but a number of banks have not yet reflected the new disclosure requirement. During 2010-2014, there is an increasing trend of disclosure for all these categories and for average banks in ASEAN countries. Furthermore, there is no effect of the risk governance comprehensively, board-level risk governance structure, and risk managemement practice on ROA. However, the effect of the management-level risk governance structure on ROA is significant and negative.

Research limitations– The measurement of risk governance indexs are based solely on the ability of researchers to probe any measurements or criteria that have never been tested before by researchers. Other limitations are related to the information completeness and the subjectivity and interpretation.

Practical implications – This paper suggests that management-level risk governance tends to decrease profitability because there is probability of the additional cost related to this implementation. Therefore, the financial regulator may find this result useful as a feedback to evaluate the effectiveness of the rules that have been made and the possible improvements to be made in the future.

Originality/value – The uniqueness of this paper lies in constructing risk governance indexs based on the latest guidelines of bank governance. Basel Committee recently issued the Guidelines of Corporate Governance Principles for Banks on 9 July 2015 aimed at strengthening board’s collective oversight and responsibilities on risk governance.

Keywords Risk governance structure, Risk management practice, Return on Assets

Paper typeResearch paper

  1. Introduction

The financial crisis in Asian countries in 1997/1998 and the global crisis have proven the weaknesses of banking governance as a major cause of the failure of this industry (Zhuang, David, David, & Capulong, 2000; Mehran, Morrison, & Shapiro, 2011). Weaknesses in governance, especially in terms of management that lack understanding of the risks they take and boards that do not pay attention to the m function (FSB-Financial Stability Board, 2013; OECD-Organization for Economic Co-operation and Development, 2014). Therefore, oversight of risk management function through risk governance practices of banks is so important as demanded by the FSB (2013), BCBS-Basel Committee on Banking Supervision (2015), and OECD (2015). Risk governance is part of corporate governance decisions and actions that ensure the effectiveness of risk management (IFC-International Finance Corporation, 2012).

Based on the above important issues, this study is motivated by the importance of banking risk governance in promoting effective risk management and enhancing stakeholders’s confidence. Risk governance practices in the banking industry are also a more important part of standard/general governance with several reasons. First, risk governance is useful for optimal decision-making related to risks, and maximizes public confidence in risk management processes, structures and decisions (IRGC, 2008). The magnitude of the benefits of risk governance practices has also encouraged some of the international financial institutions to revise the principles of corporate governance by incorporating risk governance in draft revisions, such as BCBS and FSB (IFC, 2015).

Second, risk governance is a relevant measure of governance for the banking industry and it is important to do empirical testing (Aebi, Sabato & Schmid, 2012; Battaglia & Gallo, 2015; Nahar, Jub, & Azzim, 2016), due to banking activities more risky than non-financial corporate activities (IRGC, 2008). Research conducted by Battaglia & Gallo (2015) proves a positive market assessment of banks that have strong risk governance in the Chinese and Indian capital markets. However, to the knowledge of researchers, research on risk governance with a sample of banks in ASEAN is still very limited. Thus, research on the topic of risk governance still needs to be empirically tested. Research on risk governance in the ASEAN scope is conducted in Singapore beginning in 2013 by the Institute of Singapore Chartered Accountants (ISCA) and KPMG. This study focuses on how broad the level of risk governance disclosure after the issuance of regulations related to risk governance in 2012 that pay attention to the roles and responsibilities of the Board and risk oversight committee. The sample used is 250 companies listed on the Singapore Stock Exchange.

This study focuses on measuring the effectiveness of risk governance by using scores. In previous studies, risk governance was limited by the use of certain proxies. For example, Battaglia & Gallo (2015) analyze the effect of strong risk governance on the performance of banking stocks in China and India. Strong risk governance is proxied by an increasing number of risk committee and how often risk committee meet. While this study uses risk governance scores as a proxy of effective risk governance practices, which are based on the Basel Committee on Banking Supervision (BCBS) guidelines. This BCBS Guidelines is a Guidelinesof Corporate Governance Principles for Banks published on July 9, 2015. This risk governance score has the advantage of being more able to explain the overall effective risk banking governance than the proxy used by Battaglia & Gallo (2015).

This study uses the analysis of banking data listed on the five-member countries of the Association of Southeast Asian Nations (ASEAN-5), namely Indonesia, Singapore, Malaysia, Thailand, and Philippines. This is caused by (1) these countries initiated the establishment of ASEANand represent the best disclosure practices (Gray et al., 2011); (2) ASEAN-5 shows significant economic growth rate and the main players of the ASEAN Economic Community (MEA) 2015 based on competitiveness (Schwab, 2015); (3) companies in ASEAN-5 show a high degree of harmonization in terms of disclosure requirements (Craig & Diga, 1998). Thus, this study aims to examine the extent of risk governance disclosure level and its effect on the bank profitability.

