Clean. Simple. 100% Finance.

Governance @ Distance

In board members, corporate governance, Finance, fraud, General, Management, Uncategorized on April 5, 2019 at 1:12 pm

CorpGov.jpeg

Transparency, higher commitment, and independence are buzz words for good corporate governance. The role of independent directors plays an important role in Corporate governance to keep an eye on the board activities to flag off non-promoter group issues. However, the challenge is neither the independent directors get appropriate compulsory training to understand their roles and responsibilities in an organisation nor the appropriate data promptly to act upon effectively. Board has a limited duration to understand and reflect on issues. Sometimes the independent directors are from different industries and are not able to understand the context and indulge in granularities, though, diversity of thoughts may add significant value. Governance at distance is often seen where the board chairman leads the discussion and independent directors often distant from reality less engaged in a discussion.

According to recent Board Practice Report by Deloitte Centre for Board Effectiveness and Society for Corporate Governance, almost 80% of board members think that their primary focus is on company strategy, 42% attributes risk oversight as important and 29% focuses on board selection. To sum up, strategy formulation, risk oversight and board selection are three important roles of board. In this blog, I will talk about the issues related to the first two.

In the current business environment, the markets are turbulent more than ever. World over, not only regulators, every stakeholder such as partners, and creditor are accusing board if anything goes wrong in governance. Social media and newspapers have abundant stories of poor risk governance. A board strategy cannot be the same in normal, turbulent and crisis situations. Strategic change has become important for companies. Punjab National Bank (PNB) in India has recently faced one of the biggest frauds in history, and within a short period, the company’s board needs to change the strategy of the company to address the crisis. Not only the fraud affected the PNB strategy, but it also impacted the strategy of other banks in India and the global market. The strategies perfectly working in normal market conditions may not work in crisis situation. Are companies’ board trained and prepared to handle how to change the company’s strategy in normal, volatile and crisis situations?

Post-2008 crisis, the role of the board in enterprise-wide risk oversight has become challenging. No specific training is provided to the board to refresh their knowledge on the subject. Many companies still don’t know what are their key risks and issues in the management of risks. Surprisingly, directors don’t know their roles and responsibility in risk oversight. Understanding the inter-connectivity of risk is the next big challenge, and a very few companies are able to link risk management with strategy and compensation system. How the board of directors perform their duty in overseeing the executive decisions and how compensation structures and practices drive an executive’s risk-taking. Many such questions need to be answered.

Let us understand the logic of why the understanding of risk is paramount for the board for effective corporate governance. Shareholders want a higher return for higher risk and vice-a-versa. One of the roles of the board is to define the risk appetite (the amount and extent of risk the company is willing to take as promised to shareholders) in the company. The informal approach of risk management will bring several surprises in the organization and may hinder the fulfillment of organisational objectives. To deal with the situation, the board needs to effectively oversee the organisation key risks holistically and disclose them to shareholder at appropriate times so that value at risk can be calculated. The only quantification of risk exposure will not suffice; the quality of risk-taking directly impacts the profitability of a company. Quality of risk profile also needs a significant attention. Balancing the risk while adding value to the organisation is only possible when risk management is well understood by board, implemented in a formal way and linked to the organisational strategy.

I strongly believe that the board should get a refresher course or a certificate course to carry out their duties effectively. Governance at a distance is not working. Categorization of risks in market risks, operational risk, and strategic risk has become bizarre and mundane.  Helicopter view of risk for oversight has become unacceptable as stakeholders want to understand what were the key risks of the organisation last year, whether risks are increasing or decreasing and the reasons behind them. Higher interaction and participation of the board by probing questions will certainly enhance the current state of governance. Higher engagement of the board is the key to good governance.

Advertisements

Understanding ‘Conflict of Interest’ is need of hour in India

In Banking, corporate governance, fraud, Insurance, Legal, Management, Uncategorized on December 23, 2018 at 3:57 am

100shares

I was not really shocked to read another issue of conflict-of-interest for Bank of Maharashtra after Chanda Kochhar case at ICICI Bank. Conflict of interest issues has been discussed for several years in news and media. Banking than insurance industry have more examples to such nature, though in the government we have seen examples where lawmakers have taken up roles resulting in the conflict-of-interest. This is because Insurance regulator in India has mentioned it specifically in Corporate Governance Guidelines that Conflict of interest and nature of interest should be defined, yet banking regulator is lagging behind. RBI guidelines indicated that there should be no conflict of interest but do not indicate ‘how to identify and take actions’ for such activities. Conflict of interest arises when a board member takes the strategic decision considering personal interest. Board members of all significant MNC’s in the global market place have to sign either ethical framework/Compliance guidelines or follow conflict of interest policy.

