The role of shareholders in the governance of risk is currently a major issue for institutional investors. Shareholders have been criticised for failing to challenge the high risk business strategies of many banks and other financial institutions prior to the financial crisis, says Miles Templeman (pictured), Director General of the Institute of Directors.
Indeed there is a good deal of anecdotal evidence which suggests that, in certain cases, investors actually encouraged banks to take on additional risk in the name of “balance sheet efficiency”. This has caste doubt on the ability of shareholders to act as effective governance safeguards within many systems of corporate governance.
A natural response from investors to recent failures is to demand more risk disclosure from companies. According to this perspective, boards should be more transparent about the risks that they face, and make public the results of stress-testing, scenario analysis, and any internal control systems that exist to manage material risks. However, will greater risk disclosure genuinely improve corporate governance?
One of the problems associated with greater risk disclosure was recently brought home to me in a conversation with a director sitting on the board of two listed companies. These two enterprises have experienced contrasting fortunes over the last 2-3 years. The first has passed through the economic crisis in relatively good shape. The second has barely survived, and was only able to avoid insolvency through an emergency rights issue.
However, in the preceding years the published risk disclosures from the two companies had offered little clue as to their contrasting situations. In both companies, the risk reporting process had been treated as a compliance exercise. Boiler plate statements composed by the lawyers ensured that disclosures offered little insight into the genuine risks facing the companies.
Neither company can be condemned for taking such a defensive approach. It was unrealistic to expect the companies to broadcast significant uncertainties regarding business strategies, particularly as the disclosure itself could result in significant destruction of value.
A second problem of greater risk disclosure is that risk is not a stand-alone issue. Risk is inseparable from corporate strategy. It is artificial and potentially dangerous to consider risk unless it is fully integrated into a discussion about strategic options. From an investor perspective, this usually means that most risk-related issues are best evaluated by fund managers in the context of decisions to buy, sell, or continue to hold a stock.
As a result, the company’s anticipated trade-off between risk and reward is most effectively communicated to actual and potential shareholders by the CEO and the executive management team. Improved investor monitoring of risk is unlikely to emerge from a scrutiny of stand-alone risk disclosures in annual reports by investors’ in-house governance experts.
A final problem of greater risk disclosure relates to the capacity of investors to deal with an increased volume of information. In most cases, institutional and many non-institutional investors are unable or unwilling to dedicate significant time and resources – outside of the mainstream stock selection process – to the analysis and oversight of company specific risks. Consequently, a more detailed disclosure of potential risks from companies is unlikely to have much impact on investor behaviour.
Given the problems associated with greater risk disclosure, is there an alternative perspective from which shareholders should approach the risk governance issue?
Firstly, shareholders would be ill-advised to consider themselves as having any direct responsibility for risk management or risk oversight. These are activities which fall to company management and the board of directors respectively.
Most institutional shareholders are too distant from the company to be sifting through the “weeds” of the company’s activities. Furthermore, one of the central purposes of the board of directors is undertake risk oversight on behalf of shareholders.
The role of shareholders in risk governance is more specific. It involves satisfying themselves that the board is up to the task of undertaking effective risk oversight. This means that they should not be seeking to second-guess the board in an exhaustive analysis of various risks facing the company. Rather they should be seeking to assess the capacity of the board itself to fulfil this function.
Hence, the role of investors in risk governance is not about the oversight of risk per se. It is about the oversight of the people that conduct the oversight of risk.
What does this imply for company risk disclosures? It implies that there is little point in requiring companies to compile ever-expanding stand-alone reports on risk (as was recently recommended for financial institutions in the Walker Review). This is not in the interests of shareholders. And it is a costly burden for companies.
Rather, investors should focus on ways of assessing the capabilities of boards and individual directors with respect to risk oversight. This process will include monitoring the composition of the board, e.g. in terms of its range of skills and experiences, and ensuring that it is matched to the company’s strategic needs.
It will involve assessing the board’s development strategy (e.g. in terms of director-specific training, continuing professional development and succession planning), and ensuring the implementation of a robust board evaluation process. It will also be concerned with the way in which directors are nominated to the board, how they are remunerated, and held accountable.
In other words, the role of investors in risk governance is about choosing the right directors in the first place, and ensuring that they are equipped and incentivised to behave in a manner that is consistent with effective risk oversight.
Ultimately, risk oversight is a task for the board. If the existing board is simply not credible in this function, it should be replaced or upgraded – not second-guessed by investors. It is by ensuring that the right people are on the board – rather than by demanding ever more detailed risk disclosures – that investors can play their vital part in revitalising the governance of corporate risk.
This article first appeared in the CISX Bulletin Board, click here to download
