Credit Derivatives and Risk

Management: Corporate
Governance in the
Sarbanes-Oxley World
P.M. Vasudev*

[Keywords to Follow]

‘‘Yet, ultimately, the ethics of American business depend on the conscience of

America’s business leaders. We need men and women of character who know
the difference between ambition and destructive greed, between justified risk
and irresponsibility, between enterprise and fraud.’’

George W. Bush (2002)1

Introduction

Credit derivatives were at the centre of the recent meltdowns in the investment
banking and insurance sectors. This article analyses credit derivatives and their
risks from the perspective of corporate governance. It discusses the gaps in the
present structure of governance particularly, board involvement in monitoring
business and risk, and the scope of independent audit. The article proposes
regulatory prescription of ‘‘minimum board responsibilities’’ and independent
risk assessment by experts.
Contemporary corporate governance is based on the principle of multi-layer
oversight by agencies, both internal and external. Typically, the different levels of
oversight in a public corporation would be: (1) senior management headed by the
chief executive officer (CEO); (2) board committees; (3) board of directors; and
(4) independent audit firm in that order. Recent events at major corporations in
the financial sector raise questions about the efficacy of this governance structure
in understanding, assessing and managing the risk in credit derivatives.
The article begins with an exposition of the characteristics of major credit
derivatives collateralised debt obligations and credit default swaps. This is

*
Senior Lecturer, Department of Commercial Law, University of Auckland, New Zealand.
1
Speech delivered in New York on July 9, 2002, available at http://custom.marketwatch.
com/custom/earthlink-net/mw-news.asp?guid=78BC1B28-6171-4DD8-B7D7-
0C10F6577E88 [Accessed March 10, 2009].

331
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 P.M. Vasudev

followed by an outline of how a new line of business, such as credit derivatives,

would be typically handled in the contemporary structure of corporate governance,
which is based on the principle of disclosures and oversight. The article points
out the ambiguities and gaps in the governance structure and explains how they
undermine corporate responsibility. The systemic weaknesses discussed in the
article are quite evident from the failures on Wall Street and in the banking sector
in the recent months.
The article treats good governance as an endogenous feature in corporations,
rather than a product of the legal regime and the threat of sanction that is implicit
in public regulation. This standard is consistent with: (1) the open structure of
corporate law and its minimally intrusive character; and (2) the idea that the
governance must be more a concern of the corporations, than regulation.2
It is significant that the meltdowns have happened in the Sarbanes-Oxley
world in which corporate governance is accepted, by and large, as a concern
of public policy. The Sarbanes-Oxley Act of 20023 (SOX) has been presented as
having a focus on corporate responsibility,4 and George Bush made the statements,
extracted above, while commending the Sarbanes-Oxley legislation in the aftermath
of the corporate scandals that surfaced in 2001.
The article makes a case for an alternative paradigm of corporate governance
that is based on ‘‘responsibility’’, in addition to the current principle of oversight.
The new paradigm would not interfere with business freedom. At the same time,
it can promote responsible governance practices that are more responsible, pay
sufficient attention to risk and offer better protection against hazards. Specifically,
the article proposes listing ‘‘minimum board responsibilities’’, which would be
mandatory functions of the boards of public companies. A second proposal is for
mandatory risk assessment procedure in public companies, and consideration of
the risk report by the board of directors as a part of their minimum responsibilities.

Credit derivatives

Credit derivatives were the major contributor to the crisis in the financial sector.
This part provides an overview of two major credit derivatives, collateralised debt
obligations and credit default swaps.5 The discussion explains the risk in these
instruments and the implications for corporate governance.

2
See, e.g. E. Norman Veasey, ‘‘Should Corporate Law Inform Aspirations for Good
Corporate Governance Practices or Vice-Versa?’’ (2001) 149 University of Pennsylvania
Law Review 2179.
3
Pub.L. 107-204, 116 Stat. 745.
4
For opposition to SOX, see, e.g. Larry Ribstein, ‘‘Market vs. Regulatory Responses
to Corporate Fraud: A Critique of the Sarbanes-Oxley Act of 2002’’ (2003) 28 Journal of
Corporate Law 1. Ribstein argued that the statute is not effective but, at the same time,
imposed significant costs on corporations.
5
For a comprehensive discussion of collateralised debt obligations and credit default
swaps, see Janet M. Tavakoli, Structured Finance and Collateralized Debt Obligations: New
Developments in Cash and Synthetic Securitization (Hoboken, N.J.: John Wiley & Sons,
2008).

332
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 Corporate Governance in the Sarbanes-Oxley World

Collateralised debt obligations (CDO)

CDO are pools of debt consisting of a number of loan obligations, which could
range from corporate and municipal bonds to sub-prime mortgages. Owing to
consolidation, these pools of debt are more complex than simple loan transactions
or conventional debt securities. The following are the important characteristics of
CDO:

• CDO are treated as single consolidated pools of debt, rather than collections
of individual debts. The focus is not on the individual components or loan
transactions, but on ‘‘tranches’’ or slices of the entire pool. These tranches
would, in themselves, contain more than one debt.
• Credit rating is an important element in CDO. The tranches of debt are rated
for their credit standing by professional agencies, and that is the reference
point for marketing CDO among investors.
• Since CDO are treated as consolidated pools of debt, the method of credit
rating is different for them.6 The portfolio of debt is normally divided
into three tranches: (1) equity or residual; (2) junior or subordinated or
mezzanine; and (3) senior. Tranching would be based on the creditworthiness
of the individual components. Typically, the ‘‘senior’’ tranche would consist
of ‘‘AAA’’ rated debt securities.
• The focus is on ‘‘cash-flow’’, which is the aggregate of interest and principal
receipts that accrue periodically to the portfolio over the duration of the
CDO. Interest and principal repayments are not treated separately.
• The cash flow is allocated among the three levels or tranches senior, junior
and equity levels in that order. This is the return for the investors. The senior
tranche, which has the lowest risk, would also have the lowest return.
• The return is in the form of a ‘‘spread’’ above LIBOR (London inter-bank
offered rate) interest, and the senior segment would have the lowest spread.
• CDO were marketed among investors as having defined risk and reward,
computed according to mathematical models.7 The focus was not on the
underlying debt securities.

