Upload
lengoc
View
215
Download
1
Embed Size (px)
Citation preview
G R E E N B E R G T R A U R I G , L L P | A T T O R N E Y S A T L A W | W W W . G T L A W . C O M
©2013 Greenberg Traurig, LLP. All rights reserved.
Thomson Reuters Video Webinar
Lessons Learned: Risk Management, Ethics
and Governance
August 1, 2013
Robert Bostrom │Shareholder │[email protected] │212.801.6714
07/30/13
Greenberg Traurig, LLP | gtlaw.com
CONTENTS
I. Introduction:
– Pre-Sarbanes Oxley
– Post Sarbanes-Oxley: Financial Fraud and Legal/Compliance Breakdowns Continued
– Current Environment: Critical Need for Enterprise-Wide Risk Management and Governance
II. Recent History
– 2007-2008 Financial Crisis
– Causes
– Post Dodd-Frank Events
– Why Do these Events Continue
2
Greenberg Traurig, LLP | gtlaw.com
CONTENTS
III. Post Dodd-Frank: Financial Fraud and Legal/Compliance Breakdowns Continue
IV. What to do
– Develop a Risk Management Culture and Ethical Culture
– Develop Effective ERM and Crisis-Management Process and Governance at the Board and Management Levels
3
Greenberg Traurig, LLP | gtlaw.com
INTRODUCTION
“When the music stops, in terms of liquidity, things will get complicated. But as long as the music is playing, you’ve got to get up and dance. We’re still dancing.
The depth of the pools of liquidity is so much larger than it used to be that a disruptive event now needs to be much more disruptive than it used to be.
At some point, the disruptive event will be so significant that instead of liquidity filling in, the liquidity will go the other way. I don’t think we’re at that point.”
Chuck Prince, Citigroup CEO, “Citigroup chief stays bullish on buy-outs,” Financial Times, July 9, 2007
4
Greenberg Traurig, LLP | gtlaw.com
INTRODUCTION
> Different Kinds of Risk Events
– Fraud
– Violations of law and compliance
– Excessive risk-taking
– External market or environmental events
– Previously acceptable market practices that retroactively become the subject of enforcement actions
5
Greenberg Traurig, LLP | gtlaw.com
INTRODUCTION: PRE-SARBANES OXLEY
> By 2000, corporate scandals involving Enron, WorldCom, and a host of others leading up to the enactment of Sarbanes-Oxley made it clear that traditional corporate governance structures, internal controls and risk management systems did not address the challenges faced by companies and Boards of Directors.
6
Greenberg Traurig, LLP | gtlaw.com
INTRODUCTION: PRE-SARBANES OXLEY
> Events subsequent to Sarbanes-Oxley suggest that Sarbanes-Oxley was not the answer as reports and disclosures of accounting irregularities, earnings restatements, violations of law, enforcement actions, and corporate governance breakdowns continued.
7
Greenberg Traurig, LLP | gtlaw.com
INTRODUCTION: POST SARBANES OXLEY
> After Sarbanes Oxley from 2002 through 2005 Freddie Mac, Fannie Mae, the New York Stock Exchange, a number of mutual fund complexes, Halliburton, AOL Time-Warner, Tenet Healthcare, Raytheon, Vivendi, Parmalat and other companies were the subject of headlines.
8
Greenberg Traurig, LLP | gtlaw.com
INTRODUCTION: POST SARBANES OXLEY
> Investigations and reports issued in connection with these events identified the same fundamental breakdowns of corporate governance.
9
Greenberg Traurig, LLP | gtlaw.com
INTRODUCTION: POST SARBANES OXLEY
> The Report of the Special Examination of Freddie Mac, the Report on Fannie Mae, the Report on Corporate Governance for the Future of MCI, and the multiple Reports of the Court-Appointed Examiner in the Enron Bankruptcy, identified problems and proposed recommendations with disturbingly similar themes.
10
Title of PresentationGreenberg Traurig, LLP | gtlaw.com
INTRODUCTION: POST SARBANES OXLEY
> The problems identified include:
– Inappropriate corporate culture and tone at the top
– Ineffective compliance and risk management systems
– Inadequate internal control structure
– Executive compensation programs
11
Greenberg Traurig, LLP | gtlaw.com
INTRODUCTION: POST SARBANES OXLEY
– Inadequate disclosure and transparency
– Inadequate Board oversight as a result of a variety of factors including
Cronyism
Lack of relevant knowledge
Inattention to duties and responsibilities
12
Greenberg Traurig, LLP | gtlaw.com
INTRODUCTION: POST SARBANES OXLEY
> The key themes which merged were the importance of an ethical culture, transparency, trust, accountability, governance, reputation and independence.
