Regulating Risky Business

The regulatory reform starting gun was sounded by President Obama yesterday and it was described more as a marathon than a sprint to the finish.  However, the President was clear on the objectives of the reform as noted in the Wall Street Journal.

Mr. Obama said "financial institutions that pose serious risks -- systemic risks -- to our markets should be subject to serious oversight by the government." He said U.S. taxpayers "should be assured" that the Federal Reserve, which is acting as a lender of last resort in many cases, "understands the institutions it insures and actively monitors them to keep their risk-taking in check."

The president said the overhauled regulatory structure "must be strong enough to withstand both systemwide stress and the failure of one or more large institutions."Mr. Obama also called for greater transparency, more-uniform supervision of financial products, and "strict accountability" for market players who engage in risky behavior. "Executives who violate the public trust must be held responsible," the president said.

Representative Barney Frank commented on the nature of the process required to reform the regulatory structure.

Rep. Frank said he expects the effort will be done in stages, with action first on a bill that will empower a regulator, likely the Federal Reserve, to regulate risk across the financial system.  "It's either the Fed or you start from scratch," Mr. Frank said.

Early preparation is critical to achieve a competitive advantage of addressing the regulatory changes in a cost-effective and efficient manner.  Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

Risk Waits For No One

Back in September, one of the first posts to this blog focused on the systemic risk failure that led to the current financial crisis.  The systemic risk discussed was related to the use of derivative instruments such as credit default swaps ("CDS") to mitigate credit risk associated with corporate debt.  The rapid increase in use of these CDS instruments combined with the lack of regulatory oversight led to a dramatic increase in systemic risk that has not been well managed.  A recent article by Institutional Risk Analytics provides a great example.

The basic tension over CDS starts with the fact that these instruments actually increase overall systemic risk. 

Consider a real world example: When the auto parts make for General Motors, Delphi, filed bankruptcy in October 2005, there were between $20 and $30 billion in CDS outstanding and deliverable against the $2 billion in debt outstanding and another $2 billion in bank loans that were also deliverable against the CDS.  Whereas the maximum cash loss to investors in the Delphi default might have been limited to the $4 billion of extant debt without CDS, the existence of CDS actually multiplied the potential opportunities for gain and loss on the Delphi default nearly 10 fold. 

While proponents of the CDS market will and do argue that the “net” exposure from the Delphi default was quite small, the fact remains that the “innovation” of CDS actually created a multiplicity of new risks around the existing cash default of Delphi, risks whose sole benefits seem to be a) providing speculative opportunities for a certain class of market participants – I won’t call them investors, because often they are not -- and b) generating commission for CDS dealer banks.

A great deal of work must begin immediately to address this situation that is at the core of our economic meltdown.  While potential solutions have been discussed, no real steps have yet been taken by the public or private sector.  However, as we all know too well, risk waits for no one.

Survival of the Nimblest

As the plans for regulatory reform in the financial sector evolve, one thing is certain - it will be a work in progress for some time to come.  The companies that are well prepared and nimble in addressing the regulatory demands will certainly have a competitive advantage over others.  Here is what an article in Bank Systems & Technology magazine had to offer in light of the upcoming changes.

Predicting precisely how a new administration and Congress will address the financial crisis is difficult over the long term, but the early returns are instructive. Banks that participate in TARP will be subject to a range of new reporting requirements that go above and beyond the existing regulatory requirements—combining the needs of the SEC, the Federal Reserve, and the Office of the Comptroller of the Currency. But with new regulations and uncertainty come added burdens, and building a competitive advantage will require having insight into the infrastructure (systems and data) required to get ahead of regulatory pressures and minimize the millions of dollars required for compliance through careful planning and investment—rather than issuing knee-jerk responses to each new change in regulations.

U.S. banks can borrow from the lessons of others. European banks have been managing a more active regulatory environment for some time, and have successfully used SWAT-team-like functions to meet this challenge. For instance, Barclays PLC created a nimble central organization to actively manage new regulations and to act as the single point of contact between all business units and critical group functions. However, it first needed the technology infrastructure in place to meet these goals.

Wheelhouse Advisors is uniquely equipped to help companies build the infrastructure needed to address regulatory demands in a cost-effective and practical manner.  Visit www.WheelhouseAdvisors.com to learn more.  

A Leg To Stand On

According to a recent article in the Washington Post, the Securities and Exchange Commission ("SEC") is gearing up for a review of corporate governance practices and the role of boards of directors in managing risk. The new SEC Chairman, Mary Schapiro, is looking to strengthen boards of directors in order to hold management more accountable.  Here is an excerpt from the article.

