Rude Lesson in Risk Management

A leading risk management expert and chief risk officer at a major U.S. financial institution offered his insight on risk management practices last week in the Columbus Business First Journal.  His views are candid and becoming more common as the dust begins to settle from the recent financial crisis.  Here is what he had to say.

Kevin Blakely, senior executive vice president of Huntington Bancshares Inc. in Columbus and its chief risk officer said years ago, things were relatively simple. “Most of our risk was centered in credit risk – lending to individuals and companies, and gauging our ability to get that money back,” he said. Until this past summer, Blakely had been president of the Philadelphia-based Risk Management Association. But as companies got bigger and financial products got more complex, financial institutions developed mathematical models to measure risk. They worked well, he said, but by the mid-1990s banks were depending on them too much. “We began to view them as the answer, rather than as one more input before you get to the answer,” Blakely said. “That was one of the rude lessons we learned over the last couple of years. As an industry, we weren’t as smart in the business of risk management as we thought we were.”

The false sense of security placed in risk management was certainly a rude lesson for many companies as they focused on quantitative models that told them what they wanted to believe.  A balanced view of both quantitative and qualitative factors is critical to an effective enterprise risk management program.

JP Morgan Chase CEO Discusses Risk Management

Yesterday, JP Morgan Chase CEO Jamie Dimon shared his views on the financial crisis with Charlie Rose at the Securities Industry and Financial Markets Association annual meeting in New York.  In the interview, Mr. Dimon reflected on risk management approaches taken by many financial institutions leading up to the crisis.  He stated, "You should never rely solely on VaR, Basel I or Basel II for risk management practices.  If you did, it was a mistake."   He went on to explain that sound risk management practices require both quantitative analysis and management judgment to be effective.  He also noted that there are legitimate failures in the application of the Basel II Capital Accord that left many institutions with insufficient capital positions.   His full remarks can be viewed in the video web link below.

Jamie Dimon speaks with Charlie Rose at SIFMA Annual Meeting

Regulators Stepping-up ERM Examinations

Yesterday, an article by FinCriAdvisor highlighted how regulators are stepping-up their reviews of enterprise risk management ("ERM") programs at both large and small financial institutions.  As they have been calling for stronger enterprise risk management practices, regulators have also been working on new ERM guidance that banks will need to follow in the future.  Here is a portion of what was reported.

Regulators have begun to focus more heavily on the way banks handle risk assessment, urging in recent testimony and regulatory updates - as well as in examinations - that institutions move toward an "enterprise risk management" model.  "There is an increasing interest with the regulators, no doubt, and a lot of risk management guidance in the works," adds Bernard Mason, regulatory relations liaison with the Risk Management Association (RMA) in Washington, D.C. He cites new commercial real estate credit concentration rules that lean heavily on risk management, pending rules on liquidity risk management that would tie U.S. guidelines with those of COSO and Basel, and new September guidance on correspondent risk management.  "Clearly, regulators are asking banks to identify risk appetite," agrees Mark Zmiewski, head of research at the RMA in Philadelphia. "That reaches a higher level of importance today under governance issues." This includes the role of the board in establishing the bank's risk appetite (the amount of risk it is willing to accept to increase earnings), how well-versed senior management is in carrying out that plan, and how well risk is measured and monitored, he says.

Is your company prepared for the greater ERM scrutiny?  If not, Wheelhouse Advisors can provide cost-effective solutions.  Visit www.WheelhouseAdvisors.com to learn more.

Fair Warning to Improve Risk Management

This week, a report was published by the Senior Supervisors Group ("SSG") regarding risk management lessons learned from the 2008 financial crisis.  For those who do not know, the SSG is a group of central regulatory agencies from seven nations including the United States.  The report highlights the following deficiencies in risk management practices at major corporations across the globe.

Some of the highlighted areas of greatest need, such as board and management oversight, articulation of risk appetite, and compensation practices, are potentially a result of the aforementioned imbalance between the stature and resources allocated to firms’ revenue-generating businesses and those afforded to the reporting and control functions. Other areas, such as risk aggregation and concentration identification, stress testing, and credit and counterparty risk management, can also be attributed to the weak condition of many firms’ IT infrastructure. While considered central to sound firm governance and risk management, the areas of continued improvement addressed here are not exhaustive.

In highlighting the areas where firms must make further progress, we seek to raise awareness of the continuing weaknesses in risk management practice across the industry and to evaluate critically firms’ efforts to address these weaknesses. Moreover, the observations in this report support the ongoing efforts of supervisory agencies to define policies that enhance financial institution resilience and promote global financial stability.