13
Greenberg Traurig, LLP | gtlaw.com
INTRODUCTION: POST SARBANES OXLEY
> As a result of these developments and continuing legislative and regulatory changes, there was increased pressure in the Board room. In addition, there were a number of sources of pressure that pushed companies to go beyond the stated requirements of the law regarding risk management and corporate governance practices.
> Nonetheless, we were about to enter a new chapter, even after Sarbanes Oxley.
14
Greenberg Traurig, LLP | gtlaw.com
CRITICAL NEED FOR EFFECTIVE RISK
MANAGEMENT
> Consequences flowing from a headline event are extremely severe in the current environment because of:
– the politicization of headline events,
– the criminalization of corporate events,
– the extreme and activist reaction of shareholders and the public, and
– the velocity of consequences.
15
Greenberg Traurig, LLP | gtlaw.com
CRITICAL NEED FOR EFFECTIVE RISK
MANAGEMENT
> The importance of preventative enterprise-wide risk management programs and post-event crisis management programs is magnified by the exponential multiplier effect of the consequences of a headline event.
16
Greenberg Traurig, LLP | gtlaw.com
IMPORTANCE OF ERM
> Historically an event could lead to SEC, criminal and civil actions
> New era now -- Congressional Hearings and investigations, intervention by the Executive Branch, actions by State AGs, public vilification, political and governmental reactions, shareholder reaction, customer reaction, executive officer dismissals, and more.
17
Greenberg Traurig, LLP | gtlaw.com
VELOCITY AND POLITICIZATION OF
CONSEQUENCES
> For example, a headline event in 2012 led to 14 consequences in the first 10 days of public reporting:
– SEC investigation
– DOJ investigation
– FBI investigation
– Civil class actions
– Congressional hearings
– Internal investigations
18
Greenberg Traurig, LLP | gtlaw.com
VELOCITY AND POLITICIZATION OF
CONSEQUENCES
– Congressional legislative reaction
– Political reaction
– Shareholder activism – unsuccessful efforts to split CEO and Chairman
– Public vilification
– Executive officer dismissals
19
Greenberg Traurig, LLP | gtlaw.com
VELOCITY AND POLITICIZATION OF
CONSEQUENCES
– Significant market cap loss
– Fitch rating downgrade
– CFTC investigation
> One year later renewed controversy to split Chairman and CEO roles and a 1500 page Congressional Investigative Report.
20
Greenberg Traurig, LLP | gtlaw.com
NEED FOR AN ERM PROGRAM AND A CRISIS-
MANAGEMENT PLAN
> Unintended Consequences.
> Publicity and headlines are very “sticky” – they seem to last indefinitely.
21
Greenberg Traurig, LLP | gtlaw.com
GLOBAL BANK $407 MILLION LOSS IN 2007
Report of Investigation by the Board, April 2008.
Conclusions:
1. Charged senior management with a “failure to demand holistic risk assessment,” a “failure to manage [its] agenda,” and a “lack of succession planning.”
22
Greenberg Traurig, LLP | gtlaw.com
GLOBAL BANK $407 MILLION LOSS IN 2007
2. Critical of the firm’s risk management controls and testing methodologies, asserting “complex and incomplete risk reporting,” “lack of substantive assessment,” “inadequate systems,” “lack of strategic coordination,” and “inability to accurately assess valuation risk on a timely basis.”
3. Board processes also lacked accountability for evaluating the firm’s risk exposures, assessments, and management.
23
Greenberg Traurig, LLP | gtlaw.com
RECENT HISTORY: 2007-2008 FINANCIAL
CRISIS – WHO, WHAT and WHY?
> Washington Mutual
> Merrill Lynch
> Lehman
> Bear Stearns
> Wachovia
> Fannie Mae
24
Greenberg Traurig, LLP | gtlaw.com
RECENT HISTORY: FINANCIAL CRISIS –
WHO, WHAT and WHY?
> Freddie Mac
> Countrywide
25
Greenberg Traurig, LLP | gtlaw.com
FINANCIAL CRISIS INQUIRY COMMISSION –
INQUIRY REPORTRED FLAGS
– Explosion in subprime lending and securitization
– Unsustainable rise in housing prices
– Widespread reports of predatory lending practices
– Dramatic increases in household debt
27
Greenberg Traurig, LLP | gtlaw.com
FINANCIAL CRISIS INQUIRY COMMISSION –
INQUIRY REPORT
– Exponential growth in financial firms trading activities
– Unregulated derivatives
– Short term lending “repo markets”
All previously acceptable business activities.
