ACCA paper on risk and reward

8/7/2019 ACCA paper on risk and reward

1/48

AccountAnts for business

Ri k d rew rd:em eri he r i r f


2/48

the r i d chieveme r f , whe her m iv ed b

i divid l r c r r e e d ,d e ece ril c rre dwi h he i i ble cce .

the ch lle e r re ibleb i e i f d w e re

h he rew rd i eek rer ed b e ible

m eme he ri k hc r i .

thi re r di c e he c m lei e , r ic l rl he e hic l dbeh vi r l c r , which mbe ddre ed.

tHE autHoRs

John Davies, Head o Business Law, [email protected]

Paul Moxey, Head o Corporate Governance and RiskManagement, [email protected]

Ian Welch, Head o Policy, [email protected]

aBout aCCa

ACCA (the Association o Chartered Certi edAccountants) is the global body or pro essionalaccountants. We aim to o er business-relevant,

rst-choice quali cations to people o application,ability and ambition around the world who seek arewarding career in accountancy, nance andmanagement.

Founded in 1904, ACCA has consistently held uniquecore values: opportunity, diversity, innovation, integrityand accountability. We believe that accountants bringvalue to economies at all stages o their development.We seek to develop capacity in the pro ession andencourage the adoption o global standards. Ourvalues are aligned to the needs o employers in allsectors and we ensure that, through our quali cations,we prepare accountants or business. We seek to open

up the pro ession to people o all backgrounds andremove arti cial barriers, innovating our quali cationsand their delivery to meet the diverse needs o traineepro essionals and their employers.

We support our 140,000 members and 404,000students in 170 countries, helping them to developsuccess ul careers in accounting and business, basedon the skills required by employers. We work through anetwork o 83 o ces and centres and more than8,000 Approved Employers worldwide, who providehigh standards o employee learning and development.Through our public interest remit, we promoteappropriate regulation o accounting and conductrelevant research to ensure accountancy continues togrow in reputation and infuence.

aBout aCCountants FoR BusInEss

ACCAs global programme, Accountants or Business,champions the role o nance pro essionals in allsectors as true value creators in organisations.Through people, process and pro essionalism,accountants are central to great per ormance. Theyshape business strategy through a deep understanding

o nancial drivers and seek opportunities or long-term success. By ocusing on the critical rolepro essional accountants play in economies at allstages o development around the world, and indiverse organisations, ACCA seeks to highlight andenhance the role the accountancy pro ession plays insupporting a healthy global economy.

www. cc l b l.c m/ cc _b i e

The Association o Chartered Certi ed Accountants,June 2010
http://www.accaglobal.com/accountants_businesshttp://www.accaglobal.com/accountants_business


3/48

1Risk and RewaRd: tempeRing the puRsuit o pRo it

The verb to temper:

1. To moderate or control, eg temper your languagearound children, temper expectations.

2. To heat-treat a material, turning something brittleinto something stronger.

Recent events have amply demonstrated thatpro tability can also be brittle. This paper suggeststhat its pursuit should also be tempered so that it isstronger, and there ore more sustainable, and wellcontrolled.

Ri k d rew rd:em eri he r i r f


4/48

2


5/48


C e

r r 5

e c v ry 6

1. i r c 8

2. d c ry r r r r b v r 9

3. w r r b c ? 11

4. h r r c r r ? 12

5. m r r 13

6. h c r r r ? 14

7. C r r v v r 17

8. w by b c ? 18

9. i r c c r b r r b y? 21

10. C c r b r b v ? 23

11. R r c , rc 25

12. e c c r r b r r 29

13. e r 33

14. R r 34

15. a c r c hR c 3716. h r b c b ? 39

17. C c 43

a 1: c r b r 44

a 2: aCCa c 45


6/48

4


7/48


The nancial crisis that began in 2007 has put thespotlight rmly on how corporates, especially those in the

nancial sector, have addressed issues such as risk,reward, governance and ethics. ACCA and others haveargued that ailings in these areas played a major part increating the crisis.

It is clear that risk has not been addressed with su cientrespect or understanding by institutions. The link betweenrisk and the rewards earned by individuals was not givensu cient consideration, and the risk unction itsel wasundervalued, and too ar down the corporate peckingorder to be e ective. Many claim that this has changedsince 2007, but questions must still be asked about howgenuine and permanent this change is going to be.

Risk can never be eliminated rom business, and it wouldbe wrong or regulators or governments to think they cando so. Risk creates opportunities and should be managed,

not removed. A balance must be struck between, orexample, ensuring that banks are su ciently capitalised inorder to prevent their collapse in a downturn, and avoidingover-cautious requirements which prevent banks goingabout their socially bene cial business and that includeslending to businesses.

Now that the global economy appears to be climbinggradually out o downturn, in 2010 at least, it is timely toexamine what needs to be done to try to prevent arecurrence o the problems we have seen in recent years.This paper is intended as a contribution to that e ort. In itwe consider the issue o how companies should approachthe management o the many risks that they ace, withparticular emphasis on the crucial issue o reputationalrisk.