This research is expected to give some contributions. Firstly, this research is useful in understanding risk governance practices and disclosure requirements for risk governance.Secondly, it is expected to provide an additional methodology by developing a risk governance score based on "Guidelines of Corporate Governance Principles for Banks" published on July 9, 2015.This score is expected to have an edge as it explains the overall banking risk governance compared the proxy used by previous researches. The study is also expected to contribute to policy directions for regulators and standard setters on the importance of risk governance. Banks that have effective risk governance can ultimately help improve competitiveness, create a sound banking system and ensure protection for creditors and depositors.

The remainder of the paper is organised as follows. Section 2 reviews the relevant prior studies and develops the hypotheses for the study, Section 3 provides the methodology, Section 4 reports the empirical results and Section 5 concludes the paper.

2.Literature review and hypotheses development

2.1.Conceptual framework: Risk governance of banking

The monetary crisis that hit the economies of the Asian countries towards the end of the 1990s became an important momentum driving the urgency of governance reform in Asia. Banking regulators and supervisors respond to the importance of governance by issuing provisions of bank health. The banking industry also needs to have risk management to address potential risks that may arise. One tool for achieving effective risk management is risk governance. Risk governance is a relatively new term (IFC, 2012). Risk governance is "the subset of corporate governance decisions and actions that ensure effective risk management, including cohesive policies, guidance, processes and decision-rights within the area of ​​risk" (IFC, 2012).

Figure 1. An example of a risk governance framework

Source: FSB (2013)

An effective risk governance framework (RGF) is essential to learn about the adequacy of existing principles, guidelines and governance practices, as shown in the OECD Committee reports “Corporate Governance Lessons from the Financial Crisis” in 2009 (OECD, 2014). In addition to the OECD, the importance of risk governance was also reviewed by the FSB by issuing "Thematic Review on Risk Governance" which called for standard setting bodies (such as the OECD, International Association of Insurance Supervisors or IAIS, International Organization of Securities Commissions or IOSCO and BCBS) to review principles of governance, taking into account sound-risk governance practices (FSB, 2013). The FSB (2013) further describes a risk governance framework that refers to the roles and responsibilities of boards, CRO (Chief Risk Officers), and risk management function (as shown in Figure 1).

The Board of Directors (BOD) establishes bank’s risk appetite and risk principle. BOD in performing its duties is assisted by the Board Risk Management Committee (BRMC) that oversees the bank's risk management. Various risk exposures, risk profile, risk concentration, and trend are regularly reported by BRMC to BOD and senior management. BRMC is supported by a risk management function led by the Chief Risk Officer (CRO). This function is daily and independent in assessing credit risk management, market risk, operational risk, liquidity risk, and other key risks. They also monitor the bank's risk profile, report its activities to the CEO and the board (BRMC and / or BOD), and have a direct relationship with BRMC. While senior management actively manages risk through various risk management committees, such as credit risk management committee, liquidity risk management committee, and others.

The establishment of an audit committee or an Audit Committee Board (ACB) generally meets the regulations required by the capital market regulator to provide guarantees on the quality of financial information provided by listed financial institutions. ACB exercises active oversight of the independence of the Internal Audit (IA), reviews the IA function, the scope of the annual audit plan, and the frequency of internal audit activities. ACB meeting minutes are subsequently reported to the BOD and BRMC. ACB also conducts meetings to ensure effective exchange of information related to risk issues.

Guided by the forces of the FSB (2013), BCBS revised the "Principles for Enhancing Corporate Governance" guidelines published in October 2010, by issuing "Corporate Governance Principles for Banks" in July 2015. The new guidelines are explicitly aimed at strengthening collective and responsibility oversight board responsibilities on risk management, risk culture, risk appetite and their relationship with the bank's risk capacity. This risk governance guidelines differs from previous guidelines in terms of: (1) expanding the board of director's responsibilities, particularly in oversight implementation of an effective risk management system; (2) further define the elements of a robust risk governance framework, including its relationship with business unit responsibilities, risk management teams, and internal audits (called "three lines of defense")[1], (3) provides guidance for banking supervisors in evaluating the process of selecting members of the board and senior management, and (4) reviewing appropriate risk-based compensation structures and strengthening sound risk culture.

Risk governance guidelines produce 13 principles that banks must implement and adjust to the size, complexity, structure, economic significance, risk profile, business model and bank group (if any). The main topics of these guidelines are (1) the responsibilities, qualifications, and compositions of the board; (2) the responsibilities of senior management; (3) the governance of the group structure, that the board of the parent company should be aware of any material issues and risks that may affect the bank as a whole and its subsidiaries; (4) bank’s risk communication to create a strong risk culture; (5) the roles and responsibilities of the compliance and audit functions; (6) compensation, that is bank remuneration structure must support sound corporate governance and risk management; (7) disclosure and transparency of banking organization governance; and (8) the roles of supervisor.

