Corporate Governance Lessons from the Financial Crisis

The Corporate Governance Lessons from the Financial Crisis Grant Kirkpatrick * This report analyses the impact of failures and weaknesses in corporate governance on the financial crisis, including risk management systems and executive salaries. It concludes that the financial crisis can be to an important extent attributed to failures and weaknesses in corporate governance arrangements which did not serve their purpose to safeguard against excessive risk taking in a number of financial services companies.

Accounting standards and regulatory requirements have also proved insufficient in some areas. Last but not least, remuneration systems have in a number of cases not been closely related to the strategy and risk appetite of the company and its longer term interests. The article also suggests that the importance of qualified board oversight and robust risk management is not limited to financial institutions. The remuneration of boards and senior management also remains a highly controversial issue in many OECD countries.

The current turmoil suggests a need for the OECD to re-examine the adequacy of its corporate governance principles in these key areas. ------------------------------------------------------------------------------------------------ * This report is published on the responsibility of the OECD Steering Group on Corporate Governance which agreed the report on 11 February 2009. The Secretariat’s draft report was prepared for the Steering Group by Grant Kirkpatrick under the supervision of Mats Isaksson.

Main conclusions The financial crisis can be to an important extent attributed to failures and weaknesses in corporate governance arrangements This article concludes that the financial crisis can be to an important extent attributed to failures and weaknesses in corporate governance arrangements. When they were put to a test, corporate governance routines did not serve their purpose to safeguard against excessive risk taking in a number of financial services companies. A number of weaknesses have been pparent. The risk management systems have failed in many cases due to corporate governance procedures rather than the inadequacy of computer models alone: information about exposures in a number of cases did not reach the board and even senior levels of management, while risk management was often activity rather than enterprise-based. These are board responsibilities. In other cases, boards had approved strategy but then did not establish suitable metrics to monitor its implementation.

Company disclosures about foreseeable risk factors and about the systems in place for monitoring and managing risk have also left a lot to be desired even though this is a key element of the Principles. Accounting standards and regulatory requirements have also proved insufficient in some areas leading the relevant standard setters to undertake a review. Last but not least, remuneration systems have in a number of cases not been closely related to the strategy and risk appetite of the company and its longer term interests.

Qualified board oversight and robust risk management is important The Article also suggests that the importance of qualified board oversight, and robust risk management including reference to widely accepted standards is not limited to financial institutions. It is also an essential, but often neglected, governance aspect in large, complex nonfinancial companies. Potential weaknesses in board composition and competence have been apparent for some time and widely debated. The remuneration of boards and senior management also remains a highly controversial issue in many OECD countries.

The OECD Corporate Governance Principles in these key areas need to be reviewed The current turmoil suggests a need for the OECD, through the Steering Group on Corporate Governance, to re-examine the adequacy of its corporate governance principles in these key areas in order to judge whether additional guidance and/or clarification is needed. In some cases, implementation might be lacking and documentation about the existing situation and the likely causes would be important. There might also be a need to revise some advice and examples contained in the OECD Methodology or Assessing the Implementation of the OECD principles of Corporate Governance I. Introduction Corporate governance enhancements often followed failures that highlighted areas of particular concern The development and refinement of corporate governance standards has often followed the occurrence of corporate governance failures that have highlighted areas of particular concern. The burst of the high tech bubble in the late 1990s pointed to severe conflicts of interest by brokers and analysts, underpinning the introduction of principle V.

F covering the provision of advice and analysis into the Principles. The Enron/Worldcom failures pointed to issues with respect to auditor and audit committee independence and to deficiencies in accounting standards now covered by principles V. C, V. B, V. D. The approach was not that these were problems associated with energy traders or telecommunications firms, but that they were systemic. The Parmalat and Ahold cases in Europe also provided important corporate governance lessons leading to actions by international regulatory institutions such as IOSCO and by national authorities.

In the above cases, corporate governance deficiencies may not have been causal in a strict sense. Rather, they facilitated or did not prevent practices that resulted in poor performance. It is therefore natural for the Steering Group to examine the situation in the banking sector and assess the main lessons for corporate governance in general The current turmoil in financial institutions is sometimes described as the most serious financial crisis since the Great Depression.

It is therefore natural for the Steering Group to examine the situation in the banking sector and assess the main lessons for corporate governance in general. This article points to significant failures of risk management systems in some major financial institutions1 made worse by incentive systems that encouraged and rewarded high levels of risk taking. Since reviewing and guiding risk policy is a key function of the board, these deficiencies point to ineffective board oversight (principle VI. D). These concerns are also relevant for non-financial companies.

In addition, disclosure and accounting standards (principle V. B) and the credit rating process (principle V. F) have also contributed to poor corporate governance outcomes in the financial services sector, although they may be of lesser relevance for other companies. The article examines macroeconomic and structural conditions and shortcomings in corporate governance at the company level The first part of the article presents a thumbnail sketch of the macroeconomic and structural conditions that confronted banks and their corporate governance arrangements in the years leading up to 2007/2008.

The second part draws together what is known from company investigations, parliamentary enquiries and international and other regulatory reports about corporate governance issues at the company level which were closely related to how they handled the situation. It first examines shortcomings in risk management and incentive structures, and then considers the responsibility of the board and why its oversight appears to have failed in a number of cases. Other aspects of the corporate governance framework that contributed to the failures are discussed in the third section.

