The Dodd Frank Act of 2010 that was recently signed into law by President Obama will require not only banks but also some nonbank financial companies to have a formal risk committee and enterprise-wide risk management program. Specifically, the Act has a mandatory provision for public companies with total assets greater than $10 billion to have these risk management practices in place and an option for the Federal Reserve to require public companies with fewer assets to have the same. Here is an excerpt directly from the new law pertaining to the new risk committee requirement.
RISK COMMITTEE.—A risk committee required by this subsection shall—
(A) be responsible for the oversight of the enterprise wide risk management practices of the nonbank financial company supervised by the Board of Governors or bank holding company described in subsection (a), as applicable;
(B) include such number of independent directors as the Board of Governors may determine appropriate, based on the nature of operations, size of assets, and other appropriate criteria related to the nonbank financial company supervised by the Board of Governors or a bank holding company described in subsection (a), as applicable; and
(C) include at least 1 risk management expert having experience in identifying, assessing, and managing risk exposures of large, complex firms.
These requirements will become effective in one year, so now is the time to prepare.