ACCA has taken a leading commentary role on thenancial crisis in the past two years, with papers that

include Corporate Governance and the Credit Crunch (2008)and The Future o Financial Regulation (2009), and thisdiscussion paper has ollowed a similar process oevolution. We have once again been indebted to thethoughts o a expert group o risk and governance expertsin the UK, allied with the input o senior gures in the

nancial, corporate and accountancy sectors rom around

the world, sourced through ACCAs global network onational o ces. A ull list o contributors appears at theend o the paper, and ACCA thanks them all, both or theirtime and their in ormative input on this important subject.

The contents o this report represent ACCAs own opinionsand conclusions, and do not necessarily represent theviews or policies o either the individuals quoted or theiremployers.

F rew rd


8/48

6

Traditional theories o corporate behaviour suggest thatcompanies and their shareholders are locked into a matrixwhereby shareholders are motivated primarily by a desireto make quick returns on their investment and companiesare driven, by actual or perceived shareholder pressure, tomake the short-term pro ts that make those investorshappy and encourage others o like mind to invest in them.This narrow interpretation o company and (particularly)shareholder motivations still holds good to some degree the circumstances o the takeover o the UK companyCadburys in early 2010 suggest as much and someinvestors will continue to invest or the short term and seekimmediate returns o capital and short-term appreciationo share values. But developments in company law, theregulatory environment and stakeholder engagement arenow combining to make it clear that a company which ails or re uses to see the uller picture and the longer-termprospect will not be acting in the best interests either oitsel or o its investors.

During the banking crisis, organisations ailed which werepreviously thought to have had leading-edge riskmanagement unctions. This means that we need tore-evaluate the whole area o risk management. Itsquantitative methods imply more accuracy than may bereasonable; conventional approaches to it are fawed. Theusual approach to risks is to address them one-by-one,whereas in practice they tend to constellate. Risks areo ten considered in isolation rom other aspects o thebusiness, whereas they should be balanced against thepotential rewards. And risks are usually thought o asparticular events, rather than as potential causes whichcould give rise to a variety o unwanted e ects. As inmedicine, it makes sense to treat the causes not just thesymptoms.

Risk management appears to have risen up the corporateagenda, but this is not always refected by increasedbudgets. And while there are reported improvements inrisk, governance and controls, much remains to be done.There is also a widespread view in the nancial and othersectors that risk will be put back in its box once the crisispasses and normality can resume. This would be adangerous and regrettable outcome, and regulators areurged to redouble their e orts to monitor rms andencourage the development and implementation o ethicalcultures.

The disciplines that governments and regulators imposeon businesses continue to increase, particularly in thelisted company sector where the onus to protect investorinterests is most apparent. With every corporate scandaland regulatory ailure that occurs, the call goes out ormore regulation. But the act that such events continue tohappen suggests that the correct disciplines are not being

applied. There are our possible reasons why this is so.

There has been a ailure to rame regulatory controls inthe way which is most likely to achieve the desiredregulatory outcomes.

The process o regulation is seen by the regulatedparties as a bureaucratic burden, with no undamentalrelevance to the way they conduct their business.

There is a lack o e ective supervision and en orcemento regulatory rules or principles.

Business has ailed to show genuine commitment, notonly to complying with the objectives which lie behindexternally imposed compliance obligations, but also tothe undamental virtue o acting in a commerciallyresponsible or ethical way.

E ec ive mm r


9/48


Reporting is help ul in many ways, rom the perspective othe organisation itsel and o external shareholders andother stakeholders. Quite apart rom the bene ts ocommunicating in ormation to the recipients o reports, ithelps the preparers o the reports by ocusing their minds.Few companies currently have much to say in their reportsabout their values and how they ensure ethical behaviour.Reporting on such matters would help them to ocus onthe business bene ts o having an ethical culture, andreduce the risk o an ethical lapse and the potentialensuing reputational damage, not to mention the widereconomic damage.

In the development and implementation o ethicalstandards, there is a place or codes o practice andprinciples developed by industry groups and regulators,while elected governments are within their rights toimpose their own standards o morality on the businesscommunity. But we have seen that it can be dangerous toimpose on businesses, rom above, standards o moralitywhich appear to be well-meant, but which have thepotential to confict with the e cient running o a business.An example is the Clinton administrations e orts topressurise mortgage providers into acilitating increasedhome ownership among some o the poorer sections o USsociety, which led indirectly to the sub-prime crisis. To bee ective, ethical practices need to be relevant to the wayeach business operates, woven into the culture o eachand, crucially, adopted by individuals o integrity within theorganisation. The lead or this process must come right

rom the top. Businesses, and where appropriateregulators, should seek to ensure that they acknowledge

the desirability o recruiting and developing sta ,especially senior executives, directors and nancial sta ,who have a strong ethical compass. This process shouldaim to go beyond aiming to merely stay within the law orto comply with a code: we set out some suggestions orthis in sections 15 and 16.

While each crisis triggers calls or more regulation, and the2007 nancial crisis is no exception, the un ortunatereality is that regulation o ten does not work as intended.Although the intention is that people ollow the spirit andthe letter o requirements, the process o regulation can

oster a culture where people will ignore the requirementsi they eel they have to. The onus to comply can leadindividuals to eel that they do not have to exercisejudgment or common sense and sel -restraint. ACCApre ers principles to rules, but, or the principles to workwell, there needs to be a culture which supports them.


