Archive for the ‘Legislation’ Category

Boards Should Not Misjudge Regulators

When a regulator advises corporate directors that progress on gender diversity is “simply not good enough,” that is code that the status quo will not continue, and that more regulation may result. And the second wave of regulation is often worse than the first.

Regulators have limited levers at their discretion. They are not going to come into boardrooms and assess performance. Thus, they are tending to land on numbers: ranging from 9-10 years for director tenure and 25% – 50% quotas for women.

Once or if this happens, directors will complain that the regulator is imposing a ‘one sized fits all’ or ‘check the box’ solution, when directors had the chance to act but chose not to. We have seen this pattern before. Paradoxically, directors may choose not to act, waiting for stronger regulation, to which they can then point and say, “now we have no choice.” Even the CEO of a major bank told regulators, “you should push us on gender targets.”

Canadian regulators have adopted a flexible and progressive ‘comply or explain’ approach to director term limits and gender diversity.

The progress recently reported is, in a word, inadequate: Only 19% of boards surveyed have term limits; only 14% disclose written diversity policies; and only 7% have targets for women on their board.

Our comply or explain regime has the disadvantage of permitting explanations that are irrelevant or spurious, such as targets for women not being adopted because candidates are selected based on merit, as if both goals are mutually exclusive. There is not an excuse for inadequate governance progress that I have not encountered.

But the real reason for the above low figures, which is not in the public domain, is self-interest. Why would any director, particularly an over-tenured male director, agree to a policy that moved him out of the boardroom? Directors speak in code publicly, but in private interviews, many open up. I had a 28-year director tear up when I recommended a 12-year term limit for his board, without grandfathering.

The academic evidence in favor of director term limits and diversity is becoming more clear: Diverse groups make better decisions. And over-tenured directors are worse for innovation and shareholder value. Regulators – in several countries – are acting. Regulators want independent directors who are the most qualified sitting in boardroom seats. As they should.

In Canada, regulators have not imposed quotas or term limits, but these should not be ruled out if inadequate progress continues. Regulators have asked boards to articulate their own numbers, and why that number works for them.

This brings us to what directors and boards should be doing to forestall further regulation. Here are my recommendations:

  • Do not misjudge the regulator, or the importance of gender diversity for the new federal and the current provincial Liberal governments. Tone-deaf boards should listen.
  • Act on conflicts of interest. If a tenure or diversity policy affects one or more of your directors, excuse these directors from the room. They should not influence the decision.
  • Do not assume director consensus. There are directors who believe that other directors have outlived their usefulness and should be replaced.
  • Land on a target. If your board has zero women, start with one woman as your target. Targets should be aspirational and dynamic.
  • If you think 9 years is too low for director tenure, choose 12 years. 15 years is on the high end, and companies are landing on 12, particularly large, complex companies. But pick a target.
  • If you do not pick a target for director tenure, then you best have a rigorous and consequential peer director assessment regime, whose output is actual director resignations. The evidence is that many boards do not have or do this.
  • Do not assume that your board can draft an inadequate tenure or diversity policy, and that this will go unnoticed. The regulator is offering guidance and examples of robust policies.
  • Own the policy. Draft the policy yourself, or have an independent advisor assist you. Management or company advisors are not independent. They work for you and have a vested interest in keeping you satisfied.
  • Watch for past practices that might bias women, including assertions that your talent pool is shallow. If your talent pool are directors whom you know, rather than the best directors available, then you best enlarge your talent pool.
  • Regulators are giving you an opportunity to craft policies that work for you. Do so. No director is irreplaceable, and directorships are not lifetime appointments. But if you believe a particular director’s tenure is advantageous, use average director tenure or have exceptions built into a policy to give you degrees of freedom.

The regulatory evidence, above, is that boards may be incapable of changing from within. As such, regulators will act when boards do not.

UBS’s $2B fraud: Teachable moments for risk management, corporate governance & banking regulation

After the 2008 financial crisis, I wrote to Professor John Hull, a derivatives expert at University of Toronto’s Rotman School, and asked whether the boards of investment banks should have directors with derivatives expertise on them. His response was “There is no question in my mind that a large financial institution should have on its board people (perhaps 2 or 3) who understand derivatives and other complex financial products. They should also receive stress test results. One of the problems is that, although stress tests are carried out, their results are often ignored by senior management.”