They include credit rating agencies, accounting standards and regulatory issues. II. Background to the present situation Crisis in the subprime market in the US, and the associated liquidity squeeze, was having a major impact on financial institutions and banks in many countries By mid 2008, it was clear that the crisis in the subprime market in the US, and the associated liquidity squeeze, was having a major impact on financial institutions and banks in many countries. Bear Stearns had been taken over by JPMorgan with the support of the Federal Reserve Bank of New York, and inancial institutions in both the US (e. g. Citibank, Merrill Lynch) and in Europe (UBS, Credit Suisse, RBS, HBOS, Barclays, Fortis, Societe Generale) were continuing to raise a significant volume of additional capital to finance, inter alia, major realised losses on assets, diluting in a number of cases existing shareholders. Freddie Mac and Fanny Mae, two government sponsored enterprises that function as important intermediaries in the US secondary mortgage market, had to be taken into government conservatorship when it appeared that their capital position was weaker than expected. In the UK, there had been a run on Northern Rock, the first in 150 years, ending in the bank being nationalised, and in the US IndyMac Bancorp was taken over by the deposit insurance system. In Germany, two state owned banks (IKB and Sachsenbank) had been rescued, following crises in two other state banks several years previously (Berlinerbank and WestLB). The crisis intensified in the third quarter of 2008 with a number of collapses (especially Lehman Brothers) and a generalised loss of confidence that hit all financial institutions.

As a result, several banks failed in Europe and the US while others received government recapitalisation towards the end of 2008. Understanding the market situation that confronted financial institutions is essential The issue for this article is not the macroeconomic drivers of this situation that have been well documented elsewhere (e. g. IOSCO, 2008, Blundell-Wignall, 2007) but to understand the market situation that confronted financial institutions over the past decade and in which their business models and corporate governance arrangements had to function. There was both a macroeconomic and microeconomic dimension.

From the macroeconomic perspective, monetary policy in major countries was expansive after 2000 with the result that interest rates fell as did risk premia. Asset price booms followed in many countries, particularly in the housing sector where lending expanded rapidly. With interest rates low, investors were encouraged to search for yield to the relative neglect of risk which, it was widely believed, had been spread throughout the financial system via new financial instruments. Default rates on US subprime mortgages began to rise as of 2006, and warnings were issued by a number of official institutions

It is important for the following sections of this article to note that default rates on subprime mortgages in the US began to rise in 2006 when the growth of house prices started to slow and some interest rates for home owners were reset to higher levels from low initial rates (“teaser” rates). Moreover, at the end of 2006 and at the beginning of 2007, warnings were issued by a number of institutions including the IMF, BIS, OECD, Bank of England and the FSA with mixed reactions by financial institutions. The most well known reaction concerned Chuck

Prince, CEO of Citibank, who noted with respect to concerns about “froth” in the leveraged loan market in mid 2007 that “while the music is playing, you have to dance” (i. e. maintain short term market share). The directors of Northern Rock acknowledged to the parliamentary committee of inquiry that they had read the UK’s FSA warnings in early 2007 about liquidity risk, but considered that their model of raising short term finance in different countries was sound. By mid-2007 credit spreads began to increase and first significant downgrades were announced, while subprime exposure was questioned

In June 2007, credit spreads in some of the world’s major financial markets began to increase and the first wave of significant downgrades was announced by the major credit rating agencies. By August 2007, it was clear that at least a large part of this new risk aversion stemmed from concerns about the subprime home mortgage market in the US3 and questions about the degree to which many institutional investors were exposed to potential losses through their investments in residential mortgage backed securities (RMBS), •ecuritized•ed debt obligations (CDO) and other •ecuritized and structured finance instruments.

Financial institutions faced challenging competitive conditions but also an Accommodating regulatory environment At the microeconomic or market environment level, managements of financial institutions and boards faced challenging competitive conditions but also an accommodating regulatory environment. With competition strong and non-financial companies enjoying access to other sources of finance for their, in any case, reduced needs, margins in traditional banking were compressed forcing banks to develop new sources of revenue.

One way was by moving into the creation of new financial assets (such as CDO’s) and thereby the generation of fee income and proprietary trading opportunities. Some also moved increasingly into housing finance driven by exuberant markets4. The regulatory framework and accounting standards (as well as strong investor demand) encouraged them not to hold such assets on their balance sheet but to adopt an “originate to distribute” model.

Under the Basel I regulatory framework, maintaining mortgages on the balance sheet would have required increased regulatory capital and thereby a lower rate of return on shareholder funds relative to a competitor which had moved such assets off balance sheet. Some of the financial assets were marketed through off-balance sheet entities (Blundell-Wignall, 2007) that were permitted by accounting standards, with the same effect to economise on bank’s capital. III. The corporate governance dimension

While the post-2000 environment demanded the most out of corporate governance arrangements, evidence points to severe weaknesses The post-2000 market and macroeconomic environment demanded the most out of corporate governance arrangements: boards had to be clear about the strategy and risk appetite of the company and to respond in a timely manner, requiring efficient reporting systems. They also needed to oversee risk management and remuneration systems compatible with their objectives and risk appetite.

However, the evidence cited in the following part points to severe weaknesses in what were broadly considered to be sophisticated institutions. The type of risk management that was needed is also related to the incentive structure in a company. There appears to have been in many cases a severe mismatch between the incentive system, risk management and internal control systems. The available evidence also suggests some potential reasons for the failures. Risk management: accepted by all, but the recent track record is poor

Risk models failed due to technical assumptions, but the corporate governance dimension of the problem was how their information was used in the organization The focus of this section about risk management does not relate to the technical side of risk management but to the behavioural or corporate governance aspect. Arguably the risk models used by financial institutions and by investors failed due to a number of technical assumptions including that the player in question is only a small player in the market. 5 The same also applies to stress testing.

While this is of concern for financial market regulators and for those in charge of implementing Pillar I of Basel II, it is not a corporate governance question. The corporate governance dimension is how such information was used in the organisation including transmission to the board. Although the Principles do make risk management an oversight duty of the board, the internal management issues highlighted in this section get less explicit treatment. Principle VI. D. 2 lists a function of the board to be “monitoring the effectiveness of the company’s management practices and making changes as needed”.