28
Greenberg Traurig, LLP | gtlaw.com
FINANCIAL CRISIS INQUIRY COMMISSION –
INQUIRY REPORT
Causes:
> Dramatic failures of corporate governance and risk management
> Reliance on mathematical models replacing judgment – risk management became risk justification
> Compensation systems encouraged short term gain with no long term consequences.
29
Greenberg Traurig, LLP | gtlaw.com
FINANCIAL CRISIS INQUIRY COMMISSION –
INQUIRY REPORTCauses:
> Failure to convey information to executive management about risk –
– Senior executives lack of awareness of $79 billion derivative exposure
– Executive management lack of knowledge of $55 billion of exposure to mortgage securities.
> Breakdown in accountability and ethics
30
Greenberg Traurig, LLP | gtlaw.com
PERMANENT SUB-COMMITTEE REPORT
> Wall Street and Financial Crisis: Anatomy of a
Financial Collapse Report of the Permanent Sub-
Committee on Investigations; United States Senate:
April 13, 2011, 635 Page Final Report
– Conflicts of interest
– Needless risk-taking
32
Greenberg Traurig, LLP | gtlaw.com
PERMANENT SUB-COMMITTEE REPORT
– Failures of Federal oversight – overruling and intimidating weak regulators
– Inflated credit ratings
– Investment bank abuses
– Knowingly selling toxic securities for fees
– Governance breakdown
33
Greenberg Traurig, LLP | gtlaw.com
LEHMAN BROTHERS EXAMINER’S REPORT
March 11, 2010 (2209 pages)
Observations
> Changed business strategy marked by aggressive growth and risk
> Significantly greater risk
> Substantial increase in leverage
> Relaxation of risk controls to accommodate changed strategy
> Compensation system rewarded excessive risk and leverage
34
Greenberg Traurig, LLP | gtlaw.com
LEHMAN EXAMINER’S REPORT
> Desperation
> Lack of transparency with the Board
> Faulty valuation procedures
> No risk culture
35
Greenberg Traurig, LLP | gtlaw.com
LEHMAN EXAMINER’S REPORT
> Arcane, outdated IT internal control systems
> Lost confidence of lenders and counterparties
> Senior management disregard for risk managers, risk policies, risk limits
36
Greenberg Traurig, LLP | gtlaw.com
LEHMAN EXAMINER’S REPORT
> Repeatedly going to Board to raise risk limits and continually exceeding risk limits
> Removal of CRO
> Other banks were doing it
> Risk management model not changed to reflect new risky business model
37
Greenberg Traurig, LLP | gtlaw.com
LEHMAN EXAMINER’S REPORT
> Not responding to internal audit findings
> Inadequate stress testing
> Doubling down
> Terminations for failure to meet revenue targets
38
Greenberg Traurig, LLP | gtlaw.com
POST DODD-FRANK: FINANCIAL FRAUD AND
LEGAL/COMPLIANCE BREAKDOWNS
> Dodd-Frank Wall Street Reform and Consumer Protection Act enacted July 21, 2010.
39
Greenberg Traurig, LLP | gtlaw.com
POST 2008 CRISIS - NON-FINANCIAL -
HEADLINE EVENTS
> BP
> Toyota
> News Corp
> Massey
> Chesapeake Energy
> Siemens
40
Greenberg Traurig, LLP | gtlaw.com
POST DODD-FRANK: LEGAL COMPLIANCE –
HEADLINE EVENTS
– BSA/AML
– FCPA
– OFAC
> Leading to criminal enforcement actions and/or supervisory consent orders involving DPAs, NPAs, and civil action including remediation plans and monitors
41
Greenberg Traurig, LLP | gtlaw.com
POST DODD-FRANK: LEGAL COMPLIANCE
> Global Bank: $2.0 billion fines and sanctions
– Anti-money laundering and sanctions violations
> Global Bank: $619 million fines and sanctions
– Illegal transactions with OFAC Sanctioned Countries
> Global Bank: $298 million fines and sanctions
– Illegal transactions with OFAC Sanctioned Countries
42
Greenberg Traurig, LLP | gtlaw.com
POST DODD-FRANK: STILL HAPPENING!
