RIMS called upon Congress to incorporate this concept into its ongoing effort to craft legislation addressing the corporate governance lapses and business practices that played a major role in the recent market turmoil. RIMS argues that the current system-wide failure to embrace appropriate enterprise risk management practices was a major contributor to the current financial crisis.
RIMS’ position is that the risk committee concept, applied to financial and nonfinancial institutions alike, would help ensure that all institutions of a specified size engage in the effective management of risk across their respective organizations. While RIMS does not endorse any particular standard or practice, according to Pete Fahrenthold, vice chair of the Enterprise Risk Management Development Committee at RIMS and managing director for risk management at Continental Airlines, there are  international standards that can be used as the basis for an effective ERM program for a wide variety of organizations. Under the RIMS proposal, many small businesses would be exempt from these requirements.
Legislation including the risk committee proposal was introduced earlier this year as part of a larger effort by senior Banking Committee member Senator Charles Schumer (D-NY) to make corporations more responsible to their shareholders. The bill, entitled “the Shareholder Bill of Rights†(S. 1074), would require all publicly traded companies to establish risk committees comprised entirely of independent directors who would be responsible for establishing and evaluating risk management practices.
“We are working with Senator Schumer’s office to modify his proposal to make compliance less onerous and more flexible,†says Fahrenthold. “We support an exemption for smaller organizations, and a modification that would allow the number of independent directors on the risk committee to be determined on a sliding scale based on the size of the organization or the extent to which the organization’s operations might pose more risk to the financial system as a whole. We also believe that the function of the risk committees could be incorporated into an already existing audit committee without compromising the integrity of the oversight process. As for the requisite risk management standards, we believe that the recently developed International Standards Organization (ISO) 31000 provides a solid framework without being too prescriptive.â€
RIMS asserts that it is essential to include all companies of a certain size under the umbrella requirement for risk committees, rather than focusing exclusively on financial institutions. A broad application of the risk committee concept would ensure that most large organizations have appropriate risk management oversight, thereby protecting their shareholders as well as the pension plans and qualified retirement plans that invest in the debt and equity securities issued by these organizations. This new requirement will close what would otherwise be a  gaping hole in the financial system’s risk management practices.
In June, the Securities Exchange Commission also weighed in on the debate with proposed rules that would require publicly traded companies to disclose the extent of board level participation in the risk oversight process, and the implementation of risk management practices. According to Fahrenthold, RIMS supports the agency proposal, but asserts it should go further by requiring additional disclosures, including the qualifications of the board members charged with the oversight of risk.