The ERM Current™

In this final post of 2008, we look forward to a new year filled with uncertainty and risk.  Events of this past year will reverberate not only for the next few weeks or months, but throughout the coming year and potentially many years to come.  A year-end study completed by Ernst & Young highlights the top risks that companies across the globe will face in 2009.  Below are the rankings with results from the 2008 study in parentheses.  

The 2009 top 10 risk rankings

1. The credit crunch (2)
2. Regulation and compliance (1) 
3. Deepening recession (New) 
4. Radical greening (9) 
5. Non-traditional entrants (16) 
6. Cost cutting (7) 
7. Managing talent (11) 
8. Executing alliances and transactions (7) 
9. Business model redundancy (New) 
10. Reputation risks (22) 

Not surprisingly, credit related issues are the number one item on the list followed closely by regulation & compliance.  Companies of all sizes need to be prepared to address the rapid changes that may occur over the next year.  Having a solid framework to quickly understand changes in these risks and make quick adjustments will provide a significant competitive advantage.  Visit www.WheelhouseAdvisors.com to learn more.  

As more and more begins to emerge from the collapse of our financial markets, it is becoming clear that effective risk management was severely handicapped by those looking to increase their personal compensation.   The New York Times reported this past weekend some of the egregious mortgage lending practices at Washington Mutual (“WaMu”) that led to the largest bank failure in American history.   

WaMu gave mortgage brokers handsome commissions for selling the riskiest loans, which carried higher fees, bolstering profits and ultimately the compensation of the bank’s executives. WaMu pressured appraisers to provide inflated property values that made loans appear less risky, enabling Wall Street to bundle them more easily for sale to investors.  “I never had a clue about the amount of off-the-cliff activity that was going on at Washington Mutual, and I was in constant contact with the company,” said Vincent Au, president of Avalon Partners, an investment firm. “There were people at WaMu that orchestrated nothing more than a sham or charade. These people broke every fundamental rule of running a company.”

The major problem here is not that WaMu was poorly managed, but that the practices at WaMu became accepted by the mortgage industry as a whole.  Major reform is desperately needed to ensure that practices such as these are prevented from “becoming the norm” again.

Well, it is Christmas Eve and children across the globe are wondering if good, old St. Nick will bring them toys for being nice this year or a lump of coal for being naughty.  Add to the list former CEO of Worldcom, Bernie Ebbers, who is requesting a Presidential pardon of his 25 year prison sentence for his role in one of the largest accounting frauds in history.  His request has attracted worldwide attention.  Here’s what The Telegraph in London reported:

Mr Ebbers, 67, who was sentenced to 25 years in jail in 2005 for his part in WorldCom’s spectacular collapse, has applied to have that sentence commuted by President George W Bush.  He continues to serve his sentence at Oakdale prison in Louisiana, a low-security facility, from which he is due for release on July 4, 2028, when he will be aged 86.  The fraud at WorldCom led to the country’s biggest bankruptcy filing in July 2002, with almost 17,000 employees losing their jobs as a result of the scheme to bury expenses and inflate revenue.

In this season of giving, Bernie should be thinking about how he can give back to the 17,000 people who were impacted by his wrongdoing rather than asking for a gift.  Let’s all hope he gets what he deserves for his request – the world’s largest lump of coal.

Heading into 2009, many firms are beginning to realize the need to bolster their risk management practices and approaches.  The main challenge centers around the need for a solid risk management framework that can be employed throughout an organization.  In turn, the framework should shape the risk management culture with strong support from the CEO and Board of Directors.  In a recent article in Wall Street & Technology magazine, risk management is identified as the number one priority for financial firms in 2009.   Here is an excerpt:

Analysts agree that the biggest challenge firms face in managing risk is at the operating level. Risk managers will be given much more importance by a firm’s top managers than in the past, when the pursuit of alpha typically came at the expense of risk mitigation. 

This certainly comes as no surprise given the severity of the current crisis driven largely by the neglect of risk management.  Everyone is talking the talk.  2009 is the year to walk the risk management walk.

Some of you may recall previous posts regarding the SEC’s office of risk management that contained only one staffer for many years.  Well, according to the Wall Street Journal, the one person office was notified earlier this year about Bernard Madoff’s massive Ponzi scheme and did nothing to investigate.  The article details the many attempts of Harry Markopolos to alert the SEC to the fraud.  Mr. Markopolos final attempt was made to the head of risk management at the SEC, Jonathan Sokobin.   Here is the account of that attempt:

Early this year, Mr. Markopolos made one last major effort after receiving an email from Jonathan Sokobin, an official in the SEC’s Washington, D.C., office whose job was to search for big market risks. Mr. Sokobin had heard about Mr. Markopolos and asked him to give him a call, according to an email exchange between them.  

Mr. Markopolos also sent Mr. Sokobin an email — with the stark subject line “$30 billion Equity Derivative Hedge Fund Fraud in New York” — saying an unnamed Wall Street pro recently pulled money from Mr. Madoff’s firm after trying to confirm trades supposedly done in his account, but discovering that no such trades had been made.  It was his last try.  He never heard back about his allegations regarding Mr. Madoff.  ”I felt pretty low,” Mr. Markopolos recalls.  Mr. Sokobin, through an SEC spokesman, declined to comment.

