Addressing Gaps in the Dodd-Frank Act: Directors\u27 Risk Management Oversight Obligations

In the years leading to the recent financial crisis, finance theorists introduced innovative methods, including quantitative financial models and derivative instruments, to measure and mitigate risk exposure. During the financial crisis, financial institutions facing insolvency revealed pervasive misunderstandings, misapplications, and mistaken assumptions regarding these complex risk management methods. As losses in financial markets escalated and caused liquidity and solvency crises, commentators sharply criticized directors and executives at large financial institutions for their risk management decisions. By adopting the Dodd-Frank Wall Street Reform and Consumer Protection Act, Congress directly and indirectly addresses certain risk management oversight concerns at large, complex financial institutions. To improve risk management oversight at these institutions, Congress imposed several structural reforms altering the composition and obligations of financial institutions\u27 boards of directors. Unfortunately, even after the adoption of the Dodd-Frank Act reforms, financial institutions remain vulnerable to the same critical errors in enterprise risk management oversight that engendered systemic risk concerns during the recent financial crisis. While the Dodd-Frank Act may enhance a board\u27s risk management oversight capabilities, significant concerns persist regarding reliance on board committees. Organizational literature suggests that cognitive biases and structural limitations that influence group decision making will continue to plague boards\u27 efforts to effectively manage risk. This Article argues that better-tailored reforms are necessary to address weaknesses in enterprise risk management regulation and to reduce the threat of systemic risk

Governing Financial Markets: Regulating Conflicts

Payment, clearing, and settlement systems constitute a central component in the infrastructure of financial markets. These businesses provide channels for executing the largest and smallest commercial transactions in local, national, and international financial markets. Notwithstanding this significant role, there is a dearth of legal scholarship exploring central clearing counterparties (CCPs) and their contributions to the regulation of financial markets. To address this gap in the literature, this Article sketches the contours of the theory that frames regulation within financial institutions and across financial markets, examines the merits of implementing CCPs, and explores the role of CCPs as primary regulators within financial markets. Applying these theoretical constructs to a practical issue, this Article analyzes Title VII of the Dodd-Frank Wall Street Reform and Consumer Protection Act and the statute\u27s introduction of mandatory clearing requirements in the over-the-counter (OTC) derivatives market. This Article advances several arguments that explore the merits of Title VII’s clearing mandate. First, this Article posits that introducing clearing requirements and authorizing only a handful of CCPs to execute clearing obligations concentrates systemic risk concerns. Title VII’s clearing mandate endows CCPs with the authority to serve as gatekeepers. As a result, these institutions become critical, first-line-of-defense regulators, managing risk within the OTC derivatives markets. Second, weak internal governance policies at CCPs raise noteworthy systemic risk concerns. CCP boards of directors face persistent and pernicious conflicts of interest that impede objective risk oversight, and thus may fail to adopt effective risk management oversight policies. Well-tailored corporate governance reforms are necessary to address these conflicts and to prevent CCP owners’ self-interested commercial incentives or other institutional constraints from triggering systemic risk concerns

Addressing Gaps in the Dodd-Frank Act: Directors\u27 Risk Management Oversight Obligations

In the years leading to the recent financial crisis, finance theorists introduced innovative methods, including quantitative financial models and derivative instruments, to measure and mitigate risk exposure. During the financial crisis, financial institutions facing insolvency revealed pervasive misunderstandings, misapplications, and mistaken assumptions regarding these complex risk management methods. As losses in financial markets escalated and caused liquidity and solvency crises, commentators sharply criticized directors and executives at large financial institutions for their risk management decisions. By adopting the Dodd-Frank Wall Street Reform and Consumer Protection Act, Congress directly and indirectly addresses certain risk management oversight concerns at large, complex financial institutions. To improve risk management oversight at these institutions, Congress imposed several structural reforms altering the composition and obligations of financial institutions\u27 boards of directors. Unfortunately, even after the adoption of the Dodd-Frank Act reforms, financial institutions remain vulnerable to the same critical errors in enterprise risk management oversight that engendered systemic risk concerns during the recent financial crisis. While the Dodd-Frank Act may enhance a board\u27s risk management oversight capabilities, significant concerns persist regarding reliance on board committees. Organizational literature suggests that cognitive biases and structural limitations that influence group decision making will continue to plague boards\u27 efforts to effectively manage risk. This Article argues that better-tailored reforms are necessary to address weaknesses in enterprise risk management regulation and to reduce the threat of systemic risk

