Sarbanes-Oxley is Here to Stay

The U.S. Supreme Court ruled today that a small portion of the Sarbanes-Oxley Act of 2002 is unconstitutional. According to the ruling, The Public Company Accounting Oversight Board ("PCAOB") which oversees the accounting firms who audit U.S. public companies currently violates constitutional separations-of-powers principles.

The Court viewed the manner in which PCAOB members are currently appointed and removed to be unconstitutional because it did not operate at the behest of the President of the United States. As such, the U.S. Securities and Exchange Commission will now have the authority subject to the President's review to appoint and remove PCAOB members at will.

However, the PCAOB itself and the remainder of the Sarbanes-Oxley Act remains intact and constitutional. So, those hoping to see the full demise of the Sarbanes-Oxley Act will certainly be disappointed by today's decision. To read the full ruling, click here.

A Big Step Toward Convergence?

As the debate over financial regulatory reform continues in the U.S. Congress, a broader global debate is slated to take place this weekend in Toronto at the G-20 meetings. One of the primary topics on the G-20 agenda will be the convergence of financial reporting standards across the globe. Financial leaders are acknowledging that the increasing complexity of reporting standards impedes the ability of regulators, investors and counter-parties to understand the true nature of a company's financial health. Here is what the Financial Times reported on the upcoming meetings this weekend.

Some accountants respond that the G-20 focus makes convergence harder to achieve. Politicians in the US or Europe will not give up sovereignty over accounting rules when the world is watching, they say. However, the spotlight on the profession by the G-20 could also offer an opportunity. It could provide a platform to tackle the broader failures of corporate reporting which are expected to need some form of political impetus to succeed.

Accountants and investors – and increasingly regulators – argue that the financial turmoil showed that greater clarity is needed not only in accounting rules but also in annual reports. Increased length and information in corporate reports has clouded the underlying picture of a company’s financial health, they say.

Getting enough support from politicians as well as regulators, investors and accountants to make significant changes is difficult as the debate over accounting standards has shown. However, the timing of the inquiry to coincide with the G-20 focus on accounting may give it a greater chance of success.

Financial reporting risk has become a top concern as the business community becomes more global. One of the primary ways to mitigate that risk is to adopt global standards for financial reporting. This weekend could represent a big step towards convergence of financial reporting standards.

Federal Reserve Issues Final Guidance on Risks & Incentive Pay

Yesterday, the U.S. Federal Reserve along with the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation and the Office of Thrift Supervision issued their final guidance on incentive compensation for financial institutions. This final guidance is based on proposed guidance issued in October 2009 and a series of incentive compensation reviews by the Federal Reserve and the other supervisory agencies. The agencies will conduct a second round of reviews later this year to evaluate the financial institutions compliance with the new guidance. Here is what the Federal Reserve had to say about their next steps.

"Many large banking organizations have already implemented some changes in their incentive compensation policies, but more work clearly needs to be done," Federal Reserve Governor Daniel K. Tarullo said. "The Federal Reserve expects firms to make material progress this year on the matters identified as we work toward the ultimate goal of ensuring that incentive compensation programs are risk appropriate and are supported by strong corporate governance."

During the next stage, the banking agencies will be conducting additional cross-firm, horizontal reviews of incentive compensation practices at the large, complex banking organizations for employees in certain business lines, such as mortgage originators. The agencies will also be following up on specific areas that were found to be deficient at many firms, such as:

• Many firms need better ways to identify which employees, either individually or as a group, can expose banking organizations to material risk;


• While many firms are using or are considering various methods to make incentive compensation more risk sensitive, many are not fully capturing the risks involved and are not applying such methods to enough employees;


• Many firms are using deferral arrangements to adjust for risk, but they are taking a "one-size-fits-all" approach and are not tailoring these deferral arrangements according to the type or duration of risk; and


• Many firms do not have adequate mechanisms to evaluate whether established practices are successful in balancing risk.

In addition to the work with the large, complex banking organizations, the agencies are also working to incorporate oversight of incentive compensation arrangements into the regular examination process for smaller firms. These reviews are being tailored to take account of the size, complexity, and other characteristics of these banking organizations.

Having a solid understanding of your risk profile and the resulting impact of incentive programs is now critical for financial institutions as well as companies in other industries. Wheelhouse Advisors can help you develop stronger incentive programs with a thorough analysis of your risks.  To learn more, visit www.WheelhouseAdvisors.com.