10/48

8

1. I r d c i

obligations on businesses, especially large and listedcompanies. These obligations will o ten involve companiesin a substantial investment in their internal resources andprocedures to ensure that neither the business nor its staincur sanctions or breaching the regulations. Businessesare also increasingly aware o the interest that a widergroup o stakeholders now has in their activities. Theseinclude not only the companys shareholders andregulators, but also its target market o consumers, themedia and the general public. Companies themselves aremore conscious than ever be ore both o the relationshipbetween their image in the market place andconsequential consumer behaviour, and o the implicationso this relationship or their business prospects.

The global banking crisis which started in 2007 has amplydemonstrated the e ects o ailing to reconcile themanagement o operational and reputational risk with thepursuit o commercial pro t. A number o nancial

institutions made serious errors in assessing andmanaging the level o risk inherent in their activities. It hasbeen widely argued that this mismanagement o creditappraisal and operational risk was compounded by thebanks policies on incentives and remuneration, whichserved directly to encourage the excessive risk that provedso commercially disastrous.

Some institutions subsequently attracted very badpublicity because, having been bailed out by taxpayers in2008 and 2009, they then awarded very substantialbonuses to some o their sta . This has raised additionalquestions not only about their handling o reputationalrisk, but also about the circumstances in whichexceptionally generous incentives and remuneration canbe consistent with companies responsibility to act in thebest long-term interests o their shareholders and theirstakeholders more generally. Furthermore, the crisis hasraised the key issue o what role ethical principles can playin acting as a responsible constraint on decision makingwithin the commercial world.

This paper looks at some o the issues involved in strikinga balance between the legitimate pursuit o pro t and themanagement o the various infuences which bear on acompanys business choices and actions.

Business entities o all kinds need to make money. Withoutrevenue no business can hope to achieve its aims, whetherthese are primarily commercial or philanthropic. Abusiness that does not earn money cannot hope to raise

nance, make pro ts, reward investors, invest or the uture,meet its corporate and social responsibilities or, last but byno means least, pay its suppliers and sta . I it cannot doany or all o these things, the authorities also stand tosu er rom lost tax income, to the disadvantage o all.

The entrepreneurial spirit and the pro t motive are thusintegral to the success ul conduct o business anywhere.The economy, and society as a whole, bene t whenbusinesses carry out their operations success ully. It

ollows that the encouragement o business activity, at alllevels, should be a key aim o public policy in a ree marketeconomy.

But with reedom has always come responsibility, and any

private enterprise which aims to succeed over the longerterm will need to be aware o the various threats andchallenges to its viability and adapt its behaviouraccordingly. In short, it needs to balance risk and reward.

Business risk takes any number o orms. Starting up anew business is a high-risk exercise in itsel it isestimated that hal o all businesses ail within three years.When a company ails, invariably its investors andcreditors stand to lose their money; thus, anyone hoping tocreate a viable business in the long term needs to plan orhow it is going to overcome the challenges which theyanticipate. Any decision about whether to invest acompanys resources in the manu acture o a new product,or its entry into a new market, will invariably need to takeinto account the prospects o that investment achieving apro table rate o return, over some speci ed timescale.And businesses operating in particular markets or marketsectors will o ten ace special challenges which need to beidenti ed, understood and assessed. These are strategicand operational matters which a companys managementmust address as part o responsible business planning.

Other threats and challenges come rom the externalenvironment. The law and other orms o regulationinvariably impose a wide and growing range o compliance


11/48


The actions o companies are invariably subject to anumber o disciplinary pressures. Any responsiblebusiness, like any responsible individual, will exercise ameasure o sel -discipline in the way that it plans andmanages its a airs. Financial planning, risk managementand internal audit will be integral in this regard. Otherdisciplines will be imposed rom above.

The constraining infuences on company behaviourimposed rom above, ie by law, regulation and marketexpectation, are ounded on the understanding thatcompanies exist in a common environment and theiractions have consequences or other actors in thatenvironment. These infuences also speci cally derive romthe protection that society provides to companies in the

orm o limitation o liability. Society has always sought toprovide certain minimum sa eguards or those dealing withlimited companies in order to compensate them or therisks they run.

The issue o the purpose o the company, and in whoseinterests it is expected to be run, is key to resolving theissue o how ar companies should be required to tempertheir pursuit o economic pro t.

In most jurisdictions, a companys directors will beultimately accountable or their stewardship o thebusiness to the companys shareholders, ie the people whocollectively own the business. Traditionally, directors ocommercial companies have regarded satis ying the

nancial interests o those shareholders as being theguiding aim o their stewardship. In accordance with thisshareholder primacy approach, some directors have eltable, or even obliged, to manage their businesses in a waywhich seeks primarily to maximise shareholder value andsatis y the nancial demands o shareholders or regulardistributions o capital. Increasingly, this approach has

aced the criticism that it encourages companies to pursueeconomic pro t with no systematic concern or theconsequences o their actions or other parties.