Cyber Risks: Emerging Risk Management Concerns for Financial Institutions

Rumors posit that, within the last two years, hackers caused outages, disrupting service for the two largest securities exchanges in the world-the NASDAQ and the New York Stock Exchange. Disappointingly, regulatory reform is often backward-looking. While regulators toil to implement rules to prevent the last crisis from reocurring, new and more perilous threats evade detection. With increasing frequency, cyberattacks threaten critical infrastructure resources such as nuclear centrifuges, electrical grids, and air defense systems. Cyberattacks pose a burgeoning and underexplored universe of emerging concerns impacting areas as diverse as big-box retail stores, casual-dining chains, online retail auctions, and national security. Even if the antics of high school hackers or a Bonnie-and-Clyde-smash-and-grab of sensitive client data is not alarming, a malicious wave of outages executed as an Ocean\u27s Eleven heist that disarms and disables an international securities exchange demands a regulatory response. Cyber threats designed to disrupt or deny service for the small body of systemically important financial institutions that intermediate global commerce and banking create a special universe of concerns. The financial markets sector is broad, encompassing conventional depository banks, securities, commodities, and derivatives platforms or exchanges; investment banks; hedge, pension, and mutual funds; brokerage firms; and, in some cases, insurance companies.\u27 The number of data breaches threatening to interrupt the services offered by these institutions could shock, debilitate, or even (temporarily) paralyze the global economy. Startling examples underscore these concerns. In 2013, hackers penetrated Citigroup\u27s network and compromised data related to tens of thousands of customer accounts. A year later, JP Morgan Chase endured a similar cyberattack affecting more than 76 million households

Decentralized Finance: Regulating Cryptocurrency Exchanges

Global financial markets are in the midst of a transformative movement. The creation of Bitcoin and Facebook’s proposed distribution of Diem mark a watershed moment in the evolution of the financial markets ecosystem. Purportedly, peer-to-peer distributed digital ledger technology eliminates legacy financial market intermediaries such as investment banks, depository banks, exchanges, clearinghouses, and broker-dealers. Yet careful examination reveals that cryptocurrency issuers and the firms that offer secondary market cryptocurrency trading services have not quite lived up to their promise. Notwithstanding cryptoenthusiasts’ calls for disintermediation, evidence reveals that platforms that facilitate cryptocurrency trading frequently employ the long-adopted intermediation practices of their traditional counterparts. In fact, when emerging technologies fail, cryptocoin and token trading platforms partner with and rely on traditional financial services firms. As a result, these platforms face many of the risk-management threats that have plagued conventional financial institutions as well as a host of underexplored threats. Automated or algorithmic trading strategies, accelerated high frequency trading tactics, and sophisticated Ocean’s Eleven-style cyberheists leave crypto-investors vulnerable to predatory practices. Early responses to fraud, misconduct, and manipulation emphasize intervention when originators first distribute cryptocurrencies— the initial coin offerings. This Article rejects the dominant regulatory narrative that prioritizes oversight of primary market transactions. Instead, this Article proposes that regulators introduce formal registration obligations for cryptocurrency intermediaries—the exchange platforms that provide a marketplace for secondary market trading. This approach recognizes the dynamic nature of cryptocurrency secondary market actors seeking to achieve disintermediation yet balances the potential benefits of trading intermediaries with normative regulatory goals—protecting investors from fraud, theft, misconduct, and manipulation; enforcing accountability; preserving market integrity; and addressing enterprise and systemic risk-management concerns

Managing Cyber Risks

Cyber risks are as pervasive as the technology that facilitates their execution. The threat of cyber attacks or plots to deploy cyber weapons against critical government entities, private businesses and domestic and international infrastructure resources creates a most significant risk management concern. Pernicious,perilous and ubiquitous, cyber risks have merged as the newest risk management frontier. While the consequences of cyber attacks against individual financial institutions may be alarming, the interconnectedness of the largest financial institutions in the global economy and their shared dependence on technology render these businesses and the systems that execute their transactions shockingly vulnerable. Because of the unique danger such risks pose in financial markets-threatening the loss of billions of dollars, paralysis of global capital and credit markets and a possible domino-effect of solvency crises among banks and shadow banks-this Essay argues that cyber risks constitute a special class of systemic risks. Indisputably, cyber threats are simply under-theorized. Serving as a pricis to a burgeoning cyber risk management literature, this Essay is among the earliest contributions to explore the intersection between cyber risks and systemic risks in financial markets. This Essay forges a pathway for examining the development of cyber risk regulation and identifying promising opportunities to disarm cyberthreats. This Essay analyzes the various risks that financial institutions face and conventional approaches to manage and mitigate well-known risks. Upon surveying the proposed regulatory and legislative efforts to reduce cyber risks-including the collaborative efforts outlined in the Cybersecurity Information Sharing Act adopted in December of 2015, this Essay rejects the notion that traditional approaches will sufficiently address cyber risk management concerns. This Essay argues that cyber risks require innovative and dynamic strategies that demonstrate the requisite agility to combat cyberthreats