There is a desperate need of Conflict of Interest policy for Indian banking system. Ideally, it should be at all levels in the organisation  from managers to board members. For example, In some cases in India, bank managers are receiving more incentives than their salaries for selling insurance policies which divert their attention from selling banking products. Technically, insurance policies are sold by both banks and insurance companies while banking products are not even sold by their core employees, why? Why not introduce reverse bancassurance where insurance companies can also offer banking products. The reason is ‘KYC’. Some practitioners argue that banks know their customer more than insurance companies. Others argue that in a bank, customers receive money, while in insurance companies they pay money. The differentiation in the quality of agents between banks and insurance also sets the increased expectations. In a bank, a top MBA graduate joins as manager while in insurance companies they do not pay such salary at managerial level. Instead, I saw a reverse trend of hiring graduates in banking following insurance industry to lower the cost.

How do banks promote their products when half of the time banking executives spend on selling insurance? They cannot ignore banking services but what they can easily overlook is controls. Another conflict of interest arises related to favoritism by CMD of banks or CMD of insurance companies: who can question them. In case of banks, it could be a case of favouritism in granting new loans or extending the existing loans which may, later on, turn as NPA while in case of insurance companies, it may be a market investment to gain personal benefits.

What is a Conflict of Interest Policy?

A Conflict of Interest policy can be prepared by the Corporate legal department and must be signed by all board members at the first organizational board meeting. It should be mandated that no board member should be allowed to serve without signing this policy. It includes fiduciary duties (considering organizational interest for financial and legal matters), the duty of loyalty (putting board responsibilities for outside interests), and duty of confidentiality ( keeping how key business will deal with private information). Moreover, it should define the key definition about ‘interested person’ and ‘financial interest,’ duty to disclose and procedures for addressing conflict of interest for board and individuals. The process of deriving reasonable cause to show the violation of conflict of interest should also be discussed. Some questions like how compensation of director will impact the board quality of discussion. There is a requirement of the annual review of conflict of interest policy, the disclosure of outside interests and re-signing of the policy.

Worldwide, Conflict of Interest issue is not resolved in good faith. Recently, I have met Group CROs and senior executives of German Insurance Companies and regulator. The regulatory board in Germany and their staff have to sign an ethical framework compulsorily. The logic behind signing an ethical framework is that every employee in the organization takes the responsibility of disclosure of conflict of interest. This also depicts their promise of not engaging in any such activity. Thus, conflict of interest can be reduced by promoting a cognitive risk culture where everyone understands the risk of conflict of interest and their associated role in dealing with the risks.  India may follow German market for good practices to deal with the emerging issue of ‘Conflict of Interest’.

comments welcome !

Failure of risk governance in the Indian banking system

In Banking, Risk, Risk Management on July 2, 2018 at 9:47 am

 

Indian-banks.jpg

In the Nirav Modi case, a single rogue employee’s actions have threatened to wipe out more than a quarter of Punjab National Bank (PNB) shareholders’ equity. This incident follows other similar international scandals in which Nick Leeson brought down Barings Bank, and Hamanaka caused significant losses to Sumitomo, both in 1995. This brings up the question whether such occurrences can be prevented or at least minimised with a long-term solution rather than simply a quick fix.

Enterprise Risk Management (ERM) is designed to minimise the likelihood of such occurrences. The state of the art is to use ERM for risk management and the three-lines-of-defence model for risk governance. Worldwide, financial institutions such as banks and insurance companies have implemented risk governance and are continuously improving their practice of it. India trails behind international best practices in risk governance by almost a decade.