With few exceptions, boards have received little media attention as the country has sought explanations for financial firms' taking on such perilous risks. These boards -- which typically consist of a dozen or more well-known executives, politicians and other influential people -- were ultimately responsible for the decisions of the Wall Street companies, housing firms and banks at the heart of the crisis. The boards signed off on the risks the companies took and the compensation packages awarded to top executives.

But many corporate watchdogs say the boards of top financial firms had characteristics that promoted risky business practices and harmed shareholders. "Corporate governance is about managing risk. It's about incentive compensation. It's about corporate strategy and sustainability. And all of those things are what the boards failed to do," said Nell Minow, a co-founder of the Corporate Library and an advocate of reforming corporate boards.

Boards of directors must ensure a strong enterprise risk management program is a core component of management's responsibilities.  Without it, the directors will not have a leg to stand on when the questions are asked by the enforcers from the SEC.  

Classic Risk Management Pitfalls

In the upcoming Harvard Business Review for March 2009, Rene M. Stulz highlights six ways companies mismanage risk.  Dr. Stulz suggests that these classic missteps can occur in good economic times as well as the rough economic times we are currently experiencing.  However, the current crisis has certainly magnified the impact of the following mistakes.

Relying on historical data. A risk manager who assessed real estate risk on the basis of statistics from the past three decades would have been sorely unprepared for the volatility of house prices in 2007.

Focusing on narrow measures. A daily Value-at-Risk (VaR) measure is commonly used for securities trading. But a daily measure assumes that assets can be sold quickly or hedged, so it doesn’t apply to portfolios with which the firm may be temporarily stuck.

Overlooking knowable risks. Risk managers often distinguish among market, credit, and operational risks, which they measure differently and in isolation rather than cross-organizationally. They may also fail to assess new risks embedded in the instruments they use for risk mitigation.

Overlooking concealed risks. Risk takers may deliberately hide their risks, as happened at the French bank Société Générale in 2007. Or they may underreport them when their trading positions are complex and short-lived.

Failing to communicate. Sometimes even the most scrupulous risk manager cannot clearly explain a state-of-the-art system to the CEO and the board. In such a case, their confidence in the system’s capabilities may be unwarranted.

Not managing in real time. It is difficult to hedge trading positions when their risk characteristics can change completely within a single day—as can happen, say, with barrier calls.

A truly effective enterprise risk management program should address all six of these potential shortcomings. Visit www.WheelhouseAdvisors.com to learn more about how we can help your company avoid these problems.

Experts Agree - ERM Should Be A Primary Focus

A recent article in Fortune magazine highlighted the views of two prominent management consultants on what boards should be doing in this time of crisis.  One of the consultants, Thomas J. Neff of Spencer Stuart, had this to say about Enterprise Risk Management.

The other subject that boards need to focus more on is enterprise risk management. It's not just risk in the sense that banks need to focus on it, but what are the risks in our business model, what are the global risks that could affect our business? It's a holistic approach to the subject, and stress testing what we're doing.

Stress testing and scenario analysis results should be discussed at the board level to ensure a company is adequately prepared for the most strategic risks.  Visit www.WheelhouseAdvisors.com to learn more.

Culture is Critical

As most of us are seeing in today's crisis through a multitude of corporate failures, the organizational culture can make or break a company.  In this week's edition of Compliance Week, Richard Steinberg provides a wonderful circumspective article on the impact of culture.  Here's a sample of his viewpoint.

Experience shows that culture has a strong and pervasive effect on a company, either positively or negatively. Top management usually has an accurate picture of organization’s culture, but reality is that a significant number of CEOs learn too late that they were badly mistaken. Among the most critical roles of a CEO and senior executive team is to have an in-depth and accurate understanding of the company’s culture, determine what changes are needed, and take quick and decisive action to mold the culture to what’s needed to enable the company’s successful future.

A strong culture, like a company's reputation, can take years to build and a very short time to destroy. Corporate leaders must work daily to ensure a strong organizational culture is maintained for a company to withstand rough economic times.

Get Ahead of the Risk Curve

Capital investment will be limited this year due to the continuing financial crisis.  However, there is one area that will see increases as a result of the crisis - risk management.  To get ahead of the risk curve, financial services companies as well as non-financial companies will need to invest more in technology and people. Here is what one analyst had to say recently.

Dana Wiklund, a research director in the risk management practice at Financial Insights, a unit of International Data Group Inc., said banks are willing to spend in a few key areas, including this kind of risk analysis.  "Risk is an area of investment this year," he said. "This is an area where, if banks haven't done their homework up till now, this is going to be a priority for them."  Shareholders, boards and examiners are asking tough questions about how executives are analyzing risk and how they are implementing the necessary fixes, he added. "They have to make the investment."