The annotations are easily overlooked but are highly relevant: monitoring of governance by the board also includes continuous review of the internal structure of the company to ensure that there are clear lines of accountability for management throughout the organisation. This more internal management aspect of the Principles might not have received the attention it deserves in Codes and in practice as the cases below indicate. Attention has focused on internal controls related to financial reporting, but not enough on the broader context of risk management

Attention in recent years has focused on internal controls related to financial reporting and on the need to have external checks and reporting such as along the lines of Sarbanes Oxley Section 404. 6 It needs to be stressed, however, that internal control is at best only a subset of risk management and the broader context, which is a key concern for corporate governance, might not have received the attention that it deserved, despite the fact that enterprise risk management frameworks are already in use (for an example, see Box 1).

The Principles might need to be clearer on this point. Box 1. An enterprise risk management framework In 2004, COSO defined Enterprise Risk Management (ERM) as “a process, effected by an entity’s board of directors, management and other personnel, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives”.

ERM can be visualised in three dimensions: objectives; the totality of the enterprise and; the framework. Objectives are defined as strategic, operations such as effective and efficient resource use, reporting including its reliability, and compliance with applicable laws and regulations. These will apply at the enterprise level, division, business unit and subsidiary level. The ERM framework comprises eight components: 1.

Internal environment: it encompasses the tone of an organisation, and sets the basis for how risk is viewed and addressed by an entity’s people 2. Objective setting: objectives must exist before management can identify potential events affecting their achievement 3. Event identification: internal and external events affecting achievement of an entity’s objectives must be identified, distinguishing between risks and opportunities 4. Risk assessment: risks are analysed, considering likelihood and impact, as a basis for determining how they should be managed . Risk response: management selects risk responses developing a set of actions to align risks with the entity’s risk tolerances and its risk appetite 6. Control activities: policies and procedures are established and implemented to help ensure the risk responses are effectively carried out 7. Information and communication: relevant information is identified, captured, and communicated throughout the organisation in a form and timeframe that enable people to carry out their responsibilities 8.

Monitoring: the entirety of enterprise risk management is monitored and modifications made as necessary Source: Committee of Sponsoring Organisations of the Treadway Commission. The financial turmoil has revealed severe shortcomings in risk management practices… Despite the importance given to risk management by regulators and corporate governance principles, the financial turmoil has revealed severe shortcomings in practices both in internal management and in the role of the board in overseeing risk management systems at a number of banks.

While nearly all of the 11 major banks reviewed by the Senior Supervisors Group (2008) failed to anticipate fully the severity and nature of recent market stress, there was a marked difference in how they were affected determined in great measure by their senior management structure and the nature of their risk management system, both of which should have been overseen by boards. Indeed, some major banks were able to identify the sources of significant risk as early as mid 2006 (i. e. when the housing market in the US started to correct and sub-prime defaults rose) and to take measures to mitigate the risk.

The Group reviewed firm’s practices to evaluate what worked and what did not, drawing the following conclusions: CDO exposure far exceeded the firms understanding of the inherent risks • In dealing with losses through to the end of 2007, the report noted that some firms made strategic decisions to retain large exposures to super senior tranches of collateralised debt obligations that far exceeded the firms understanding of the risks inherent in such instruments, and failed to take appropriate steps to control or mitigate those risks (see Box 2).

As noted below, in a number of cases boards were not aware of such strategic decisions and had not put control mechanisms in place to oversee their risk appetite, a board responsibility. In other cases, the boards might have concurred. An SEC report noted that “Bear Stearns’ concentration of mortgage securities was increasing for several years and was beyond its internal limits, and that a portion of Bear Stearns’ mortgage securities (e. g. adjustable rate mortgages) represented a significant concentration of mortgage risk”(SEC 2008b page ix).

At HBOS the board was certainly aware despite a warning from the FSA in 2004 that key parts of the HBOS Group were posing medium of high risks to maintaining market confidence and protecting customers (Moore Report). Understanding and control over potential balance sheet growth and liquidity needs was Limited • Some firms had limited understanding and control over their potential balance sheet growth and liquidity needs. They failed to price properly the risk that exposures to certain off-balance sheet vehicles might need to be funded on the balance sheet precisely when it became difficult or expensive to raise such funds externally.

Some boards had not put in place mechanisms to monitor the implementation of strategic decisions such as balance sheet growth. A comprehensive, co-ordinated approach by management to assessing firm-wide risk exposures proved to be successful… • Firms that avoided such problems demonstrated a comprehensive approach to viewing firm-wide exposures and risk, sharing quantitative and qualitative information more efficiently across the firm and engaging in more effective dialogue across the management team. They had more adaptive (rather than static) risk measurement processes and systems that could rapidly alter underlying ssumptions (such as valuations) to reflect current circumstances. Management also relied on a wide range Box 2. How a “safe” strategy incurred write downs USD 18. 7bn: the case of UBS By formal standards, the UBS strategy approved by the board appeared prudent, but by the end of 2007, the bank needed to recognise losses of USD 18. 7 bn and to raise new capital. What went wrong? UBS’s growth strategy was based in large measure on a substantial expansion of the fixed income business (including asset backed securities) and by the establishment of an alternative investment business.

The executive board approved the strategy in March 2006 but stressed that “the increase in highly structured illiquid commitments that could result from this growth plan would need to be carefully analysed and tightly controlled and an appropriate balance between incremental revenue and VAR/Stress Loss increase would need to be achieved to avoid undue dilution of return on risk performance”. The plan was approved by the Group board. The strategic focus for 2006-2010 was for “significant revenue increases but the Group’s risk profile was not predicted to change substantially with a moderate growth in overall risk weighted assets”.

There was no specific decision by the board either to develop business in or to increase exposure to subprime markets. "However, as UBS (2008) notes, “there was amongst other things, a focus on the growth of certain businesses that did, as part of their activities, invest in or increase UBS’s exposure to the US subprime sector by virtue of investments in securities referencing the sector”. Having approved the strategy, the bank did not establish balance sheet size as a limiting metric. Top down setting of hard limits and risk weighted asset targets on each business line did not take place until Q3 and Q4 2007.