This report serves as fair warning for financial institutions to proactively strengthen their own risk management practices before the regulatory authorities are compelled to force necessary changes.  If your company is looking for cost-effective solutions, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

Winds of Corporate Governance Change Are Blowing

Yesterday, the U.S. Government announced major pay reductions for executives at companies recently aided by taxpayer funded capital infusions.  In addition, the Wall Street Journal reported that these same companies will be forced to make some significant changes in their governance structure and risk management practices.  Here is what one prominent corporate governance expert had to say about the demands.

The government's move "is a seismic shift,'' said Espen Eckbo, director of the Center for Corporate Governance at Dartmouth College's Tuck School of Business. But the broader impact will be "much more significant from the governance side,'' he added. Mr. Eckbo anticipates increased shareholder pressure on companies without federal bailouts to create board risk committees and split the roles of chairman and CEO. There likely will be more non-binding stockholder resolutions next year calling for such changes, he predicted. In particular, "risk committees are a no brainer.''

As more companies establish board risk committees, Enterprise Risk Management ("ERM") programs will come under greater scrutiny and need to be more robust.  Wheelhouse Advisors can help strengthen your ERM program.  Visit www.WheelhouseAdvisors.com to learn more.

IT Organizations Adjust to "New Normal"

The "new normal" is taking hold as businesses emerge from the economic recession and look to 2010 and beyond. Greater emphasis on disciplined decision making supported by a complete understanding of associated risks will become part of the norm.  To that end, one of the major Information Technology ("IT") market intelligence firms, IDC, recently published a report on what IT organizations should be doing to adjust to the "new normal".  Here is what IDC suggests as priorities for IT organizations.

1. Cost and Funding Management: IT organizations will increasingly be forced to develop cost profiles, including the business value of solutions, to support investment decisions. This will not be an easy or pleasant task, and has been a requirement that has dogged IT organizations for years.


2. Sourcing and Platform Strategies: As new options become available to achieve an IT or business objective, IT organizations will have more room to experiment, innovate, and change, but will also have to justify their choices more conclusively.


3. Equipment Leasing and Software Financing: Commercial organizations will return to IT leasing and financing as a means of bolstering their access to IT resources.


4. Life Cycle Management: IT organizations have already extended the planned deployment of many major systems, but they still need to develop the tools and management processes to quantify the underlying cost implications of these longer asset lifecycle models.


5. IT Financial Management Tools: As IT platforms and business processes increasingly move toward a mix of in-house and third-party provision, the need for IT financial management software, tools, and best practices to better enable IT organization operational decision-making will become apparent.

Does your IT organization have the necessary tools and supporting business practices to operate in this new environment?  If not, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

Building Trust to Support Growth in 2010

This week, Information Technology ("IT") executives from around the globe have gathered in Orlando at the Gartner Symposium/ITxpo.  A big focus of the event is how IT can become more transparent and accountable in order to support business growth in 2010.  The key is balancing risk management with performance management.  Here is what Gartner analysts have to say on the subject.

Risk management is about accepting that IT organizations cannot protect the company from everything, so they will have to make conscious decisions about what they will do to protect themselves, and what they will not do. They must learn to balance risk and performance. People need IT organizations to share information, so that they can trust them. IT leaders should accommodate letting outside information in, and sharing inside information appropriately. CIOs shouldn`t think they can shut down the two-way flow of information because they can`t stop it.

Gartner analysts said that the quality of data underpinning metrics such as measuring business productivity, profits, value, and efficiency of services delivered is inadequate. This stems from siloed and inconsistent business data, and from an over reliance on spreadsheets. Even where there have been investments in business intelligence, it`s not giving the business what it needs. The challenge for IT leaders is getting the information that everyone can believe in, and that everyone in the organization will trust. "IT leaders need robust information architectures and governance, coupled with data quality and integration capabilities to create an enterprise view across these silos," said Nigel Rayner, research vice president at Gartner. "You will need to rationalize and link performance measures across the business in an enterprise metrics framework. When the data is consistent, and everyone believes it, then you have built trust."

Wheelhouse Advisors recently partnered with Apptio, the leading provider of IT Financial Management solutions, to help companies achieve a balanced risk and performance management approach. Apptio’s on-demand IT Financial Management solutions provide greater visibility into the cost, utilization and operations of IT products and services so that businesses can identify ways to reduce IT costs, make better IT decisions and provide the business with a true Bill of IT. World class companies such as Blue Cross Blue Shield of Kansas, BNP Paribas, EMD Chemical and Starbucks use Apptio’s IT cost analysis capabilities to reduce cost and achieve greater visibility into their IT costs and cost drivers. For more information, please visit www.apptio.com.

