Challenges for risk managers

Corporate governance is high on the political agenda, with shareholders expecting high levels of accountability, yet confidence in corporate reporting is lower than it has been for some years. Partly this is a result of the shadow cast by many high profile disasters and the current economic turmoil. Regulators have already said they will be keeping a closer eye on financial services firms in order to boost risk management, improve the functioning of markets and reduce systemic risk. It remains to be seen if this enhanced scrutiny can prevent the collapse of another major bank.

The growing focus on risk controls and reporting may be increasing the importance of the risk manager’s role, but it also raises some new challenges. Just days after Société Générale (SocGen) was hit by a €4.9bn fraud, risk professionals at financial services firms worldwide were told to produce board reports showing how they could stop the same from happening in their businesses.

How much risk managers are affected by governance issues very much depends on their role in their organisations. According to guidelines from the London Stock Exchange, the risk manager’s role in corporate governance extends into five areas. They include strategy, corporate social responsibility (CSR), risk, audit, and disclosure. ‘The risk component is the area of particular expertise for risk managers, but they may also have significant input into CSR, audit and disclosure. The more senior risk managers will also have a say in strategy,’ says Paul Hopkin, technical director of AIRMIC.

Governance represents both a risk and opportunity. Risks manifest themselves in regulatory requirements and the threat of a damaged reputation as a consequence of failing to meet expectations. Clear opportunities also exist for companies to distinguish themselves through shareholder confidence, social responsibility and staff satisfaction.

Hopkin says: ‘Corporate governance is about stakeholder protection, which extends into the effective management of risk. It’s about making sure the organisation is capable of delivering what those stakeholders expect – profit and efficient services.’

Those organisations that see governance and risk management as a box ticking exercise are probably only focused on keeping the regulators happy. But if good practice is embedded in how the organisation works and is managed, the benefits can stretch beyond compliance. Research from the Association of British Insurers (ABI), one of the UK’s biggest shareholder bodies, shows that companies with the best corporate governance records have produced returns 18% higher than those with poor governance. Commenting on the research, director of investment affairs Peter Montagnon says: ‘The results confirm our belief that good governance produces better returns with less volatility.’

Despite the pressures, governance at some firms often falls below common standards. BAE Systems, Britain’s biggest defence contractor, has for several years been at the centre of a foreign corrupt practices probe in relation to its handling of the £43bn (€54.5m) Al-Yamamah arms deal with Saudi Arabia. The UK’s Serious Fraud Office controversially discontinued the inquiry in 2006, but the company felt obliged to commission a report of its own. BAE asked Lord Woolf, the former Lord Chief Justice, to look into how the company was doing business globally. Far from being a whitewash, the report revealed top management admitted failing to pay sufficient attention to ethical standards that could have damaged the company’s reputation. The report noted: ‘In the global economy, corporate reputation has become an essential part of an enterprise’s value and the effective management of ethical and reputational risks has become a critical element of corporate governance.’

Not all companies are the same

Private organisations, while not held accountable by regulators to the same degree as publicly listed ones, are still subject to different types of pressure. Business partners can demand a standard of governance, and a company may have to show it is being complicit in order to do business.

All types of organisations are now expected to live up to certain standards, or else they run the risk of tarnishing their reputation. Take for example UK retailer Marks & Spencer, which felt the need to explain why it had appointed chief executive Sir Stuart Rose to the role of executive chairman even before it was slammed in the press and by disgruntled shareholders. The decision is at odds with one of the basic tenants of good governance – freedom from conflicts of interest.

‘Stakeholder expectations are vitally important. Private stakeholders who don’t have confidence in a firm’s governance could walk. Reputation is all. If it’s not managed well, a company runs the risk of events occurring that could have long term damage,’ says Hopkin.

One of the biggest contemporary topics, the environment, can also drag companies into the spotlight. The consensus that society needs to clean up its act has knock on effects for companies. Not only are investors increasingly looking for green businesses, but more and more conscientious consumers are pushing companies in the direction of environmentally friendly products.

Dairy company Müller recently started labeling its products with carbon emissions information. Stewart Gilliland, Müller chief executive, comments: ‘Research shows that two of the top three issues consumers think companies should be doing more about are concern for the environment and conserving energy. You only have to look at the increase in sales of sustainable products in the UK to see that these issues are becoming an increasingly important part of the purchasing decision for consumers.’

The fact that consumer choice increasingly reflects environmental consciences has an effect on governance, simply because people expect the businesses from which they buy products to be doing the right thing.

Market problems

The credit crunch has played a part in focusing the minds of regulators. After shares in banking group HBOS plummeted on the London Stock Exchange in March, the Financial Services Authority (FSA) launched an investigation into claims that certain traders profiteered on rumours of funding problems. At the time of the inquiry, the FSA’s Sally Dewar said: ‘We remind market participants of the need to take extra care, in this market climate, to adhere to the market code of conduct.’

In a US parallel, Lehman brothers said it sent information to the Securities and Exchange Commission (SEC) about possible abusive short selling of its shares following the near collapse of Bear Stearns.

