JP Morgan has plenty of shaping up to do

January 22, 2013, 2:26 PM UTC

FORTUNE — Searching for a banking hero, many in the press falsely awarded the great risk manager trophy to JP Morgan CEO Jamie Dimon. Apparently, the bank’s board bought the hype. But in the wake of investigations into the London Whale trading fiasco, many more now recognize that JP Morgan, its board, and its CEO did not deserve such praise.

Whether Dimon is good at overseeing derivative investment risk is one thing. But regulators and JP Morgan’s (JPM) board have much more they need to examine here.

For one, the regulatory and board reports released this week fail to address potentially misleading disclosures by Dimon and then-CFO Doug Braunstein that could still get them into hot water. And the proposed remedies by the bank fail to address the broader risk issues that the bank continues to face in non-Whale matters.

JP Morgan declined to comment for this article but perhaps the SEC or the Congressional Permanent Subcommittee on Investigations will decide in the coming weeks to weigh in. Certainly, the public deserves a more satisfactory resolution related to actions at the bank’s highest levels.

MORE: ‘How I found my job at a Best Company’

Take as Exhibit A the board’s recent decision on Dimon’s compensation. His pay exceeded that of the average JP Morgan worker by roughly $11 million and change. What kind of message does that send? Also, memo to the board: asking management if compensation encourages risk is not adequate. Seek unbiased sources.

Exhibit B is the board’s own report on the London Whale trading losses. JP Morgan’s board seems clueless of the fact that its own failure to observe and act based on what they discover are the biggest risk oversight issues of all. In addition to making sure there are independent players involved in investigations, here are three common-sense remedies this board needs to employ:

1. Read more than one newspaper or magazine

The JP Morgan board’s report refers to the Wall Street Journal but none of the other myriad sources that sounded Whale-related warnings on April 6. If you sit on a board or are in senior management of a public company, you should be reading as many news sources as possible to glean alternative perspectives. If you are a board member, those distinctions can provide fodder for insightful questions. Using only the Wall Street Journal and management as your sources is a very bad idea.

The board apparently was not alarmed enough to react before Dimon and Braunstein downplayed the seriousness of the already known London Whale trading losses on an analyst call. According to the board’s own report, the board waited to investigate trades that were reported by Bloomberg to have been driving prices in a 10 trillion-dollar market. The board report states the it was content to wait until the next board meeting, which was after JP Morgan’s earnings release. “Following the April 6, 2012 publication of the article in The Wall Street Journal regarding CIO, members of the Risk Policy Committee requested that the subject be addressed at the next meeting of the Committee (held on April 17, 2012),” the report says.

2. Read earnings disclosures before they go out

We can’t tell from the board’s description the extent to which the audit and risk committees reviewed the April 13 earnings release before its publication. But they should have — and should have asked where the information related to the chief investment office (CIO) losses was displayed.

They were, after all, reading the Wall Street Journal. And the Wall Street Journal on April 6 published an article with a company statement, which said: “J.P. Morgan said the CIO unit’s ‘results are disclosed in our quarterly earnings reports and are fully transparent to our regulators.’”

MORE: How Goldman Sachs beat the Volcker Rule

The only thing is that the CIO unit’s results were buried in its April 13 release, on page 12, with no specific disclosure of the office’s $718 million in losses by the end of the first quarter, which the audit and risk committee members should have been aware of.

3. Follow the golden rule of board oversight

The board has a responsibility to tell management what materials they need, when they want to receive them, and in what form. They shouldn’t wait for the next board meeting to get sensitive or critical information.

According to the board’s report, on March 30, JP Morgan’s internal audit staff produced a report saying controls in the chief investment office “need improvement”  and the board’s audit committee received this information before the April 17 board meeting. But when, exactly? Maybe it was in time to make sure the April 13 release was transparent and that Dimon did not downplay risks in the CIO. But Dimon did downplay these risks to analysts. Did the board fail to act even though it had the internal audit information?  And were the audit and risk committees talking to each other?

Apparently, JP Morgan’s board did not have a procedure in place to receive immediate notice of a concerning internal audit report. Nor did they have a procedure to actively check on related internal audit reports after alarms were being sounded in the press. In today’s world, waiting until the next board meeting on risk issues significant enough to garner press coverage is irresponsible.

While the board’s report specifies the kinds of ongoing reports it needs, this does not go far enough. Knowing that the company’s top managers may not always be forthcoming, this board needs to command answers when they need them. As with all boards, JP Morgan’s directors need to actively specify the kinds of materials they need – not just in chief investment office matters. This is not Las Vegas — if it happened at the CIO, it’s happening elsewhere.

And that is what makes the regulatory response inadequate as well. Cleaning up the CIO does not address the head on this fish.

MORE: JPMorgan’s London Whale review: Inside job

The board’s report says that “the recommendations which this report makes do not imply that practices or processes in place in 2012 fell below the standard required of directors.” From a governance standpoint, they do.

Six months ago, I recommended that the JP Morgan board re-examine its membership and its self-oversight. Here we are and not much has changed since last July, when I suggested the bank be broken up. JP Morgan’s board and its regulators still need to shape up.

Eleanor Bloxham is CEO of The Value Alliance and Corporate Governance Alliance (, a board advisory firm.