The strategy of the investment bank was to develop the fixed income business. One strategy was to acquire mortgage based assets (mainly US subprime) and then to package them for resale (holding them in the meantime i. e. warehousing). Each transaction was frequently in excess of USD 1 bn, normally requiring specific approval. In fact approval was only ex post. As much as 60 per cent of the CDO were in fact retained on UBS’s own books. In undertaking the transactions, the traders benefited from the banks’ allocation of funds that did not take risk into account.

There was thus an internal carry trade but only involving returns of 20 basis points. In combination with the bonus system, traders were thus encouraged to take large positions. Yet until Q3 2007 there were no aggregate notional limits on the sum of the CDO warehouse pipeline and retained CDO positions, even though warehouse collateral had been identified as a problem in Q4 2005 and again in Q3 2006. The strategy evolved so that the CDOs were structured into tranches with UBS retaining the Senior Super tranches.

These were regarded as safe and therefore marked at nominal price. A small default of 4 per cent was assumed and this was hedged, often with monoline insurers. There was neither monitoring of counter party risk nor analysis of risks in the subprime market, the credit rating being accepted at face value. Worse, as the retained tranches were regarded as safe and fully hedged, they were netted to zero in the value at risk (VAR) calculations used by UBS for risk management. Worries about the subprime market did not penetrate higher levels of management.

Moreover, with other business lines also involved in exposure to subprime it was important for the senior management and the board to know the total exposure of UBS. This was not done until Q3 2007. Source: Shareholder Report on UBS's Write-Downs, 2008. of risk measures to gather more information and different perspectives on the same risk exposures and employed more effective stress testing with more use of scenario analysis. In other words, they exhibited strong governance systems since the information was also passed upwards to the board. …as did more active controls over the onsolidated balance sheet, liquidity, and capital • Management of better performing firms typically enforced more active controls over the consolidated organisation’s balance sheet, liquidity, and capital, often aligning treasury functions more closely with risk management processes, incorporating information from all businesses into global liquidity planning, including actual and contingent liquidity risk. This would have supported implementation of the board’s duties. Warning signs for liquidity risk which were clear during the first quarter of 2007 should have been respected

A marked feature of the current turmoil has been played by liquidity risk which led to the collapse of both Bear Stearns and Northern Rock7. Both have argued that the risk of liquidity drying up was not foreseen and moreover that they had adequate capital. However, the warning signs were clear during the first quarter of 2007: the directors of Northern Rock acknowledged that they had read the Bank of England’s Financial Stability Report and a FSA report which both drew explicit attention to liquidity risks yet no adequate emergency lending lines were put in place.

Countrywide of the US had a similar business model but had put in place emergency credit lines at some cost to themselves (House of Commons, 2008, Vol 1 and 2). It was not as if managing liquidity risk was a new concept. The Institute of International Finance (2007), representing the world’s major banks, already drew attention to the need to improve liquidity risk management in March 2007, with their group of senior staff from banks already at work since 2005, i. e. well before the turmoil of August 2007. Stress testing and related scenario analysis has shown numerous eficiencies at a number of banks Stress testing and related scenario analysis is an important risk management tool that can be used by boards in their oversight of management and reviewing and guiding strategy, but recent experience has shown numerous deficiencies at a number of banks. The Senior Supervisors Group noted that “some firms found it challenging before the recent turmoil to persuade senior management and business line management to develop and pay sufficient attention to the results of forward-looking stress scenarios that assumed large price movements” (p. ). This is a clear corporate governance weakness since the board is responsible for reviewing and guiding corporate strategy and risk policy, and for ensuring that appropriate systems for risk management are in place. The IIF report also noted that “stress testing needs to be part of a dialogue between senior management and the risk function as to the type of stresses, the most relevant scenarios and impact assessment”. Stress testing must form an integral part of the management culture so that results have a meaningful impact on business decisions. Clearly his did not happen at a number of financial institutions some of which might have used externally conceived stress tests that were inappropriate to their business model. Stress testing has been insufficiently consistent or comprehensive in some banks Stress testing is also believed to have been insufficiently consistent or comprehensive in some banks, which is more an implementation issue of great importance to the board. The IIF concluded that “firms need to work on improving their diagnostic stress testing to support their own capital assessment processes under Pillar II of the Basel Accord.

It is clear that firms need to ensure that stress testing methodologies and policies are consistently applied throughout the firm, evaluating multiple risk factors as well as multiple business units and adequately deal with correlations between different risk factors”. Some have taken on high levels of risk by following the letter rather than the intent of regulations In some cases, banks have taken on high levels of risk by following the letter rather than the intent of regulations indicating a box ticking approach.

For example, credit lines extended to conduits needed to be supported by banks’ capital (under Basel I) if it is for a period longer than a year. Banks therefore started writing credit lines for 364 days as opposed to 365 days thereby opening the bank to major potential risks. Whether boards were aware that capital adequacy reports to them reflected such practices is unclear although there is some indication that they did not know in some cases. Transmission of risk information has to be through effective channels, a clear corporate governance issue

Even if risk management systems in the technical sense are functioning, it will not impact the company unless the transmission of information is through effective channels, a clear corporate governance issue. In this respect it is interesting to note that “a recent survey of nearly 150 UK audit committee members and over 1000 globally, only 46 per cent were very satisfied that their company had an effective process to identify the potentially significant business risks facing the company and only 38 per cent were very satisfied with the risk reports they received from management” (KPMG, 2008).

