Obfuscating Operational Risk Management

Operational Risk Management is continuing to evolve as a key component of an Enterprise Risk Management ("ERM") program. However, it continues to be an area of great debate as a formal discipline due to its broad focus and impact across the business. One area that confuses and frustrates many businesspeople when confronted with operational risk is the notion of risk appetite vs. risk tolerance. In some cases, the two terms are used interchangeably. However, in other cases, risk appetite refers to the total amount of risk to be taken to achieve a given business objective and risk tolerance refers to specific risk limits associated with a given business activity. The Institute of Operational Risk has developed guidance that is practical and useful for risk practitioners in dealing with these terms. Here's their view.

In simple terms, expressing Operational Risk Appetite is a question of defining what is acceptable to an organisation and what is not. This could be achieved by deciding, for each type of risk, what is acceptable, what is unacceptable, and the parameters of the area between those two (i.e. what is tolerable).

Regardless of the way these terms are used, the key for operational risk managers is to help businesspeople understand risk in their own terms rather than in risk management vernacular. Otherwise, the focus will remain on terminology rather than what is really important - creating value for the business.

ERM Adds to Brand Image and Competitive Advantage

A recent report by the Aberdeen Group reveals the concerns of executives today and their interest in developing Enterprise Risk Management ("ERM") programs. The report includes survey results from 213 finance executives regarding their views of ERM.  One of the more telling results from the study is the listing of top catalysts for creating an ERM program (see figure 2 below). Rather than compliance requirements heading the list (as was the case for most companies before the financial crisis of 2008), now companies are more concerned about their brand image and competitive advantage. A close second on the list is the financial impact from the market upheaval as described in the report excerpt below.

With increased consumer and governmental scrutiny, today more than ever companies must be aware of events that directly impact their brand image. Maintaining credibility with investors and stakeholders can drive up the cost of capital; for publicly traded companies that are more regulated and expected to demonstrate good governance, this can translate to significant stock price movements and debt-rating downgrades.

Related to the issue of cost of capital, the economic upheaval also drove up the cost of credit and limited availability to the companies with the highest credit ratings. As capital is further constrained, businesses also need to be concerned about potential disruption and even failure.

The cost of not having an effective ERM program has certainly ratcheted up over the past few years.  The question now becomes "can you afford not to invest in an ERM program?"

Fear of Innovation is a Huge Risk

At a time when crisis management has been the primary focus, no other industry is better positioned for an innovation leader to emerge than is financial services. Most financial services companies have retrenched and allowed their product development and technology to wither on the vine. Customers have suffered from sharp declines in service quality as a result. The company (or companies) with the fortitude to make significant investments in innovation will capture significant market share and greater profits. Three areas of innovation have been hot topics at this week's 2010 Bank Administration Institute's Retail Banking Conference.

1) The mobile phone is the new branch. Twenty-five percent of consumers have ditched their wireline phone and gone completely wireless. This of course puts increased pressure on banks to invest in mobile banking and payments. Yet except for remote check capture via mobile phones from banks like USAA, real innovation remains elusive. Most of the industry innovations are being driven not by banks, but by specialist companies like mFoundry, ClariMail, Monitise, Mocapay, PayPal, Bling and Obopay.  This while bankers complain that their major tech suppliers, including First Data, Fidelity, Fiserv and Jack Henry, are just not moving fast enough to meet their needs.
2) Social Networking is a dangerous tool for customer interaction but necessary. Banks get that social networking are here to stay. And many believe it has the potential to be something other than a digital version of a call center. But social networking is not a controlled environment and that scares bankers. It should. Sites like Twitter and Facebook provide a podium for every whack job to speak his or her mind. The benefactors of the uncertainties that retail banks have about how to use and measure social media effectiveness are likely IBM, SAS, SAP and Microsoft and could provide a watershed year for a slew of nimble-footed specialist firms who are building business to consumer (B2C) enterprise grade measurement and engagement tools.
3) Cloud Computing: the outlook remains cloudy. Instinctively it would seem that cloud computing technology would be a critical weapon to break down the line of business silos that exist in retail banks. This seems especially true given consumer demands to have an experience they value, on their terms, on the bank interaction channel of choice — online, mobile, ATM or branch, irrespective of the type of business a consumer wants to transact with the bank. Consumers value convenience and they want to define what convenience looks like. But banks seem crippled to navigate the abyss of implementation schemes, cost sharing, regulatory compliance, security and customer ownership issues.

