Reinventing Operational Risk Regulation for a World of Climate Change, Cyberattacks, and Tech Glitches

Hillary J. Allen

Around 30 years ago, banking regulators began to construct the concept of “operational risk,” and devise rules to manage this newly created risk category. This “invention” of operational risk assembled a grab-bag of otherwise uncategorized risks associated with banking operations; this Article argues that the resulting operational risk regulation framework isn’t very well suited to some of those risks. In particular, this Article demonstrates that the existing operational risk regulation framework is becoming an increasingly inadequate response to banks’ exposure to operational losses following damage to their physical assets and business disruption and system failures. This is so for two reasons. First, the current iteration of operational risk regulation does not respond to the significant uncertainty affecting banking system operations, which is being exacerbated by increasing technological complexity, cyberattacks, and climate change. Second, existing regulation doesn’t contemplate that operational risks can be transmitted to and from banks through technological and other non-financial channels, and so the potential for systemic contagion is underestimated.

This Article therefore sketches the beginnings of a “reinvented” approach to regulating for the operational threats of damage to physical assets and business disruption and system failures. The proposed framework places much less emphasis on risk-weighted capital regulation, favoring the alternative of simple buffers of equity that are more robust to uncertainty. In the absence of risk-weighted capital regulation, banking supervision will take on even greater importance. This Article therefore provides some guidance on what a “macro-operational” approach to banking supervision might look like, taking into account the possibility of technological and other forms of transmission of operational risk among banks. The Article concludes by recognizing that macro-operational supervision will not succeed in preventing all operational problems and therefore considers what new types of operations-specific emergency tools might need to be devised as a response.

Socially Acceptable Securities Fraud

Christine Hurt

Robots, Markets, and the Value of Deal Lawyers

Heather Hughes

Emerging forms of automation using artificial intelligence (AI) and distributed ledgers are raising transformative questions for the practice of law. Deal lawyers are well- situated to understand the convergence of various modes of automation and their implications for their clients and the markets they facilitate. This Article contends that digesting threats and leveraging opportunities associated with new technologies calls for granular, context-specific assessment. It presents one instance of automation in one predominant market—the market for asset-backed securities (ABS)—by comparing securitization to a blockchain-based analog, tokenization. It considers how lawyers support the ABS market and how automation of lawyers’ functions could intersect with automated issuances. This context-specific inquiry yields broader questions surrounding deal lawyers’ roles in the face of evolving technologies. Asset-backed issuances often create value with legal ambiguity. Lawyers facilitate these issuances by structuring legally complex assignments and then opining on the positions of investors. Automated platforms can alter the consequences of deliberate legal ambiguity, and as such can affect risks associated with asset-backed issuances. If established forms developed for non-automated deals serve as baselines to be digitized for automated transactions, then investors’ choices about platform may adversely affect issuers and their stakeholders. Lawyers have the capacity to understand and explain these dynamics. If AI models trained on existing deal documentation generate work-products for automated transactions, what kinds of effects and concerns should lawyers identify? The value and function of business lawyers came under scrutiny after corporate scandals at the start of the millennium and after the 2007–08 financial crisis, but the scrutiny subsided when market activity re-trenched. Automation, now, revives questions around the responsibilities of deal lawyers.



U.S. Corporate Director Responsibilities to Oversee National Security Threats in an Era of Great Power Rivalry

Joel Slawotsky

U.S. corporate directors' obligation to balance risk-taking and profits is complex in ordinary circumstances. But the issue is even more dynamic in the context of the China-U.S. power rivalry—directly intersecting with national security, the re-evaluation of corporate purpose, and enhanced oversight obligations particularly for mission critical corporate functions. This Article addresses the need for corporate directors to consider national security a "mission critical" issue under the expanded Caremark doctrine developed over the last several years in Deleware courts. Given the importance of large and strategic corporations to the pillars of hegemonic power, the national security-corporate governance interface will constitute an increasingly significant issue going forward. The Article opines that the emerging China-U.S. dynamic potentially militates in favor of finding national security as a core critical mission for two reasons. First, mission critical can be understood as conduct that raises the specter of enforcement, fines, and penalties; endangering U.S. security clearly risks Federal prosecution to trigger mission critical status. Two, the trend towards embracing enhanced-shareholder value governance and ESG similarly militates in favor of finding national security as a "mission critical" function as both the long-term profitability of the corporation as well as U.S. notions of "rights and values" may be at risk should China ultimately prevail in shaping global governance. Furthermore, director oversight is now firmly entrenched as a violation of the duty of loyalty—particularly for "mission critical" functions and therefore not protected by the business judgment rule or entitled to indemnification. Accordingly, Caremark oversight liability grounded on the failure of the board to monitor risks to U.S. national security conceptualized as mission critical may significantly impact corporate decision-making and the China-U.S. rivalry.