In interpreting the survey, KPMG said: “recession related risks as well as the quality of the company’s risk intelligence are two of the major oversight concerns for audit committee members. But there is also concern about the culture, tone and incentives underlying the company’s risk environment, with many saying that the board and/or audit committee needs to improve their effectiveness in addressing risks that may be driven by the company’s incentive compensation structure”. A failure to transmit information can be due a silo approach to risk management

Another example of failure to transmit information concerns UBS. Although the group risk management body was alerted to potential subprime losses in Q1 2007, the investment bank senior management only appreciated the severity of the problem in late July 2007. Consequently, only on 6 August 2007, when the relevant investment bank management made a presentation to the Chairman’s office and the CEO, were both given a comprehensive picture of exposures to CDO Super Senior positions (a supposedly safe strategy) and the size of the disaster became known to the board.

The UBS report attributed the failure in part to a silo approach to risk management. Lower prestige and status of risk management staff vis-avis traders also played an important role At a number of banks, the lower prestige and status of risk management staff vis-a-vis traders also played an important role, an aspect covered by principle VI. D. 2 (see above). Societe Generale (2008) noted that there was a “lack of a systematic procedure for centralising and escalating red flags to the appropriate level in the organisation” (page 6).

But soft factors were also at work. “The general environment did not encourage the development of a strong support function able to assume the full breadth of its responsibilities in terms of transaction security and operational risk management. An imbalance therefore emerged between the front office, focused on expanding its activities, and the control functions which were unable to develop the critical scrutiny necessary for their role” (Page 7). One of the goals of their action programme is to “move towards a culture of shared esponsibility and mutual respect” (page 34). The inability of risk management staff to impose effective controls was also noted at Credit Suisse (FSA, 2008b). Testimony by the ex-head of risk at the British bank HBOS, that had to be rescued and taken over by Lloyds TSB, gives a picture of a bank management with little regard or care for risk management as it pursued its headlong rush into expanding its mortgage business. 8 An SEC report about Bear Stearns also noted “a proximity of risk managers to traders suggesting a lack of ndependence” (SEC 2008b). The issue of “tone at the top” is reflected in principle VI. C and in the Basel Committee’s principle 2 (the board of directors should approve and oversee the bank’s strategic objectives and corporate values that are communicated throughout the banking organisation) as well as principle 3 (the board of directors should set and enforce clear lines of responsibility and accountability throughout the organisation). Remuneration and incentive systems: strong incentives to take risk

Remuneration and incentive systems have played a key role in influencing financial institutions sensitivity to shocks and causing the development of unsustainable balance sheet positions It has been often argued that remuneration and incentive systems have played a key role in influencing not only the sensitivity of financial institutions to the macroeconomic shock occasioned by the downturn of the real estate market, but also in causing the development of unsustainable balance sheet positions in the first place.

This reflects a more general concern about incentive systems that are in operation in non-financial firms and whether they lead to excessive short term management actions and to “rewards for failure”. It has been noted, for instance, that CEO remuneration has not closely followed company performance. One study reports that the median CEO pay in S 500 companies was about USD 8. 4 million in 2007 and had not come down at a time the economy was weakening. 9 Board and executive remuneration Remuneration has to be aligned with the longer term interests of the company and its shareholders

Principle VI. D. 4 recommends that the board should fulfil certain key functions including “aligning key executive and board remuneration with the longer term interests of the company and its shareholders”. The annotations note that “it is regarded as good practice for boards to develop and disclose a remuneration policy statement covering board members and key executives. Such policy statements specify the relationship between remuneration and performance, and include measurable standards that emphasise the long run interests of the company over short term considerations”.

Implementation has been patchy. However, remuneration systems lower down the management chain might have been an even more important issue. The Basel Committee guidance is more general extending to senior managers: the board should ensure that compensation policies and practices are consistent with the bank’s corporate culture, long term objectives and strategy, and control environment (principle 6). Executive remuneration has been less analysed and discussed

Despite highly publicised parting bonuses for CEOs (Table 1) and some board members, executive remuneration has been much less analysed and discussed even though the academic literature has always drawn attention to the danger of incentive systems that might encourage excessive risk. 10 It is usual in most companies (banks and non-banks) that the equity component in compensation (either in shares or options) increases with seniority. One study for European banks indicated that in 2006, the fixed salary accounted or 24 per cent of CEO remuneration, annual cash bonuses for 36 per cent and long term incentive awards for 40 per cent (Ladipo et al. , 2008). This might still leave significant incentives for short run herding behaviour even if it involved significant risk taking. By contrast, one study of six US financial institutions found that top executive salaries averaged only 4- 6 per cent of total compensation with stock related compensation (and especially stock options in two cases) hovering at very high levels (Nestor Advisors, 2009).

It is interesting to note that at UBS, a company with major losses, long-term incentives accounted for some 70 per cent of CEO compensation and that the CEO is required to accumulate and hold shares worth five times the amount of the last three years’ average cash component of total compensation. Of course, such figures might be misleading since what matters for incentives is the precise structure of the compensation including performance hurdles and the pricing of options. Losses incurred via shareholdings (Table I) might also be partly compensated by parting payments.

Ladipo et al. also noted that only a small number of banks disclosed the proportion of annual variable pay subject to a deferral period11. Table 1. Examples of parting payments to CEOs Name and company Estimated payment Losses from options, shares etc Mudd, Fannie Mae USD 9. 3 million (withdrawn) n. a. Syron, Freddie Mac USD 14. 1 million (withdrawn) n. a. Prince, Citibank USD 100 million 50 % drop on share holdings of 31 million shares O’Neal, Merrill Lynch USD 161 million Loss on shares Cayne, Bear Stearns USD 425 million (sales in March 008 at USD 10 per share) Source: OECD. More investigation is required to determine the actual situation and the corporate governance implications of remuneration schemes A number of codes stress that executive directors should have a meaningful shareholding in their companies in order to align incentives with those of the shareholders. Only a few European banks had such formalised policies in 2006. However, the actual amount of stock owned by the top executive in each the bank was well above 100 per cent of annual fixed salary (Ladipo, p. 55).