That restricted concept o the purpose o the companyand its relationship with the outside world has, however,been in a state o evolution over recent years. Pureshareholder primacy has largely given way to therealisation that it must always be in the best interests o acompany to seek to remain viable in the longer term. Andto achieve this goal, it is necessary or its directors to takeinto account all the actors which might have a bearing ontheir decisions. That means, at least in part, building andsustaining mutually bene cial relationships withstakeholders o various kinds. The World Business Council

or Sustainable Development (WBCSD) puts it thus:

A coherent corporate and social responsibility (CSR)strategy, based on integrity, sound values and a long-termapproach, o ers clear business bene ts to companiesand contributes to the well-being o all.

In the UK, although it is still the shareholders who own the

company and who appoint its directors, the CompaniesAct 2006 states that the directors must always haveregard, in the decision-making process, to speci ed actorssuch as the likely long-term consequences o any decision,the need to oster the companys relationships withsuppliers and customers, the impact o the companysoperations on the environment, and the desirability o thecompany maintaining a reputation or high standards obusiness conduct. Accordingly, a board that makesdecisions which pay no regard at all to one or more othese statutory actors will be in breach o its collectiveduty to the company and will leave itsel open to civilaction by its shareholders.

So, where this expanded understanding o the interests othe company is enshrined in law, while directors will still be

ree to make whatever decisions they think t, thedecision-making process should observe certain groundrules; these call on directors to respect the act that theinterests o the company will always and systematicallyincorporate concern or its stakeholders. Even where thelaw does not intervene to this e ect, any sensible businesswill wish to make itsel aware o all actors and dynamicswhich may have a bearing on its uture prospects, andtake them into account in the decision-making process.Arguably, shareholders should also be prepared to insistthat their companys directors act in this way in order to

protect their collective interests.

2. Di ci li r re re r m he e er l b i e e vir me


12/48

10

More speci c controls imposed on companies by theexternal business environment may include:

companies legislation

prudential requirements imposed on nancialinstitutions by legislation or regulation

compliance and disclosure rules imposed by listingauthorities

nancial reporting rules and standards

internal control requirements, such as those requiredby legislation, eg the US SarbanesOxley Act

anti-bribery controls, such as those required bylegislation, eg the US Foreign and Corrupt PracticesAct, and the UKs Bribery Act 2010

anti-money laundering controls that are imposed bylaw or regulation to implement the recommendationso the global Financial Action Task Force (FATF)

legal or voluntary/quasi-voluntary codes o practice oncorporate governance, which will invariably covermatters such as internal audit and risk management

market-driven codes o practice

legislative and regulatory requirements which requirecompanies to meet wider social objectives, eg on healthand sa ety and employment

infuence and pressure rom NGOs.

All measures o this kind require companies to ollow rules,or principles, which aim to reduce the risk that, in theirpursuit o pro t, the interests o their stakeholders willsu er. The basic rationale o this must be right societyshould seek to provide reasonable protections or thosewho deal with companies, over and above thosesa eguards which can be en orced by shareholders andother direct stakeholders.


13/48


All businesses ace a wide variety o risks, some o whichcome rom within the organisation and others romoutside. Some can be predicted with reasonable accuracy.For example, a bus company can, rom experience,reasonably estimate how many road tra c accidents itsbuses are likely to be involved in during a year, and ahospital can estimate how many patients will acquire anin ection and how many o those will die. Other risks areharder to oresee an example o this would be the risk toan airline company o a volcanic eruption which woulddisrupt air tra c; in 2010 the Eyja jallajkull volcano inIceland erupted, and led to huge losses and disruption orairlines in Europe. A risk such as this could easily havebeen dismissed either because it was considered toounlikely to take seriously, or because the scale o the e ectmay have been underestimated.

Conventional risk management procedures tend to ocuson identi ying, assessing and dealing with the risks

associated with individual actors in a serial or linearashion, and each actor is considered in isolation. But

dealing with risk in this way is problematic: almost everyrisk arises rom a combination o actors. An analogy iswaves washing up on a beach every so o ten one is muchbigger than the others, while on other occasions waves willcombine and rein orce each other to create one o muchgreater magnitude.

So while a risk register can be created and monitored, thedanger is that it can give a spurious accuracy, and theimpression that the risks are under control. It seems thatmost o the boards o banks which ailed or su ered largewrite-downs believed their companies had good riskmanagement. Un ortunately, it also seems that a recurring

ailing in the run-up to the banking crisis was the inabilityo many institutions to appreciate that the nature o therisks they aced was changing as economic conditionschanged.

Conventional risk management also considers each risk interms o its impact and the likelihood o the eventhappening. It would be better to consider risk in terms ocause as well as e ect, and to take the trouble to considerthe root cause(s) o risks related to speci c actors.

For example, an accidental oil or chemical spill mightcreate pollution. The spill could have many possiblecauses; it might be simple human error, or be a result onot having the right equipment to prevent it. Theapparently simple human error could be a result osomeone not taking care, or being overworked, or notbeing trained. Not having the right equipment might be theresult o someone not knowing what equipment wasavailable, or a reluctance to spend money on a newcomponent, or lack o maintenance. Apart rom naturalevents such as volcanoes, most risks can have manycauses which can be related in a complex pattern. Adoctor knows it is better to treat causes than symptoms. It

is the same with risks. A care ul analysis o the root causeso business ailures shows that in many cases theunderlying cause was cultural. It is there ore important orcompanies to take care to ensure they have the right sorto culture.

