As globalisation brings vulnerabilities from unknown directions, boards are faced with new risk management responsibilities. Are they up to it?
The intriguing four-letter word ‘risk’ has been around since the dawn of man. The origin is actually attributed to the French word ‘risque’, meaning peril, danger and possible loss or damage. The Spanish and Portuguese ‘arriscar’ means to venture into danger. The Greek ‘risko’ goes back to ancient times when people left their fate to the hands of gods, and also found a way to calculate the probability of events in order to find the risk behind certain actions. Interestingly, the only unambiguously favourable interpretation is in Arabic where ‘risq’ is defined as ‘anything that has been given to a person by God and from which he can draw profit’. Some languages don’t even have a word for risk.
In the English language the word appeared around 1600 - when England faced a formidable menace of the Spanish Armada. Fortunately, risk in the form of a big storm largely destroyed the Armada – and saved Elizabeth’s England, leading it into the age of enlightenment where some of the modern concepts such as sharing and pooling the risks of investments in merchant shipping were developed.
In (mathematical) decision theory, risk is defined as expected loss, multiplying the magnitude of the adverse outcome with its likelihood. The ISO 31000 definition of risk is ‘effect of uncertainty on objectives’.
A changing landscape
Much greater and more global interdependencies have brought new vulnerabilities from unexpected directions – as the U.S.-originated financial crisis recently reminded us at frightening expense. Few imagined that so much risk could come from a country where finance academics and economists had made considerable progress in understanding and describing risk and whose Federal Reserve Chairman stated publicly that U.S. authorities had put an end to the famous business cycle. The oversight and management of risk has since assumed a much greater role in companies, so that many might aspire for a new age of enlightenment as far as risk is concerned.
The growing trend for boards to take much greater responsibility and be more involved in risk management is shifting board and organisational cultures away from a focus on quarterly results or daily share-price movements towards longer-term thinking and the identification of so-called white and black swans. One could say that at board level ‘macro’ is back, and ‘micro’ is out, or at least much reduced.
To illustrate this shift, the World Economic Forum earlier this year released its Global Risks 2014 report after canvassing the views of 700 experts from around the world. Fiscal crises – and its cascading effects - featured as the top risk. While advanced economies remain in danger, many emerging markets have recently performed less well than expected and now experience credit growth and economic stagnation, leading some to predict further financial crises down the road.
A recent exhaustive survey of large institutions across the world conducted by BNY Mellon found an overall and universal upgrade of risk management capabilities since 2009. The third annual Allianz Risk Barometer highlights business interruptions, complex supply chain losses, internal control frameworks, cyber security, regulatory changes and geo-political developments as some of the top corporate risks today. A meta-challenge now consists of identifying the amount of interconnectivity between different risk categories, as positive correlations amplify deviations and create systemic risk – so that these can no longer be considered in isolation.
Reviewing risk in the finance sector
The Bank of England’s senior executives are concerned that the recent trend of a rapidly growing asset management industry increases the level of systemic risk in the banking system - something that the global economy experienced in 2008 and no longer wishes to see. At the end of 2012, 10 managers had more than US$1 trillion in assets under management globally, with BlackRock, the world’s largest asset manager being a third larger than Industrial and Commercial Bank of China, the biggest bank. From a logical point of view, these organisations ought to be regulated as systemically important financial actors at the same level as the bigger global banks.
The greatest risks typically come from areas that have no history of problems, and are thus not perceived or classified as high risk. The standard-setting FSB (Basel-based Financial Stability Board) is now examining whether to add the world’s largest money managers to the list of Global Systemically Important Financial Institutions, or G-SIFIs, whose distress could menace the safety of the global financial system.
Increasing board competences and corporate culture for meeting the risk oversight challenge
The call is for boards (whether they are regulatory, corporate or fund boards) to be more vigilant, keep an eye on developing long-term value creation, enrol more independent and more competent directors representing more diverse and informed viewpoints, able to ask more fundamental probing questions about managerial strategies and the hypotheses on which they are based. This includes a call for better financial and risk acumen at board level so that members are better able to understand how numbers are calculated and what they capture – and what they do not capture. Increased complexity is acknowledged – with the recognition that risk oversight cannot be done without deep cooperation between the board and the risk management committee, necessitating the development of not only a set of new competences, but the development throughout the company of a culture of risk oversight and management.
In their paper, Does Investment-Related Pressure Lead to Mis-reporting? An Analysis of reporting Following M&A Transactions?, Daniel Bens, Associate Professor of Accounting and Control at INSEAD, Theodore Goodman, Assistant Professor of Accounting at Purdue University and Monica Neamtiu, Associate Professor of Accounting at the University of Arizona note how willing corporate managers are to inflate financial results, either by overstating revenues or understating costs.
Similarly, Gavin Cassar, Associate Professor of Accounting and Control at INSEAD, and Joseph Gerakos, Associate Professor of Accounting at the University of Chicago, in their paper Hedge Funds: Pricing Controls and the Smoothing of Self-Reported Returns find that fund managers use their greater valuation discretion to artificially manipulate monthly returns to make the fund appear more attractive to investors. And research by Sterling Huang, PhD student at INSEAD, Urs Peyer, Associate Professor of Finance at INSEAD, and Benjamin Segal, Assistant Professor of Accounting and Control at INSEAD, Do Firms Hedge Optimally? Evidence from an Exogenous Governance Chance confirms that firms with high CEO equity exposure hedge more, probably to benefit the CEO at the expense of shareholders.
This research all highlights the extent to which risk is not just an exogenous factor affecting companies from the outside, but can also be attributed to the behaviours of ill-supervised, ill-incentivised and probably greedy senior leaders all too eager to exploit information asymmetries (with boards, shareholders and/or regulators). There is a need for greater vigilance and probing by the board on the issues identified.
Finally, and on a different level, INSEAD research also indicates that financial arbitraging can be seen as a virtuous self-regulating market practice when it generates penalties for firms with dubious accounting practices through short-selling of equities of offending firms. So financial markets can and wish to contribute to improved oversight, including in risk where things are by definition ambiguous and uncertain.
Our conclusion on the issue is that the risk management challenge is complex and huge, and far from conquered. The challenge requires boards to develop new competences at board level. But it also tells us that boards cannot meet the challenge by themselves and that both greater openness to financial markets (for feedback and assessment) and the introduction of a true risk culture across the firm are two necessary developments for meeting the risk oversight and management challenge. Boards should continuously ask themselves: do we have what it takes to understand and measure risk, where is the new surprise going to come from, and, should it come, are we ready for it? This nearly Sisyphus-like task is now pervading boards particularly that the world is now more interconnected than it has ever been, meaning that risk outcomes spread much more and faster than before. Finally, we have tried to show that academic research is trying to contribute to risk reduction too!
Ludo Van der Heyden is the Mubadala Chaired Professor in Corporate Governance and Strategy and Academic Director of the INSEAD Corporate Governance Initiative. He co-directs the International Directors Programme and the Value Creation for Owners and Directors Programme, two of INSEAD’s Board Development Programmes.