The ERM Current™

A new book detailing the events leading up to the recent global financial crisis hit the shelves this week and it is a compelling read.  Entitled “The Sellout”, the book provides an inside look within the largest financial institutions that contributed to the massive meltdown.  Author Charlie Gasparino provides a candid view of the leaders at these organizations as the Wall Street Journal reports below.

Mr. Gasparino chronicles how, across Wall Street in the years before the 2008 crisis, managers with a healthy fear of risk lost corporate power struggles to men more likely to ignore it. Stanley O’Neal, who climbed to the top at Merrill Lynch, would use the company helicopter to visit his favorite golf courses but never found time to learn about his firm’s multi-billion-dollar “warehouse” of collateralized debt obligations. Even after Mr. O’Neal was fired in late 2007, Merrill’s board somehow decided against hiring Lawrence Fink, a mortgage-market expert, and instead hired John Thain as CEO. During the interview process, Mr. Gasparino reports, Mr. Thain never even asked to see details on the assets that were generating billions of dollars in losses. A spokesman for Mr. Thain denies this account.

While many factors played a role in the crisis, it is apparent through Mr. Gasparino’s book that a large portion of the blame rests on the failure of  leadership to understand and appreciate the risks they were taking.  This is a primary reason that leaders must demand strong enterprise risk management practices at their companies.

A leading risk management expert and chief risk officer at a major U.S. financial institution offered his insight on risk management practices last week in the Columbus Business First Journal.  His views are candid and becoming more common as the dust begins to settle from the recent financial crisis.  Here is what he had to say.

Kevin Blakely, senior executive vice president of Huntington Bancshares Inc. in Columbus and its chief risk officer said years ago, things were relatively simple. “Most of our risk was centered in credit risk – lending to individuals and companies, and gauging our ability to get that money back,” he said. Until this past summer, Blakely had been president of the Philadelphia-based Risk Management Association. But as companies got bigger and financial products got more complex, financial institutions developed mathematical models to measure risk. They worked well, he said, but by the mid-1990s banks were depending on them too much. “We began to view them as the answer, rather than as one more input before you get to the answer,” Blakely said. “That was one of the rude lessons we learned over the last couple of years. As an industry, we weren’t as smart in the business of risk management as we thought we were.”

The false sense of security placed in risk management was certainly a rude lesson for many companies as they focused on quantitative models that told them what they wanted to believe.  A balanced view of both quantitative and qualitative factors is critical to an effective enterprise risk management program.

Yesterday, JP Morgan Chase CEO Jamie Dimon shared his views on the financial crisis with Charlie Rose at the Securities Industry and Financial Markets Association annual meeting in New York.  In the interview, Mr. Dimon reflected on risk management approaches taken by many financial institutions leading up to the crisis.  He stated, “You should never rely solely on VaR, Basel I or Basel II for risk management practices.  If you did, it was a mistake.”   He went on to explain that sound risk management practices require both quantitative analysis and management judgment to be effective.  He also noted that there are legitimate failures in the application of the Basel II Capital Accord that left many institutions with insufficient capital positions.   His full remarks can be viewed in the video web link below.

Jamie Dimon speaks with Charlie Rose at SIFMA Annual Meeting

Yesterday, an article by FinCriAdvisor highlighted how regulators are stepping-up their reviews of enterprise risk management (“ERM”) programs at both large and small financial institutions.  As they have been calling for stronger enterprise risk management practices, regulators have also been working on new ERM guidance that banks will need to follow in the future.  Here is a portion of what was reported.

Regulators have begun to focus more heavily on the way banks handle risk assessment, urging in recent testimony and regulatory updates – as well as in examinations – that institutions move toward an “enterprise risk management” model.  ”There is an increasing interest with the regulators, no doubt, and a lot of risk management guidance in the works,” adds Bernard Mason, regulatory relations liaison with the Risk Management Association (RMA) in Washington, D.C. He cites new commercial real estate credit concentration rules that lean heavily on risk management, pending rules on liquidity risk management that would tie U.S. guidelines with those of COSO and Basel, and new September guidance on correspondent risk management.  ”Clearly, regulators are asking banks to identify risk appetite,” agrees Mark Zmiewski, head of research at the RMA in Philadelphia. “That reaches a higher level of importance today under governance issues.” This includes the role of the board in establishing the bank’s risk appetite (the amount of risk it is willing to accept to increase earnings), how well-versed senior management is in carrying out that plan, and how well risk is measured and monitored, he says.