We now are witnessing a stunning 2B alleged fraud by a 31 year-old so-called “rogue” trader – one Kweku Adoboli – at the Delta One desk (read: ETFs – Exchange-Traded Fund and index related trading) of UBS, who had intimate back-office booking knowledge of how trades are reconciled with counterparties. This is a teachable moment, namely that the risk management, corporate governance and banking reforms to date have been wholly inadequate. The 2008 crisis can occur again and “Too Big to Fail” has not been addressed.

We need to admit that most – if not the vast majority – of corporate directors simply do not understand complex derivative products, and we are demanding too much of them when we expect that they do. If we want directors to understand derivatives, they need to be chosen differently. A current or former CEO may not understand. And there is evidence that CEOs do not make better directors. A common refrain from directors I interview of large complex institutions is “Richard I don’t understand.” And these are very senior business people. In the words of one Chief Risk Officer of a bank, “Directors cannot possibly understand.”

Derivatives experts exist. They have narrow subject-matter expertise. What are the odds this type of person would be asked to serve on an investment bank board, pushing back on management all the time, when management and directors themselves select one another under the current system, rather than directors being selected by shareholders? The derivatives expert may not be asked because “they haven’t run anything.” As we move towards expert and diverse boards, these types of individuals need to populate boards to make them more effective.

Next, the trader, Mr. Adoboli, is not simply a “rogue” as UBS maintains. He is an employee operating within a system of deficient internal controls. The bank, the management and regulators are at fault.

Surveys and studies indicate that risk management is presently inadequate. There needs to be a significant restructuring of risk and assurance of risk. Risk management is a cost, and money spent on internal controls to mitigate risk does not contribute to the bottom line. CEOs resist, boards don’t understand, and regulators need to regulate.

The BP disaster resulted from flawed risk management according to expert reports. NewsCorp phone hacking is flawed risk management. The Canadian corporate governance guidelines on (National Policy 58-201) mentions the word “risk” twice in its entire set of guidelines, and the risk management provision is twenty-one words in length (section 3.4 c). Many governance codes addressing risk are similarly sparse and written at high levels, with rare exception. Without proper regulation, as a “stick,” boards have little to point to in insisting on robust risk management and internal controls.

When a CEO or CFO attests to a board of directors that the internal controls over risks are adequate, that attestation should be subject to external review, especially for operational risks such as environmental compliance, information technology, bribery, or complex derivatives – whatever it is that can materially affect – and if unchecked bring down – a company.

Internal controls exist – authorization of transactions, electronic safeguards, segregation of duties, control limits, and prevention of manual override. They cost money to implement and are often perceived by management as a “drag” on profit-making.

The rigor of internal controls over financial reporting for S-Ox needs to apply to all major business risks, not just financial. Companies will resist because of cost and distraction, so policy choices needs to be made. Are we willing to live with trusting a CEO?

More needs to be done as well in the governance context. Here is advice to the chairs of investment banks, in light of UBS:

The chair of the compensation committee should retain an independent compensation consultant to study the compensation for each material risk-taker, and report to the chair on how their remuneration is incenting adverse risk-taking. The compensation consultant must tailor risk-adjustment advice to suit that bank, and comply fully with all Basel Committee on Banking Supervision reports and recommendations. (Any blowback by management that we need to pay our people and traders this way or they will move to a competitor should be met by requests for empirical evidence, which, according to Ken Feinberg, the former US pay czar, does not exist.)

The chair of the audit committee of the investment bank should instruct internal audit to complete a thorough review of the design and effectiveness of internal controls over all trading activities, and report directly to the chair. The chair should approve the budget, resources and work plan. If the head of internal audit is not up to the task, the chair should fire him or her and find someone who is. If necessary, external assurance providers —not the external auditor— should be retained by the chair as well, and report directly to the committee not management.

Next, the chairs of these two committees, together with the board chair should meet with the CEO and CFO to inform them of the above two studies, and direct them to cooperate fully with all requests for information. Directors need to direct more, if and when required.

How many chairs have the fortitude to do this, I wonder? If directors are there to control management, then they must have the statutory authority and resources to do so.

Lastly, regulators need to regulate if and when required. Specifically, all regulators should separate, permanently, global wholesale/investment banking’s proprietary trading from retail banking. Otherwise taxpayers will be on the hook for a very dangerous industry, akin to “casino gambling” by critics. It is totally unacceptable that one person, reputed to have “bet $10bn,” can cause this much damage. If you multiply it, with contagion, the investment banking system is broke and dangerous. Regulators need to address this issue. It has been three years since the financial crisis. In the words of Martin Wolf, a member of the UK’s Independent Commission on Banking, “No sane country can allow taxpayers to stand behind such risks.”

Back to top