These characteristics are true of ‘‘cash’’ or ‘‘balance-sheet’’ CDO, which are fully
funded and relatively straightforward. Here, an investment bank would arrange
for transfer of the underlying debt securities from the bank or other lending
institution to a special purpose entity (SPE), except for the equity or residual
tranche, which the original lender would retain. Any defaults in this segment will
be borne by the lender. The lender’s retention of this most risky element, usually

6
For a critical discussion on the credit rating of CDO, see Frank Partnoy and David A.
Skeel Jr, ‘‘The Promise and Perils of Credit Derivatives’’ (2007) 75 University of Cincinnati
Law Review 1019.
7
For a discussion on the pricing of CDO tranches, see Qiwen Chen, ‘‘CDO Pricing
and Copula Method’’, available at http://www.math.umd.edu/ qchen/ [Accessed March 10,
2009].

333
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 P.M. Vasudev

about 5 per cent of the total notional amount of the CDO and referred to as
‘‘toxic waste’’, is a selling point for marketing the other tranches among investors.
Figure 1 explains the cash CDO model, and shows the hierarchy among the CDO
holders the equity, subordinated and senior tranches.
CDO helps the bank or other lending institution to eliminate the debts from
its balance sheet. Transfer of debt and attendant credit risk, and the consequent
reduction in regulatory capital are the incentives for the originating lender. The
ability of the lenders to thus transfer their loan accounts was an important element
in the so-called sub-prime mortgage issue. It led to lower lending standards.
Lenders could be more liberal in providing mortgage loans, and did not have to
apply requisite caution in processing the loan applications.9
There is yet another variety of CDO synthetic in which the originating
bank or other lender would merely transfer credit risk to the SPE, rather than the
underlying debt securities. The lender would retain the debt with itself. Synthetic

Figure 1. Cash or balance sheet CDO8 .

8
Source: http://www.bionicturtle.com [Accessed March 10, 2009].
9
See, e.g. Giovanni Dell’Ariccia, Deniz Igan and Luc Laeven, ‘‘Credit Booms and Lending
Standards: Evidence from the Subprime Mortgage Market’’ (February 2008), available at
http://ssrn.com/abstract=1100138 [Accessed March 10, 2009].

334
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 Corporate Governance in the Sarbanes-Oxley World

CDO are usually partially funded; the funds raised from the investors represent
only a fraction of the par value of the ‘‘reference portfolio’’, which is the term
applied to the debt portfolio covered by the CDO.
A good example of a synthetic CDO is BISTRO, which was the earliest partially
funded CDO. It was promoted by J.P. Morgan in 1997. BISTRO had a funded
component of $700 million against a total portfolio value of $10 billion.10 In
synthetic CDO, the unfunded portion of the reference portfolio would be covered
by credit default swaps, which would be purchased by the investors. For BISTRO,
default swaps were provided by Morgan Guaranty Trust Co of New York. In the
event of default in the reference portfolio, the swap provider must make good the
loss. The final liability will, therefore, be on the agency providing the credit default
swap. The structure of a partially funded, synthetic CDO is shown in Figure 2.11

Figure 2. Partially funded synthetic CDO.

The return for investors is similar to the cash CDO model it is the spread above
LIBOR. Investors stand to gain as long as the premium they pay for the default

10
The J.P. Morgan Guide to Credit Derivatives, available at http://www.investinginbonds.
com/assets/files/Intro to Credit Derivatives.pdf [Accessed March 10, 2009].
11
Source: http://www.bionicturtle.com [Accessed March 10, 2009].

335
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 P.M. Vasudev

swap is lower than the spread on their tranche of the CDO. The difference between
the two is their gain, and they are not exposed to any risk as they are protected by
the swaps. For the swap provider, the premium income is the incentive. The debt
securities covered by the swap are, supposedly, rated by credit rating agencies and
risk is almost absent.
Obviously, synthetic CDO are more volatile and exposed to greater risk. There
is no ready fund or corpus that would be applied in the event of default in the
underlying debt securities. Default would lead to liability for the swap provider
or the underwriter shown in Figure 2.

Credit default swaps (CDS)

CDS have been described as a ‘‘major risk-transferring instrument developed in

the past few years’’.12 But their principle is similar to that of credit insurance,
which has been around for a long time. CDS, which have been in use since the
early 1990s, played a major role in the current financial crisis. They are ‘‘the most
highly utilized type of credit derivative’’.13 The following description by PIMCO,
a large bond fund manager, neatly summarises the character of default swaps:

‘‘In its most basic terms, a credit default swap is similar to an insurance
contract, providing the buyer with protection against specific risks. . . CDS
contracts can mitigate risks in bond investing by transferring a given risk
from one party to another without transferring the underlying bond or other
credit asset. . .
In a CDS, one party ‘sells’ risk and the counterparty ‘buys’ that risk.
The ‘seller’ of credit risk who also tends to own the underlying credit
asset pays a periodic fee to the risk ‘buyer.’ In return, the risk ‘buyer’
agrees to pay the ‘seller’ a set amount if there is a default (technically, a credit
event).’’14

The liability of the CDS provider is triggered by the happening of ‘‘credit events’’
defined in the contract between the parties. The basic trigger is simple default
by the borrower. But most contracts also include other credit events such as

12
Dezhong Wang, Svetlosar T. Rachev and Frank J. Fabozzi, ‘‘Pricing Tranches of
a CDO and a CDS Index: Recent Advances and Future Research’’ (2006), available at
http://www.statistik.uni-karlsruhe.de/download/doc secure1/workshop final.pdf [Accessed
March 10, 2009].
13
PIMCO. Bond Basics. June 2006, available at http://media.pimco-global.com/pdfs/pdf/
Bond%20Basics-%20Credit%20Default%20Swaps%20US.pdf?WT.cg n=PIMCO-US&
WT.ti=Bond%20Basics-%20Credit%20Default%20Swaps%20US.pdf [Accessed March 10,
2009].
14
PIMCO. Bond Basics. June 2006, available at http://media.pimco-global.com/pdfs/pdf/
Bond%20Basics-%20Credit%20Default%20Swaps%20US.pdf?WT.cg n=PIMCO-US&
WT.ti=Bond%20Basics-%20Credit%20Default%20Swaps%20US.pdf [Accessed March 10,
2009].