Is your company prepared to make the necessary investments in order to get ahead of the risk curve?  If so, then contact Wheelhouse Advisors to learn how you can implement the necessary enhancements in the most efficient and cost-effective way.  

Banks Are "Stressed Out" Over Tests

Financial institutions across the U.S. are bracing themselves for stress testing by the U.S. Treasury.  The results of these stress tests will determine which institutions are healthy enough to survive and which ones are terminally ill.   Last Friday, the Wall Street Journal highlighted the results of one research firm's recent stress test report.  

"Bank and thrift failures are a function of capital, liquidity and regulatory risks. Some of the largest "failures" of last year were the result of a combination of these factors," the stress-test report by Sanford Bernstein said.  Liquidity refers to money banks need to fund their day-to-day operations. Longer term, capital is needed to make investments and, most importantly right now, to provide a cushion for delinquent loans.  Liquidity risk is largely mitigated at this point -- banks are liquid enough to be able to make the loans their borrowers want. But capital and regulatory risk are "alive & kicking," the report said. While regulators put in place programs to prevent bank failures through capital infusions, those programs could essentially wipe out common equity at some banks, leading to "common equity failures," Sanford Bernstein wrote.

The next 4 - 5 months will be very interesting and could result in a completely different landscape for financial institutions.  Expect a great deal of change and upheaval as these capital and regulatory risks begin to crystallize.

FSA's Financial Risk Outlook for 2009

This week, Britain's primary financial regulator - the Financial Services Authority ("FSA") - issued its Financial Risk Outlook for 2009.  The FSA provided several key messages related to effective risk management.  

1. Senior Management should ensure appropriate risk management is undertaken and that there is a clear understanding of the underlying risks to their business model, particularly risks associated with complex hedging strategies. Firms need to satisfy themselves that key risks are appropriately managed and continually re-assessed as financial market and economic conditions evolve.


2. Stress testing and scenario analysis should form an integral part of firms’ risk management, business strategy and capital planning decisions. It is of particular importance in this unpredictable environment, when the financial sector is vulnerable to further shocks, that firms also consider the implications of deteriorating economic conditions and the long-term viability of and weaknesses present in their business models. In addition, the financial sector and economy will also remain vulnerable to potential shocks, such as a large-scale terrorist attack. Firms should continue to consider such risks in their business planning to ensure effective plans are in place for dealing with these shocks.  


3. Strategies need to be underpinned by strong risk management systems and controls for all areas of risk: credit, market and operational risk; conduct of business risks; compliance with relevant rules, codes and standards; and managing risks of fraud and financial crime.


4. Remuneration policies should be in line with sound risk management. Firms should ensure that staff are not given incentives to pursue higher-risk strategies than are consistent with the firm’s overall risk appetite, undermining the impact of systems designed to control risk to the detriment of shareholders and other stakeholders, including depositors, creditors and ultimately taxpayers.

These are solid principles not only for companies in the UK, but for companies across the globe.  Visit www.WheelhouseAdvisors.com to learn more about how we can help your company Navigate Successfully™.

Regulatory Significant Deficiencies

Yesterday, the CEOs of the eight major U.S. financial institutions testified before Congress on their participation in the Troubled Asset Relief Program ("TARP").  One of the CEOs, J.P. Morgan Chase's Jamie Dimon, pointed out the need for the modernization of the U.S. financial regulatory system.  Here's his view:

"The ongoing financial crisis has exposed significant deficiencies in our current regulatory system, which is fragmented and overly‐complex. Maintaining separate regulatory agencies across banking, securities and insurance businesses is not only inefficient, but also denies any one agency access to complete information needed to regulate large diversified institutions effectively and maintain stability across the financial system. It also results in uneven and inequitable regulation of similar activities and products across different institutions.

I am in complete agreement with Chairman Frank that Congress and the President should move ahead quickly to establish a systemic risk regulator. In the short‐term, this would allow us to begin to address some of the underlying weaknesses in our system and fill the gaps in regulation that contributed to the current situation.

As part of a longer‐term modernization discussion, we stand ready to work with Congress and others to think through any number of complex issues. But waiting for the larger debate over regulatory reform to play out could take months. Every credible regulatory modernization plan includes the creation of a systemic risk regulator, and everyone agrees that this needs to be done – and done right away. I hope Congress will act to get this critical building block in place."

