Jamie Dimon's much-anticipated testimony before the Senate Banking Committee on the chief investment office division's trading losses offered few new insights into what exactly was going on in the management of risk at JPMorgan Chase. 

But what is clear is that greater focus by banks and regulators is needed on the quality of the risk governance and infrastructure of the banking sector. 

What could have been a unique opportunity to spotlight the criticality of risk management practices instead largely devolved into questioning around aspects of regulatory reform meant more to score political points than to address fundamental breakdowns in risk management. 

When banks get into trouble, you can follow the trail back to a lack of governance, process and controls in managing risk. The JPMorgan trading losses are no exception.   

At the core of the losses were issues with the independence of the CIO risk committee; the structure of trader compensation for managing the synthetic credit portfolio; lack of bifurcation of hedging and proprietary trading activities; poor CIO risk limit controls; and the governance surrounding risk models.  Dimon has taken actions to strengthen risk processes, but it is interesting that, according to his testimony, the internal investigation of what went wrong is being led not by the chief risk officer but by the CEO of the company's treasury business. 

To be fair, some questions on these issues were raised at the hearing, but little detail was forthcoming from Dimon. The weak link in the chain of risk management deficiencies in this specific case was the independent CIO risk committee. This committee was doing its own reviews of risks and had no direct linkage back to the bank's enterprise risk committee, headed by the bank's CRO.  Information, Dimon noted, did not properly flow up to the CRO and his committee, as it would in other companies. This atypical structure inhibited the bank from understanding the volatility and size of the trades against risk limits.

Had this information been made available to the CRO and enterprise risk committee in advance of the trading strategy being executed, or even while in place, greater risk transparency would have enabled JPMorgan management to gauge the intended macro-hedge strategy against the bank's risk appetite. It also would have better informed both the board and the under-resourced Office of the Comptroller of the Currency, JPMorgan's regulator, which I believe has been unfairly blamed for failing to spot the problems.

In addition, when pressed about the structure of CIO trader compensation, noticeably absent from Dimon's response was any reference to whether a component of trader pay was based on risk mitigation activities that would have better aligned incentives for these individuals with the risk of the transactions.

The recurring question of what differentiates hedging from proprietary trading came up during the hearing with little clarity on the subject being offered other than Dimon's reiteration that macro hedging is an appropriate activity for banks. Conceptually that may be true, but the execution of such a strategy depends on a number of factors, starting with the explicit articulation of the hedge strategy, its objectives and general structure.

What seems to be tripping up many observers of this issue is that hedging is not a static activity, but in fact may change throughout the period over which the hedge is put in place. So an initial hedge position designed to offset losses in the credit portfolio from a systemic event can be adjusted over time by unwinding or trading out of positions to fine-tune the hedge to current market conditions. 

From that standpoint, the strategy might still be considered a hedge, but it becomes more difficult to support that view without having a well-laid out plan to begin with as a guidepost, traders compensated for risk mitigation and an operating model where hedging and trading activities are housed in different areas of the company.  Under the Volcker Rule, the CIO trades would not likely have passed some of the hedge exemption criteria for some of the reasons cited above, among others.

Finally, the processes in place for CIO risk limits and the validation and approval of risk models simply compounded the problems that were likely facilitated by the independent structure of the CIO risk committee. 

As mentioned in the hearing, smart regulation, not more regulation, is what is needed. The JPMorgan trading loss serves up a classic case of risk management deficiencies that lie at the heart of bank losses and failures. Regulation that gives banks the incentive to strengthen their risk governance and practices would efficiently and effectively mitigate the kind of blowups that seem to occur with alarming frequency. 

One way to do this would be to reform the Federal Deposit Insurance Corp.'s risk-based deposit insurance pricing to give heavier weight and specification to bank risk governance and processes than exists currently in that framework. 

How many MF Globals, Long-Term Capital Managements and London Whales have to flounder before legislators realize that regulation should focus on the root causes for these problems, namely the underlying risk management of the firm?

Clifford Rossi is an executive-in-residence and Tyser Teaching Fellow at the University of Maryland's Robert H. Smith School of Business. He has held senior risk management and credit positions at Citigroup, Washington Mutual, Countrywide, Freddie Mac and Fannie Mae.