To Mr. Sokobin’s credit, he did reach out to Mr. Markopolos to investigate.  However, given the size of his office, it is not surprising he could not act quicker to bring the fraud to an end.  Greater evidence is not needed to justify more investment in risk management.

For those of you who have been following The ERM Current,  you may recall the post “Show Me the Money and I’ll Show You the Risks”.  In that post, the main advice centered on the need to examine incentive structures to determine where excessive risk-taking may be occurring.  As the current financial crisis continues to unfold, the excessive risk-taking driven by grandiose incentives is becoming more and more evident.  Yesterday, the New York Times featured an article on this very topic.   Below is an excerpt from the article,

“Compensation was flawed top to bottom,” said Lucian A. Bebchuk, a professor at Harvard Law School and an expert on compensation. “The whole organization was responding to distorted incentives.” Even Wall Streeters concede they were dazzled by the money. To earn bigger bonuses, many traders ignored or played down the risks they took until their bonuses were paid. Their bosses often turned a blind eye because it was in their interest as well.  “That’s a call that senior management or risk management should question, but of course their pay was tied to it too,” said Brian Lin, a former mortgage trader at Merrill Lynch.

To be effective, risk management must have the authority and the independence to adjust incentive programs based on the risk appetite of the organization.  If risk managers are participating in the very incentive programs that they are charged with overseeing, then a blind-eye will always be turned toward excessive risk-taking.

According to a recent survey commissioned by Ernst & Young,  the vast majority of major financial institutions lack a consolidated view of risk across their organizations.  Only 14% of the 40 global banks surveyed indicated that they have a solid enterprise risk management program.  Given the current crisis and admission that risk controls are lacking, the majority of the respondents also indicated a need for increased investment in this area (see graphic below).  Some of the other findings of the study included the following.

Organizational silos, decentralization of resources and decision-making, inadequate forecasting, and lack of transparent reporting were cited as major barriers to effective enterprise-wide risk management. The need to create a risk-aware culture throughout the institution emerged as a top priority in the study — three-quarters of all respondents cited its vital importance — as banks struggle to develop a consolidated view of risk across business units and various risk dimensions.

The need for effective enterprise risk management programs is certainly clear not only for financial services companies, but also for non-financial services companies.  How effective is your company’s risk management program?  For a no-cost, diagnostic review of your program, contact Wheelhouse Advisors today.  

In yet another example of the ineffectiveness of regulatory oversight, SEC Chairman Christopher Cox admitted today that the SEC failed to act on numerous red flags regarding Benard Madoff’s hedge fund turned Ponzi scheme.  With an estimate of $50 billion in losses, the fraud dwarfs those uncovered at Enron and Worldcom that ultimately led to the creation of the Sarbanes-Oxley Act.  Mr. Cox stated the following in today’s Wall Street Journal.

“I am gravely concerned” by the agency’s regulation of the firm, Mr. Cox said.  According to Mr. Cox, Mr. Madoff “kept several sets of books and false documents, and provided false information involving his advisory activities to investors and to regulators.”

To be effective, regulatory oversight must be re-examined and restructured to provide consistent and comprehensive control.  Without it, trust and confidence will not return to our financial markets.

A great deal of the blame relating to the current financial crisis has been focused on the improper use of computer models in determining the amount of risk within a company’s portfolio.  A recent article in Bank Systems & Technology Magazine discusses key considerations for employing models to determine accurate risk levels.   The article also notes that proper model usage alone is not the answer.  The author rightly states, 

“Although selecting the right modeling tools for risk management is essential, one further mistake companies commonly make doesn’t have anything to do with tools. It is essential to ensure that corporate culture avoids the typical silo approach to running a business. As we continue to follow news on the economy, it becomes clear that companies that conduct risk management in business silos expose their firms to unnecessary and avoidable risks. Tying true enterprise-wide risk management to business performance management, along with implementation of the right tools, is the only way for companies to ensure long-term success.”

Having an appropriate risk framework and governance structure is critical to creating a strong culture focused on effectively managing risks.  Wheelhouse Advisors can provide cost-effective solutions to help companies break-down the silos and implement successful enterprise risk managemement programs.  Visit www.WheelhouseAdvisors.com to learn more.

A recent article at eWeek.com highlights the keys to a successful implementation of technology in support of an Enterprise Risk Management or Governance, Risk & Compliance (“GRC”) program.  While the keys to success are fairly straightforward, it is surprising how many companies fail to address them prior to selecting a technology solution.   The keys to success are:

1. Define what ERM or GRC means to your organization.
2. Survey your organization’s regulatory and compliance landscape.
3. Determine the most logical entry point and develop a phased approach.
4. Establish a clear business case, considering both short-term and long-term value.
5. Determine how success will be measured. 

Interestingly, the author of the article is a representative of one of the major GRC technology vendors.  While some vendors may want companies to rush to a purchase decision, this author agrees it is critical for companies to gain this perspective prior to evaluating solutions.  He states,

“With these steps complete, you will be in a much stronger position to qualify vendors and solutions and to determine the best fit for your organization, based on a well-defined project scope and equally well-defined business requirements and associated benefits.”

Wheelhouse Advisors can provide an independent viewpoint and work with your company to achieve the keys to success.  Visit www.WheelhouseAdvisors.com to learn more.