Monthly Archives: February 2015
You must be logged in to view this document. Click here to login
59% believe the volume and complexity of risk has changed over the last 5 years
25% have implemented a complete and formal ERM program
23% describe their risk management program as “Mature” or “Robust”
You must be logged in to view this document. Click here to login
In a random sample of registered broker-dealers and investments by the SEC most of the firms have been subject to cyber-related incidents. These findings have major implications for investors and investment professionals alike.
- The vast majority of examined broker-dealers (93%) and advisers (83%) have adopted written information security policies. Most of the broker-dealers (89%) and the majority of the advisers (57%) conduct periodic audits to determine compliance with these information security policies and procedures.
- The vast majority of examined firms conduct periodic risk assessments, on a firm-wide basis, to identify cybersecurity threats, vulnerabilities, and potential business consequences.
- Most of the examined firms reported that they have been the subject of a cyber-related incident
- Many examined firms identify best practices through information-sharing networks
Corporate boards are under pressure to take more responsibility for developing strategy and overseeing business risk after the financial crisis exposed many cases of inadequate governance.1 Yet, according to the latest McKinsey Quarterly survey on governance,2 directors report that their boards have not increased the time spent on company strategy since our previous survey, conducted in February 2008—seven months before the collapse of Lehman Brothers. Moreover, 44 percent of respondents say their boards simply review and approve management’s proposed strategies. Just one-quarter characterize their boards’ overall performance as excellent or very good; even so, the share of boards that formally evaluate their directors has dropped over the past three years.
You may not follow stock markets or politics in Europe but you may be aware of the economic turmoil in the European Union and the recent elections in Greece. The “Grexit ”, a term used to describe the potential exit of Greece from the fold of countries that back the common currency, the “Euro”. The threat by Greece to not honor its agreement to repay loans or follow through with its plan to get its financial house in order has roiled markets globally. The risk is that if other countries follow Greece’s example the Euro zone will be thrown into chaos leading to the demise of the Union.
The Great Rescue that followed the Great Recession!
In 2009, at the height of the Great Recession, central bankers around the world were forced to act as backstop of last resort for the debt securities of their country and banks to forestall economic collapse. The Euro zone’s challenge is complicated by the fact that reaching agreement among members of the Union required compromise from countries with competing interests. It is remarkable that the ECB has managed to maintain relative stability given the divergence of political and economic goals.
Greece’s rescue agreement with its neighbors provided 172 billion euros in low cost loans and an expectation that the country’s leaders enact reforms to address its financial problems. Unfortunately, recent Greek elections swept in new leadership with a different agenda causing new concerns of a potential collapse of the European Union.
No one knows how the events will play out but it is important to examine this experiment in real time. Is Trust an effective Control? The answer seems obvious, right? But wait, do we take trust for granted? Financial transactions around the world are based on trusting a business, person, and or technology used to conduct business each day.
Trust is fragile and costly to rebuild.
We now know first hand what happens when trust grinds to a halt. In 2008, without the collective action of central bankers, fear and market reaction would have dictated the terms of resolving debt securities much more harshly. Banks no longer trusted other banks, government debt was in question, and the rules of the game were no longer clear. In short, trust was lost.
There is an implied contract when trust is the agreement. When trust is violated the damage can be far reaching. The old axiom, “it takes a lifetime to build trust and a second to ruin it” is an apt warning. Trillions of paper profits were lost because of a loss of trust!
Trust has proven to be a very effective control that underlies anything of importance. What are the consequences of violating this implied agreement? The newly elected Prime Minister of Greece, Alexis Tsipras, may soon learn this lesson. Recently, Greece’s stock and bond market has sold off causing Tsipras to take a more conciliatory approach toward repaying Greece’s debt. Tsipras’s actions will speak volumes toward restoring trust.
The stigma of losing trust has proven to be a powerful deterrent.
But clearly trust alone is not a deterrent. The markets and members of the European Union can cause real pain in Greece if the Prime Minister fails to abide by the agreements in place. Access to financial markets and favorable loans conditions are important incentives to reinforce the rules of the game.
How can we apply this lesson more broadly when building internal controls? Compliance and risk programs may be more effective when built on a foundation of trust with consequences. One of the most effective ways to integrate compliance throughout an organization is to ensure that everyone is subject to the same rules.
Everyone is watching when the rules change.
Changing the rules because of tougher business conditions or when more aggressive competitors bend or break the rules chips away at the culture of compliance. When leaders and employees say “everyone else is doing why aren’t we” this is the red flag the rules are changing. There are no easy answers to tough economic times or innovative competitors. Tough times require creative solutions not short cuts. The implied agreement of trust in doing the right thing requires all parties to actively participate.
Likewise, the outcome of Greece’s economy may depend on the trust of delivering on its promises. The lesson for business is that the process of building trust never ends but may be the best investment it can make.