336
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 Corporate Governance in the Sarbanes-Oxley World

the borrower filing for bankruptcy or resorting to restructuring of debts.15 CDS

providers must make cash settlement or physical settlement, when a credit event
occurs:

• Cash settlement: the swap provider will pay the difference between the par
value of the underlying debt security and its present value, determined in the
manner specified in the contract. Cash settlement would be less onerous for
the swap provider when the debt security is assessed to have some value.
• Physical settlement: here, the swap provider must purchase, at par, the debt
security covered by the swap.

There are important differences between regular insurance contracts and credit
default swaps. For instance the purchaser of a swap, unlike an insured person,
would not normally have an ‘‘insurable interest’’ in the asset. The International
Swaps and Derivatives Association (ISDA) argued that default swaps are not
insurance contracts. This is important if default swaps are not to be placed under
the general regulation applicable to insurance business. In Aon Financial Products
Inc v Société Générale,16 the court was concerned with the character of credit
default swaps. ISDA participated in the action as amicus, and the court made the
following observation:

‘‘CDS agreements are thus significantly different from insurance contracts.

As amicus correctly points out, they ‘do not, and are not meant to, indemnify
the buyer of protection against loss. Rather, CDS contracts allow parties to
‘‘hedge’’ risk by buying and selling risks at different prices and with varying
degrees of correlation’.’’

This interpretation does not consider the nature of the risk a CDS provider assumes
in the transaction. It remains to be seen how the courts will deal with this issue in
the aftermath of the recent events in the financial sector. The point here is about
the similarity of the risk assumed by an insurer in one case and a swap provider in
the other. The credit risk carried by the swap provider, periodic fee for providing
the cover and making a settlement on default all underscore the similarities in the
position of a swap provider and an insurer.
Other than making settlements on default, often CDS providers must furnish
collateral when the market value of the debt portfolio declines. This makes
default swaps more onerous than regular insurance contracts. The liability to post
collateral is dependent on the market valuation of the securities a factor over
which a swap provider would have little control. Any general decline in market
values can trigger the obligation of the swap provider to furnish collateral. Seen in
this light, the credit events specified in swap contracts are nebulous. This is unlike
regular insurance contracts that define the liability of the insurer with reasonable
clarity.

15
Geoff Chaplin, Credit Derivatives: Risk Management, Trading and Investing (Hoboken,
N.J.: John Wiley & Sons, 2005), p.61.
16
Aon Financial Products, Inc v Société Générale 476 F. 3d 90 (2d Cir. 2007).

337
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 P.M. Vasudev

A report about the litigation between Paramax Capital, a hedge fund, and
UBS, the Swiss investment bank, provides clues on how the collateral requirement
works for default swaps. Paramax created an SPE with a capital of $4.6 million
for providing default swap for a debt portfolio of $1.31 billion. Soon, the debt
portfolio started falling in value owing to defaults and downgrades, and Paramax
had to provide additional collateral. It provided further collateral of $29.3 million.
In all, Paramax furnished collateral of $33.9 million against the debt portfolio of
$1.31 billion covered by its swaps. After this, Paramax reportedly refused demands
from UBS for more collateral and the parties are now before the court.17
Default swaps were provided on a large scale in the recent years. The agencies
that provided the swaps ranged from insurance companies to pension funds and
hedge funds. The total value of default swaps outstanding in 2007 has been
estimated at US $62.2 trillion, and Figure 3 provides the break-up of the categories
of swap providers.

Credit derivatives risks and warning signals

From the perspective of the contemporary model of corporate governance that is

based on the principle of oversight by the board of directors, a basic issue would
be awareness of the directors about the risk in credit derivatives. This part provides

Figure 3. Outstanding default swaps and their providers18 .

17
Morgen Gretchenson, ‘‘First Comes the Swap. Then It’s the Knives’’, New York Times,
June 1, 2008.
18
‘‘The great untangling’’, The Economist, November 6, 2008.

338
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 Corporate Governance in the Sarbanes-Oxley World

an overview of the developments related to derivatives since the early 1990s and
the general perception about them. Derivatives have been in the news for many
years. Credit derivatives have been mostly controversial and there was no dearth
of warning signals for the managements and boards of the companies that sold the
swaps.
In 1994, George Soros testified before the House Banking Committee:
‘‘. . . [T]here are so many [derivatives] and some of them are so esoteric that the
risk involved may not be properly understood even by the most sophisticated
investor, and I’m supposed to be one.’’19
Soros warned that some derivatives ‘‘appear to be specifically designed to enable
institutional investors to take gambles which they would not otherwise be permit-
ted to take’’.20 In 2003, Warren Buffett famously described derivatives ‘‘as time
bombs, both for the parties that deal in them and the economic system’’.21 About
credit derivatives, Buffett stated:
‘‘Large amounts of risk, particularly credit risk, have become concentrated
in the hands of relatively few derivatives dealers, who in addition trade
extensively with one other. The troubles of one could quickly infect the
others.
On top of that, these dealers are owed huge amounts by non-dealer counter-
parties. Some of these counter-parties are linked in ways that could cause
them to run into a problem because of a single event, such as the implosion of
the telecom industry. Linkage, when it suddenly surfaces, can trigger serious
systemic problems.’’22
Alongside, a controversy had been raging about regulation of derivatives since the
early 1990s. In 1992, Rep. Edward J. Markey directed the General Accounting
Office (GAO) to study the risks in derivatives, and the report published by
the GAO in 1994 identified ‘‘significant gaps and weaknesses’’ in the regulatory
oversight of derivatives.23 In the late 1990s Brooksley E. Born, chief of the
Commodity Futures Trading Commission, made efforts to regulate derivatives,
but was unable to make progress.24

19
George Soros, Testimony to House Banking Committee, cited in Edward Chancellor,
Devil Take the Hindmost: A History of Financial Speculation (New York: Farrar Straus &
Giroux, 1999), p.334.
20
Soros, Testimony to House Banking Committee in Devil Take the Hindmost (1999),
p.334.
21
Warren Buffett, Excerpts from Buffett’s letter to the shareholders of Berkshire Hath-
away for 2002, available at http://www.fintools.com/docs/Warren%20Buffet%20on%20
Derivatives.pdf [Accessed March 10, 2009].
22
Buffett’s letter, 2002, available at http://www.fintools.com/docs/Warren%20Buffet%
20on%20Derivatives.pdf [Accessed March 10, 2009].
23
Peter Goodman, ‘‘Taking Hard New Look at a Greenspan Legacy’’, New York Times,
October 9, 2008.
24
Anthony Faiola, Ellen Nakashima and Jill Drew, ‘‘What Went Wrong?’’, Washington
Post, October 19, 2008. For the developments on regulation of derivatives, also see Nelson