Current risk management tends to ocus on risk actorswhich, while they may be signi cant to an individualbusiness, are not big enough to threaten its very existence.In any analysis o the risks that bring organisations down,or come close to it, the root cause is usually identi ed assomething to do with corporate culture.

3. Wh re he m i ri k h b i e e ce?


14/48

12

In the UK, the Walker Review 1 o corporate governance obanks and other nancial institutions correctly identi edthat the wrong types o behaviour were at the root ogovernance ailure in many banks. During the course o theroundtable meeting o risk and governance experts whichcontributed to the preparation o this paper, oneparticipant said that we are now in hair-shirt mode meaning that nancial institutions accept that more rugalcorporate behaviour is now expected.

This response, however, is ar rom being universal andmay not amount to a permanent change. Already we haveseen the extravagant behaviour o some o the bailed-outbanks in awarding huge bonuses to their star traders,suggesting that they do not acknowledge the likely reactiono the public, governments and regulators. A recent surveyo global businesses by the law rm Norton Rose 2 revealedthat while three-quarters o respondents reportedincreased prominence or risk management in their

companies[it] has not always been backed up by moremoney or sta . O these respondents, 37% said that noextra resources had been allocated to the risk unction.

That report added that while some respondents reportedincreased conservatism and the revenge o the risk guys,others said changes were being driven by regulators ratherthan emerging rom within the institution, and expectedthat things would eventually return to normal. Onerespondent said o the rise o the risk management

unction: The eeling is that this is temporary and oncethe good times roll, risk will be put back in its box.

The report also revealed that only 19% o companies hadconsidered an independent evaluation o their ethics, while45% had no idea whether their company was consideringdoing so, which suggests that the idea has not gained widecurrency.

A Deloitte study, to be published in June 2010, suggeststhat companies with only skin-deep commitment to riskgovernance and controls (RGC) are not helping themselves.Deloitte ound a correlation between those nancialinstitutions exhibiting best RGC practices and their nancialper ormance (stock returns, ROE, and ROA over sevenyears: January 2003December 2009). There was a

1. Walker Review o Corporate Governance o the UK Banking Industr y ,HM Treasury, 26 November 2009.

2. Financial Institutions in the Future: Global Financial Recovery , NortonRose, March 2010.

signi cant upli t in nancial per ormance (23%) experiencedby those with leading RGC practices compared with thelowest per ormers in the sample. This suggests that betterRGC practices create the opportunity or higher potential

nancial returns or nancial institutions.

Nonetheless the study also showed that, while progresshas been made among nancial institutions in terms oconsidering risk, governance and controls issues,compared with a similar survey carried out be ore thecrisis in 2007 with some notable top per ormers in this

eld most rms are still not exhibiting best practice.Deloitte ound patchy execution o policies and procedures,which means that controls can ail to be embedded intobusiness units. This can cause a disconnect between therisk governance engine and the business.

Deloitte concluded that:

the challenge is to elevate RGC to a more strategic levelto ensure a deeper and lasting impact or the business,[and] at the same time improve the embedding o better behaviours in the day-to-day business practices. Theagenda or change should ocus on key areas such ascompensation and monitoring o per ormance.

A KPMG global raud survey or 2009 3 also revealed risinglevels o raud cases around the world. The actors cited ascontributing to raudulent behaviour included: poor leadershipby senior management; poor communication o organisationalcodes o ethics; lack o management commitment; andpoor ethical culture. While it is a matter o some debatewhether economic downturns actually produce more

nancial crime or simply uncover it, KPMG concludes that astrong culture o business ethics can help to prevent raud.

What can be done? In the UK, the City regulator, theFinancial Services Authority (FSA) has been taking a muchmore proactive approach and has intensi ed its practice ointerviewing senior o cials be ore they take up their posts.It has pledged to explore urther how to ensure thatcorporate nancial institutions adopt ethical rameworksand cultures. Reliable ways o assessing the cultural healtho companies, or the risks posed by lack o it, have yet tobe developed. It is important that regulated companiescontinue to take responsibility or appointments and or

their own culture, and do not rely on regulators to do thisor them.

3. KPMG Fraud Survey , 2009.

4. H ri k ri e he c r r e e d ?


15/48


The surveys mentioned above do at least show growingawareness o the need or good ethics in business. Thispoint is underlined by the generally hostile reaction in theUS and elsewhere to the revelations which emerged in2010 about the conduct o major US nancial institutions.However, the cases o Lehman Brothers and GoldmanSachs are di erent in nature. Lehmans questionablerepo 105 4 transactions, which kept 50bn o the balancesheet to improve the rms debt ratios, involved anapparently deliberate attempt to evade regulatorystandards. The allegations made by the SEC againstGoldman Sachs 5 on the other hand, suggest thedevelopment and retention o a business model thatsystematically ailed to prevent large-scale conficts ointerest. Both cases, though, demonstrate that acting onthe right side o the law is not in itsel su cient to beregarded as behaving ethically.

Companies ace signi cant reputational risks i customers

and other stakeholders do not like what they see or hear.These cases show that unpalatable acts cannot,ultimately, be hidden rom external scrutiny. It can beargued that sunlight is the best disin ectant, and or thisreason an open culture where issues o concern can beraised and resolved is undamental to a healthyorganisation.