With respect to non-executive directors, it is often argued that they should acquire a meaningful shareholding but not so large as to compromise the independence of the non-executive directors. Only a few European banks disclosed such policies. UBS actively encourages director share ownership and board fees are paid either 50 per cent in cash and 50 per cent in UBS restricted shares (which cannot be sold for four years from grant) or 100 per cent in restricted shares according to individual preference. Credit Suisse also has a similar plan.

However, one study (Nestor Advisors, 2009) reports that financial institutions that collapsed had a CEO with high stock holdings so that they should normally have been risk averse, whereas the ones that survived had strong incentives to take risks. 12 More investigation is required to determine the actual situation with respect to remuneration in the major banks more generally and the corporate governance implications. Incentive systems at lower levels have favoured risk taking and outsized bets Remuneration problems also exist at the sales and trading function level

Official as well as private reports have drawn attention also to remuneration problems at the sales and trading function level. 13 One central banker (Heller, 2008) has argued that the system of bonuses in investment banking provides incentives for substantial risk taking while also allowing no flexibility for banks to reduce costs when they have to: at the upper end, the size of the bonus is unlimited while at the lower end it is limited to zero. Losses are borne entirely by the bank and the shareholders and not by the employee. In support, he notes that the alleged fraud at Societe Generale was undertaken by a staff member ho wanted to look like an exceptional trader and achieve a higher bonus. Along the lines of Heller, the International Institute of Finance (2008b) representing major banks has proposed principles to cover compensation policies (Box 3) that illustrate the concerns about many past practices. Box 3. Proposed Principles of Conduct for Compensation Policies I. Compensation incentives should be based on performance and should be aligned with shareholder interests and long term, firm-wide profitability, taking into account overall risk and the cost of capital.

II. Compensation incentives should not induce risk-taking in excess of the firms risk appetite. III. Payout of compensation incentives should be based on risk-adjusted and cost of capitaladjusted profit and phased, where possible, to coincide with the risk time horizon of such profit. IV. Incentive compensation should have a component reflecting the impact of business unit’s returns on the overall value of related business groups and the organisation as a whole. V.

Incentive compensation should have a component reflecting the firm’s overall results and achievement of risk management and other goals. VI. Severance pay should take into account realised performance for shareholders over time. VII. The approach, principles and objectives of compensation incentives should be transparent to stakeholders. Source: Institute of International Finance (2008b), Final Report of the IIF Committee on Market Best Practices: Principles of Conduct and Best Practice Recommendations, Washington, D. C. Incentive structures eed to balance various interests The Senior Supervisors Group (2008, p. 7) noted that “an issue for a number of firms is whether compensation and other incentives have been sufficiently well designed to achieve an appropriate balance between risk appetite and risk controls, between short run and longer run performance, and between individual or local business unit goals and firm-wide objectives”. The concern was also shared by the Financial Stability Forum (2008). Financial targets against which compensation is assessed should be measured on a riskadjusted basis…

The private sector report (Institute of International Finance, 2008) also identified compensation as a serious issue: “there is strong support for the view that the incentive compensation model should be closely related by deferrals or other means to shareholders’ interests and longterm, firm-wide profitability. Focus on the longer term implies that compensation programs ought as a general matter to take better into account cost of capital and not just revenues. Consideration should be given to ways through which the financial targets against which compensation is assessed can be measured on a risk-adjusted basis” (p. 2). Some banks, such as JP Morgan, already build risk weighting into employees’ performance targets to recognise the fact that their activities are putting more capital at risk, but they are the exception rather than the rule. …which is more difficult if the internal cost of funds do not take account of risk These issues were picked up in the UBS report, which noted that the compensation and incentive structure did not effectively differentiate between the creation of alpha (i. e. return in excess of defined expectation) versus return from a low cost of funding.

In the case of UBS, the internal cost of funds did not take account of risk so that the traders involved in sub-prime could obtain finance at a low cost. This made sub-prime an attractive asset to carry long. Super senior tranches carried low margins so that the incentive was to expand positions to achieve a given level of bonus. The report goes on to note that “day 1 P treatment of many of the transactions meant that employee remuneration (including bonuses) was not directly impacted by the longer term development of the positions created.

The reluctance to allow variations between financial reporting and management accounting made it less likely that options to vary the revenue attributed to traders for compensation purposes would be considered (p. 42). Essentially, bonuses were measured against gross revenue after personal costs, with no formal account taken of the quality or sustainability of those earnings. Senior management, on the other hand, received a greater proportion of deferred equity. Incentive systems at sub-executive level are also a concern for nonfinancial companies

Incentive systems at sub-executive level are also a concern for nonfinancial companies. For example, transactions-based compensation and promotion might lead to corrupt practices contrary to company policies and interests. Audit Committees, a key component of the corporate governance structure, appear to becoming aware of the issues. Thus the KPMG survey noted that “[w]hile oversight of compensation plans may generally fall within the responsibility of the remuneration committee, audit committees are focusing on the risks associated with the company’s incentive compensation structure.

In addition to risks associated with an emphasis on short-term earnings, audit committees want to better understand the behaviour and risks that the company’s incentive plans encourage and whether such risks are appropriate. ” Basel II enables regulators to impose additional capital charges for incentive structures that encourage risky behaviour The Basel II capital accord contains mechanisms in pillar II enabling regulators to impose additional capital charges for incentive structures that encourage risky behaviour.

Indeed, the UK’s FSA has stated that they would consider compensation structures when assessing the overall risk posed by a financial institution but that it would stop short of dictating pay levels14. A leading Swiss banker is also quoted as saying that he expected regulators to use the second pillar of the Basel II accord to oblige banks to hold additional capital to reflect the risk of inappropriate compensation structures (Financial Times, 22 May 2008, p. 17). Risk policy is a clear duty of the board Deficiencies in risk management and distorted incentive ystems point to deficient board oversight Deficiencies in risk management and distorted incentive systems point to deficient board oversight. Principle VI. D. 1 recommends that “the board should fulfil certain key functions including reviewing and guiding corporate strategy, major plans of action, risk policy… while VI. D. 7 defines a key function to include “Ensuring the integrity of the corporation’s accounting and reporting systems …and that appropriate systems of control are in place, in particular systems of risk management, financial and operational control”.