339
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 P.M. Vasudev

More recently, in 2005 Alan Greenspan, who had consistently opposed reg-
ulation, issued a warning about credit derivatives. While stressing that they had
brought considerable benefits by spreading risk, Greenspan acknowledged that
‘‘understanding the credit risk profile of CDO tranches poses challenges to even
the most sophisticated market participants’’.25
Thus derivatives have been prominent in the debate in financial and regulatory
circles in recent years. There certainly was awareness about them. This background
is relevant in evaluating the business decisions made by the swap providers while
examining the issue in the context of corporate governance, monitoring and
oversight. It would be difficult to argue that the directors of the companies that
traded in credit derivatives had no knowledge about the business, its complexities
and risk. This idea informs the following discussion on corporate governance
structures and practices.

Corporate governance, business operations and board monitoring

This part reviews the standard governance structure in public corporations, and
the oversight and accountability mechanisms in it. The analysis is helpful in
determining, typically: (1) how a corporation would start a new line of business,
such as credit derivatives; and (2) how the business would be overseen. Risk is
an important feature of credit derivatives, and the discussion has a focus on risk
management systems.

Corporate governance structures and the Sarbanes-Oxley Act: an overview

Corporate law has traditionally vested management powers in the board of

directors, who would be elected by the shareholders. Other than this, it interferes
little with the internal arrangements in corporations, and leaves them free to
develop their own governance structures and systems.26 The democratic model
of management by directors elected by shareholders was undermined by the
developments in the 20th century growth in the size and complexity of corporate
businesses and the rise of retail shareholders who had neither the resources nor the
inclination to play a meaningful role in governance. Weakening of shareholders and
the rise of powerful and self-perpetuating boards was the theme of the renowned
work of Adolf Berle and Gardiner Means, The Modern Corporation and Private
Property.27

Schwartz and Julie Creswell, ‘‘What Created this Monster?’’, New York Times, March 23,
2008.
25
Richard Beales and Gillian Tett, ‘‘Greenspan warns on credit derivatives’’, Financial
Times, May 5, 2005.
26
For a description of the reluctance of the law to intrude into the internal arrangements
in corporations, see J.K. Galbraith, The New Industrial State (London: Hamish Hamilton,
1967), p.77.
27
Adolf Berle and Gardiner Means, The Modern Corporation and Private Property (New
York: Macmillan Company, 1932).

340
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 Corporate Governance in the Sarbanes-Oxley World

The next stage saw erosion in the concept of director-managed corporations.

This resulted from a number of factors. Most public corporations had a substantial
number of part-time directors who were not familiar with the business. The process
of their selection they were mostly nominated by the powerful CEOs was
another factor that contributed to their lack of activism. The part-time directors,
who owed their position to the CEOs, were hesitant to ask questions.
In the new model that emerged, the business and affairs of the corporations
were, in reality, managed by full-time executives headed by the CEO.28 When the
new model became common, a theory was developed that corporate boards would
play a monitoring role, on behalf of the shareholders. The assignment of this role
to the boards both recognised their representative character, and justified their
existence. Directors were an important agency in the framework of corporations
and could not be ignored. But they had been reduced to a position that was mostly
meaningless. The task was to identify a role for the directors, and the monitoring
board was the result.
This new theory of corporate governance had both descriptive and normative
elements. On the descriptive side, it recognised the reality of managerial power. On
the normative or prescriptive side, the new theory sought to check the power of
managers by placing them under the oversight of the directors. Corporate statutes
accommodated the theory by recognising supervisory boards, and authorised the
directors to delegate many of their powers to executives.29
The monitoring board model was articulated by Melvin Eisenberg, who com-
pared it with other possible models (1) full-time directors; (2) boards made up
fully of corporate managers; and (3) professional directors. Eisenberg concluded
that monitoring boards are the most practical and effective choice. In advocating
this, he stressed the importance of director independence and freeing them from
the influence of the managers.30 This was essential for meaningful board oversight,
given the reality of pervasive managerial influence.31
The effectiveness of board monitoring has been questioned for a long time.
Myles Mace described the concentration of powers in chief executives and the
minimal role of the boards of directors of public corporations.32 In the 1970s,
Peter Drucker33 and Ralph Nader34 wrote among the critics of managerial power
and weak oversight by boards.

28
For an account of the rise of ‘‘managerial capitalism’’, see Alfred Chandler, Visible
Hand: The Managerial Revolution in American Business (Cambridge, Mass.: Belknap Press,
1977).
29
See, e.g. Delaware Code Title 8 General Corporation Law s.141.
30
Melvin A. Eisenberg, The Structure of the Corporation: A Legal Analysis (Boston: Little,
Brown, 1976).
31
For an interesting description of the inversion of the legal model in the business
world, see Bruce Welling, Corporate Law in Canada: The Governing Principles (Toronto:
Butterworth, 1984), p.301.
32
Myles Mace, Directors: Myth and Reality (Boston: Harvard Business School, 1970).
33
Peter Drucker, ‘‘Drucker View’’ [1973] Management 628, cited in Ralph Nader, Taming
the Giant Corporation (New York: W.W. Norton & Co, 1976).
34
Nader, Taming the Giant Corporation (1976).

341
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 P.M. Vasudev

Listed corporations are also governed by the securities law, which has tra-
ditionally relied on disclosure as the principle of regulation.35 Compelling the
corporations to disclose the details of their operations is considered sufficient, and
the rationale is as follows:

• When corporations are aware that they must make disclosures, they will
adopt responsible practices. The disclosure regime will thus steer corporations
towards good governance.
• Alternatively (or cumulatively), mandatory disclosure will put investors on
alert, so they can avoid investing in the shares of corporations that have
less-than-desirable standards of governance. Corporations would be eager to
make themselves attractive to investors, and would adopt good governance
for this reason, even if they are not persuaded merely by the need to disclose.