A good portion of the stimulus bill before Congress should be dedicated to regulatory modernization and as Mr. Dimon suggests, invested immediately.

A Renewed Focus on Risk

In the wake of the current financial crisis, many changes will need to occur to strengthen management practices and to provide stability to corporate performance.  A prediction for one such change was offered in this week's edition of Compliance Week.  Stephen Davis and Jon Lukomnik believe that the discussion in many boardrooms will change in dramatic ways - and for the better.  Here's what they had to say.

Strategy re-enters the boardroom, through the risk door. After a decade in which directors have at times felt like compliance cops, they’re probably not looking forward to what some have called their new role: risk regulation. But calls for “risk committees,” for dedicated risk expertise in the boardroom, for linking executive compensation to risk taking, and for comprehensive enterprise risk management programs, will be welcomed in hindsight. Why? Because determining the appropriate risk profile for a company is fundamentally a strategic planning exercise. As a result, there will be a renewed focus on directors with appropriate domain expertise.

Let's hope boards are willing and able to integrate a risk viewpoint in their strategy discussions with management.  Without it, many companies will continue flying blind.

A View from the Top

Yesterday in the Financial Times, Lloyd Blankfein, CEO of Goldman Sachs, provided his view of the current crisis and how risk management can be improved in the future.  Unlike many CEOs, Mr. Blankfein was particularly candid in his viewpoint and offered some solid insights.  Here is a sample of what he had to say.

...complexity got the better of us. The industry let the growth in new instruments outstrip the operational capacity to manage them. As a result, operational risk increased dramatically and this had a direct effect on the overall stability of the financial system.  Risk and control functions need to be completely independent from the business units. And clarity as to whom risk and control managers report to is crucial to maintaining that independence. Equally important, risk managers need to have at least equal stature with their counterparts on the trading desks: if there is a question about the value of a position or a disagreement about a risk limit, the risk manager’s view should always prevail.

This perspective is encouraging and should be adopted by more chief executives and boards of directors as we work to strengthen our risk management practices.

Rising Interest in ERM Continues

In today's Financial Times, a new survey about the level of interest in implementing Enterprise Risk Management ("ERM") programs was discussed.  According to the news article, major corporations in the UK are looking for ways to anticipate and proactively manage emerging risks.  Here is an excerpt.

More than half of Britain's top companies are looking to bulk up their risk management teams as the deepening economic crisis forces directors to question ill-fated investments and prepare for new uncertainties, such as suppliers going bust.  The Association of Insurance and Risk Managers (Airmic) said that in a private survey of its 450 corporate members, which includes most FTSE 100 companies, 59 per cent had said that their level of interest in enterprise risk management had increased over the past two years.

More and more companies are recognizing the importance of having a solid ERM program embedded throughout the organization.  Visit www.WheelhouseAdvisors.com to learn more.

Common Sense Prevails

This week, the Committee of Sponsoring Organizations of the Treadway Commission ("COSO") released its highly anticipated guidance for monitoring internal controls (see graphical overview below).  This guidance will prove very useful in helping companies improve the effectiveness of their internal controls and also increase the efficiency of their internal control evaluation efforts.  Many companies have struggled with their external auditors and regulators to find ways to lower the cost of their evaluation efforts by leveraging activities that are performed in the normal course of business.  This guidance will provide a solid basis for management to utilize in determining the best way to evaluate internal controls.  Here is a sample of activities that are specified within the guidance.

1. Periodic evaluation and testing of controls by internal audit,


2. Continuous monitoring programs built into information systems, 


3. Analysis of, and appropriate follow-up on, operating reports or metrics that might identify anomalies indicative of a control failure,


4. Supervisory reviews of controls, such as reconciliation reviews as a normal part of processing,


5. Self-assessments by boards and management regarding the tone they set in the organization and the effectiveness of their oversight functions,


6. Audit committee inquiries of internal and external auditors, and 


7. Quality assurance reviews of the internal audit department.

Much of the guidance is really common sense applied to an exercise that for years has defied common sense. To learn more about how you can streamline your control evaluation process, visit www.WheelhouseAdvisors.com.

Ready or Not, Here They Come

This year more companies will be subjected to an Enterprise Risk Management ("ERM") review by credit rating agencies such as Standard & Poor's as a result of newly implemented credit rating methodologies.  The lack of a solid ERM program could translate into higher credit costs for those companies who have not embraced the discipline. Here's some guidance from a recent article in The Metropolitan Corporate Counsel.

