It’s way too early for nostalgia about the financial crisis. But one of the most telling anecdotes coming out of this period was from John Thain, remarking to the Wall Street Journal on his time as CEO of Merrill Lynch. “Merrill had a risk committee,” he asserted. “It just didn’t function.”
Since then, legions of experts have devised sage guidance on what boards should do to supervise a company’s risk management—in effect, to make those risk committees function. But there’s one safeguard most such advice has neglected, and it is among the most important, at least for public companies. Directors ...