Risk Blindness at BP

In the pursuit of profit, sometimes a company becomes blind to risk.  This is most evident in the latest debacle of British Petroleum ("BP") with the oil spill in the Gulf of Mexico. While their recent offshore deepwater drilling posed great environmental risk, BP experienced the results of poor risk management onshore as well.  According to the New York Times, BP's current CEO faced similar challenges in 2007.  Here is what happened back then:

In 2007, when Mr. Hayward first took over as chief executive, BP settled a series of criminal charges, including some related to the explosion of BP's Texas City, Tex., refinery, and agreed to pay $370 million in fines. Admitting that the company's operations had failed to meet its own safety standards and requirements of the law, Mr. Hayward pledged to improve BP's risk management. Following the Deepwater Horizon explosion, Mr. Hayward conceded that the company had problems when he took over in 2007. But he said he had instituted broad changes to improve safety, including setting up a common management system with precise safety rules and training for all facilities.

Some analysts say the safety problems indicate that BP has not yet reined in the culture of risk that prevailed under Mr. Hayward's predecessor, who transformed BP from a sleepy British oil producer into one of the world's top explorers through the acquisitions of Amoco and Atlantic Richfield.

A strong culture dedicated to risk management is essential for companies who are looking to succeed in the long run. BP's current crisis is a prime example of the perils of ignoring the importance of strong risk management practices.

Growing Web of Risks in Today's Business World

As many companies look to better understand the complex risks within their organization, recent events are pointing to the increasing need to understand the even more complex risks posed by partner organizations. Richard Thaler, professor of economics and behavioral science at the University of Chicago, provided his view in the New York Times this week.

AS the oil spill in the Gulf of Mexico follows on the heels of the financial crisis, we can discern a toxic recipe for catastrophe. The ingredients include risks that are erroneously thought to be vanishingly small, complex technology that isn’t fully grasped by either top management or regulators, and tricky relationships among companies that are not sure how much they can count on their partners.

For the financial crisis, it has become clear that many chief executives and corporate directors were not aware of the risks taken by their trading desks and partners. Recent accusations against Goldman Sachs suggest the potential for conflicts of interest among banks, investors, hedge funds and rating agencies. And it is clear that regulators like the Securities and Exchange Commission, an agency staffed primarily with lawyers, are not well positioned to monitor the arcane trading strategies that helped produce the crisis.

The story of the oil crisis is still being written, but it seems clear that BP underestimated the risk of an accident. Tony Hayward, its C.E.O., called this kind of event a “one-in-a-million chance.” And while there is no way to know for sure, of course, whether BP was just extraordinarily unlucky, there is much evidence that people in general are not good at estimating the true chances of rare events, especially when human error may be involved. There was another major blow-out in the gulf 31 years ago by the Mexican rig Ixtoc I. So was this really a one-in-a-million risk?

In the current spill, the problems of assessing risk were complicated by the teamwork required among BP; Transocean, which owned the rig; and Halliburton, which had provided services like concrete work. “Of the 126 people present on the day of the explosion, only eight were employees of BP,”reported Ian Urbina in The New York Times. “The interests of the workers did not always align.”

Certainly, before a company can fully understand the growing web of internal and external risks inherent in their business activities, the company must have a disciplined approach to risk management. A strong enterprise risk management program can help in this regard. If your company is looking to implement or improve its enterprise risk management program, Wheelhouse Advisors can help. Visit www.WheelhouseAdvisors.com to learn more.

The Real Problem Still Looms Large

This week, the New York Times reported that the Federal Reserve is completing a comprehensive review of incentive programs at the nation's largest financial institutions. The findings are surprising given the role of the incentive programs in igniting the financial meltdown of 2008.  Here's what the Federal Reserve has discovered.

The Federal Reserve, six months into a compensation review of the country’s 28 largest financial companies, has found that many of the bonus and incentive programs that economists say contributed to the worst financial crisis since the Great Depression remain in place, according to people briefed on the examinations.

Officials have found, for example, that risk managers at several of the biggest banks still report to executives who have influence over their year-end bonuses and whose own pay might be constricted by curbing risk. In many cases, risk managers do not have full access to the compensation committee of the banks’ boards.