> Bribery and corruption are still widespread
> 39% of respondents reported bribery or corrupt practices occur frequently
> Control environment not strong enough
> Tone at the top diluted by failure to penalize misconduct
Source: 2012 E&Y 12th Global Fraud Survey
43
Greenberg Traurig, LLP | gtlaw.com
STILL HAPPENING!
> CFO respondents
– 15% willing to make cash payments
– 4% willing to misstate financial performance
– 46% attended anti-corruption training
– 46% of respondents said company would cut corners to meet targets
Source: 2012 E&Y 12th Global Fraud Survey
44
Greenberg Traurig, LLP | gtlaw.com
WHY DO THESE EVENTS CONTINUE?
> It Can’t Happen Here – Arrogant Suspension of Belief
45
Greenberg Traurig, LLP | gtlaw.com
SUSPENDING DISBELIEF – IT CAN HAPPEN
HERE, LEHMAN
> “At no point in time, until that Sunday, did I think it was a real possibility…..I did not think such a stupid decision could be made by intelligent people.”
Source: Lehman Lawyer, Corporate Counsel Magazine
46
Greenberg Traurig, LLP | gtlaw.com
WHY?
> If it is too good to be true, it probably is not
> Relationship between risk and reward
47
Greenberg Traurig, LLP | gtlaw.com
WHY?
> No one expected the unexpected
– House prices to fall
– Commercial paper markets to shut down
– Conservatorship
– No government bailout
– Greece, Cyprus, Spain, Italy
– Arab Spring
48
Greenberg Traurig, LLP | gtlaw.com
WHY?
> Failure to escalate and report
– “Doubling down” to avoid problems
– It ain’t the crime – it’s the cover-up
49
Greenberg Traurig, LLP | gtlaw.com
WHY?
> Everyone else is doing it….
– Safety in numbers
– Can't all be wrong
– Competitive disadvantage
– It is legal
50
Greenberg Traurig, LLP | gtlaw.com
WHY?
> Absence of an effective Enterprise-Wide Risk Management System at Board and Management Levels to proactively identify, assess, prioritize and mitigate risk.
51
Greenberg Traurig, LLP | gtlaw.com
WHY?
NO RISK CULTURE
> Lack of awareness and priority
> Complacency
> Arrogance
> Reliance on models
> Suspension of belief
> Accountability
> Escalation
> Clear roles and responsibilities
52
Greenberg Traurig, LLP | gtlaw.com
WHY?
EPM and Compensation Systems
> Rewarded the wrong behavior
> Did not incentivize the right behavior
53
Greenberg Traurig, LLP | gtlaw.com
WHY? - Lack of Sensitivity
> Stay sensitized
> Constant “headline training” and awareness
> Stay ever vigilant and mindful
> Be skeptical
> Constantly adjust risk-reward balance and risk tolerance
> Trust but verify
54
Greenberg Traurig, LLP | gtlaw.com
WHY?
Inadvertent vs. Advertent
> Inadvertent
– Lack of sensitivity and awareness leads to “bad” decisions or no decisions
– Business “justification” or “rationalization” clouds judgment – whether risk or violation of law or both
– Formal and informal reminders – training, tone at the top, risk culture
55
Greenberg Traurig, LLP | gtlaw.com
WHY?
> Ignoring Red Flags
– Lack of sensitivity
– Not seeing
– Disbelief
– Business justification
– Lack of verification
56
Greenberg Traurig, LLP | gtlaw.com
WHY?
> Regulatory arrogance
> Absence of regulatory and enforcement sensitivity
57
Greenberg Traurig, LLP | gtlaw.com
WHY?
Long-Standing Market Behavior
> Be aware of, and always self-assess, long-standing market behavior and activity
– Libor rate setting
– Market-timing cases
– Off-shore tax havens
58
Greenberg Traurig, LLP | gtlaw.com
WHY?
> Absence of a sound stress test and contingency plan to identify potential problems and risks, crisis management plans, and risk-adjusted analysis of business activities based on geography, lines of business, organization and governance.
59
Greenberg Traurig, LLP | gtlaw.com
WHY?
Models Failed
> Always think critically – be skeptical
> Use judgment
60
Greenberg Traurig, LLP | gtlaw.com
WHY?
> Absence of thinking forward with hindsight
– How will actions today be viewed with the benefit of hindsight
61
Greenberg Traurig, LLP | gtlaw.com
WHY?
Accountability
> Acceptance/tolerance of de minimus violations of law because there is “no harm” and the business or individual is a key producer or part of management.
62
Greenberg Traurig, LLP | gtlaw.com
WHY?
