Tuesday, October 21, 2008

The EU gets tough on Risk Management

Lest anyone be in any doubt: risk management and governance improvements are on the EU’s agenda. At a recent speech, Charlie McCreevy, European Commissioner for Internal Market and Services spoke on Corporate Governance at the Institute of Chartered Secretaries and Administrators (ICSA) EU Corporate Governance Summit in Brussels on 8 October 2008. He said:

Risk management
It is clear that poor, indeed, sometimes disastrous, risk management by financial institutions was partly to blame for the current financial turmoil. In the final analysis, such poor risk management is, in part, a result of failing internal governance.

Financial institutions will have to examine their internal governance framework with a view to embracing risk management. Risk management should be part of the strategy of the firm, and indeed the culture of the organisation.

It is the duty of senior management in financial institutions to address this and it is the role of the board to oversee it. In their respective roles, both senior management and the board need to ensure a holistic approach to firm-wide – and group-wide - risk management.

I do not want to go into details how best to integrate a firm's internal risk management strategy. But one area which I think would provide a good early warning of faults in a firm's risk management system is the firm's approach to transparency.

Transparency has to be meaningful for it to mean anything. Disclosures about risk exposures, risk management and accounting policies are crucial. Disclosures in these areas must be targeted and relevant if shareholders are to make sense of them and exercise their role.

This goes to the very heart of the "comply-or-explain" principle. Only if industry delivers on the quality and accessibility of information provided to shareholders and investors alike, can we make this system function in practice.

Then, the ball will be in the court of shareholders and investors.

They should then use this information to ensure the proper management of firms. This would mean applying their judgement to the financial institution’s overall risk management strategy. From the risk exposures of the products that have been sold in the case of investors, to remuneration incentives of employees and executives in the case of shareholders. It would also greatly assist policy makers and regulators who would then have a feel for the exposures of financial institutions.

Sounds to me like some organisations might be encouraged to get their act together on risk management rather quicker than they might have expected and to take it more seriously than they might have done in a bull market! For the full details of the speech see

Wednesday, October 1, 2008

Trusting me, trusting you

What an awful week: banks collapsing all over; problems with the Paulson rescue plan; contaminated milk in China killing children; Cadbury recalling chocolate in China; publisher firebombed in London. But, Gordon Brown has signalled the end of the “Age of Irresponsibility” – so that’s alright then.

I think that all of these headlines are inextricably linked by one major factor: trust, or rather the absence of trust. I have been pondering this for a while, first triggered by some mock university interviews at my daughters’ school this time last year. As a “pretend” interviewer, together with a real economist, three girls faced the question of what was the most pressing economic issue facing the world at the moment (a year ago, remember). To a girl, they all responded: China and the Credit Crunch. That made me think: we (at that stage) were mesmerised by the failure of Northern Rock and were concerned about the possibility of further problems, although some doubted they would come to fruition. And we were concerned about cheap manufacturing in China undermining our economy. At first it is hard to see any links between the two, but on reflection it seems to me that a complete absence of trust is symptomatic of both situations.

The word “trust” has come up a lot recently and the use or abuse of trust by those that once we would have admired has fatally undermined it. Trust, like reputation accumulates in tiny amounts by repeated demonstrations of “trustworthy” behaviour. Like reputation, trust can be lost instantaneously and will take a lifetime of those self-same demonstrations of “trustworthy” behaviours to re-build. But that leaves us with a fundamental problem, because no-one, but no-one is going to trust anyone who describes him or herself as a banker. Already no-one trusts a politician (although with the credit crunch they might just have risen one up from the bottom of the rankings). Enron and the rest had already broken society’s trust in big corporations. And yet trust is the very foundation stone of our economy.

There are very few transactions that we enter into where there is no need for trust: in fact paying cash for your newspaper in the local corner shop is about where it stops. There are of course transactions where my personal supervision might just substitute for the need for trust. For example, do I need to trust my builder? Somewhat, but I can check up on him on a daily basis, and I can quite easily replace him if he is not doing what he is supposed to do. Do I need to trust my investment advisor? Yes, given that I cannot carry out all the research he has at his finger tips. Once you move above and beyond that most trivial transaction and once you cannot exercise direct supervision, then trust has to enter into the equation.

As a society, and as consumers, investors, voters, our trust has been abused so often that it is no longer good enough for your doctor, lawyer, teacher, banker, politician, accountant, to say: “trust me: I am your...”. They now have to demonstrate why they are trustworthy, why we should trust them. And the answer to this? I would suggest that we have to go back to our model of Corporate Governance. All those in the City who said a system based on enlightened self-interest, on comply or explain, all those who called for self-regulation and light touch, need to ask themselves: was it enough? The City, Wall Street, and investors at large encouraged bankers to look out for increasingly large returns form increasingly arcane instruments. The pressure to deliver resulted in obscene payments for those who developed and traded these instruments, while shareholders demanded the high returns in a collective wave of excitement at the sight of the latest set of the emperor’s new clothes. How many boards called a halt to this behaviour? How many non-executives really got to the bottom of the risk profile of the organisations? How many investors sought to really pay more than lip-service to the balance between managed risk taking and avoiding elephant traps? Or the balance between enormous rewards and the need for corporate responsibility and ethical behaviours?

Our corporate governance needs to reflect three pillars: namely the structure of the board, the activities of the board and compliance with the code. In the UK we have focussed extensively on the first, a bit on the second and have shied away from the third. It is time for that to change. But calling for change right now is not going to help kick-start the economy. So what can organisations do to retain or rebuild trust? I think there are three things:

1. Organisations have to demonstrate that they take an ethical view of business. This does not just mean “green” or environmental issues, but it includes demonstrating that they will take the right (by which I meant ethical) short term decisions, even if they are painful, when the easy approach would have earned short term gain. This culture of ethical behaviour has demonstrably to be endemic to the organisation. It is no good saying you are “ethical” if you cannot demonstrate it, both by your actions, and if the culture of ethical behaviour is not inculcated into the culture of your organisation.

2. Organisations need to demonstrate that corporate governance is not something that they do because some code requires it. They should go out and recruit an awkward squad of non executives who will challenge, not merely sit back and take their shilling. They should demonstrate how the structure of governance fits with their culture, with their strategy and with the interests of stakeholders at large.

3. Finally they need to make sure that their risk management is not merely of the Turnbull variety. That nonsense: a chat about risks at the board a few times a year is NOT sufficient. All organisations now owe it to all of us, the public at large, to demonstrate that they understand their risks and are managing them appropriately. (And at this stage, I would probably start with a check to see if yours is what I would term a “disaster-prone” organisation.)

Many, many organisations (including in the recent past, banks) have claimed that managing their risks is their day to day activity. So it should be. What I am suggesting is that it now needs to be systematic and properly understood throughout the organisation, from top to bottom, throughout the value chain, by all participants in the value chain. If all of these things are done, then maybe, just maybe, a few organisations can begin to rebuild that trust that seems such an ephemeral concept right now.

For more information on this see www.randerson-assocs.co.uk or contact me here.