Steps To Prepare For S&P's Risk Discussion

The following are some steps that nonfinancial companies should consider to better prepare for discussions with S&P analysts: 

1. Form an interdisciplinary ERM credit team to roll up risk-assessment data on the organization's risk-management culture and strategy from across the enterprise, and analyze the impact of the data on the creditworthiness of the enterprise.  


2. Leverage ERM-type analyses already implemented, for example, Sarbanes-Oxley financial-control risk analysis and compliance risk assessment. 


3. Evaluate the current state of the risk-management culture.  


4. Demonstrate how ERM affects strategic planning. S&P has listed several strategic processes affected by risk and risk-management analysis, including capital budgeting, strategic asset allocation, acquisitions and divestitures, performance management, and incentive compensation. 

ERM Benefits Beyond Enhanced Credit Rating 

Finally, a robust ERM process will yield benefits far beyond credit-rating enhancement. An effective ERM process will: 

1. reduce operational and compliance surprises by providing early warning of impending corporate threats; 


2. enable companies to identify and correct control deficiencies, thereby permitting process improvements, before they result in operational failures or are discovered by regulators;  


3. enable the reduction of penalties and fines in the event of a compliance failure through self-reporting and restitution; 


4. improve the decision-making process through greater awareness of risks and mitigating strategies;


5. and improve capital allocation across business units because risk information will facilitate weighing expected returns against the risks inherent in undertaking a business opportunity.

Is your company ready?  If not, Wheelhouse Advisors can help with cost-effective solutions.  Visit www.WheelhouseAdvisors.com to learn more.

Light at the End of the Tunnel?

Some positive news regarding the current financial crisis was released yesterday.  An index of credit quality for troubled public companies improved for the first time in more than a year.  Here is a summary of the findings.

Kamakura Corporation announced Tuesday that the Kamakura index of troubled public companies for January showed improved credit quality for only the second time in the last 18 months. The Kamakura global index of troubled companies decreased 0.9% to 23.1% of the public company universe.  Kamakura defines a troubled company as a company whose short term default probability is in excess of 1%. The all-time high in the index was 28%, recorded in September 2001.

Let's hope this is a good sign for continued recovery and not the train light at the end of the tunnel.  

More Work Needs to be Done

The Government Accountability Office ("GAO") released an interim progress report on the U.S. Treasury's management of the Troubled Asset Relief Program ("TARP").  For the most part, the GAO reported that the program continues to be a work in process with a good deal of work remaining.  Here is a summary of their viewpoint.

Treasury has taken important steps to implement all nine previous recommendations, but has yet to fully address eight. This report includes recommendations that Treasury further expand its efforts to monitor how CPP recipients are using program funds and more clearly articulate and communicate a strategic vision for the program. Addressing these and other recommendations would help ensure greater accountability and transparency and better enable Treasury to effectively manage TARP. Treasury generally agreed with the contents of the report and noted that while progress has been made in overseeing the program, it agreed that more work needs to be done.

Given the recent transition in administration and the myriad of activities that have already occurred (see timeline below), it is not surprising that the strategy for TARP is still unclear.  However, now that the new leadership team is on board, the progress will need to be accelerated.  Stay tuned.   

A View from Across the Pond

Last week, an article from the Wall Street Journal provided unique perspective of the current financial crisis in the United States from "across the pond" in Europe.  The article rightly points out that the crisis is not the result of a lack of regulation, but a lack of effective regulation due to overwhelming complexity and redundancy.  Here is an excerpt:

"American financial regulatory bodies have historically been fragmented. In a report published in November 2007, the U.S. Financial Services Round Table counted 10 different federal regulatory bodies with over 30,000 employees, and that's not even counting regulators for the 50 states. The report frequently describes U.S. financial regulation as prescriptive, complex, formalistic, expensive and inefficient. Regulations often overlapped, making the same financial institutions subject to different rules and different enforcers. The U.S. regulatory landscape may resemble a jungle, but only because of all the choking vines."

The report they reference in the article provides a very relevant example of the excessive and redundant requirements.  

"large U.S. banking organizations are being required to establish overlapping internal control reporting and compliance structures, as well as specific operational risk data collection, validation processes, and IT systems requirements. For example, the requirements of FDICIA and GLBA implicitly, and the requirements of SOX and [Basel II] explicitly, require a comprehensive system of “risk control self assessments” (RCSA) and related documentation. The cost of compliance with each of these regulatory requirements is significant, albeit difficult to quantify and segregate."

As the U.S. works to improve the effectiveness of its regulatory system, companies also need to look for ways to streamline and improve their compliance programs.  Wheelhouse Advisors can help.  Visit us on the internet at www.WheelhouseAdvisors.com to learn more.