Fear of innovation is a very real risk that many companies face in today's uncertain environment. The value of innovation is at its maximum during times of complexity and chaos. Those companies that work to escape the fear and embrace innovation will be the ultimate winners, while those that do not will suffer a painful fate.

Companies Are Thinking About Risks In New Ways

Why do some companies loathe risk management? Well, many will say because it is a bureaucratic exercise devoted to minimizing risks at the expense of future growth and innovation - and in many cases they are right. This is due to the way risk management as a discipline has evolved as well as how risk management practitioners have been taught. For better or worse, risk management tends to lean towards insurance and compliance or, in other words, ways to minimize risk and increase paperwork.

So, when board directors and senior executives hear the words "risk management", they immediately shift their focus to the more commonly held view and neglect the real value of the discipline. The real value of risk management comes from developing a keen understanding of the critical risks related to a company's strategic objectives. With this understanding, companies can leap-frog the competition by addressing risks in an innovative and unique manner.

Wheelhouse Advisors has developed a tool set to help companies jump-start their new approach to understanding risks. Known as The ERM Compass™, the tool set is designed to identify opportunities to improve a company's "risk mindfulness."  Risk mindfulness is a new way of viewing risks - a forward-looking and continuous approach that allows a company to use risk as a driver of intelligent growth and innovation.  The level of a company's risk mindfulness is measured using The ERM Compass™ Scorecard.  The Scorecard focuses on four primary areas of risk as they relate to a company's strategic objectives (see figure below). Scores are calculated for each risk area using five critical components of risk mindfulness. With the scores in hand, companies can easily determine the direction they need to take in order to increase their risk mindfulness and create value.

To learn more about The ERM Compass™ and to schedule a complimentary review, email us at NavigateSuccessfully@WheelhouseAdvisors.com.

Lessons Learned from the Foreclosure Crisis

The recent foreclosure crisis is just another chapter in the financial meltdown that began in 2007.  As a result of the frenzy to securitize mortgage loans back in the middle of the decade, the required paperwork to foreclose on a property is difficult, if not impossible, to retrieve. Now, financial institutions are finding that the outsourced foreclosure work is faulty at best and fraudulent in many cases. Here's what the Wall Street Journal reported today.

In recent days, some lenders named in the foreclosure inquiries have said they would no longer use the services of some of these law firms for new foreclosures. Ally Financial Inc.'s GMAC Mortgage has pulled business and dispatched executives and a new team of lawyers to Florida to ensure foreclosure cases are being handled correctly, according to a person familiar with the situation.

The law firms and a Lender Processing unit, Docx LLC, which did work at a suburban Atlanta office, handled the nitty-gritty paperwork necessary to verify key document batches, including ownership transfer of a loan, known as an assignment, and the amount owed by a borrower losing his home. That paperwork processing at the law firms and lenders allegedly didn't review all information needed, such as who owned the loan or borrower financial information, the Florida attorney general claims. The Florida attorney general's office is looking at possible use of "fabricated documents" used in foreclosure actions in court, according to the attorney general.

This situation provides a few lessons in risk management. First, it demonstrates the lingering effects of poor controls when dealing with massive amounts of transactions complicated by a highly complex securitization process. Second, it also shows that the operational risks to a given company extend well beyond its walls to its outsourcing partners' ability to properly control its business.  Finally, with the crisis today clearly rooted in the actions of the past, it demonstrates the need for more forward-looking risk management programs.