Use of Independent Reviews
> Need to conduct periodic third party assessments before problems occur to ensure periodic, objective, unbiased assessments of governance and risk management practices and business practices.
> Learn from mistakes
– Root cause analysis of problems after they occur
63
Greenberg Traurig, LLP | gtlaw.com
WHY?
> Management and Board indifference and tolerance of Internal Audit findings not being remediated
64
Greenberg Traurig, LLP | gtlaw.com
WHY?
> Lack of independence of internal control functions
– Legal
– Audit
– Compliance
– Risk
– Internal controls
65
Greenberg Traurig, LLP | gtlaw.com
WHY?
> Ineffective internal controls and ethical culture
> DOJ prosecution of investment bank employee for FCPA violations but not investment bank because it maintained an effective system of internal controls and culture designed to prevent violations of law.
66
Greenberg Traurig, LLP | gtlaw.com
WHY?
> Failure to focus on, identify and manage risk in significant business transformations
67
Greenberg Traurig, LLP | gtlaw.com
FAILURE OF MF GLOBAL HOLDINGS OCTOBER,
2011
> Report of Investigation of Louis Freeh, Chapter 11 Trustee of MF Global Holdings – February 16, 2012
Observations:
‒ Risky business strategy
‒ Significant business strategy transformation
‒ Inadequate systems and procedures
68
Greenberg Traurig, LLP | gtlaw.com
FAILURE OF MF GLOBAL HOLDINGS OCTOBER,
2011
> Failure to learn from earlier risk management failures
> Adoption of risk framework that was never fully implemented or embraced by management
– Escalation policy
– ERM policy
69
Greenberg Traurig, LLP | gtlaw.com
FAILURE OF MF GLOBAL HOLDINGS OCTOBER,
2011
> Failure to develop procedures to implement risk framework
> No stress testing
> Management ignoring internal audit reports of significant deficiencies
– Only 2 of 32 remediated – including implementation gaps in risk control systems
70
Greenberg Traurig, LLP | gtlaw.com
FAILURE OF MF GLOBAL HOLDINGS OCTOBER,
2011
> Lack of appropriate systems for liquidity monitoring
> Pattern of continued and sustained requests to the Board to increase exposure limit from $2 billion to over $8.5 billion
> Demotion and departure of Chief Risk Officer
71
Greenberg Traurig, LLP | gtlaw.com
FAILURE OF MF GLOBAL HOLDINGS OCTOBER,
2011
> “Doubling down”
> Suspension of belief – it can’t happen
> Governance breakdown
> No risk management culture
72
Greenberg Traurig, LLP | gtlaw.com
LIBOR RATE SCANDAL
> Major global bank agrees to pay $360 million to settle with the Commodity Futures Trading Commission and the Department of Justice over LIBOR interest rate manipulation charges on June 26, 2012.
73
Greenberg Traurig, LLP | gtlaw.com
LIBOR RATE SCANDAL – WHY?
> Bank Board of Directors commissioned an Independent Review: a 265 page Independent Review of the Bank’s Business Practices, released in April 2013
74
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: COMPENSATION
> “There was an over-emphasis on short-term financial performance, reinforced by remuneration systems that tended to reward revenue generation rather than serving the interests of customers and clients.”
75
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: BUSINESS
TRANSFORMATION
> “However, it is our view that this rapid journey, from a primarily domestic retail bank to a global universal bank twenty or so years later, gave rise to cultural and other growth challenges. The result of this growth was that Bank became complex to manage, tending to develop silos with different values and cultures.”
76
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: RISK CULTURE
AND CONTROL FRAMEWORK
> “To develop a consistently strong risk culture, Bank should communicate clear statements as to its Group risk appetite for all types of risk; embed adherence to Group risk appetite into all business units; reinforce limits with strong management action for breaches; and embed risk and compliance criteria in performance evaluations, and in remuneration and promotion decisions.”
77
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: ABSENCE OF
CULTURE OF ISSUE ESCALATION
> Bank should maintain robust arrangements for raising concerns (“whistleblowing”) which are perceived to protect those raising them and to lead to actions being taken to address the underlying culture and values issues. There should be regular reports to the Board which are detailed enough for the Board to form insights and to the culture and behaviors within the organization.
78
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: ABSENCE OF
CULTURE OF ESCALATION
> “There is also evidence from Bank’s internal Employee Opinion Survey of a cultural unwillingness to escalate issues. A significant proportion of employees in the investment bank, for example, said that they were “reluctant to report problems to management”, and that they did not feel able to “report unethical behavior without fear of reprisal”.