The review also revealed that banks tend to set similar bonus formulas for broad sets of employees and often do not adjust payouts to account for risks taken by traders or mortgage lending officers. Bank executives and directors, meanwhile, are often in the dark on the pay arrangements of employees whose bets could have a potentially devastating impact on the company.

This disconnect between pay practices and risk taking is at the heart of the problem and must be resolved for financial institutions to thrive in the long-term. It starts with having a strong enterprise risk management infrastructure and framework as a foundation for addressing the major disconnects between the board, bank executives and line management. Then, financial institutions must begin to faithfully utilize risk-adjusted performance metrics to drive their pay practices. Until this happens, no amount of governmental regulatory reform will solve the real problem behind the financial crisis.

ERM Helps Avoid Risk Miscalculations

A recent article in the New York Times discusses the inherent failings in estimating risks in our society today.  As our environment becomes more complex, people are faced with ever-increasing amounts of risk that are difficult to quantify until it is too late.  Here is an excerpt from the article that explains the challenge very well.

But there also appears to have been another factor, one more universally human, at work. The people running BP did a dreadful job of estimating the true chances of events that seemed unlikely — and may even have been unlikely — but that would bring enormous costs. Perhaps the easiest way to see this is to consider what BP executives must be thinking today. Surely, given the expense of the clean-up and the hit to BP’s reputation, the executives wish they could go back and spend the extra money to make Deepwater Horizon safer. That they did not suggests that they figured the rig would be fine as it was. For all the criticism BP executives may deserve, they are far from the only people to struggle with such low-probability, high-cost events. Nearly everyone does. “These are precisely the kinds of events that are hard for us as humans to get our hands around and react to rationally,” Robert N. Stavins, an environmental economist at Harvard, says. We make two basic — and opposite — types of mistakes. When an event is difficult to imagine, we tend to underestimate its likelihood. This is the proverbial black swan. Most of the people running Deepwater Horizon probably never had a rig explode on them. So they assumed it would not happen, at least not to them. Similarly, Ben Bernanke and Alan Greenspan liked to argue, not so long ago, that the national real estate market was not in a bubble because it had never been in one before. Wall Street traders took the same view and built mathematical models that did not allow for the possibility that house prices would decline. And many home buyers signed up for unaffordable mortgages, believing they could refinance or sell the house once its price rose. That’s what house prices did, it seemed. On the other hand, when an unlikely event is all too easy to imagine, we often go in the opposite direction and overestimate the odds. After the 9/11 attacks, Americans canceled plane trips and took to the road. There were no terrorist attacks in this country in 2002, yet the additional driving apparently led to an increase in traffic fatalities.

The best way to avoid miscalculating risks is to develop a disciplined enterprise risk management program with a solid framework to help quantify the level of risk.  Wheelhouse Advisors can help.  To learn more, visit www.WheelhouseAdvisors.com.

ERM Success Rests on the CEO & CRO

An editorial in this month's US Banker magazine discusses the role of both the Chief Executive Officer ("CEO") and the Chief Risk Officer ("CRO") in managing risk. It all starts with the CEO establishing the appropriate risk culture and setting the risk appetite for the organization. When this is fully delegated to the CRO as part of an enterprise risk management program, the CRO is doomed to failure. Here's why.

The CRO cannot be expected to do what only the CEO can do—which is to take the lead in strategic risk-taking, protecting the franchise and building a strong risk culture. But if the CEO takes on these fundamental risk management responsibilities, the CRO can be an effective and valuable contributor to the bank's success. The CRO helps the CEO and the board implement a credible, consistent risk management framework to govern the bank's risk-taking across all businesses; provides expert, unbiased advice on risk issues; and offers constructive ideas that use smarter risk management to unlock new business opportunities.

Handing off full responsibility for the bank's enterprise risk management is the wrong reason to have a CRO. The result is likely to be an expensive compliance bureaucracy that creates a false sense of security. The CRO becomes merely an actor in a diverting farce that presents the façade of risk management without the reality of risk management. As many banks discovered in the financial crisis, this farce can turn into a tragedy when the music stops.

A solid CEO/CRO partnership is crucial to the long-term success of an enterprise risk management program. Even more crucial is having a CEO who understands and is willing to accept his/her role as the true risk leader in the company.