Is your company prepared for the greater ERM scrutiny?  If not, Wheelhouse Advisors can provide cost-effective solutions.  Visit www.WheelhouseAdvisors.com to learn more.

This week, a report was published by the Senior Supervisors Group (“SSG”) regarding risk management lessons learned from the 2008 financial crisis.  For those who do not know, the SSG is a group of central regulatory agencies from seven nations including the United States.  The report highlights the following deficiencies in risk management practices at major corporations across the globe.

Some of the highlighted areas of greatest need, such as board and management oversight, articulation of risk appetite, and compensation practices, are potentially a result of the aforementioned imbalance between the stature and resources allocated to firms’ revenue-generating businesses and those afforded to the reporting and control functions. Other areas, such as risk aggregation and concentration identification, stress testing, and credit and counterparty risk management, can also be attributed to the weak condition of many firms’ IT infrastructure. While considered central to sound firm governance and risk management, the areas of continued improvement addressed here are not exhaustive.

In highlighting the areas where firms must make further progress, we seek to raise awareness of the continuing weaknesses in risk management practice across the industry and to evaluate critically firms’ efforts to address these weaknesses. Moreover, the observations in this report support the ongoing efforts of supervisory agencies to define policies that enhance financial institution resilience and promote global financial stability.

This report serves as fair warning for financial institutions to proactively strengthen their own risk management practices before the regulatory authorities are compelled to force necessary changes.  If your company is looking for cost-effective solutions, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

Yesterday, the U.S. Government announced major pay reductions for executives at companies recently aided by taxpayer funded capital infusions.  In addition, the Wall Street Journal reported that these same companies will be forced to make some significant changes in their governance structure and risk management practices.  Here is what one prominent corporate governance expert had to say about the demands.

The government’s move “is a seismic shift,” said Espen Eckbo, director of the Center for Corporate Governance at Dartmouth College’s Tuck School of Business. But the broader impact will be “much more significant from the governance side,” he added. Mr. Eckbo anticipates increased shareholder pressure on companies without federal bailouts to create board risk committees and split the roles of chairman and CEO. There likely will be more non-binding stockholder resolutions next year calling for such changes, he predicted. In particular, “risk committees are a no brainer.”

As more companies establish board risk committees, Enterprise Risk Management (“ERM”) programs will come under greater scrutiny and need to be more robust.  Wheelhouse Advisors can help strengthen your ERM program.  Visit www.WheelhouseAdvisors.com to learn more.

While many in corporate America are working to reduce the impact of the H1N1 virus on their workforce, another virus has been infecting corporations for years.  As Jack Bergstrand, Founder of Brand Velocity, Inc., explains in his recent highly regarded book, Reinvent Your Enterprise, corporations of all sizes have been suffering from what he calls “functionitis”.  Mr. Bergstrand examines how this virus has spread as more companies employ knowledge workers rather than manual workers. Knowledge workers typically organize into specialty areas within corporations based on their subject matter expertise.  This, in turn, can lead to a very bad case of “functionitis”.  Here is Mr. Bergstrand’s explanation of the virus and its possible cure.

“Functionitis” is a term for when functions become separated from the Enterprises they are supposed to support.  Functionitis is also an Enterprise example of where bad systems create bad behaviors.  It sometimes generates outright conflict.  More often, it generates less visible cross-functional productivity breakdowns driven by incompatible priorities and preferences.  A clear sign that functionitis has taken over is when one function considers itself an internal customer for another function.  With knowledge work, reducing moving parts at the top can systematically resolve many of the functionitis issues in and of itself.  It can also systematically improve the allocation of resources and accelerate Enterprise reinvention in rapidly changing markets.

Functionitis is at the core of the need for Enterprise Risk Management programs.  Not only does it impact the productivity of risk professionals across an enterprise, but also the ability for an enterprise to understand its true risk profile.  Is your company suffering from risk management functionitis and looking for a cure?  If so, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

Yesterday, Compliance Week Magazine reported that Standard & Poor’s (“S&P”) is struggling to incorporate Enterprise Risk Management (“ERM”) into its ratings methodology.  Evidently, the analysts at S&P are finding the challenge of reviewing risk management practices at non-financial companies to be more daunting than originally planned. Financial companies have had their ERM practices reviewed by S&P for years, but the task is easier since practices are more mature and standard across the industry. In addition to this challenge, S&P has also been distracted by the ratings debacle that led to the securitization meltdown late last year.  However, here is what Compliance Week reported about S&P’s future plans for ERM evaluations.