With this philosophy, regulation stops with mandating disclosure. In the words
of Loss and Seligman, ‘‘substantive regulation has its limits. But ‘[t]he truth shall
make you free’’’.36 Regulations require public companies to disclose not only what
has happened but also what they expect to happen, including the risk factors.37
Recently, there has been greater regulatory intervention in corporate gover-
nance. The Sarbanes-Oxley Act, enacted in 2002 in the aftermath of the scandals
at Enron, WorldCom et al., goes beyond mere disclosure. It makes what, in the
traditional sense, would be considered an intrusion dictating the composition of
boards of directors. Public corporations must now have ‘‘independent directors’’,
or rather, audit committees consisting of independent directors.38 The emphasis
on director independence is a response to the complaints about the influence of
managers on the directors. The idea is that independent directors will bring an
outside perspective, and be more effective in overseeing the full-time managers.39

Corporate governance codes

The recent years have seen the compilation of a number of codes and guidelines on
corporate governance.40 These codes mostly formalise the governance structure
outlined earlier namely, management powers with the CEO and their team of

35
For the history of the adoption of the disclosure regime in the US, see Joel Seligman,
The Transformation of Wall Street: A History of the Securities and Exchange Commission
and Modern Corporate Finance (Boston: Houghton Mifflin, 1982).
36
Louis Loss and Joel Seligman, Fundamentals of Securities Regulation, 5th edn (New
York: Aspen, 2004), p.8.
37
Securities & Exchange Commission (US), Regulation S-X, Items 303 & 304.
38
SOX s.301.
39
For an account of the developments relating to independent directors in American
corporations, see Jeffrey N. Gordon, ‘‘The Rise of Independent Directors in the United
States, 1950–2005: Of Shareholder Value and Stock Market Prices’’ (2007) 59 Stanford Law
Review 1465.
40
A comprehensive database of corporate governance codes in various jurisdictions is
available at http://www.ecgi.org/codes/all codes.php [Accessed March 10, 2009].

342
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 Corporate Governance in the Sarbanes-Oxley World

executives, and oversight by the directors. The OECD Principles of Corporate

Governance 200441 are a good example of such voluntary codes of corporate
governance. They provide a handy model for the analysis of credit derivatives
business.
The OECD Principles, based on the monitoring board concept, list eight ‘‘key
functions’’ of boards of directors. The first two functions, extracted below, define
the scope of board oversight of business.

‘‘1. Reviewing and guiding corporate strategy, major plans of action, risk
policy, annual budgets and business plans; setting performance objectives;
monitoring implementation and corporate performance; and overseeing
major capital expenditures, acquisitions and divestitures.
An area of increasing importance for boards and which is closely related to
corporate strategy is risk policy. Such policy will involve specifying the types
and degree of risk that a company is willing to accept in pursuit of its goals.
It is thus a crucial guideline for management that must manage risks to meet
the company’s desired risk profile.
2. Monitoring the effectiveness of the company’s governance practices and
making changes as needed.
Monitoring of governance by the board also includes continuous review of
the internal structure of the company to ensure that there are clear lines of
accountability for management throughout the organisation. . .’’

These principles are quite aligned to the practices among public corporations,
many of which also have their own codes of governance. For instance, the
following description of the roles of the board of directors and the management
in the Corporate Governance Guidelines of American International Group (AIG)
reflects the OECD Principles:

‘‘Business strategy would be developed and implemented by the senior

management under the leadership and direction of the Chief Executive
Officer. The board of directors, in performing its general oversight function,
would the Board reviews and assesses AIG’s strategic and business planning as
well as management’s approach to addressing significant risks and challenges
facing AIG. . . [T]he Board reviews and discusses reports regularly submitted
to the Board by management with respect to AIG’s performance, as well as
significant events, issues and risks that may affect AIG’s business or financial
performance. . . [T]he Board and its members will maintain frequent, active
and open communication and discussions with the Chief Executive Officer
and the management of AIG’’ [emphasis added].42

41
Organization for Economic Cooperation and Development. Principles of Corporate
Governance. 2004, pp.60-61, available at http://www.oecd.org/dataoecd/32/18/31557724.pdf
[Accessed March 10, 2009]..
42
AIG Corporate Governance Guidelines (2008), available at http://ir.aigcorporate.com/
phoenix.zhtml?c=76115&p=irol-govguidelines [Accessed March 10, 2009].

343
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 P.M. Vasudev

Risk management has emerged as a major concern in the recent years. Reflecting
this, the OECD Principles, extracted earlier, stress the duty of corporate boards
to address risk. Similarly, the Corporate Governance Guidelines of AIG recognise
a role for the directors in risk management.
The OECD Principles encourage companies to set up directors’ committees to
handle specific responsibilities. Public companies must both define and disclose
the ‘‘mandate, composition and working procedures’’ of the committees.43 AIG,
for example, has six committees of directors. Two of them audit and finance
committees have risk management as a part of their function. The audit com-
mittee’s charter has the following among its ‘‘Other Duties and Responsibilities’’:

‘‘The Committee shall discuss the guidelines and policies governing the
process by which senior management of AIG and the relevant operations
of AIG assess and manage AIG’s exposure to risk, as well as AIG’s major
financial risk exposures, and the steps management has taken to monitor
and control such exposures. The Committee is not the sole body responsible
for oversight of AIG’s risk assessment and management. AIG manages and
assesses its risk through multiple mechanisms other than the oversight of the
Committee, including the oversight of other committees of the Board.’’44

The finance committee has a more direct responsibility for risk management. Its
‘‘Duties and Responsibilities’’ include:

‘‘Risk Management
Management shall review with the Committee, as the Committee may deem
appropriate, reports concerning AIG’s exposures to market, liquidity, credit
and operational risks in so far as those exposures relate to financial, transac-
tional and other matters considered by the Committee as part of its duties
and responsibilities under this Charter.’’45

The board of directors would meet a minimum of six times each year46 and its
committees, at least four times a year.47 This is, obviously, meant to ensure that
the board and its committees have a minimum level of opportunity and time for
effective monitoring.
Other than the board and its committees, independent audit is an external
mechanism to oversee corporate managements. Audit, which is a requirement
under American securities law, is intended to promote the integrity and accuracy
of corporate reports.

