Oversight Liability for Risk Management Failures at Financial Firms
Southern California Law Review, Vol. 84, p. 47, 2011
78 Pages Posted: 14 Jan 2011 Last revised: 10 Mar 2011
Date Written: January 13, 2011
Many people believe that excessive risk-taking at large financial firms was an important cause of the financial crisis in 2007-2008 and thus that preventing another crisis requires improving risk-management systems at such institutions. One way to do this would be to use board oversight liability to hold directors personally liable for failing properly to monitor the risks that their firms are running. The purpose of this Article is to determine what role director oversight liability can efficiently play in improving risk-management practices at large financial firms.
A key contention of the Article is that previous treatments of this problem have largely failed to appreciate what risk managers at large financial firms actually do, and so the Article begins by explaining some of the financial models that risk managers typically use to measure the market risk and credit risk on portfolios of assets. A realistic appreciation of these models shows that the measurements of risk that they yield necessarily incorporate paradigmatic business judgments, most importantly because the models aim to predict future results on the basis of historical data. The predictive ability of the models is founded, in other words, on the business judgment that the future will resemble the past in relevant respects. Risk-management decisions are therefore always business decisions.
With this conclusion firmly established, the Article reviews the principles of director oversight liability, the most relevant in this context being that oversight liability requires a showing that the directors were consciously disregarding their duties. This scienter-based standard practically guarantees that oversight claims based on alleged failures to detect and prevent weaknesses in the firm’s risk-management systems will fail, as in fact happened in the Citigroup case, the most important oversight case predicated on alleged risk management failures thus far litigated. The result in Citigroup has been subjected to much academic criticism. The Article considers these criticisms and argues that, in light of the actual nature of risk management and the financial models used therein, these criticisms are generally misguided.
The result in Citigroup has also prompted proposals for expanding oversight liability in ways that would allow courts to review substantive risk-management decisions by corporate boards. The Article argues that such proposals are meritless for two reasons. First, because risk-management decisions are always business decisions, and because any business decision leading to losses for the company can be characterized as a risk-management failure, allowing courts to review risk-management decisions in oversight liability cases would in effect repeal the business judgment rule. Second, although such proposed expansions of oversight liability are aimed at limiting the excessive-risking that supposedly contributed to the financial crisis, risk-taking can be excessive in several distinct ways, and the sense in which excessive risk-taking represents a genuine failure of risk-management systems (namely, risk-taking in excess of the risk tolerance of the firm as set by the board) is not the sense in which excessive risk-taking may have been a cause of the financial crisis (namely, socially inefficient risk-taking or excessive systemic risk). Hence, even if expanding oversight liability for risk-management failures did not otherwise involve the tremendous inefficiency of effectively repealing the business judgment rule, such an expansion would still not be well-calculated to address the perceived problem of excessive risk-taking as a cause of the financial crisis.
Keywords: oversight liability, risk management, duty to monitor, citigroup
Suggested Citation: Suggested Citation