Principle VI. D. 4 identifies the key functions of the board to include “aligning key executive and board remuneration with the longer term interests of the company and its shareholders”. The Basel Committee Guidance on corporate governance of banks (Basel Committee, 2006) looks more at how responsibilities are implemented: “the board of directors should set and enforce clear lines of responsibility and accountability throughout the organisation (principle 3)”.

A key area concerns internal controls (including in subsidiaries) which requires that “the material risks that could adversely affect the achievement of the bank’s goals are being recognised and continually assessed. This assessment should cover all risks facing the bank and the consolidated banking organisation (that is credit risk, country and transfer risk, market risk, interest rate risk, liquidity risk, operational risk, legal risk and reputational risk). Internal controls may need to be revised to appropriately address any new or previously uncontrolled risk” (Basel Committee, 1998). The annotations to Principle VI.

D. 7 note that “ensuring the integrity of the essential reporting and monitoring systems will require the board to set and enforce clear lines of responsibility and accountability throughout the organisation. The board will also need to ensure that there is appropriate oversight by senior management”. Financial companies are not unique in this regard even though the macroeconomic impacts of poor risk management are arguably more important Recent experiences in banks as well as in companies as different as Airbus, Boeing, Alsthom, BP and Siemens confirms the Steering Group’s standpoint on the importance of risk management.

Earlier cases include Metallgesellschaft and Sumitomo Corporation. Financial companies are not unique in this regard even though the macroeconomic impacts of poor risk management are arguably more important. Non-financial companies also face exchange rate and interest rate risks although operational risks such as outsourcing risks, loss of intellectual property rights, and investment risks in unstable areas might be more important. Box 4. Risk management issues in non-financial companies In recent years there have been numerous examples in major non-financial companies that have highlighted weaknesses and failures in risk management.

BP was hit by a refinery explosion in Texas. A commissioned report (the Baker Report) suggests that the risk was well known at lower levels in the company but that it was not adequately communicated to higher levels. This is similar to what happened at Societe Generale and at UBS. The refinery had been acquired as part of a M and it appears that risk management systems and culture had not been fully implemented at the new subsidiary, very similar to HSBC and UBS, the latter also with a new subsidiary.

BP also has complex risk models including a model for corrosion used in forecasting expenditures. After major oil spills in Alaska that resulted in suspended output, it was discovered that the model significantly under-estimated corrosion, raising question about testing risk models. Airbus has invested massively in a major investment in developing the large Airbus 380 aircraft. Such projects include substantial exchange rate risk as well as significant payments to customers in the case of late delivery.

Despite the substantial risks the company was taking, and which had been approved by the board, information about significant production delays came as a major surprise to the board of both Airbus and its controlling company EADS. Similar surprises were in store for boards at Citibank and UBS. Siemens represents a case of compliance risk with respect to breaking German and other laws covering bribery of foreign officials. The supervisory board of the company appeared not to have clearly specified their expectations and to have overseen their implementation.

The fact that the chairman of the board had been the CEO might not have been helpful in getting to grips with practices that had been ongoing for a number of years. Boeing also faced problems in breaching public tender rules, a serious risk for a major defence contractor. A number of banks have faced similar compliance problems in areas such as money laundering and in complying with local regulations (e. g. Citibank private bank in Japan actually lost its license). Source: OECD. But are they up to the task? Does the board obtain relevant information? In the wake of the financial crisis many oards of financial enterprises have been quite active, but why not before? In the wake of the financial crisis many boards of financial enterprises have been quite active with a number of CEO’s at problem banks being replaced. Tellingly, both Citibank and UBS have also announced board room departures to make way for new directors with “finance and investment expertise”. UBS has gone further and is eliminating the chairman’s office that has been widely criticised in the past by shareholders and Citibank has also restructured the board, eliminating the executive committee.

Shareholders have also become more active, especially with respect to voting against audit committee (or equivalent) members who have been held to higher standards of accountability than other board members. The fundamental issue is, Main conclusions The financial crisis can be to an important extent attributed to failures and weaknesses in corporate governance arrangements This article concludes that the financial crisis can be to an important extent attributed to failures and weaknesses in corporate governance arrangements.

When they were put to a test, corporate governance routines did not serve their purpose to safeguard against excessive risk taking in a number of financial services companies. A number of weaknesses have been apparent. The risk management systems have failed in many cases due to corporate governance procedures rather than the inadequacy of computer models alone: information about exposures in a number of cases did not reach the board and even senior levels of management, while risk management was often activity rather than enterprise-based. These are board responsibilities.

In other cases, boards had approved strategy but then did not establish suitable metrics to monitor its implementation. Company disclosures about foreseeable risk factors and about the systems in place for monitoring and managing risk have also left a lot to be desired even though this is a key element of the Principles. Accounting standards and regulatory requirements have also proved insufficient in some areas leading the relevant standard setters to undertake a review. Last but not least, remuneration systems have in a number of cases not been closely related to he strategy and risk appetite of the company and its longer term interests. Qualified board oversight and robust risk management is important The Article also suggests that the importance of qualified board oversight, and robust risk management including reference to widely accepted standards is not limited to financial institutions. It is also an essential, but often neglected, governance aspect in large, complex nonfinancial companies. Potential weaknesses in board composition and competence have been apparent for some time and widely debated.

The remuneration of boards and senior management also remains a highly controversial issue in many OECD countries. The OECD Corporate Governance Principles in these key areas need to be reviewed The current turmoil suggests a need for the OECD, through the Steering Group on Corporate Governance, to re-examine the adequacy of its corporate governance principles in these key areas in order to judge whether additional guidance and/or clarification is needed. In some cases, implementation might be lacking and documentation about the existing situation and the likely causes would be important.