Before ERM, companies relied on Traditional Risk Management (TRM) where each department or project head used to manage the risk in their own areas of operation. Organisations were unaware of their risks in a holistic manner. In 2004 the Committee of Sponsoring Organizations (COSO, a group of US-based academic and practitioners’ organisations concerned with financials and assurance) introduced an ERM framework. Under this framework, the board of directors plays a key role in setting and overseeing the risk governance infrastructure, ERM policy, and risk appetite statement, and management executes it. Risk appetite sets the amount and type of risk a company is willing to take to meet its strategic objectives. A set of risk-mitigation and reporting processes support the execution of the adopted policy.

The three-lines-of-defence model is a structure for risk governance where front line staff represents the first line, board and risk professionals such as chief risk officers (CRO) are the second line, and auditors the third. The first line of defence is responsible for managing their activities within the bounds of the risk policies and frameworks set by the board, and reporting risk events and emerging risks. The second line of defence oversees risk management. The CRO’s office ensures that risk limits are followed and reported. The board sets the risk policy by specifying the types and degree of risk that the company is willing to accept. It sets and enforces clear lines of responsibility and accountability. The third line of defence consists of auditors who provide independent assurance that risk governance is working as it should. Risk culture ties together the three lines and reflects their collective beliefs, values, and attitudes towards risk based on their shared understanding of the organisation’s ERM policy.

Indian regulations too require risk governance. Financial institutions such as banks and insurance companies are required to form risk management committees of their boards, and have a risk governance infrastructure such as an ERM policy and risk appetite statements. However, the P.J. Nayak Committee on banking reforms found that Indian bank boards spend hardly any time on strategic matters such as risk management. It quotes one example in which the board spent as much time on the taxi fare reimbursement policy as on NPA recovery. With a lack of leadership from the top, it is not surprising to find a poor risk culture and the occurrence of incidents such as Nirav Modi’s.

In our research on risk governance, we find that even in advanced countries a regulatory nudge is generally necessary for financial institutions to adopt risk governance seriously. It is common worldwide, especially on complicated issues like risk management that are difficult to do well, that companies comply in form rather than substance. Regulatory skills and expertise therefore determine whether companies comply in substance or merely in form.

After the global financial crisis of 2007-08, risk became a major issue for regulators worldwide. They attributed the crisis to excessive risk taking and a lack of risk disclosure, and levied heavy penalties. Year 2013 was the most disastrous year in terms of penalties for financial institutions. In the U.K., the Financial Services Authority (FSA) was split into the Prudential Regulation Authority (PRA) and Financial Conduct Authority (FCA). Regulators such as the FCA have moved from regulating not just conduct but also culture. The latter cannot be measured, but with expertise in doing so it can be managed.

FCA’s focus on culture required an increased focus on changing the systems and process within companies to integrate new regulatory requirements. One large and mature British insurance company we studied already had all the elements of the risk governance infrastructure in place, and yet found that it was not meeting FCA’s high expectation on risk culture. It took up the challenge of enhancing the risk culture and was able to do so by developing a cognitive risk culture—one where people across all three lines of defence understand risks well, and also their responsibilities in relation to those risks.

The change was accomplished by creating a cadre of first-line staff called risk champions who are not risk experts; rather they are front-line staff working partly with the risk function and given an extra role of creating risk awareness in the organisation. The risk champions helped improve communication between the first and second lines of defence. The company also developed IT tools to better communicate risks throughout the organisation. The improved communication resulted in the development of a cognitive risk culture.

The regulatory push therefore led to an improvement even in one of the largest and most respected companies. Our learning from this case is that regulators can make a difference even to well-managed companies. Company executives and boards can make a difference by adopting the spirit of continuous improvement.

Indian banks need to align risk culture with the three lines of defence model not just in form but also in spirit, so that risk becomes a part of day to day decision-making rather than a year-end audit or compliance activity. To this end, India needs board members and senior executives of financial institutions to develop the skills and expertise that would put them on par with the best globally.  To shape risk governance in banks, the Indian banking regulator, RBI, needs to act as a supervisor to guide, nurture and improve the current standard of risk governance. To do so, the RBI must develop expertise and keep up with global best practices. Sustaining economic growth requires nothing less.

(Views expressed are personal.)

originally published in Fortune India https://www.fortuneindia.com/amp/story/opinion%2Ffailure-of-risk-governance-in-the-indian-banking-system%2F102074