43
OECD Principles of Corporate Governance, p.65.
44
AIG Audit Committee Charter (2008), available at http://ir.aigcorporate.com/phoenix.
zhtml?c=76115&p=irol-govcommcomp [Accessed March 11, 2009].
45
AIG Finance Committee Charter (2008), available at http://ir.aigcorporate.com/phoenix.
zhtml?c=76115&p=irol-govcommcomp [Accessed March 11, 2009].
46
AIG Corporate Governance Guidelines (2008), p.5.
47
AIG Audit Committee Charter (2008), p.1, and AIG Finance Committee Charter (2008),
p.1.

344
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 Corporate Governance in the Sarbanes-Oxley World

There is a recent trend to include other external agencies lawyers, secu-

rities analysts, credit-rating agencies and investment banks in the corporate
governance framework. They are termed ‘‘gatekeepers’’ who would monitor cor-
porations.48 Among the gatekeepers, only auditors have an institutional position
in the investor protection framework in corporate and securities laws at present.
In the model of corporate governance outlined above, business decisions would
be made by the managers, subject to review by senior managers, board committees
and the board itself. In addition, there would be an audit by an independent
accounting firm. This framework, with its numerous checks, can be understood
as a linear process, and the product would, or ought to, be good governance. The
process and the outcome are shown in Figure 4.
The reference to ‘‘good governance’’ raises the question of definition. This would
be important given the apparent divergence of opinion about the goals of corporate
governance. For instance, shareholder value is emphasised in economic theory,
which would conflict with the ideas about stakeholders. At a minimum, good
governance would consist of a management structure and a set of practices that

Figure 4. Multilayer oversight model of corporate governance: the process and its
result.

48
See, e.g. John C. Coffee Jr, Gatekeepers: The Professions and Corporate Governance
(New York: Oxford University Press, 2006).

345
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 P.M. Vasudev

foster the growth of a company’s business, in a sustainable manner, with due

regard to all stakeholders and without significant externalities. This framework
recognises shareholders as the ‘‘residual claimants’’ who will derive the ultimate
benefit from a company’s success, but also respects other constituencies such as
employees, suppliers and communities.

Credit derivatives business and the corporate governance process

The recent experience with the credit derivatives business in the financial sector
must be evaluated against the corporate governance structure and process outlined
above. The question is whether the devices and mechanism namely, oversight by
senior managers, review by board committees, board monitoring, and independent
audit were effective in performing the tasks that were assigned to them. That the
credit derivatives business turned out to be a failure is merely stating the obvious.
There are two dimensions to the credit derivatives business one is the decision
to enter the business, and the other is the understanding of risk and providing
safeguards against it. The question how far the governance structure, based on
monitoring and oversight, was effective in these areas is a complex one. As
an empirical issue, it would require examining: (1) the process of management
oversight in the companies; (2) proceedings of the board committees; and (3)
proceedings of the boards of directors of individual companies.
Information on these issues is not generally available, and it would not be
possible to come to concrete conclusions. Given the outcome namely, business
failure, it would be reasonable to conclude that the monitoring and oversight model
of corporate governance has not been effective. This highlights the structural issues
with the present model. These are discussed a little later.
Credit rating agencies played a significant part in the credit derivatives business.
Their assessment of the credit risk was crucial both in the marketing of CDO
among investors and in the sale of swaps. But the question is whether this is
an adequate explanation. Corporate governance would be irrelevant if the entire
blame were to be laid on credit rating agencies.

Structural issues in corporate governance

The experience with the default swaps points to significant weaknesses in the
present model of corporate governance based on multilayer oversight. These are:
(1) lack of clarity about the responsibilities of the board; (2) absence of a mechanism
of reporting by the directors; and (3) inadequate scope of audit.

Role of the board and its responsibilities

As noted earlier the task of the directors, as representatives of the shareholders,

is to oversee the management. AIG’s Corporate Governance Guidelines affirm
that the board of directors is responsible to ‘‘act as advisors and counsellors to

346
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 Corporate Governance in the Sarbanes-Oxley World

the Chief Executive Officer and senior management and oversee management’s
performance on behalf the shareholders’’.49
This structure is adequate as a statement of principle, but its deficiencies become
obvious when there are specific questions such as the board’s involvement in
starting a new business. In the prevailing disclosure regime, it would be difficult
to determine whether the credit derivatives business was, in fact, placed before the
board for its consideration. Hence questions such as the board’s decision or any
guidance it might have given the management about the business or its risks hardly
arise. There is no clarity on these issues.
The monitoring model would be incomplete if there is no clarity on the
decisions or issues that a board must monitor. This highlights the need for listing
the functions and responsibilities of the boards of directors of public corporations.
It is, of course, possible to treat the role of the board as purely advisory, but
that would simply eliminate accountability. It is hardly desirable, either for the
shareholders or for other stakeholders, to have directors who are not accountable.
Indeed, the recent trend is to expand the role of the directors. This is evident from
the OECD Principles and the corporate governance charters of AIG.

Reporting by the directors

The next issue is about submission of reports by the board of directors. The prin-
ciple that the directors represent the shareholders is recognised, as the corporate
governance charter of AIG shows. But there is no systemic requirement that the
directors must submit a report to the shareholders periodically. This is a gap in the
existing arrangement.
Specifically in the context of the credit derivatives business, a question is whether
the boards of directors of the banks and insurance companies that sold the swaps
knew, or ought to have known, that these companies had entered the default swaps
business? At least some details about the business were available in the statutory
reports of these companies. These reports are public documents. Based on them,
can the directors of the companies that sold the swaps be imputed with knowledge
about the business? For a number of reasons, this would be difficult.
The statutory filings under the Securities Exchange Act of 193450 represent
‘‘management’s discussion’’ of the business. They are not the reports of directors,
and this is a lacuna in American corporate law. In English company law, the
directors must submit annual reports to the shareholders and this compels them
to go on record with their comments about the companies and their business and
affairs. The directors of English companies must both oversee the management
and report about it to the shareholders.51 There is thus a document by which the
directors can be held to account.
There is no similar requirement in the United States. The duty of the directors
ends with oversight, although the principle is the same in both jurisdictions the

49
AIG Corporate Governance Guidelines (2008), p.1.
50
United States Code 15 USC 78a.
51
Companies Act 2006 (UK) ss.415–419.