79
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: CHECK THE BOX
> “These problems may have been caused, in part, by an inconsistent implementation of operational risk policies. In some business, Risk Control Assessments (RCAs), were viewed by the businesses as a ‘box ticking’ exercise and the responsibility of the Operational Risk function.”
80
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: COMMUNICATION OF
IMPORTANCE OF RISK MANAGEMENT
> “To develop a consistently strong risk culture, Bank should communicate clear statements as to its Group risk appetite into all business units; reinforce limits with strong management action for breaches; and embed risk and compliance criteria in performance evaluations, and in remuneration and promotion decisions.
81
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: ABSENCE OF
CULTURE OF ESCALATION
> “There was also in some parts of the Group a sense that senior management did not want to hear bad news and that employees should be capable of solving problems. This contributed to a reluctance to escalate issues of concern.”
> “Bank should foster a culture where employees feel that escalating issues is safe and valued.”
82
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: LEARN FROM
MISTAKES
> “Bank should maintain effective processes for learning from its mistakes. It should endeavor to understand and address underlying root causes of issues so as to be able to apply lessons learned more broadly. Investigations should be carried out following a consistent Group-wide methodology.”
83
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: IDENTIFICATION
AND INTEGRATION OF RISK> “Bank should ensure its conduct, reputational and
operational risk framework includes the articulation of a tangible risk appetite statement and mechanisms to ensure that conduct, reputational and operational risk are fully factored into business decisions and governance.
84
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS:
LACK OF ACCOUNTABILITY
> “We did not find it easy to discern who is responsible for each aspect of the daily management of risks and the associated controls. This is important if performance management is to reinforce accountability for risk…. In addition, risk and control themes were rarely mentioned in the actual performance assessments and were typically not explicitly weighted in the overall performance grade.”
85
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: LACK OF
INDEPENDENCE OF CONTROL FUNCTIONS
> “Most of the control functions in the business units reported directly to the business unit management as their primary reporting line. While we acknowledge that this enabled the function to collaborate closely with the business, we consider such arrangements could compromise their ability to challenge the business.”
86
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: LEARN FROM
OTHER HIGH RISK INDUSTRIES
> The banking industry can and should learn from the
business practices of other high-risk industries, for
example:
– focusing leadership and operational discipline on areas
of highest risk
– creating mechanisms for sharing risk-related data cross-
industry
– fostering a culture of speaking up
– working collaboratively with regulators and with other
stakeholders
87
Greenberg Traurig, LLP | gtlaw.com
REPORT CONCLUSIONS: LEARN FROM
OTHER HIGH RISK INDUSTRIES
– continually evaluating risks and the appropriateness of
business practices
– maintaining a balanced view of the different risks faced
– being vigilant about industry-wide practices which may
cause reputational and other risks
– focusing on managing not only individual or business-
level risks, but also organization-level and systemic
industry risks.
88
Greenberg Traurig, LLP | gtlaw.com
WHAT TO DO: REPORT OF SENIOR
SUPERVISORY GROUP: OBSERVATIONS ON
RISK MANAGEMENT PRACTICES DURING THE
RECENT MARKET TURBULENCE, MARCH 6, 2008
89
Greenberg Traurig, LLP | gtlaw.com
2008 REPORT
Summary of Key Observations and Conclusions
> Four Firm-Wide Risk Management Practices That Differentiated Performance
– Effective firm-wide risk identification and analysis
– Consistent application of independent and rigorous valuation practices across the firm
– Effective management of funding, liquidity, capital, and the balance sheet
– Informative and responsive risk measurement and management reporting and practices
90
Greenberg Traurig, LLP | gtlaw.com
2008 REPORT
Summary of Key Observations and Conclusions
> Senior Management Oversight that Differentiated Performance
– Balance between Risk Appetite and Risk Controls
– Senior Management’s Role in Understanding and Acting on Emerging Risks
– Timing and Quality of Information Flow up to Senior Management
– Breadth and Depth of Internal Communication across the Firm
91
Greenberg Traurig, LLP | gtlaw.com
2009 REPORT OF SENIOR SUPERVISORY
GROUP: RISK MANAGEMENT LESSONS
LEARNED FROM THE GLOBAL BANKING
CRISIS OF 2008, OCTOBER 21, 2009
Board Direction and Senior Management
> Increase board and executive engagement and to strengthen the resources, stature, and authority of risk management by:
– Increasing board and senior management engagement in risk management
92
Greenberg Traurig, LLP | gtlaw.com
2009 REPORT
Board Direction and Senior Management
> Improving risk reporting to the board and senior management
> Strengthening committee charters and the role of auditors and risk managers, including the chief risk officer’s membership on management committees
> Incorporating finance group into the risk management processes
93
Greenberg Traurig, LLP | gtlaw.com
2009 REPORT
Articulating Risk Appetite
> Insufficient evidence of board involvement in setting and monitoring adherence to firms’ risk appetite.
