New SEC Rules Require Enhanced Risk Management Disclosure

This week, the U.S. Securities and Exchange Commission (“SEC”) issued new disclosure rules that will have a significant impact on corporate governance and risk management practices at all U.S. public companies.  The rules become effective February 28, 2010 and require enhanced public disclosure of the following:

  • The relationship of a company’s compensation policies and practices to risk management.
  • The background and qualifications of directors and nominees.
  • Legal actions involving a company’s executive officers, directors and nominees.
  • The consideration of diversity in the process by which candidates for director are considered for nomination.
  • Board leadership structure and the board’s role in risk oversight.
  • Stock and option awards to company executives and directors.
  • Potential conflicts of interests of compensation consultants.

For some companies, these new rules will have minimal impact based on their enhanced risk management practices.  However, for others, it may mean a great deal of work must be completed in the next several months.  If your company needs assistance implementing cost-effective, practical risk management solutions, email us at or visit to learn more.


Maximize Your GRC Technology Investment

As we move into a new year, more companies are looking to integrate their risk management initiatives to simplify and streamline how they address risk and compliance activities.  In a recent article by Forrester Research, analyst Chris McClean discusses how Governance, Risk and Compliance (“GRC”) software solutions can help companies in their pursuit of integration.  Here are the three primary benefits that companies have realized from their investment in technology.

1. Greater process efficiency — Compliance requirements continue to swell, and the risk landscape is getting more complex. Above all else, customers cited process automation as the core value of their GRC platform implementations. Workflow management capabilities help keep everyone on task, and centralized content management and reporting reduce the need to jump back and forth between different systems. In addition, ongoing improvements in automated controls and control-testing functionality generate even greater efficiency gains. The manager of corporate compliance for a large pharmaceutical company told Forrester: “Managing all GRC initiatives in one platform saves time, resources and money. The ability to build a solid foundation for our compliance program in a relatively short time frame allows us to focus on the acute compliance issues facing our industry.”

2. Convergence of GRC efforts — As well as increasing efficiency, converging the various efforts relevant to governance, risk and compliance fosters cooperation between business functions and improves overall GRC insight. Comparing exposure across different categories of risk or using risk assessments to generate audit scopes are just two examples of GRC convergence benefits. An operational risk management director for a large financial services company said that one of the biggest benefits of implementing a GRC platform was the ability to “integrate the risk disciplines, including internal audit, ORM [operational risk management], SOX and compliance.”

3. Consistency of processes and methodologies — Getting different functions to work with each other is one thing, but getting them to use the same processes and methodologies is much harder. GRC platforms allow organizations to create standard templates for documenting and assessing risks, controls, incidents and other elements of GRC. Consistency also leads to convergence and efficiency and is often an initial driver for the development of a GRC program. The director of risk and compliance for a top high-tech company succinctly explained to Forrester that one of the most important values of GRC technology was the creation of a “consistent way to manage compliance, operational and ERM [enterprise risk management] projects.” Pay close attention to this aspect of GRC value. As risk and compliance become more complex, consistency will quickly become a necessity.

Wheelhouse Advisors can help your company identify the right technology solution and implement a program that will maximize the benefit of your technology investment.  Visit to learn more.

The Role of IT and Risk Management in the Financial Crisis

Information Technology (IT) continues to play an ever larger role in the overall risk profile for major corporations across the globe.  A recent article in The Economist discusses the role IT played in the recent financial crisis.  While the financial services industry invests massive amounts in IT, the industry still does not invest enough in risk management tools that will help avert future crises.  Here is what the article noted.

No industry spends more on information technology than financial services: about $500 billion globally, more than a fifth of the total (see chart below). Many of the world’s computers, networking and storage systems live in the huge data centres run by banks. “Banks are essentially technology firms,” says Hugo Banziger, chief risk officer at Deutsche Bank. Yet most in the industry agree that its woeful IT systems have, in Mr Banziger’s words, “exacerbated the crisis”. The industry spent billions on being able to trade faster and make more money, but not nearly enough on creating the necessary transparency. “Banks had lots of tools to create leverage, but not many to manage risk,” says Roger Portnoy of Daylight Venture Partners, a venture-capital firm that invests in risk-management start-ups.

Wheelhouse Advisors provides solutions to financial services companies looking to strengthen their risk management practices with better information technology tools.  Together with our strategic partners, Wheelhouse Advisors can deliver cost-effective solutions that can be easily implemented within a complex environment.  Visit, to learn more about our services and our strategic partners.

Just Keep Swimming

Children and parents familiar with the movie “Finding Nemo” may remember the lovable character Dory who possessed an enduring level of optimism, but a bad case of short-term memory loss.  As we continue to emerge from the financial crisis, many people are developing this “Dory Syndrome” in anticipation of good economic times ahead. However, the risks that we faced last year have not yet been fully resolved.  Here is what was reported in today’s Wall Street Journal.