347
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 P.M. Vasudev

directors are representatives of the shareholders and oversee the managers in that
capacity. The cycle of oversight would be complete only with the submission of a
report by the directors to the shareholders.

Audit and its scope

Audit is an important mechanism designed to promote corporate integrity and

accountability.52 The scope of audit and regulatory intervention in the subject has
gradually expanded over the last seven decades since audit was made mandatory
under the Securities Exchange Act of 1934.53 Not surprisingly, the development of
audit has been driven almost entirely by corporate failures and scandals, punctuated
by efforts from the private sector to ward off public regulation through assurances
about self-regulation.
An overview of the development of audit reveals two strands that are com-
plementary to each other. One is a policing approach that saw the establishment
of audit committees in public companies. This was done in 1978 through the
collaborative action of the Securities and Exchange Commission (SEC) and New
York Stock Exchange (NYSE). Audit committees for public companies were made
a compulsory requirement under the listing rules of NYSE. The Sarbanes-Oxley
Act granted statutory recognition to audit committees, and requires them to be
made up fully of independent directors. This represents an important step in
statutory intervention in corporate governance.
The other strand in regulation is a focus on illegal or criminal acts by persons
in control of corporations.54 With this as the starting point, audit regulation has,
understandably, been mostly of the ‘‘command-and-control’’ variety. Regulation
has been more ready to punish misfeasance, and less ready to address business
issues or influence behaviour in a positive manner. The provisions in the Sarbanes-
Oxley Act on financial misstatements and criminal liability for them are consistent
with this approach.
In Sarbanes-Oxley, the focus was as much on auditor integrity as it was
on corporate integrity. In Enron, the company’s relationship with its auditor,
Arthur Andersen, was at the centre of the scandal. Audit was, therefore, a key
component of the reforms under SOX. It gave statutory status to the principle of
auditor independence. In 2000, the SEC had initiated the process by classifying
the non-audit services that an auditor could provide without risking loss of
independence.
Regulation has generally stayed away from issues like defining the scope of
audit, or the standards to be applied for the audit process. Here again, SOX
took the first step by setting up an agency the Public Company Accounting
Oversight Board (PCAOB) to formulate the audit standards applicable to public

52
For an account of the development of audit in the US and the attendant issues, see John
Coffee, Gatekeepers (2006).
53
Loss and Seligman, Fundamentals of Securities Regulation (2004), pp.190–194, have
explained the expansion in the scope of the audit of public corporations in this period.
54
Securities Exchange Act s.10A.

348
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 Corporate Governance in the Sarbanes-Oxley World

corporations.55 PCAOB has developed Audit Standard No.5, which lays down the
standards for ‘‘audit of internal control over financial reporting that is integrated
with an audit of financial statements’’.56 The title explains the limited scope of the
audit exercise.
Under the PCAOB standards, audit would not be concerned with any business
issues including risk. It would not be the auditor’s job to examine documents
like derivatives contracts, determine the nature of the risks in them and report on
the risks. Presently, the auditor’s duty is limited to reporting after the risks have
materialised, and not while they are still latent. There is no arrangement, in the
audit exercise, for evaluation of the risks in a company’s business or for reporting
on them.
AIG’s independent auditor, PricewaterhouseCoopers (PwC), reported:

‘‘. . . a material weakness in internal control over financial reporting related to

the AIGFP super senior credit default swap portfolio valuation process and
oversight thereof’’.57

This observation was made in early 2008, by when AIG had been in the credit
derivatives business for many years. PwC’s complaint is limited to ‘‘financial
reporting’’ on the valuation process for the default swap portfolio; it had little
to say about the business itself or the underlying risks. This is in line with
the applicable standards of PCAOB namely, Auditing Standard No.5, or the
recently superseded Auditing Standard No.2.58
By these standards, an auditor does not have to be concerned with anything
else. The audit exercise, given its rationale, has proved to be inadequate from the
systemic point of view. The limited brief for auditors places the investors, whom
the audit is intended to benefit, in a vulnerable position. It is, therefore, necessary
to revisit the issue of the scope of corporate audits.
The question ‘‘whether public company audits were adequately serving and
protecting the interests of investors’’ was to be considered by the Panel on Audit
Effectiveness. The panel was set up in 1998 by Arthur Levitt, then chairman
of SEC. But the work of the panel was mostly confined to fraud and earnings
misstatements. Its recommendations said little about corporate business issues and
risks, which would be vital for investor protection.59 There is a case for a fresh
review of the scope of audit of public companies, and the presence of PCAOB can
make a difference.

55
SOX ss.101–109.
56
Public Company Accounting Oversight Board, available at http://www.pcaobus.org/
Standards/Standards and Related Rules/Auditing Standard No.5.aspx [Accessed March 11,
2009].
57
AIG Statutory Report for 2007, p.129.
58
Public Company Accounting Oversight Board, available at http://www.pcaobus.org/
Rules/Rules of the Board/Auditing Standard 2.pdf [Accessed March 11, 2009].
59
Panel on Audit Effectiveness. Report and Recommendations.2000, available at http://
www.pobauditpanel.org/downloads/prefatory.pdf [Accessed March 11, 2009].

349
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 P.M. Vasudev

Consequences for corporate governance

The issues with the present model of corporate governance, outlined above, stress
the structural weaknesses in it. If the expectation is that the multi-layer oversight
model would lead to good governance, as shown in Figure 4, it is not fulfilled by the
recent events in the financial sector. Oversight and monitoring at different levels
have, apparently, not made any difference to the outcome. As a result, the reality
is a cycle of governance weaknesses that led to business failure. Omissions at each
level fed the other, and the result was a cycle of unsustainable business credit
derivatives that went on for a number of years. The process is shown in Figure
5.
The weaknesses in the corporate governance structure are independent of external
factors, such as deficiencies in credit rating or change of accounting rules. The
issue is about the adequacy of the prevailing model of corporate governance that
has wide acceptance. If, at different levels in the companies, greater attention had
been paid to the credit derivatives business and appropriate risk models developed,
would the external factors have been as damaging as they turned out to be? This is
a question to be answered.

Conclusion

The experience with credit derivatives and corporate governance offers valuable
lessons. One option is transition to a new principle of governance that lays greater

Figure 5. Cycle of governance weaknesses.