While the types o risk which most exercise the minds osome executives may be those which can a ect theirremuneration, job tenure or liberty, reputational risk isprobably the most important to the company. The demiseo Arthur Andersen a ter the Enron, WorldCom and otherscandals demonstrated how quickly a solvent and otherwiseseemingly viable business can collapse. However, the causeo the reputational ailure was errant behaviour (people risk),which was infuenced not only by incentives (remunerationrisk) but also by a belie that aggressive compliance withthe letter o nancial reporting and compliance standardswhile fouting their spirit was acceptable. Complacencywas almost certainly another actor.

Large companies employ many people whose job it is tocarry out orders rom the board and eed in ormation upto it through the corporate hierarchy. What senior managerwould want to submit a report that raises awkward

4. Anton R. Valukas, Proceedings Examiners Report, Lehman BrothersHoldings Inc, Chapter 11, http://lehmanreport. jenner.com, 2010.

5. SEC Charges Goldman Sachs With Fraud in Structuring and Marketingo CDO Tied to Subprime Mortgages, 16 April 2010.

questions, or which might challenge the executivedirectors? It is hardly surprising that boards will o ten be

ed sanitised in ormation, something which wouldencourage complacency. An investment manager atACCAs UK roundtable said that, in his experience, someboards do all into this category, and it is essential thatdirectors get out and walk the foor to nd out what isgoing on. They, or at least the non-executive directors(NEDs), also need to ensure they have a capable, reliableand objective assurance unction that eeds them timely,relevant and balanced in ormation warts and all. Heregarded the willingness o the NEDs to do this as a use ullitmus test to see what sort o management he wasdealing with.

While a risk to reputation may be the one that brings anorganisation down, the Andersen case shows that reputationalrisk was an e ect rather than a cause. Northern Rock andLehman also ailed because people lost con dence in

them, but behind that loss o reputation lay actors suchas credit, market, liquidity and solvency risks, and errors instrategy and in operations. Additionally, there were anumber o external events that also presented threats.

Many chie risk o cers (CROs) are aware o thesechallenges, and rightly consider that the most importantthing is culture and its related risks and infuences.Forward-thinking CROs try to infuence the culture or thebene t o the company. ACCA would say that the chie

nancial o cer (CFO) is the member o the board bestplaced to infuence the culture positively, through settingthe right example and having the training to inculcate aproper risk and ethics ramework.

It would be oolish, however, to underestimate how hardthis can be in some organisations, particularly those with astrongly hierarchal, results-orientated and closed culture.In a light-hearted but power ul way the Credit CrunchDiaries, 6 the ctional blogs o the chie executive and thecompliance o cer o an imaginary ailed bank, reveal howa corporate culture can render the compliance and riskmanagement unctions totally impotent.

6. David Lascelles and Nick Carn, The Credit Crunch Diaries - The FinancialCrisis by Those Who Made it Happen , CSFI, 2009.

5. M i re i l ri k


16/48

14

As we have seen, bailed-out banks have been accused orepeating the same reckless behaviour that got them intotrouble. In its 2009 paper on regulation, ACCA argued thatthis behaviour arises rom a lack o e ective competition,where the market orces in the normal sense o the termdo not operate. Other industries, notably the motorindustry, have also experienced government interventionwhich has skewed market orces and broken the linkbetween risk management and pro tability. Where market

orces and competition are allowed to operate normally,reward is the pay-o or taking and managing riske ectively, while ailure is the price to be paid or takingtoo much risk or not managing risks properly.

It ollows that companies should want to weigh risk againstreward. How should they do this? The previous sectiondiscussed some o the complexities o managing risk, andwe will discuss later some o the elements o good riskmanagement.

Should it be sel evident that a risk is worth taking i theexpectation (expected value [E]) o reward is greater thanthe expectation o loss? That is, where the gain multipliedby the probability o that gain is greater than the impact oa loss multiplied by the probability o that loss. The simple

ormula is:

E(Gain) > E(Loss)In practice, when taking a decision, there may be morethan one gain and more than one loss, so we should wantthe sum o the expected values o gains to exceed the sumo expected values o losses:

E(Gain) > E(Loss)Curiously, while it should be obvious that risks and rewardsshould be considered together, this is not the case. Inmany organisations, risks are managed with littleconsideration o gain, and decisions are taken with scantregard to the risk. Sometimes, major decisions such asto enter new markets or make an acquisition are takenon a basis o gut eel, or driven by what Keynes calledanimal spirits, rather than a ter a cool weighing up o therisks against the rewards.

There are many reasons or this.

First, people are prone to a number o cognitive biaseswhich a ect their ability to assess risk. For example:

Availability: people respond more strongly to riskswhen the consequences o those risks are available tothem, such as rom memory, rom imagination, and

rom mass media. For example, i they witness a newsitem about a house re, they are more likely to avoidthe kind o behaviour that they believe started the re.

Anchoring: peoples estimate o risk will tend to refectany example they are given as a starting point. So, ithey are asked to estimate various risks in everyday li e,and are given an estimate o 1 in 20,000 o death in aroad accident, their estimates o risks o death inaccidents in the home will be relatively close to this,and will be higher than i they are given as a starting

point an estimate o 1 in 200,000 o death in a railaccident.

