"A crisis is a terrible thing to waste." For the last couple of years, that's been the basic subtext of everybody with a regulatory proposal. Case in point, plaintiff's securities lawyer Chad Johnson's water carrying for institutional investors on the Harvard Governance blog:
The ... world has begun to deal with the complicated web created by the financial markets’ collapse, and to determine how to prevent future market catastrophes. One clear preventative measure is to ensure that companies create and support strong, independent and accounting-savvy boards of directors and executives charged specifically with risk management and control. ...
[Citing an OECD report, he argues that we] need to examine and propose board-level corporate reforms in order to strengthen market integrity and restore shareholder confidence. Immediate reforms are needed with respect to key corporate governance principles which failed to serve investors’ interests during the recent market turmoil; namely, risk management oversight and enforcement, consistent application of enhanced accounting standards, and executive remuneration tied to long term shareholder interests.
As an initial matter, investor advocates must demand direct board-level oversight of corporate risk management and the development of acceptable risk policies. Risk management breakdowns in the current financial crisis were not due to a lack of sophisticated modeling or technology; rather, they were attributable in large part to boards of directors’ limited access to, and understanding of, relevant risk exposure information. Substantial corporate risks were simply ignored or not communicated to boards of directors.
Indeed, the current crisis has made clear that boards of directors of investment banking firms recklessly, or at least negligently, failed to understand that increased exposure to subprime assets exceeded acceptable risk limitations until it was too late.
The argument reflects a fundamentally flawed understanding of both risk management in general and, in particular, the board's role. As I explained in my article, Caremark and Enterprise Risk Management:
Best practices with respect to enterprise risk management are still evolving. Indeed, while there are a number of widely used risk management frameworks, none has emerged as a dominant best practice. Basel II, for example, is a set of international regulatory guidelines for determining the minimum acceptable levels of capital financial institutions need to protect themselves from market, credit, and operating risk. Despite having been designed for banks and similar financial firms, the Basel II framework has become extremely influential in the risk management industry generally. Alternatively, many firms have adopted COSO’s 2004 recommendations, even though they in fact provide “little guidance on how to design and execute an effective enterprise risk management framework.” The problem of choosing among competing proposed best practice regimes is compounded by—or, perhaps, attributable to—the fact that different firms have different appetites for risk and face different types of risk, which means they have differing enterprise risk management needs.
Attempts to mandate specific risk management systems and programs either by government fiat or shareholder activism (such as using Rule 14a-8 to make bylaw changes) threatens to abort the nascent process by which best practices continue to emerge.
Risk management necessarily overlaps with risk taking because the former entails making choices about how to select the optimal level of risk to maximize firm value. Recall that there are only four basic ways of managing risk: avoiding it by avoiding risky activities, transferring it through insurance or hedging, mitigating it, and accepting it as unavoidable. All of these overlap with risk taking. Operational risk management, for example, frequently entails making decisions about whether to engage in risky lines of business and, more generally, determining whether specific risks can be justified on a cost-benefit analysis basis. As a result, it is becoming increasingly “difficult to draw a line between corporate governance and risk management.”
The fuzzy line between risk-taking and risk management is nicely illustrated by how corporations use derivatives. On the one hand, they can be used to hedge risk. On the other hand, they can be used as speculative investments. In many cases, they can be used as both simultaneously.
The business and affairs of the corporation are assigned by statute t the board of directors, not to government regulators, shareholders, or plaintiff lawyers. Mandating specific risk management systems and programs is the sort of direct micromanagement by institutional investors that those of us who believe in director primacy have warned against for years:
[I further explained that] board decisions with respect to the nature, scope, and content of risk management programs are themselves business decisions of the sort protected by the business judgment rule. The levers a board can pull when supervising the company’s risk management include, for example, the human capital resources devoted to the task. The board might ask such questions as: To whom do risk management officers report? How are they chosen? How much are they paid? How is their performance evaluated? Personnel decisions like these are core business judgments protected from judicial review by the business judgment rule. Likewise, managing operational risk by choosing among possible business activities is a basic business judgment that should be protected by the rule.