Other recent banking scandals can be related directly to a clear deficiency in corporate governance checks and balances. In the wake of subprime, Swiss bank UBS, the biggest European casualty of the meltdown, vowed to shake up its corporate governance rules. It promised to boost boardroom independence and expertise.

The risk side of a relatively simple internal control failure was demonstrated in the trading scandal at SocGen. The bank suffered a €4.9bn loss, allegedly as a result of the rogue activities of a single employee who was able to circumnavigate trading restrictions. Commentators also pointed to the culture of rewarding excessive gains as an exacerbating factor in the incident. The French bank immediately adapted its governance structure following the scandal. In a move to improve governance, chief executive and chairman, Daniel Bouton, handed the top executive post to finance director Frederic Oudea. SocGen was seen as one of the last major European banks to have a combined chairman and chief executive role.

This heightened focus on governance, combined with the recent turmoil in the markets, has inspired a number of companies to take a closer look at how well they are run. Jean-Nicolas Caprasse, RiskMetrics’ head of governance, says that Europe is now increasingly following the Anglo-American trend: ‘The steps taken by European companies to address new corporate governance rules have centred around evolving and improving structures and practices as well as partnering and engaging with shareholders.’

The risks apparent in corporate governance are not restricted to the banking sector, although, as one of the most heavily regulated industries, its blunders feature regularly in the business pages. Other European organisations, such as GlaxoSmithKline (GSK), have felt the sting of shareholder scrutiny after failing to consult properly on executive remuneration.

J P Garnier, head of GSK, angered investors soon after he joined the company in 2002 over an extravagant incentive scheme. The remuneration package so infuriated investors that it was voted down at their annual meeting and the scheme was pulled to appease them.

More regulations

In the last two decades, international businesses have seen a rash of corporate governance regulations and legislation, both nationally and globally. In Europe alone, Austria, Belgium, Germany, Hungary, Morocco, Norway, Poland, Slovenia, Sweden and the UK have all updated their guidelines within the past year.

European corporate governance regimes may be statutory (France’s Loi de sécurité financière, Germany’s KonTraG), or codes of best practice (UK Combined Code, Dutch Tabaksblat Code). Companies with a US presence are also obliged to take account of the Sarbanes-Oxley Act.

The European Commission is currently working on a pan-European directive concerning the annual accounts of certain types of companies. The purpose of the directive is to confirm the responsibility of the board, increase transparency in transactions with related parties, and improve disclosure. The proposals have been agreed and Directive 2006/46/EC has an implementation date of 5 September 2008, when member states will be expected to transpose the legislation into national law.

In a globalised environment, the demand for financial reporting standards that transcend national borders has intensified. The International Financial Reporting Standards are an attempt to fill that role. Accountancies say that IFRS concepts can improve the quality of financial reporting and investor confidence.

Emerging markets are generally thought to have less well established corporate governance codes, yet many of these markets are becoming playgrounds for international investors. ‘We have found corporate governance a restraint on ratings with certain Russian companies,’ says Trevor Pitman, an analyst with Fitch Ratings. ‘The general business environment, less transparency and private ownership structures have been a constraint on a number of ratings in that region.’

In July 2007, Poland adopted a brand new corporate governance code. The latest best practices code has widely expanded the role of supervisory boards, but Andrzej Nartowski president of the Polish Institute of Directors, says there are still considerable hurdles: ‘The idea of supervisory board’s ability to define the risks that are significant to a company, and to evaluate the system of the management of such risk, is still a dream in Poland. The awakening may be troubled.’

Sometimes the unintended consequences of regulation are overlooked. Increased corporate governance regulation in the US has resulted in it becoming a less attractive place to raise capital. According to the SEC, the number of IPOs in the US is very low, whereas the number of public companies going private is at a peak. Similarly, after the introduction of Sarbanes-Oxley, some companies chose not to list on US exchanges.

Some note the effect regulations have on increasing systemic risk and reducing the effectiveness of internal controls. More regulation does not necessarily improve corporate governance, argues Jonathan Burnett, head of governance at Protiviti. ‘After all the most regulated industry is currently having the most visible problems.’

There is evidence, however, that highly regulated industries can force a structure of good governance. Credit agency Standard & Poor’s has said that in the run up to Solvency II – a European project to bring capital requirements at insurance companies in line with their true risks – more insurers have taken up enterprise risk management (ERM). Standard & Poor’s completed 274 ERM evaluations in 2007. The results showed that most insurers had adequate ERM programmes. S&P credit analyst Keith Bevan says: ‘As the implementation of Solvency II approaches, industry awareness of the need to build risk management systems is increasing.’

The rating agencies can affect other changes. Fitch says that weak corporate governance could be detrimental to the overall health of an enterprise. In 2004 the agency announced it would capture corporate governance risk in its credit ratings. Fitch says the criteria for ratings are not driven by any particular piece of legislation. ‘Fitch expects a company to have proper internal controls in place and for the board to act independently to reduce conflicts of interest, for example with related party dealings,’ says Fitch’s Pitman.

Economies work better if companies are run efficiently and transparently. If they are not, in the worst cases, jobs will be lost and shareholders, employees and creditors will be left short changed. The advice is obviously that companies should not wait for the worst to happen before shouldering their responsibilities.