Optimism: individuals tend to see particular risks asless likely to apply to themselves, particularly i theactivity is voluntary. For example, smokers perceivehealth risks rom smoking in general, but seethemselves as less likely to su er rom those e ects.

Hindsight: most people believe that their capacity toperceive and manage a previously encountered risk isgreater than in act it was.

Con rmation bias: where people tend to rein orce theirown belie s, or example by deciding that a certain datapoint is an outlier (an observation that is numericallydistant rom the rest o the data).

All this can mean that people either think they understandthe risks, or do not want the bother o care ully weighingthe risks against the rewards.

6. H w h ld c m ie wei h ri k i rew rd?


17/48


Secondly, there is the well-established phenomenon ogroup think. Groups o people are prone to biases whichtend to lead to a greater acceptance o risk i groupmembers can hide behind a di used responsibility;alternatively it can lead to over-cautiousness. One can seethis happening in a board meeting. A group can embarkupon something or ail to challenge something that amember o that group would not choose to do on his orher own. It begins to explain why NEDs have not alwaysprovided the necessary challenge; RBSs disastrousacquisition o ABN Amro might be considered an examplehere. The example might easily be extended to thebehaviour o shareholders when invited to support therecommendations o directors.

A ull account o these biases is provided in the Lloydsreport, Behaviour: Bear, Bull or Lemming ?7

Risk management in many organisations has evolved

either rom the approach used by insurance specialists,who manage predictable and requent risks, or rominternal audit unctions. Internal auditors tend to takemore o a systems approach to risk. But neither group,culturally speaking, is used to balancing risk with reward.In act the people considering risk are o ten, i not usually,di erent rom the people whose job it is to make money.Once again this tends to mean that risks are consideredindividually and in isolation.

The Walker Review contains numerous mentions o riskappetite and risk tolerance, and considers anunderstanding o them to be intrinsic to e ective riskmanagement. Un ortunately, this is another highlyproblematic area.

7. Behaviour: Bear, Bull or Lemming? (Lloyds Emerging Risks Report),Lloyds Emerging Risks Team, 2010. http://www.lloyds.com

Risk appetite and risk tolerance have become very amiliarwords but their meanings are not always clear. A survey orisk specialists views on risk terminology, conducted byACCA and Matthew Leitch, 8 ound there are no generallyagreed de nitions o risk appetite or risk tolerance andmuch con usion about what the terms mean in practice.One respondent said that risk appetite is such a nebulousconcept that he had never heard it clearly de ned, and hehad no idea what it means or how one would set itsparameters.

Although there are issues with de ning these termsproperly, it must be bene cial or a company to considerits attitude to risk and what sort o risk it is prepared totake, with re erence to the reward or gain envisaged:

E(Gain) > E(Loss).The new UK Corporate Governance Code 9 recognises this

by including the ollowing in its main principle on riskmanagement and internal control.

The board is responsible or determining the nature andextent o the signi cant risks it is willing to take inachieving its strategic objectives.

It will be interesting to see how boards report how theyhave done this.

8. Results o a Survey o Alternative Risk Phrases [online text],http://www.internalcontrolsdesign.co.uk/raphrasequizresults

9. The UK Corporate Governance Code , Financial Reporting Council, 2010.http://www. rc.org.uk/corporate/ukcgcode.c m
http://www.internalcontrolsdesign.co.uk/raphrasequizresults/http://www.internalcontrolsdesign.co.uk/raphrasequizresults/


18/48

16

Risk management is sometimes seen as a hindrancerather than a help to business success. Sometimes this willbe because risk management is not practised properly.

In one ACCA members experience, a companysmanagement is o ten wary at the outset and sceptical othe value o risk planning. But a ter putting in riskmanagement programmes they see the point o it and howit helps. There is initial resistance but they are won over(see Box 1).

B 1: De li wi h ri k: c e d

It took a newly appointed CFO o an FSA-regulated listed companyseveral months to get the executive board to accept the merits andrelevance o a risk-management ramework. This task was made

easier as she could continue to pursue this matter with her ellowdirectors inside the organisation. However, the di culty lay in theperceptions o board members that risk represented negativity, wasa bureaucratic tool, had no real added value, and disrupted bothbusiness development and the decision-making process. Being atrading organisation, it had only a very narrow understanding orisk, which was that either the rm would make, or would not make,pro t the ollowing day.

The trigger or a change in perception came when the company wasdeveloping a clear business strategy. The CFO seized theopportunity to properly discuss business risks in the wider context(regulatory, nancial and operational risks), and how these mighta ect delivering the strategy. Only then did the executive boardunderstand and accept that risk management was a tool that wouldpotentially enable them to deliver business success in a controlled

manner.

Since the risk policy and ramework were adopted, discussions onrisk eature regularly at board meetings. Key decisions now highlightrisks and their impact on strategy! The FSA also requires nancialservices rms to produce a report on the Basel Committees ICAAP(Internal Capital Adequacy Assessment Process) rules, whichnecessarily requires highlighting key risks that might inter ere withcapital adequacy requirements.

