Large banks' risk-governance practices are still lacking despite widespread calls for improvement as a result of the global financial crisis, rating agency Moody's Investors Service said in a report published Friday.

Moody's said that of the 35 large banks and securities firms included in the report, only half have board-level risk committees and often those committees meet infrequently and are staffed with under-experienced members.

The company added that, while most banks had dedicated chief risk officers, many still don't. It added that the only banks that have their CRO report directly to the chief executive and board are JPMorgan Chase & Co. (JPM), Macquarie Group Ltd. (MQG.AU) and Banco Santander SA (STD).

Moody's said that "risk governance will continue to be a focus in our analysis of banks," and it encouraged banks to establish experienced risk-governance committees that meet at least on a bi-monthly basis and report directly to the board and CEO.

The company said that currently banks often spread risk-governance responsibilities between multiple departments and advocated for a single overseeing committee.

The report included an analysis of 35 banks across Asia, Europe and North America, which together hold over $300 billion in assets.

Company Web site: http://www.moodys.com/

-By Eric Jones, Dow Jones Newswires; 44-207-842-9295; eric.jones@dowjones.com