Archive for the ‘Risk Governance and Combined Assurance’ Category

How do boards prepare for terrorism?

In a board meeting, the military general asked the airline’s CEO, “Why is the pilot’s food being labeled?” “Because that’s the way we always do it,” the CEO responded. “Well then stop doing it,” the military director said. “If I’m a terrorist, I might have trouble getting through the cockpit door, but you’re putting a red flag for me on how to poison the pilot and take down the plane.”

In that exchange, the new military director on the airline’s board of directors I was advising proved his value.

I am currently advising another board whose company is a target for a terrorist attack. Many other companies in transportation, utilities, defense, property development and financial services could take a page from below.

Here are six areas for boards to focus on to prepare for a possible terrorist attack.

1. Military experience on the Board. Military leaders have logistics, supply chain, tactical and international theatre experience civilian directors lack. Their contacts include the intelligence community. They think differently and understand evil.

2. Intelligence gathering. Boards should commission multi-lingual analytics from terrorist websites and chat-rooms, where the company, industry or executive is mentioned. There should be governmental relations on the board’s competency matrix. Boards want to know about unknown unknowns, or emerging risks that can be catastrophic (the black swan), or interdependent risks that rapidly interact. Risk registers don’t capture this dynamism yet. Proper intelligence gives boards and management teams a heads up.

3. Scenario planning. Good boards in sensitive industries are insisting on disaster recovery, catastrophic event planning, mock dry runs, and schedules so if or when it happens, the company is ready. There is even off-site functioning if the office is blown up.

4. CEO compensation. In a disaster that happened involving property destruction and death (another board), I was called in to recut the CEO’s compensation. It went from financial short-term to include risk, relations, internal controls, and crisis management metrics. The compensation committee has enormous often unused control over behaviours and you reward what you pay for.

5. Communication. The CEO should have media training to prepare for scenarios, and respond to journalist questions. When the event happens, it is too late if you don’t have this. Opinion crystallizes in days if not hours. The CEO profile for succession planning should include communication, intelligence gathering, and political linkages.

6. Invest in enterprise risk management (ERM) and information technology (IT). Risk management is often immature, cyber threats are significant, and good ERM is bottom up to include focus groups and integrated real-time IT. There are vulnerabilities that are missed without good ERM. Without being explicit, there are vulnerabilities at universities, cities, shopping malls and events that will surface in good ERM.

The bombers in Boston capitalized on police that were not there, inadequate crowd control at the finish line, and unattended unchecked bags. New York is much better at this now. Cameras, K-9 dogs, screening, monitoring, crowd control and escorts are all about choices. Management can choose not to do something. Boards can DIRECT that they do. This deters potential targets.

Regulators turning up anti-bribery heat on corporate boards: But will practices change?

Russia is one of the most corrupt nations in the world (see a recent anti-corruption story on Russia by the New York Times). It ranks 143rd of all 182 countries on Transparency International’s corruption perception index, with a score of 2.4. Canada ranks the 10th least corrupt country in the world with a score of 8.7. New Zealand is the least corrupt country globally, ranking first with an overall score of 9.5. The US ranks 24th and the UK 16th, with scores of 7.1 and 7.8 respectively. See the “Full Table and Rankings,” where countries can be searched via the table. Lower rankings and higher scores mean the country is perceived as being less corrupt.

Prime Minister Harper visited China, India and Brazil to enhance trade with these countries, which are also some of the most corrupt nations in the world, ranking in at 95th, 75th and 73rd respectively. Libya, which involved the alleged Montreal-based SNC Lavalin bribes of some $56 million, comes in at 168. Within these countries, the governments themselves are the net beneficiaries of much of the corruption, so these politicians are far from motivated to impose reform.

Is it realistic to expect that Anglo-American nations, such as the US, UK and Canada, can impose “Western” will on the very way business is done, and has been done, in some countries for centuries? And if things will not or perhaps cannot change, should home country boards of directors be held responsible for systemic local corruption that may be beyond their control?

Regulators are taking corruption and the role of boards and senior management very seriously. The Securities and Exchange Commission and Department of Justice recently released 130 pages of guidance (see the PDF and other coverage here and here) on the Foreign Corrupt Practices Act (“FCPA”). The US has had the FCPA since 1977. Enforcement and penalties have gone up dramatically in recent years. The UK Bribery Act, from 2010, has some of the most stringent bribery laws in the world. In Canada, we have The Corruption of Foreign Officials Act (since 1999) and the recent guideline from the OSC for issuers operating in emerging markets (see the PDF).

Emerging economies are future markets for Canadian companies. The Prime Minister has a vision for Canada to be an energy supplier superpower. For this to happen, Canada will shift its trade to markets with 100s of millions or billions of consumers and much higher growth rates than our current major trade partner, the US, which could be coping with austerity due to its debt for years to come. Harper was in India last week to boost trade.