The Spread of Risk Management Functionitis

While many in corporate America are working to reduce the impact of the H1N1 virus on their workforce, another virus has been infecting corporations for years.  As Jack Bergstrand, Founder of Brand Velocity, Inc., explains in his recent highly regarded book, Reinvent Your Enterprise, corporations of all sizes have been suffering from what he calls "functionitis".  Mr. Bergstrand examines how this virus has spread as more companies employ knowledge workers rather than manual workers. Knowledge workers typically organize into specialty areas within corporations based on their subject matter expertise.  This, in turn, can lead to a very bad case of "functionitis".  Here is Mr. Bergstrand's explanation of the virus and its possible cure.

"Functionitis" is a term for when functions become separated from the Enterprises they are supposed to support.  Functionitis is also an Enterprise example of where bad systems create bad behaviors.  It sometimes generates outright conflict.  More often, it generates less visible cross-functional productivity breakdowns driven by incompatible priorities and preferences.  A clear sign that functionitis has taken over is when one function considers itself an internal customer for another function.  With knowledge work, reducing moving parts at the top can systematically resolve many of the functionitis issues in and of itself.  It can also systematically improve the allocation of resources and accelerate Enterprise reinvention in rapidly changing markets.

Functionitis is at the core of the need for Enterprise Risk Management programs.  Not only does it impact the productivity of risk professionals across an enterprise, but also the ability for an enterprise to understand its true risk profile.  Is your company suffering from risk management functionitis and looking for a cure?  If so, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.

S&P Struggles with ERM Ratings

Yesterday, Compliance Week Magazine reported that Standard & Poor's ("S&P") is struggling to incorporate Enterprise Risk Management ("ERM") into its ratings methodology.  Evidently, the analysts at S&P are finding the challenge of reviewing risk management practices at non-financial companies to be more daunting than originally planned. Financial companies have had their ERM practices reviewed by S&P for years, but the task is easier since practices are more mature and standard across the industry. In addition to this challenge, S&P has also been distracted by the ratings debacle that led to the securitization meltdown late last year.  However, here is what Compliance Week reported about S&P's future plans for ERM evaluations.

S&P has no plans to abandon its ERM evaluations, but neither will it split out ERM as a separate component of a company’s overall rating score. Rather, ERM reviews for non-financial companies will be based primarily on information provided by issuers in public disclosures and through discussions with S&P. Following are the seven primary questions that analysts have been asking management teams concerning ERM:

• What are the company’s top risks, how big are they, and how often are they likely to occur? How often is the list of top risks updated?


• What is management doing about top risks?


• What size quarterly operating or cash loss have management and the board agreed is tolerable?


• Describe the staff responsible for risk-management programs and their place in the organization chart. How do you measure success of risk management activities?


• How would a loss from a key risk impact incentive compensation of top management and on planning/budgeting?


• Tell us about discussions about risk management that have taken place at the board level or among top management when making strategic decisions.


• Give an example of how your company responded to a recent “surprise” in your industry and describe whether the surprise affected your company and others differently.

Is your company prepared to answer these questions?  If not, Wheelhouse Advisors can help. Visit www.WheelhouseAdvisors.com to learn more.

A Risk & Financial Management Balancing Act

Information Technology ("IT") is quickly becoming one of the primary areas within a company that is not only laden with risk, but also regulatory complexity.  At the same time, IT is one of the first areas to which companies look for cost reduction in an economic recession.  The combination of these factors demands better decision making and priority-setting by IT risk professionals and finance managers to meet the needs of the business while properly managing risk. In this month's issue of Information Security Magazine, an IT risk professional at credit information provider Equifax shares his view of this challenge.

Let's face it, we are entering an era of tighter statutory requirements and rapidly changing regulations. But focusing solely on statute requirements can lead to a disjointed strategy that is neither comprehensive nor aligned with business goals. While compliance mandates are often used to drive security investments, compliance by itself does not ensure a company's security posture.

Instead, businesses must look beyond their technology and compliance needs and understand the challenges of ensuring their company's security posture. Achieving this level of transparency requires the right mix of innovation, talent and technology underscored by a strategy that addresses risk at the broadest level. This is where relationships with business partners and vendors can play a valuable role. By joining forces with industry-leading third-party providers, companies gain access to new thinking and innovation to address key needs and challenges. With the right strategy and technology partnerships, businesses can drive a consistent and global set of security practices focused on risk reduction and information security.