These sort of decisions likewise should be insulated from regulatory and shareholder oversight, as I explained in my book The New Corporate Governance in Theory and Practice
Hand-in-hand with an increased board level understanding of risk exposure is the need for more meaningful corporate disclosures. Again, this is a board responsibility that has suffered in recent years. As more and more complex securities entered the marketplace and appeared on corporate balance sheets, boards improperly delegated risk disclosures to others without fully investigating and disclosing the true exposure associated with novel financial instruments such as collateralized debt obligations and credit default swaps tied to toxic mortgage assets.
The already massive disclosures required by federal law were hugely compounded by Sarbanes-Oxley just a few years ago. A fat lot of good they did us. There is simply no reason to think more disclosure will do anything except make it less likely that ordinary investors will read corporate disclosure documents by making them longer and more complex.
Citigroup essentially created a liquidity “put” associated with its collateralized debt obligations that allowed buyers to sell back the faltering securities at their original value to Citigroup. This strategy only worked if the value of the assets remained healthy; once the assets’ value tanked because they were tied to subprime mortgages, Citigroup was forced to bring back approximately $25 billion worth of toxic assets on to its balance sheet in November 2007. In essence, by moving liabilities off balance sheets, investors were never informed of the immense risk posed by faltering mortgage assets. Clearly, in such instances, the audit committee was missing in action, thwarting transparency and failing investors.
It almost impossible for a court, in hindsight, to determine whether the directors of a company properly evaluated risk and thus made the “right” business decision. … In any business decision that turns out poorly there will likely be signs that one could point to and argue are evidence that the decision was wrong. Indeed, it is tempting in a case with such staggering losses for one to think that they could have made the “right” decision if they had been in the directors’ position.
WTF? Sarbanes-Oxley and the concurrent SRO listing standard amendments have mandated for years that we have just such audit committees. I don't get this at all.... it is clear that, at a minimum, given the complex financial instruments in the financial markets, audit committees must be staffed by independent appointees with accounting experience sufficient to ensure proper oversight of corporate audits.
"[T]hose of us who believe in director primacy"?
Do such people exist? Directors are supreme in publicly held for profit companies in name only. The whole push to micromanage corporate governance flows from the fact that the director primacy model of corporate governance on the books has so utterly and totally failed. For that matter, very few closely held businesses are meaningfully director governed either -- in those cases either owner-employees run the show, or investors interface directly with management dispensing with the board except to formally ratify corporate action.
The call to leave corporate decision making to the board of directors has never been very politically attactive precisely because boards of directors don't make decisions, they ratify them, except when there is no choice because a CEO to run the show is absent without a successor for some unforeseen reason.
And, how can a corporate board have much of a role in the current regime. Typically, it has one or two dozen members and meets either monthy or quarterly for a few hours. Those who are not insiders appointed in fact by the CEO and responsible to him for the livelihood, typically are widely dispersed geographically and ill equipped to organize and lobby each other outside of board meetings. The pay while rich for the amount of time involved, is rarely as much as the pay for an entry level production worker. A board of directors usually has no one other than the corporate secretary as staff of its own, and that corporate secretary is usually either a loyal subordinate of the CEO who reports to and can be fired by the CEO, or outside counsel who reports to and can be fired by the CEO. Sometimes a few "investor relations" personnel report to the board in formal terms, but they are no equivalent to a Congessional GAO or CBO, or the common position of a state auditor who reports directly to the legislature.
While board primacy is the norm in the non-profit sector and in government, it is very much the rare exception in the for profit world. Abolishing the legal fiction that the board of directors has a meaningful role to play would at least be honest.
Institutional investors and their spokespeople, are the ones arguing that the status quo should be reformed in favor of one where there is meaningful board of directors decision making. Indeed, the rise of the institutional investor is the only thing that makes some sort of meaningful shareholder democracy in investor owned for profit publicly held firms a plausible option.
What is most remarkable is how much resistance there is to this change. Shareholders who would take a role in corporate governance are not French Revolutionaries. We are talking about senior insurance company executives, successful mutual fund managers, pension fund managers with MBAs, and members of the 5% or less of the American public who own 50% or more of non-institutional investor owned, publicly traded stock by value with millions of dollars of personal holdings in these companies. Most country clubs have more radically liberal membership lists by comparison.
Posted by: ohwilleke | 07/09/2009 at 06:16 PM