There might also be a need to revise some advice and examples contained in the OECD Methodology for Assessing the Implementation of the OECD Principles of Corporate Governance. however, why boards were not effective in the years preceding the turmoil especially in view of the emphasis given in many countries in recent years to internal control even though it was restricted to financial accounts (e. g. SOX 404 certifications). Reports have not so far dealt in much depth with the role and performance of the boards

The available reports have not so far dealt in much depth with the role and performance of the boards, the focus being on documenting risk management failures. This is an unfortunate omission since it is a prime responsibility of boards to ensure the integrity of the corporation’s systems for risk management. A private sector report (Institute of International Finance, 2008a) has examined board performance concluding that “events have raised questions about the ability of certain boards properly to oversee senior managements and to understand and monitor the business itself”.

This is a potentially very worrying conclusion. There appears to be a need to re-emphasise the respective roles of the CEO and the board in the risk management process The IIF report stressed that a solid risk culture throughout the firm is essential but that there appears to be a need to re-emphasise the respective roles of the CEO and the board in the risk management process in many firms. The report goes on to make suggestions for strengthening Board oversight of risk issues; the boards need to be educated on risk issues and to be given the means to understand risk appetite and the firm’s performance against it.

A number of members of the risk committee (or equivalent) should be individuals with technical financial sophistication in risk disciplines, or with solid business experience giving clear perspectives on risk issues. A separation between risk and audit committees should be considered. However, form should not be confused with actual operation. At Lehman Brothers, there was a risk committee but it only met twice in both 2006 and 2007. Bear Stearns’ only established a full risk committee shortly before it failed.

Above all, boards need to understand the firm’s business strategy from a forward looking perspective, not just review current risk issues and audit reports. A survey of European banks indicate that risk management is not deeply embedded in the organisation, a clear corporate governance weakness Supporting information has been presented in a survey based on interviews with European banks (Ladipo et al. , 2008). All interviewed banks accepted that risk governance was a key responsibility of bank boards.

All the banks interviewed stressed that board priorities included defining the company’s risk appetite and indentifying emerging areas of risk. A number also noted that the board must ensure that risk appetite is a coherent reflection of the company’s strategic targets. With these expectations, it is important to note that a majority of the banks indicated that their boards were broadly knowledgeable rather than extremely knowledgeable of their company’s risk measurement methodology.

More importantly, only one third of the banks were confident that their strategy and planning functions had a detailed understanding of their companies’ risk measurement methodology (Ladipo, 2008, p. 45). This would indicate that risk management is not deeply embedded in the organisation, a clear corporate governance weakness. A good example is provided in the UBS report which noted that the strategic decision to build rapidly a fixed income business (i. e. achieve significant market share) was not associated with a orresponding change to risk policy and risk appetite and a requirement for appropriate indicators. On the other hand, there are worries about the board oversight model of corporate governance: one bank noted that “risk issues are increasingly becoming too specialist for meaningful oversight by the whole board” (op. cit. , p. 47). Risk management information was not always appropriate or available to the board Reports have documented that risk management information was not always available to the board or in a form corresponding to their monitoring of risk. 15 An important Principle in this respect is VI.

F, which states that: “In order to fulfil their responsibilities, board members should have access to accurate, relevant and timely information”. 16 The efficiency of the risk management process and its connection to board oversight has led a number of companies to establish a Chief Risk Officer (CRO) with board membership in unitary board systems. With an appropriate mandate, CROs can potentially provide a strong internal voice for risk management Achieving a strong internal voice for risk management will depend on firm specifics such as size and complexity.

It has been done successfully where the CRO reports directly to the CEO or where the CRO has a seat on the board or management committee. In many cases, the CRO will be engaged directly on a regular basis with a risk committee of the board, or when there is not one, with the audit committee. This area might need more attention in the Principles that are still focused on internal controls for financial reporting. Some banks make it a practice for the CRO to report regularly to the full board to review risk issues and exposures, as well as more frequently to the risk committee.

The IIF study concluded that to have a strong, independent voice, the CRO should have a mandate to bring to the attention of both line and senior management or the board any situation that could materially violate risk-appetite guidelines. Similar arrangements have often been introduced to support the work of internal auditors. Board composition The composition of risk committees is also an important issue As with an audit committee, the composition of any risk committee is also an important issue17.

Ladipo reports that in their sample of 11 European banks with risk committees (Figure I), a half staffed their committees with non-executive directors. However, they also reported that in such cases the CEO, the CFO and the CRO were always in attendance at the committee meetings and are reported to have played a major role in the committee’s deliberations. In two cases, including UBS, non-executive directors comprised only a third of the risk committee. Whether committees staffed by non-executive directors but where officers of the company play a key role differ from those where executives are actual members is a key policy concern.

Presumably, the Senior Supervisors Group has sufficient experience to make such a judgement: in at least one case they formed the judgement that there is indeed a difference. In the US, a number of financial institutions do not have a separate risk committee but rather have made it a matter for the audit committee. One Survey reports that audit committees feel that their effectiveness may be hampered - or negatively impacted - by overloaded agendas and compliance activities (KPMG, 2008).

The legal requirement in the US for audit committees to have only independent directors distorts the information content of Figure I for the US. Figure 1. Non-executive directors as a percentage of the Risk Committee Source: Ladipo, D. et al. (2008), Board profile, structure and practice in large European banks, Nestor Advisors, London. The quality of board members is a particular concern, but fit and proper person tests often do not fully address the issue of competence The quality of board members is a particular concern of bank supervisors who often set fit and proper person tests.

However, such tests do not fully address the issue of competence in overseeing a significant business that is an issue for shareholders and other stakeholders. The issue of board competence is addressed by Principle VI. E that states that “the board should be able to exercise objective independent judgement on corporate affairs”. The annotations note that a negative list for defining when an individual should not be regarded as independent can usef

Cite this page