2.2. Overall risk governance practices and bank performance

In practice, a number of major United States banks have sought to adopt risk governance since 2011. Several subsequent surveys have also proven the influence of risk-related governance on banking performance during the global crisis (2007-2008), for example Ellul & Yerramilli (2013); Aebi, Sabato, & Schmid (2012); and a research team of the Deloitte Center for Financial Services (2015). The US banks’s profitability is influenced by independent risk management (Ellul & Yerramilli, 2013), and banks’s stock returns are influenced by the risk governance structures (Aebi, Sabato & Schmid, 2012). In addition, banks with direct reports from the committee risk officer (CRO) to the board have benefits of equity and higher stock returns compared to banks with CRO direct reports to executive management during the economic crisis.

Some research in risk governance field in Asia such as Battaglia & Gallo (2015) who analyze whether risk governance levels (as proxied by the number of risk committee and frequency of risk committee meetings) relate to better banking performance in China and India. The result of the observation period 2007-2011 (the crisis period) showsthe size of risk committee is significantly and positively related to ROE and ROA, while the number of risk committee meetings is positively correlated with the market valuation. Similarly, Nahar, Jub, & Azzim (2016) uses a period of crisis (2006-2012) which prove the risk governance is significantly and positively related to the performance of banks listed on the Bangladesh stock market.

In contrast to previous studies, this study uses a risk governance index to measure banking risk governance for subsequent testing to investigate its impact on bank’s performance. The index is prepared based on guidelines published by BCBS (2015) and some governance and risk management guidances of the five ASEAN countries. This study estimates a positive relationship between risk governance practices and bank’s profitability. In accordance with the agency theory which suggests that corporate risk governance can be one of the mechanisms aimed at solving agency problems and monitoring tools on how banks manage risks. Risk governance can convince principals (investors) that the funds invested in the bank in question will be well managed and will increase investment demand, encourage bank growth and increase bank stock prices. In other words, banks that have effective risk governance tend to perform well. Performance measurement in this research is return on assets (ROA). Thus, the hypothesis formulation in this study is:

Hypothesis 1 (H1):The overall risk governance practices have a positive effect on bank ROA.

Aebi et al. (2012) proves the value of shares positively related to the frequency of meetings, while negatively related to the number of the committee members. The stock value is measured by Tobin's Q and PER.Research Erkens et. al (2012) and Pathan & Faff (2013) find that banks with a majorityof independent boards lower bank’s performance. While Adams & Mehran (2012) using a sample bank for 34 years also prove that board independence is not related to performance as measured by Tobin's Q.

This study uses an index of board-level risk governance structure to measure the responsibilities, independence and competence of board members, prose selection of board member candidates, audit committee, risk committee, and compensation committee. The index is prepared based on the risk governance guidelines at board level issued by BCBS (2015) and several governance and risk management guidelines in five ASEAN countries. Furthermore, this research investigates whether there is any effect of this risk governance structure on bank’s performance. The hypothesis formulation in this research is:

Hypothesis 2 (H2): The board-level risk governance structure has a positive effect on bank ROA.

Senior management, risk management function under the direction of the Chief Risk Officer (CRO), compliance and audit functions in carrying out its duties should be independent of the operational work unit. According to BCBS (2015), the tasks of senior management are defined and evaluated by taking into account the risks. While the CRO is responsible for overseeing the development and implementation of risk management function (BCBS, 2015, para. 107). According to Ellul & Yerramilli (2011),risk governance structures, that is proxied by strong and independent CRO, can reduce bank non-performing loans (NPLs) and risks, and also increase the share price of 74 major banks in the United States during the 2007/2008 credit crunch.

Furthermore, risk management function that is led by CRO must coordinate with compliance function. The compliance function manages compliance risks; and monitor bank operations in accordance with applicable laws, regulations and internal policies (BCBS, 2015, para. 136). The bank's responsibility to comply with the regulations of risk management through compliance function is beneficial in creating competitive advantage and earning good reputation from customers, investors and rating agencies (Economist Intelligence Unit, 2011). The tasks of the compliance function on its basis are more preventive (ex ante), while the ex post tasks areperformed by the internal audit function. Members of this internal audit function should have expertise in assessing the effectiveness and efficiency of internal controls; risk management; risk governance system; and risk processes. Minton et al. (2010) find that the non-executive director's financial expertise level is positively related to risk taking and bank stock performance.

Based on the above explanation, the risk governance structures at management level is expected to decrease bank risks arising so that affect the bank’s value. These structures consist of senior management tasks by considering risks aspect, independent CRO, independent and skilled compliance and internal audit functions. Thus, the third hypothesis is stated as follows: