February 2024

Chris Clark conducts interviews with leading corporate directors and subject matter experts for Stuart Levine & Associates, a global consulting and leadership development company. The Planet Governance™ interview series features the views of corporate directors, chief executives, and governance experts on timely issues from succession planning to stakeholder activism to cyber resiliency.

This incredibly thoughtful corporate director says… an essential quality for directors is the courage to speak up about major, unmitigated business risks, ethical lapses, and governance shortcomings, even when minimized by some board members…

Debra J. Perry was elected to Assurant’s board of directors in August 2017, and presently is Chair of the Finance & Risk Committee. She is the former Senior Managing Director for global ratings and research at Moody’s Investors Service. She served as the senior business leader for the company’s Americas Corporate Finance Group, the U.S. Public Finance Group and the Global Non-Bank Financial Institutions Group and previously served as Chief Administrative Officer of Moody’s Corporation. Ms. Perry also worked in fixed income research at First Boston Corporation and in a variety of corporate lending and capital markets roles at Chemical Bank in New York, Paris, and London.

She currently serves as Chair of the Audit Committee of Korn Ferry International and as a member of its Nominating and Corporate Governance Committee. She also serves as a director of the respective boards of the Bernstein Funds (a mutual fund complex that includes the Sanford C. Bernstein Fund, Inc., the Bernstein Fund, Inc., and AB Multi-Manager Alternative Fund). Of note, she served as their Chair from 2018-2023.

From December 2016 to May 2022, Ms. Perry served as on the board of directors of Genworth Financial, Inc. Ms. Perry previously served on the boards of MBIA Inc., CNO Financial Inc., PartnerRe Ltd., and the board of trustees of Bank of America Funds.

Debra J. Perry

Debra J. Perry

Chris: Good morning, Debra.Cutting to the chase, what makes for an effective risk committee?

Debra: Chris, first, thank you so much for selecting me to be part of Planet Governance. I am very pleased having known you and Stuart throughout your respective careers. Our long-standing relationship has always been rewarding and thought-provoking.

That said, I have had the privilege of serving on three risk committees, and as chair of two of them, over the course of my board career. While enterprise risk management (ERM) and risk governance have evolved over that period of time, most especially since the financial crisis, there are a few elements that consistently have underpinned the effectiveness of risk committees.

The work of a risk committee starts with oversight over the effectiveness of a company’s risk function. To be effective, a company’s risk professionals need a deep understanding of its business(es) and strong working relationships with business leaders. They need access at the highest levels of management and to the board committee(s) tasked with risk oversight. In particular, the risk function must have strong support from the CEO who should appreciate the importance of ERM to delivering sustainable results.  A chief risk officer (CRO) detached from the business and who is mainly focused on report generation will serve neither the company nor the board. An effective risk committee will engage in frequent dialogue with the CRO and senior members of the risk function and will probe to understand whether the risk organization is deeply knowledgeable about the company’s businesses and how it is working with other control functions in the company, notably internal audit and compliance.  In my experience, audit committees are more practiced at this type of dialogue with the CFO in their monitoring of the finance function and their approach may serve as an example to the risk committee.

A common frustration among members of risk committees is the abundance of data and dashboards served up for review at committee meetings. On the one hand, the density of risk reporting suggests that the ERM function has deep insight into all risks facing the company. On the other hand, the sheer quantity of information leaves little time to question its relevance and whether it truly reflects the risks in the business the company is conducting today. An effective risk committee will question risk taxonomy, risk tolerances and risk reporting at least annually to ensure that the framework is refreshed as the business evolves. In addition, the risk committee should challenge the chief risk officer and senior management to identify emerging risks that should be monitored.  As part of this dialogue, the committee chair and the CRO should look for opportunities to communicate information in concise formats that enable the reader to see the forest for the trees.

An important way to assess the appropriateness of risk limits is to request scenario analyses from the CRO related to significant risks to the enterprise. The static, point in time dashboards that ordinarily comprise the bulk of reporting to risk committees can be interpreted in a new light if management undertakes analyses to test the impact on the organization if established risk tolerances are hit or breached. Even if the cause of the breach is deemed to be an extreme, low probability event, the consequences to financial results, capital adequacy, debt ratings, availability of back up sources of liquidity, capital market access, business continuity and client relationships might be especially severe, depending on the nature of the event. Inventing scenarios that impact operational capabilities as well as financial flexibility in a way that causes long-term harm to the company can be a great way to think about whether risk limits are appropriately set, and whether risk mitigation is sufficient.

Additionally, risk reporting should encompass not only financial risks but also operational and business continuity risks. Such risks are not always easily captured in metrics in a conventional dashboard. However, they are critical elements of a comprehensive ERM program. Also, in recent years, with increasing threats related to cyber security and physical climate risk, and black swan events like the pandemic and geopolitical turmoil, many risk committees are focusing attention on operational resilience. They start with the presumption that the company will inevitably be impacted by one or more of these types of events in the future. What, then, is our ability to continue function? To comply with service-level agreements, to meet or exceed customer expectations and to comply with regulatory obligations?

And a final point about risk governance: risk oversight necessarily must engage all board committees when the risk relates to areas for which those committees have specific oversight responsibilities. For example, compliance risks, which are significant in regulated industries, are often overseen by the audit committee. Risks relating to sustainability or ESG may fall to the nominating and corporate governance committee, and risks involving cyber and IT may be overseen by the IT committee, if one exists. Where those committees are charged with monitoring certain risks, they need to actively review the metrics and limits and provide their perspectives on the effectiveness of ERM in their respective areas. Engagement of the full board through its committees is essential to the effectiveness of risk oversight.

Chris: What strategic move are you most proud of?

Debra: It’s less about a single strategic move and more about my experience serving on the boards of three companies with very significant financial and business challenges and contributing to restructuring and/or stabilizing those companies.

My directorship experience began twenty years ago with two companies that were radically different – a then AAA-rated financial guaranty company and a non-investment grade insurance group that had recently exited bankruptcy while retaining a large, very problematic, long term care insurance business not addressed in the bankruptcy.  Within two years of having joined these boards, the early signs of what became the Great Financial Crisis appeared. The AAA company was subsequently heavily downgraded, primarily due to its exposure to troubled mortgage securities, and since that time effectively has been in run off.  My board colleagues asked if I would lead a consulting assignment to review underwriting standards and process and to report back to the board on recommendations for improvement including in risk governance. Of course, it meant stepping down as a director to assume a consulting role – a tradeoff that I felt would best utilize my professional experience for the benefit of stakeholders. This was a significant project given the sheer magnitude of the company’s insured book – more than $1 trillion of principal and interest – and the variety and complexity of its exposures, and I believe it generated some important insights for the board.

In the case of the post-bankruptcy long-term care insurance company, the board oversaw a restructuring of the company to isolate the riskiest long term care exposure. This took place during the financial crisis which left the company’s solvency even more tenuous. In the end, we recapitalized and stabilized the company, potentially averting a second bankruptcy. These two companies were my first public company boards – a trial by fire to be sure.

In a more recent, third example, I joined the board of another long-term care insurance company, the largest in the US, and participated in another restructuring to de-lever the holding company. This involved the complete or partial sales/IPO of three mortgage insurance subsidiaries to raise cash to significantly reduce holding company debt. It has given the company the opportunity to focus on continuous strengthening of its core long-term care insurance blocks and the financial flexibility to consider strategies for growth in services adjacent to its primary long-term care business.

The challenges of the two long term care companies were well publicized and reasonably well understood when I accepted a position on these boards. I felt that my background was sufficiently differentiated to contribute to the boards and joined them recognizing that they would be challenging. In the case of the financial guaranty company, the financial crisis was the Black Swan event that threatened the company’s viability and led to significant changes in management and governance. This was an exercise in crisis management in addition to a complex financial puzzle. I am proud of my work with my board colleagues and senior management teams to financially stabilize these companies for the benefit of their shareholders, creditors, policy holders and other stakeholders.

Chris: What skill sets does the next generation of directors need to bring to their boards?

Debra: In my mind, the skill sets of the next generation of directors are not different from the skill sets that make directors successful today. They start with relevance – recent senior leadership roles in business with experience and perspective on the complex challenges facing companies today. From one generation to the next, what constitutes relevance obviously evolves. In today’s world, it almost certainly includes native knowledge of technology and digital and experience dealing with disruption.

Beyond relevance, directors need to possess a high level of learning agility which starts with intellectual curiosity and the ability to learn and adapt to new, challenging situations. Every director at one time or another will need to push the boundaries of his/her prior professional experience in order to be effective in the boardroom and learning agility, both intellectual and personal, is the enabler.

Another important attribute for directors is the desire to help make the senior executive team successful – rather than to look for opportunities to take them down. To some extent, every director intentionally or inadvertently plays the role of mentor and coach in their routine interactions with the senior executive team. The board can be constructive and motivating, within the limits of its fiduciary responsibilities, or not. Directors with deep subject matter expertise must take special care in the way in which they convey their knowledge so that management is receptive to their message. A hyper-critical, ‘gotcha’ director will shut down communication and trust.  Directors must also respect the line between management and board oversight, an often-challenging distinction for new directors who remain employed in senior executive roles or who are recently retired.

Another characteristic of great directors is their eagerness to work with/learn from other board members who are different from themselves in professional background, board tenure, demographics. The composition of American boards has changed quite a lot in the past two decades, and board effectiveness continues to be a work in progress. In effect, we as directors have an opportunity to model inclusive, collegial behaviors to management teams that are increasingly diverse and to demonstrate that diversity produces better business outcomes.

Finally, an essential quality for directors is the courage to speak up about major, unmitigated business risks, ethical lapses, and governance shortcomings, even when minimized by some board members. By the time they arrive in a boardroom, most executives have the self-awareness and interpersonal skills to figure out how best to navigate issues like this, but it can be especially difficult without the support of colleagues who occupy leadership seats on the board. In extreme situations, when all reasonable efforts have failed and there is no clear path to resolving serious ethical or governance lapses, great directors have the wisdom to confer with personal governance counsel and the courage not to stand for reelection.

Chris: Debra, as always, this conversation was special. Thank you!

Chris Clark joined Stuart Levine & Associates as a senior consultant after a distinguished career at the National Association of Corporate Directors (“NACD”). He is known for his prominent role in the creation of NACD’s “The Power of Difference”, “The Leading Minds of Compensation” and “The Leading Minds of Governance” conference series, “The Directorship 100”, and NACD Private Company Directorship.

Chris’ expertise ranges across a variety of disciplines including corporate governance with board assessments and strategic communication audits as cornerstones, conference management, and digital content creation.