> Risk appetite statements are generally not sufficiently robust; such statements rarely reflect a suitably wide range of measures and lack actionable elements that clearly articulate firms’ intended responses to losses of capital and breaches in limits.
94
Greenberg Traurig, LLP | gtlaw.com
2009 REPORT
Compensation Practices
> Most firms recognize that past compensation practices were driven by the need to attract and retain staff and were often not integrated within firms’ control environments.
> Firms note the need to align better compensation with the risk appetite and are considering initial steps in this direction.
> Supervisors are concerned about the durability of proposed changes.
95
Greenberg Traurig, LLP | gtlaw.com
2009 REPORT
Information Technology Infrastructure
> The importance of a resilient IT environment with sufficient processing capacity in periods of stress is becoming increasingly evident.
> Firms are constrained in their ability to effectively aggregate and monitor exposures across counterparties, businesses, risk strands, and other dimensions because of ineffective information technology and supporting infrastructure.
96
Greenberg Traurig, LLP | gtlaw.com
2009 REPORT
Risk Aggregation and Concentration Identification
> Self-assessment responses suggest that identification of risk concentrations is an area of weakness; firms are now looking to automate identification of concentrations by counterparty, product, geography, and other classes.
97
Greenberg Traurig, LLP | gtlaw.com
2009 REPORT
Stress Testing
> Firms report enhancements to and increased use of stress testing to convey risk to senior management and boards, although significant gaps remain in their ability to conduct firm-wide tests; credibility of extreme scenarios, despite recent events, remains an issue for some firms. (emphasis supplied)
98
Greenberg Traurig, LLP | gtlaw.com
2009 REPORT
Liquidity Risk Management
> Organizational efforts to improve the coordination and
interaction between the treasury function, the risk
management function, and the business lines. The
extent to which such changes are formalized into
policies and procedures – and more important,
ingrained into the corporate culture – will determine
their sustainability and effectiveness. (emphasis
supplied)
99
Greenberg Traurig, LLP | gtlaw.com
WHAT TO DO? Develop a Risk Management
Culture and Ethical Culture
1. Self-assessment and testing
2. Escalation: encourage employees to raise the Red Flag early and often – early and often escalation of potential issues
100
Greenberg Traurig, LLP | gtlaw.com
WHAT TO DO? Develop a Risk Management
Culture and Ethical Culture
3. Embrace whistleblowers – have systems and processes in place to facilitate
4. Incorporate into EPM and compensation systems
50% business results
50% compliance, risk and ethics
101
Greenberg Traurig, LLP | gtlaw.com
WHAT TO DO? Develop a Risk Management
Culture and Ethical Culture
5. Develop and communicate to everyone risk tolerance and risk sensitivity
6. Training, Training, Training for everyone
102
Greenberg Traurig, LLP | gtlaw.com
WHAT TO DO? Develop a Risk Management
Culture and Ethical Culture
7. Sensitivity and Awareness:
It can happen here, it will happen here.
Identify early, minimize consequences and have a plan.
8. Tone at the Top
Constant communication; commitment and involvement
Part of doing business – key part of tactics and strategy
Act like an industrial company – strive and pay for NO ACCIDENTS
103
Greenberg Traurig, LLP | gtlaw.com
WHAT TO DO? Develop a Risk Management
Culture and Ethical Culture
9. Communication
10. Employees need to know what is expected; risk training and awareness programs should be implemented
on-line training and awareness
meetings
constant reinforcement and reminders
consistent, constant and by headline current example
104
Greenberg Traurig, LLP | gtlaw.com
WHAT TO DO? Develop a Risk Management
Culture and Ethical Culture
10. Importance of an effective ethical and compliance culture consistent with the US Sentencing Guidelines
11. Investigate and learn from mistakes – root cause analysis
12. Be especially alert through business transformations
13. Risk awareness and culture in the business units and functions should be regularly monitored using techniques such as internal audit reviews, risk and control self-assessment workshops and employee surveys.
