Emerging risks and corporate governance
1. Risk Governance: A Primer
After the Global Financial Crisis of 2007-2008, which brought severe economic consequences worldwide, regulators around decided to increase internal controls within firms. As a result, the risk management function became a cornerstone of corporate governance leading to the current situation where it is not possible to separate best-practices in risk management from best-practices in corporate governance, a phaenomenon commonly referred to as risk governance . The building block of risk governance is described in G20/OECD Principles of Corporate Governance VI.D.1 recommending that “the board should fulfil certain key functions including reviewing and guiding corporate strategy, major plans of action, risk policy” and VI.D.7 specifying that amongst the functions of the Board there is “Ensuring the integrity of the corporation’s accounting and reporting systems … and that appropriate systems of control are in place, in particular systems of risk management, financial and operational control” . Therefore, it is responsibility of the Board to set out the so called “risk-appetite”, which should result in a concise document highlighting the risks that the corporation is willing to undertake. Furthermore, the Board should also establish strong ethical standards and hold accountable the management . In order to focus on economic performance rather than accounting performance, the risk management function should be involved in business planning to make sure that future strategies fall within the risk appetite of the Board. Among the internal control mechanism designed to mitigate agency conflicts, compensation schemes, which should be based on risk-adjusted performance and aligned with shareholders’ interests, deserve a particular focus. Stock options were often considered to be an incentives mechanism to align management interests with shareholders’ ones. However, as outlined by Warren Buffet in its 1985 letter to shareholders “managers regularly engineer 10-year, fixed-price options for themselves and associates that, first, totally ignore the fact that retained earnings automatically build value, and, second, ignore the carrying cost of capital. As a result, these managers end up profiting much as they would have had they had an option on the savings account that was automatically building up in value”. Stock options may cause [continua ..]
2. What is Keeping Chief Risk Officers Awake at Night
The World Economic Forum has been circulating for fifteen years a Global Risk Report in which they survey businesses, governments, civil society, and thoughts leaders to understand the top five risks both in terms of likelihood and impact . Likelihood-wise, back in 2007, the top five global risks were perceived to be “infrastructure breakdown”, “chronic diseases”, “oil price shock”, “China hard landing”, and “blow up in asset prices”. Nonetheless, the focus has changed overtime, giving increasing importance to geopolitics, emerging risks (including climate change) and cybersecurity. This evolution of the World Economic Forum reports is consistent with a survey conducted on Chief Risk Officers of leading financial institutions during Risk Minds events . Fast forward to 2020, the landscape is completely different from 2007: all the top five global risks are environmental risks, namely “extreme weather”, “climate action failure”, “natural disasters”, “biodiversity loss”, and “human-made environmental disasters”. The World Economic Forum Global Risks Report 2020 also describes the level of interconnectedness amongst such various risks. Looking at this metric, “climate action failure” seems to be one of the most interconnected risks. In fact, failure to mitigate it, may impact amongst the others, “water crisis”, “involuntary migrations”, or “social instability”. Hence, it is of utmost importance that corporations react promptly with proper risk governance to these new challenges: cyber risks, but also environmental and in general ESG-related risks.
3. Risk Governance in 2020s
To stress the importance of ESG governance, in his 2018 letter to shareholders Larry Fink, CEO of Blackrock, wrote “A company’s ability to manage environmental, social and governance matters demonstrates the leadership and good governance that is so essential to sustainable growth, which is why we are increasingly integrating these issues into our investment process. Companies must ask themselves: What role do we play in the community? How are we managing our impact on the environment? Are we working to create a diverse workforce? Are we adapting to technological change? Are we providing the retraining and opportunities that our employees and our business will need to adjust to an increasingly automated world? Are we using behavioral finance and other tools to prepare workers for retirement, so that they invest in a way that will help them achieve their goals?” . In this respect, sustainability reporting has become a central part of the annual returns of both public and private companies. Recently, also other ESG variables (especially related to corporate governance) are starting to be reported. According to the “Guidance for Applying Enterprise Risk Management to Environmental, Social and Governance-related Risks” prepared by COSO and the World Business Council for Sustainable Development (WBCSD), this was partly due to the increase regulatory and disclosure requirements, totalling 1,502 requirements (80% of which are mandatory) in 63 countries - . Several academic papers have started analysing the impact of corporate social performance on corporate financial performance , and on corporate risks . An important research conducted by Sassen, Hinze, and Hardeck (2016), taking into examination a large European panel dataset of 8,752 firms between 2002 and 2014, found that disentangling corporate social performance in the three ESG components, not all of them have the same impact on firm’s risks. In particular, environmental performance generally decreases idiosyncratic risks, social performance decreases idiosyncratic, systemic, and total risks, whilst the authors could not detect a significant effect of corporate governance on any risk. However, this may be due to the difficulty in quantitatively measuring good corporate governance as well as to the interdependence between corporate governance and [continua ..]
Overtime risk governance has evolved from the silo-approach to the enterprise risk management approach to tackle systemic risks. However, the risks landscape (and consequently the risk management one) is evolving further, and emerging threats such as cybersecurity and ESG-related risks seem to be more and more interconnected with external factors. Hence, the only way to mitigate a firm’s exposure would be imposing best-practices among an ecosystem and dealing only with virtuous (or at least risk-aware) firms embracing similar or coincident high-standards.