What is clear is that there is an enormous disconnect between the home country regulations now being imposed, and host country actual practices on the ground.

What should boards that have operations in emerging market jurisdictions do? Six things. First, if you are doing business in such a market, you need a director with extensive on-the-ground experience at the board table, who can tell you and management what the hotspots are. You should move a board meeting to the jurisdiction once a year so directors can get a first hand look. Second, boards must make it crystal clear to management that if the company is not going to bribe, management must walk away from certain business. And the board must support this and not have incentives that promote bribery. Third, the internal controls over financial reporting must be as strong in the emerging market as it is in the home market. Investment and resource commitments need to be made. Fourth, boards must have their own experts to scrutinize off-balance sheet and related-party transactions and complex structures; validate and assure internal controls; and provide foreign language document translation. Fifth, local auditors should have the same oversight, scrutiny, and as necessary direct contact with the audit committee that the home auditors have. Lastly, there needs to be zero tolerance by the board communicated to each employee and supplier. The UK is even banning facilitating payments, which are regarded as a “tip,” as these may be bribes in disguise.

Companies and politicians are feeling the pain, including on Canadian shores. The Wal-Mart bribery probe has widened beyond Mexico to include China, Brazil and India. The RCMP is investigating the SNC Lavalin bribery allegations, on which I advised a law firm suing the company. I blogged about Sino-Forest, a case of alleged Chinese fraud by a Canadian-listed company. In Quebec, the corruption inquiry has cost the Mayors of Montreal and Laval their jobs and this is only the beginning. There are allegations of kickbacks in cash that may reach other more senior politicians. And Ontario is not immune either. A senior Canadian director remarked that Ontario has a reputation for being “the best place to carry out a stock fraud in the industrialized world.”

Clearly, more work needs to be done. Canada’s corruption ranking on Transparency International may go down in 2012 instead of up.

Banking Directors Need to be at the Top of Their Game

There’s an old maxim that corporations don’t fail, boards do. And when banks fail, the reason is poor management, which is the fault of a poor board.

Take the case of Lehman Brothers, the financial services firm that collapsed in 2008 and played a big role in the global economic downturn. Stanford University professors David F. Larcker and Brian Tayan noted that Lehman’s board was lacking financial services experience and current business acumen. In fact, the former CEOs on the board were, on average, 12 years into their retirement. “This raises the question of whether the professional experiences of Lehman board members were relevant for understanding the increasing complexity of financial markets,” wrote Larcker and Tayan.

Well, the job of a bank board isn’t getting any easier. Following the financial downturn, banks have been placed under greater scrutiny and new regulations, both in Canada and abroad.

That’s why, more than ever, banking board directors need to be at the top of their game.

Last week, I spoke to bank directors in Dallas, Texas, about banking governance best practices as a result of a review that I had conducted for the Office of the Superintendent of Financial Institutions. (The OFSI is Canada’s banking regulator.) Specifically, I looked at Canada’s governance guidelines and board assessment criteria and compared them with international financial regulatory practices and recent developments. I provided the OFSI with suggestions for revisions.

Some proposed board reforms to Canada’s deposit-taking institutions and insurance companies sectors under the new guidelines include:

  • Having directors who possess risk management and relevant industry experience;
  • A risk committee that oversees enterprise risks, and a chief risk officer who reports directly to this committee and the board;
  • Board approval of the internal control framework to mitigate all material risks to the financial institution, and board monitoring of internal control effectiveness;
  • Expert third party reviews of the board’s effectiveness, risk management effectiveness, and effectiveness of oversight functions (such as internal audit), with results reported to the board;
  • Enhanced director orientation and training, self assessment and external reviews;
  • A board-approved risk management statement that translates into cascading limits and thresholds for all material business risks (e.g., credit limits, loan losses, capital levels);
  • The internal audit function should report directly to the audit committee; and
  • The audit committee, not management, should approve the scope of the external auditor’s engagement and fees.

When I asked for a show of hands as to how many banking directors adopted at least some of the above best practices, about half the hands went up.

However, it’s apparent that many boards aren’t prepared for a new era of banking regulations.

Remember the JPMorgan board of directors that oversaw the derivative failure that cost the bank several billion dollars? Well, here is the current board. Last I checked, not a single director other than the CEO had banking experience. This is wrong.

In 2009 and 2010, there were a total of 297 bank failures in the U.S., according to the Federal Deposit and Insurance Corporation. In the second quarter of this year, the FDIC identified 732 “problem” banks which are at risk of failing.

At the event in Dallas, one of the speakers brought up a good point. “Don’t get involved in something you don’t understand,” said Charles G. Cooper, commissioner of the Texas Department of Banking. He added: “The duties haven’t changed, but the topic is harder.”

And he’s right. That’s why it’s vital that banking boards are well-equipped with qualified directors for this increasingly complex environment.

 

Back to top

text cloud