S&P has no plans to abandon its ERM evaluations, but neither will it split out ERM as a separate component of a company’s overall rating score. Rather, ERM reviews for non-financial companies will be based primarily on information provided by issuers in public disclosures and through discussions with S&P. Following are the seven primary questions that analysts have been asking management teams concerning ERM:

• What are the company’s top risks, how big are they, and how often are they likely to occur? How often is the list of top risks updated?
• What is management doing about top risks?
• What size quarterly operating or cash loss have management and the board agreed is tolerable?
• Describe the staff responsible for risk-management programs and their place in the organization chart. How do you measure success of risk management activities?
• How would a loss from a key risk impact incentive compensation of top management and on planning/budgeting?
• Tell us about discussions about risk management that have taken place at the board level or among top management when making strategic decisions.
• Give an example of how your company responded to a recent “surprise” in your industry and describe whether the surprise affected your company and others differently.

Is your company prepared to answer these questions?  If not, Wheelhouse Advisors can help. Visit www.WheelhouseAdvisors.com to learn more.

Information Technology (“IT”) is quickly becoming one of the primary areas within a company that is not only laden with risk, but also regulatory complexity.  At the same time, IT is one of the first areas to which companies look for cost reduction in an economic recession.  The combination of these factors demands better decision making and priority-setting by IT risk professionals and finance managers to meet the needs of the business while properly managing risk. In this month’s issue of Information Security Magazine, an IT risk professional at credit information provider Equifax shares his view of this challenge.

Let’s face it, we are entering an era of tighter statutory requirements and rapidly changing regulations. But focusing solely on statute requirements can lead to a disjointed strategy that is neither comprehensive nor aligned with business goals. While compliance mandates are often used to drive security investments, compliance by itself does not ensure a company’s security posture.

Instead, businesses must look beyond their technology and compliance needs and understand the challenges of ensuring their company’s security posture. Achieving this level of transparency requires the right mix of innovation, talent and technology underscored by a strategy that addresses risk at the broadest level. This is where relationships with business partners and vendors can play a valuable role. By joining forces with industry-leading third-party providers, companies gain access to new thinking and innovation to address key needs and challenges. With the right strategy and technology partnerships, businesses can drive a consistent and global set of security practices focused on risk reduction and information security.

Wheelhouse Advisors is uniquely positioned to help companies address their risk and security challenges while meeting the financial demands of the businesses they support.  To learn more, email us at NavigateSuccessfully@WheelhouseAdvisors.com or visit our website at www.WheelhouseAdvisors.com.

In light of the increased risks associated with executive compensation programs, The Conference Board recently established a task force to develop guidance for companies looking to improve their pay processes and oversight.  The guidance has been published and centers on five principles that companies should strive to achieve.  Here are the five principles.

Principle One—Paying for the right things and paying for performance

Compensation programs should be designed to drive a company’s business strategy and objectives and create shareholder value, consistent with an acceptable risk profile and through legal and ethical means. To that end, a significant portion of pay should be incentive compensation, with payouts demonstrably tied to performance and paid only when performance can be reasonably assessed.

Principle Two—The “right” total compensation

Total compensation should be attractive to executives, affordable for the company, proportional to the executive’s contribution, and fair to shareholders and employees, while providing payouts clearly aligned with actual performance.

Principle Three—Avoid controversial pay practices

Companies should avoid controversial pay practices, unless special justification is present.

Principle Four—Credible board oversight of executive compensation

Compensation committees should demonstrate credible oversight of executive compensation. To effectively fulfill this role, compensation committees should be independent, experienced, and knowledgeable about the company’s business.

Principle Five—Transparent communications and increased dialogue with shareholders

Compensation should be transparent, understandable, and effectively communicated to shareholders. When questions arise, boards and shareholders should have meaningful dialogue about executive compensation.

These guiding principles seem to provide what many may say is simply common sense advice.  However, given the environment that we find ourselves in today, common sense such as this may not be as common as one might think.