350
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 Corporate Governance in the Sarbanes-Oxley World

stress on responsibility. The board of directors will not merely monitor, but also
be responsible for major decisions. Another is to either widen the scope of audit
to include business issues or, alternatively, there can be independent assessment
of risk and reporting on it. Accordingly, the following measures are proposed for
promoting better governance of public companies.

Minimum board responsibilities

The monitoring board model is now the standard among public corporations. But
successive corporate failures, the latest being the collapses in the financial sector,
point to its limitations. A monitoring board would not be effective when there is
no clarity on the issues the board must monitor.
The role of the boards of directors of public companies came under scrutiny in
the wake of the corporate failures at the turn of the century. A report on Enron,
prepared by the US Senate, was critical of the directors of the company apparently
affirming many of the questionable decisions made by the management.60 Paul
MacAvoy and Ira Millstein recently made a number of recommendations for
making boards more active and to streamline their functioning. These included
boards’:
‘‘responsibility for the company’s strategy, risk management, and finan-
cial reporting based on sufficient knowledge of the company’s business
environment, challenges and opportunities’’.61

MacAvoy and Millstein were, however, sceptical of the adoption of their recom-
mendations in legal regulation.
In 2003, the Task Force on Corporate Responsibility constituted by American
Bar Association stressed the need to:
‘‘. . . more clearly delineate the oversight responsibility of directors generally,
and the unique role that independent directors play in discharging that
responsibility in public company settings’’.62

Among the ‘‘specific oversight matters’’, the Task Force listed:

‘‘. . . reviewing, approving, and monitoring fundamental financial and business

strategies and the performance of the company relative to those strategies;
assessing major risks facing the company; and ensuring that reasonable

60
US Senate, Committee on Governmental Affairs, Permanent Subcommittee on Inves-
tigations. The Role of the Board of Directors in Enron’s Collapse. 2002, available at
http://news.findlaw.com/hdocs/docs/enron/senpsi70802rpt.pdf [Accessed March 11, 2009].
61
Paul MacAvoy and Ira Millstein, The Recurrent Crisis in Corporate Governance
(Stanford, Ca.: Stanford University Press, 2004), pp.128–129.
62
American Bar Association. Report of the Task Force on Corporate Responsibility. 2003,
p.32, available at http://www.abanet.org/buslaw/corporateresponsibility/final report.pdf
[Accessed March 11, 2009].

351
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 P.M. Vasudev

processes are in place to maintain the integrity of the company and the
corresponding accountability of senior management’’.63

These are more concrete than the general statement of principle in the governance
charters developed by corporations.64
In the United Kingdom, the move in recent years has been towards what Chris
Riley termed the ‘‘juridification of corporate governance’’,65 which would place
governance in a legal framework that is more elaborate and nuanced. Riley has
argued that ‘‘much . . . depends upon the precise form that juridification takes’’,
and in favour of ‘‘making at least some . . . structural provisions more rule-like’’.66
The current political and economic climate and specific instances of corporate
failure might provide the opportunity for reform. The SOX, as noted earlier, took
a first step in direct intervention in corporate governance by requiring public
corporations to have audit committees consisting of independent directors. A
possible next step would be for regulation to specify the issues that corporate
boards must monitor a list of ‘‘minimum board responsibilities’’.
Minimum board responsibilities would be different from the codification of
standards for directors’ duties, which has just been completed in Britain in the
Companies Act 2006.67 These standards, such as the duties of loyalty and care,
provide guidance to the directors on how to perform their duties; they do not spell
out the duties themselves. The need now is to develop a set of specific governance
responsibilities for the boards of directors of public companies.
The concept of minimum board responsibilities is not radical. It would not
detract from the widely accepted two-tier model of governance; the decisions will
still be made by the management, subject to board approval. To provide flexibility,
provision can be made for ex post approval in specified circumstances. In this
framework, decisions on starting a new business or discontinuing an existing one
would be appropriate as board responsibilities. The requirement of board approval
for such major decisions can streamline governance, facilitate better deliberation
and promote accountability.

Mandatory risk assessment and reporting

Risk has emerged as a serious issue financial risk being the most significant. The
sub-prime crisis in the United States and its reverberations worldwide are proof
of the interconnectedness of national economies and corporations, and equally,

63
American Bar Association. Report of the Task Force on Corporate Responsibility. 2003,
p.33.
64
See, e.g. AIG Corporate Governance Charter (2008).
65
Chris Riley, ‘‘The Juridification of Corporate Governance’’ in John de Lacy (ed.), The
Reform of United Kingdom Company Law (London: Cavendish Publishing, 2002).
66
Riley, ‘‘The Juridification of Corporate Governance’’ in The Reform of United Kingdom
Company Law (2002), p.201.
67
There was opposition to the codification exercise. See John Birds, ‘‘The Reform of
Directors’ Duties’’ in The Reform of United Kingdom Company Law (2002).

352
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS
 Corporate Governance in the Sarbanes-Oxley World

the apparent fragility of the arrangements. In this environment, risk management,

understandably, has emerged as an important subject and is now an independent
discipline.68
Securities laws have mandated disclosures on risks for a long time, but the
inadequacies of the prevailing arrangements are apparent from the recent events.
Mandatory risk assessment and reporting procedures for public corporations
would be useful in better articulating the risks they face. Risk reports, prepared
by experts, would be placed before the boards for consideration and action. The
exercise of risk assessment would have a cost, but considering the seriousness of
the issue, it would be more appropriate to steer the debate towards containing the
cost at reasonable levels.
The measures proposed above can enhance the capability of public companies
to handle risk in the complex, interconnected and uncertain world. It is only
to the federal securities law that one can look for action on these issues, given
the open structure of the law of corporations and the scheme of liability of
directors. These proposals would take corporate governance in the direction
of ‘‘juridification’’ but with an important difference. They are not based on
the ‘‘command-and-control’’ principle. On the contrary, the measures proposed
in this article would promote an interdisciplinary approach towards regulation
of corporate governance. Regulation would adopt the techniques and practices
in finance and business management, and incorporate them in the institutional
framework in which public companies operate.

68
See, e.g. Michael Power, The Risk Management of Everything: Rethinking the Politics
of Uncertainty (London: Demos, 2004).

353
[2009] J.B.L., ISSUE 4;  2009 THOMSON REUTERS (LEGAL) LTD. AND CONTRIBUTORS