Wheelhouse Advisors is uniquely positioned to help companies address their risk and security challenges while meeting the financial demands of the businesses they support.  To learn more, email us at NavigateSuccessfully@WheelhouseAdvisors.com or visit our website at www.WheelhouseAdvisors.com.

Back to the Drawing Board on Derivatives Regulation

U.S. House Financial Services Committee Chairman Barney Frank (D-MA) distributed a proposal for derivatives regulation this week and it was the subject of a hearing by the committee yesterday.  A major part of the discussion centered on a potential loophole that would allow many corporations, if not all, to avoid the new regulation altogether. Here is what Bloomberg.com reported about the hearing and draft legislation prepared by Chairman Frank.

A plan offered by the Obama administration would subject all swaps dealers and “major market participants” to new regulations for capital, business conduct, record-keeping and reporting. Frank’s version would exempt corporations from that definition if they use derivatives for “risk management” purposes.

While Frank’s proposal is a “step in the right direction,” its “ambiguous” definition of risk management may leave a large number of corporations unregulated, Henry T.C. Hu, director of the SEC’s new division of risk, strategy and financial innovation, told the committee.

“As just about all swaps could be defined as being used for risk management purposes, we’re concerned that unintentionally the category of ‘major swap participant’ could have been narrowed so significantly, or even to a null set,” CFTC Chairman Gary Gensler told reporters after the hearing.

“Major hedge funds” may be excluded from oversight, as may the mortgage-finance companies Fannie Mae and Freddie Mac “because of course the government-supported enterprises use swaps for risk management purposes,” Gensler said.

It looks like Chairman Frank may need to re-educate himself on the use of derivatives and go back to the drawing board on this proposal.

Improving Executive Compensation Oversight and Pay Processes

In light of the increased risks associated with executive compensation programs, The Conference Board recently established a task force to develop guidance for companies looking to improve their pay processes and oversight.  The guidance has been published and centers on five principles that companies should strive to achieve.  Here are the five principles.

Principle One—Paying for the right things and paying for performance

Compensation programs should be designed to drive a company’s business strategy and objectives and create shareholder value, consistent with an acceptable risk profile and through legal and ethical means. To that end, a significant portion of pay should be incentive compensation, with payouts demonstrably tied to performance and paid only when performance can be reasonably assessed.

Principle Two—The “right” total compensation

Total compensation should be attractive to executives, affordable for the company, proportional to the executive’s contribution, and fair to shareholders and employees, while providing payouts clearly aligned with actual performance.

Principle Three—Avoid controversial pay practices

Companies should avoid controversial pay practices, unless special justification is present.

Principle Four—Credible board oversight of executive compensation

Compensation committees should demonstrate credible oversight of executive compensation. To effectively fulfill this role, compensation committees should be independent, experienced, and knowledgeable about the company’s business.

Principle Five—Transparent communications and increased dialogue with shareholders

Compensation should be transparent, understandable, and effectively communicated to shareholders. When questions arise, boards and shareholders should have meaningful dialogue about executive compensation.

These guiding principles seem to provide what many may say is simply common sense advice.  However, given the environment that we find ourselves in today, common sense such as this may not be as common as one might think.

The Sarbanes-Oxley Countdown is Extended for a Final Time

The U.S. Securities and Exchange Commission ("SEC") announced last week that the deadline for full compliance with Section 404 of Sarbanes-Oxley Act for small companies has been extended for an additional and final nine months.  The primary reason for this final extension is the delayed publication of the formal study on the impact of changes to the compliance requirements made in 2007.  Here is the formal release from the SEC.

This extension of time will expire beginning with the annual reports of companies with fiscal years ending on or after June 15, 2010. This expiration date previously had been for fiscal years ending on or after Dec. 15, 2009. The extension was granted so that the SEC’s Office of Economic Analysis could complete a study of whether additional guidance provided to company managers and auditors in 2007 was effective in reducing the costs of compliance. Because the study was published less than three months before the December 15 deadline, the Commission determined that additional time is appropriate and reasonable so that small public companies and their auditors can better plan for the required auditor attestation.

“Since there will be no further Commission extensions, it is important for all public companies and their auditors to act with deliberate speed to move toward full Section 404 compliance,” said SEC Chairman Mary L. Schapiro.

So, the final clock is ticking.  Does your company need help implementing a cost-effective compliance program?  If so, Wheelhouse Advisors can help.  Visit www.WheelhouseAdvisors.com to learn more.