NYSE Issues Corporate Governance Principles

The New York Stock Exchange ("NYSE") recently completed a report detailing the corporate governance principles that member companies should adopt in the wake of the financial crisis of 2008.  In the report, the NYSE's Commission on Corporate Governance defines the following ten fundamental corporate governance principles and focuses on the interrelationships of what it calls the three cornerstones of the corporation - boards, management and shareholders.

1. The board’s fundamental objective should be to build long-term sustainable growth in shareholder value for the corporation and its shareholders and the board is accountable to shareholders in its effort to achieve this objective.

2. While the board’s responsibility for corporate governance has long been established, the critical role of management in establishing proper corporate governance has not been sufficiently recognized.  The Commission believes that a key aspect of successful governance depends upon successful management of the company, as management has primary responsibility for creating an environment in which a culture of performance with integrity can flourish.

3. Shareholders have the right, a responsibility and a long-term economic interest to vote their shares in a thoughtful manner, in recognition of the fact that voting decision influence director behavior, corporate governance and conduct, and that voting decision are one of the primary means of communicating with companies on issues of concern.

4. Good corporate governance should be integrated with the company’s business strategy and objectives and should not be viewed simply as a compliance obligation separate from the company’s long-term business prospects.

5. Legislation and agency rule-making are important to establish the basic tenets of corporate governance and ensure the efficiency of our markets.  Beyond these fundamental principles, however, the Commission has a preference for market-based solutions whenever possible.

6. Good corporate governance includes transparency for corporations and investors, sound disclosure policies and communication beyond disclosure through dialogue and engagement as necessary and appropriate.

7. While independence and objectivity are necessary attributes of board members, companies must also strike the right balance between the appointment of independent and non-independent directors to ensure that there is an appropriate range and mix of expertise, diversity and knowledge on the board.

8. The Commission recognizes the influence that proxy advisory firms have on the market, and believes that such firms should be held to appropriate standards of transparency and accountability.  The Commission commends the SEC for its issuance of the Concept Release on the U.S. Proxy System, which includes inviting comment on how such firms should be regulated.

9. The SEC should work with the NYSE and other exchanges to ease the burden of proxy voting and communication while encouraging greater participation by individual investors in the proxy voting process.

10. The SEC and/or the NYSE should consider a wide range of views to determine the impact of major corporate governance reforms on corporate performance over the last decade.  The SEC and/or the NYSE should periodically assess the impact of major corporate governance reforms on the promotion of sustainable, long-term corporate growth and sustained profitability.

This report is a wonderful guiding resource for board directors and management who are looking to strengthen corporate governance in a meaningful and practical way. It also provides some great recommendations for government regulators who are looking to implement new rules.  If adopted fully, these principles will go a long way to returning the U.S. and its capital markets to a position of prominence.

Who Is Really to Blame?

Yesterday, the infamous Jerome Kerviel was sentenced to three years in prison and ordered to repay the estimated €4.9 billion that the French financial institution Société Générale lost as a result of his failed derivative trades. What is surprising to many who have weighed-in on the verdict is the fact that the sole blame for the massive losses has been placed on the young trader.  Here's one common view as reported in the New York Times.

“It’s a whitewash,” Bradley D. Simon, a white-collar criminal defense attorney at Simon & Partners in New York who specializes in securities and bank fraud, said of the verdict. “The evidence does not support absolving the bank completely,” he said. “This was a lot larger than Kerviel.”

Société Générale had admitted to management failures and weaknesses in its risk control systems. An internal audit published in May 2008 described Mr. Kerviel’s immediate supervisors as “deficient” and acknowledged that the bank had failed to follow through on at least 74 internal alerts about Mr. Kerviel’s trading activities dating to mid-2006.

While an appeal of the verdict is virtually guaranteed, the larger question remains. How can a situation like this unfortunate one be prevented in the future?  The answer certainly begins with stronger risk and control programs as demonstrated by the numerous weaknesses found at Société Générale.