105
Greenberg Traurig, LLP | gtlaw.com
WHAT TO DO? Develop A Risk Management
Process
1. Self assessment to identify, prioritize, manage and mitigate risk
2. Organizational culture encouraging risk management
3. Establish Management Enterprise-Wide Risk Management Committee
4. Appoint a chief risk officer
5. Establish an Enterprise-Wide Risk Committee at the Board level
106
Greenberg Traurig, LLP | gtlaw.com
WHAT TO DO: Have Effective Enterprise-
Wide Risk Management (ERM) And Crisis-
Management Process And Governance At
The Board and Management Levels
> Enterprise-wide Risk Management is the process of identifying, assessing, prioritizing, managing and mitigating ALL risk that an enterprise faces.
> Crisis-Management is the process of addressing a risk that has materialized but ERM is the first step for crisis-management, litigation prevention, and loss mitigation.
107
Greenberg Traurig, LLP | gtlaw.com
SCOPE OF ERM
> Enterprise-wide Risk Management encompasses all of the risks that a company faces including, in no particular order
– Financial markets disruption
– Credit
– Interest rate
– Capital
– Liquidity
– Human Capital
– Transactional
– Data privacy
– Legal
108
Greenberg Traurig, LLP | gtlaw.com
SCOPE OF ERM
– Regulatory and compliance
– Enforcement actions by Federal or state criminal authorities
– FCPA
– Governmental investigations
– Cyber attacks
– IT
– Cloud Computing
– Business Continuity
– Operational
– Supply chain
– Financial disclosure
109
Greenberg Traurig, LLP | gtlaw.com
SCOPE OF ERM
– Document retention and disclosure (obstruction of justice or civil contempt)
– Executive misconduct
– Brand
– Reputational
– Vendors
– Business partners
– Third party service providers
– Customers
– Environmental
– Political – geographic
– Ethics and integrity
110
Greenberg Traurig, LLP | gtlaw.com
REQUIREMENTS FOR ERM
> There are a number of reasons to have an effective compliance process and enterprise-wide risk management system.
– Provisions of Sarbanes-Oxley and disclosure requirements regarding risk factors
– Federal sentencing guidelines
– NYSE corporate governance guidelines
111
Greenberg Traurig, LLP | gtlaw.com
REQUIREMENTS FOR ERM
– Credit rating agencies incorporation of ERM
– D&O Liability and litigation (Caremark, Stone Ritter, Disney, etc., etc., etc.)
> Accounting and audit review standards for Internal Controls Certification.
> Provisions of Dodd Frank
112
Greenberg Traurig, LLP | gtlaw.com
IMPORTANCE OF ERM AS A BUSINESS
MANAGEMENT TOOL
> But most importantly, critical ERM is essential to:
– Assess and analyze business and activities on a risk adjusted basis
sound strategic planning and financial management requires that all risks of every line of business and activity be assessed and balanced against profitability, and
113
Greenberg Traurig, LLP | gtlaw.com
IMPORTANCE OF ERM AS A BUSINESS
MANAGEMENT TOOL
higher risk businesses should have higher rate of return to justify and pay for risk mitigation efforts and potential liability.
– Recognize and prepare for interdependency of events.
114
Greenberg Traurig, LLP | gtlaw.com
IMPORTANCE OF ERM
> Sound Implementation of a proactive, preventative approach to risk management and compliance at both the board and management level is critical. It sends a clear message to the officers and employees of the company, and to the public, that these issues are not only legal requirements, but also ethical and cultural imperatives, and represent sound business practices which are part of the company’s culture.
115
Greenberg Traurig, LLP | gtlaw.com
IMPORTANCE OF ERM
> The nature and intensity of regulatory and enforcement responses to problems has increased significantly, and all indications are that this will continue.
> A proactive, preventative approach to risk management will help to minimize problems and, where problems do occur, to minimize the litigation, regulatory, enforcement, reputational and financial consequences.
116
Greenberg Traurig, LLP | gtlaw.com
CONCLUSION
> Pre-Sarbanes, Post-Sarbanes, Post Dodd-Frank: Same Issues and Problems Identified
> Categories of Events
– Legal/Compliance Violations
– Financial Fraud
– External Events:
Financial Crisis
Environmental Events
– Retroactive unacceptability of previous market practices
117
Greenberg Traurig, LLP | gtlaw.com
LESSONS LEARNED
> Culture
> Governance
> Behavioral
> Analytical
118
Greenberg Traurig, LLP | gtlaw.com
TAKE-AWAYS
> Have an Enterprise-Wide Risk Management and Crisis Management Process in place at the Management and Board levels that is effectively communicated and embraced at all levels of the enterprise and becomes a corporate cultural imperative.
119