While policy makers breathe a collective sigh of relief, they’re making little progress in addressing deeper flaws that the crisis laid bare: an unwieldy banking system, unreliable financial plumbing and a global economy that encourages and depends on heavy borrowing by the U.S.

Bankers and regulators say that fixes require careful consideration. But as the darkest days of the crisis fade from memory and the world’s biggest banks get back on their feet, political impetus for reform may be waning. “We’re wasting the crisis,” said economist Richard Portes of the London Business School.

Our collective short-term memory seems to be failing us as we heed Dory’s advice from the movie – “Just keep swimming!”  While certainly good advice to those looking to simply survive a crisis, we cannot deny the looming risks that remain ever-present.

Do As I Say, Not As I Do

Last week, the Government Accountability Office (“GAO”) released the results of its annual audit of the Securities and Exchange Commission (“SEC”).  In the audit report, the GAO identified six significant deficiencies in the SEC’s internal control over financial reporting.  The collection of these deficiencies amounted to a material weakness in the SEC’s internal control over financial reporting.  For those who are not familiar with the term “material weakness”, it represents a reportable event that must be disclosed by U.S. public companies as a result of the Sarbanes-Oxley Act of 2002.  Here is what the GAO detailed in their report.

During this year’s audit, we identified six significant deficiencies that collectively represent a material weakness in SEC’s internal control over financial reporting. The significant deficiencies involve SEC’s internal control over (1) information security, (2) financial reporting process, (3) fund balance with Treasury, (4) registrant deposits, (5) budgetary resources, and (6) risk assessment and monitoring processes. These internal control weaknesses give rise to significant management challenges that have reduced assurance that data processed by SEC’s information systems are reliable and appropriately protected; impaired management’s ability to prepare its financial statements without extensive compensating manual procedures; and resulted in unsupported entries and errors in the general ledger.

As the primary enforcement agency for accurate financial reporting by U.S. public companies, the SEC should be leading by example in creating processes that provide reliable financial information.  Sadly, this is not the case and has not been for the past several years.  Let’s hope SEC Chairwoman Mary Shapiro does a better job than former SEC Chairman Christopher Cox and can effect the necessary change within the agency.

New Task Force Established to Combat Financial Fraud

Yesterday, the Obama Administration announced the creation of a new task force dedicated to rooting out individuals who participated in fraudulent activities that led to the great financial meltdown of 2008.  The new organization is aptly named the Financial Fraud Enforcement Task Force and is composed of members from over 24 federal agencies.  It will be chaired by Attorney General Eric Holder.  Here is more on the task force from a Securities & Exchange Commission press release.

The task force, which replaces the Corporate Fraud Task Force established in 2002, will build upon efforts already underway to combat mortgage, securities and corporate fraud by increasing coordination and fully utilizing the resources and expertise of the government’s law enforcement and regulatory apparatus. The attorney general will convene the first meeting of the Task Force in the next 30 days.

“This task force’s mission is not just to hold accountable those who helped bring about the last financial meltdown, but to prevent another meltdown from happening,” Attorney General Eric Holder said. “We will be relentless in our investigation of corporate and financial wrongdoing, and will not hesitate to bring charges, where appropriate, for criminal misconduct on the part of businesses and business executives.”

While noble in its intent, this new task force faces several challenges.  First, its membership is quite large and politically unwieldy.  Second, it is made up of agencies that were charged with enforcing laws and regulations that were intended to prevent fraudulent activity from occurring in the first place.  Third, its creation falls on the heels of an unsuccessful prosecution of hedge fund managers that brought Bear Stearns to its knees.  Only time will tell if the task force can successfully achieve its mission.

Financial Risk Management in the 21st Century

Last week, an article in InformationWeek magazine profiled the current issues with the financial industry’s risk management practices and offered some solutions.  The article compared the approaches to risk management in the financial industry to the design and production of computer chips.  Both are highly complex exercises.  However, risk management to date lacks the standardization and control found in chip manufacturing.  Here is what the article suggests as a solution.

The industry’s kludge-filled, error-prone, and unsafe financial engineering needs to be replaced with a more secure financial infrastructure that’s been tested and debugged to the level of a major chip release. Regulatory oversight won’t be simple, but it doesn’t have to be. It just has to work, every single day and for every single transaction. That’s the type of change with the potential to jump-start a global economy.

Through stronger controls over data collection, improved networking among industry participants, and greater use of standards across a wider range of financial instruments, the future of the financial services industry can be assured in a way that enables a bright future for the rest of the economy. It’s high time for the industry’s circuits to get an upgrade.

The article provides a unique perspective on a major problem.  The solution is fairly obvious, but the task is massive and will require a significant investment to successfully implement.  However, our global economy and the financial services industry as a whole will suffer additional crisis situations in the 21st century without this sort of change.