Clues to Board Ineffectiveness

The Harvard Business Review published a provocative article last week about the shortcomings of board directors in today's post financial crisis environment. The article was written by Roger Martin, dean of the Rotman School of Management at the University of Toronto. Mr. Martin is a frequent writer and expert in the field of Design Thinking. According to Mr. Martin, the following are six indicators of a bad board member.

1) They complain about how hard Sarbanes-Oxley has made it to be a director. Guess what? It has also become hard to be an investor. And hard to be a public company auditor and a capital markets regulator. It's hard all over. If your directors complain that they don't have time on the board to talk about strategy and succession and other important management issues because the formal SOX procedures have crowded that out, you have mice not men (or women) on the board. Every person in every organization has the personal choice to be a value-added contributor or turn into a useless bureaucrat. Directors have that choice; nobody is putting a gun to their heads. If they complain, they are likely to be useless to you.

2) They complain about how the fees for being a director aren't high enough to compensate for the onerous work involved. You don't want a director on the board because they think it is great money. If they complain about the money, it is because they are obsessed about making money by being on boards and want it to be a lucrative gig. If they think it is great money, they won't do anything to rock the boat and risk losing that gig.

3) They are paid in the top tertile of peer boards. Boards set their own compensation. If board members set their compensation significantly above the median of peer boards, they want to make the board a lucrative gig and that is a bad thing, per the point above.

4) They express excessive pride over being on the board. This is likely to mean that they are enamored with the prestige of being on the board. If that prestige is important to their sense of self then they won't do anything to rock the boat and risk losing the prestige associated with being on the board.

5) They express enthusiasm for the enjoyable social atmosphere on the board. This means they will be incline to avoid doing anything to rock the boat because that will reduce the enjoyment of the atmosphere on the board.

6) They express enthusiasm for the personal growth opportunities the board provides them. That is lovely for them, not for you.

As we continue to emerge from the rubble of the Great Recession, more companies will need to reflect on the effectiveness of their boards and, more importantly, their individual board members.

When Discussing Risk, Are Boards Well Informed?

Now that the economic outlook and regulatory uncertainties are beginning to stabilize, companies and their boards of directors are exiting crisis management mode and realizing the need for strong enterprise risk management programs to succeed going forward.  However, most board members in the U.S. still do not have a very good understanding of the enterprise risk management practices in their own companies.

A recent survey sponsored by the AICPA and the CIMA and conducted by North Carolina State University demonstrates this fact.  According to the survey, only 39% of U.S. companies indicated that top risk exposures facing the organization are formally discussed when the board of directors discusses the organization’s strategic plan. That’s compared with over 60% of global competitors who are discussing the top risk exposures.

There may be several reasons for this lack of risk discussion in the boardroom.  First, the board members may simply be avoiding the risk discussion by placing implicit trust in senior management.  The board members may also lack the interest and/or the requisite experience to engage senior management in a healthy debate.  However, most likely the company is not in a position to have a risk discussion because they lack the supporting enterprise risk management program to provide a clear articulation of the company’s risk profile.  So, the board of directors and senior management are left to review the strategic plan in a vacuum.

Most of these companies are reluctant to invest in an enterprise risk management program because they fear the onslaught of bureaucratic processes akin to the very early days of Sarbanes-Oxley compliance.  To be truly successful at providing the right risk information, the program should be highly practical and business-focused rather than a grandiose compliance exercise.  It also should be enabled through an intuitive, integrated business process and technology platform such as OpenPages’ Enterprise Risk Management solution set.

For board members who are interested in determining whether they are headed in the right direction when it comes to risk, Wheelhouse Advisors has developed a helpful roadmap called The ERM Compass™.   The ERM Compass™ is a simple, straightforward guide that will provide board members with valuable questions and insight to drive effective boardroom risk discussions.  If you are interested in learning more, send an email inquiry to NavigateSuccessfully@WheelhouseAdvisors.com.