In conclusion, it is sometimes necessary to persevere in order topersuade senior management to embrace risk management. It cantake time and e ort to change perceptions, but the recenteconomic turmoil and countless debates on risk in the bankingsector should hope ully ease the task o establishing a risk cultureacross the organisation.


19/48


While it is hoped that directors and sta will consider riskand reward objectively in the interests o the company,human nature means that people may be tempted to placemore emphasis on their own personal reward and risk. Thescandals o 2001 and 2002, as exempli ed by Enron andWorldCom, and more recent examples 10 o traders able tobet their institutions or personal gain, provide ampleevidence o the basic behavioural problem o humanbeings having an excessive aith in their own abilities andjudgment.

Just as companies will take risks or reward, so willemployees. The di culties o how to align executives paywith their per ormance are well documented, though itshould be stated that incentive pay is a good principle, aslong as the long-term bene ts o the company are the keycriteria, not merely short-term gain. The challenge is toensure that incentive pay gives incentives to the rightbehaviour.

Beyond the issue o pay and incentives, it is also importantthat companies appreciate what drives behaviour. Figure 1illustrates that, as individuals and as companies, we havebelie s and values. These are not visible to anyone, butwhat is visible is our behaviour what we do. Ourbehaviour is driven by our belie s and values. Corporatepolicies and procedures ocus on what is visible,particularly the lower right quadrant. Arguably, companiesshould ocus more on the lower le t quadrant o corporatebelie s and values and the extent to which they arecongruent with the personal values o the people in theorganisation. An example o how this could be done isgiven in section 16, How do we know i we are beingethical in business?

10. See or example, Shareholder Report on UBSs Write-Downs, UBS, 2008.

7. C r r e v i divid l ri k

i v

C r r

p r v b

C r r v b

(c r )

V bi v b

p rb v r

C r r b v r( r c , y

r )

Fi re 1: Li ki i divid l d c r r e v l e dbeh vi r


20/48

18

When a company tries to ensure that its employees actethically, it is likely to begin with a code o ethics orconduct. Such codes tend to lie on a continuum, where atone end they are rules and compliance-based and at theother end they are values or principles-based. The ormertend to consist o dos and donts while the latter areaspirational. Most codes are a mixture o these.

In practice, ethical considerations will involve legalrequirements, such as criminal, contractual and civilprovisions; indisputable obligations such as the observanceo various accepted, non-legal, human and anti-discrimination rights; ormal protocols such as rules andpolicies which may include putting indisputables and othermatters within a company ramework. Beyond this, we havethe behaviour which might be expected by society, andwhich may or not be covered in company CSR policies.

The Institute o Business Ethics (IBE) de nes businessethics as the application o ethical values such asintegrity, airness, respect and openness to businessbehaviour. Another use ul de nition is principles or normso behaviour regarded as desirable by the most osociety. 11 Society, however, is not homogeneous: itcomprises many communities, which means that a view owhat is ethical will di er rom one community to another.Even in one town in one country there will many di erentcommunities: rich and poor, highly or not so highlyeducated, religious and so on. Similarly, a company mayhave a corporate culture but within that will be manysub-cultures or communities, and those working in acompany will eel an allegiance to particular communities,and will possibly eel antipathy to others when making abusiness decision. When you make a business decision,would all the communities in the company approve, orwould some be adversely a ected?

11. Articulated by Paul McKosz, PDK Control Consulting, Canada.

8. Wh d we me b b i e e hic ?

or

Fi re 2: E hic i di ere c mm i ie

rC ry

pr t

yC r r

c z

e v ri ry


21/48


Outside these circles, we have a rather nebulous area butwhich can easily be summed up in the phrase doing theright thing and this is where business ethics really comein. Knowing what the right thing is will o ten bestraight orward and unproblematic in our personal lives,but the dynamics o the business environment the dutyo loyalty owed by directors and employees to theircompany, the onus on us to achieve our targets, thecompetitive environment in which individuals andbusinesses all operate make it more di cult. Knowingwhat the right thing is can also appear easier withhindsight a ter one has knowingly or unwittingly crossedan invisible line o transgression. The term moral compassis sometimes used, to re er to the means by which peopleare guided in knowing and doing the right thing.

Codes o ethics or the most part describe the behaviourrequired in particular circumstances. The better codes arerooted in a set o values. But organisations do not havevalues only the individuals within them do. There ore, codestend to refect a consensus o the values that certain peoplethink they should have, or would like to believe they have.

It is worth observing here that written codes o ethics, orany rules or procedures, will be interpreted in di erentways. In some countries and cultures it is important toensure that a companys ethical requirements are compatiblewith the prevailing religious requirements. It is well knownthat culture will trump compliance. Whether companyrules are ollowed, bent or ignored will depend on thecorporate culture or team sub-culture. Boards andmanagement should ensure they understand the culture intheir companies. Un ortunately, reliable tools to do this areonly in the early stages o development.

Fi re 3: Circle e ec i

LEgaL

InDIsputaBLEs

CoMpany DECIsIon soCIEtaLExpECtatIons

CoMMunItIEsMoRaLIty

soCIaL REsponsIBILIty


22/48

20

It ollows that boards will want to ensure that theiremployees observe the ethical requirements o their rules,policies and codes. It is harder or boards to setrequirements about morality, but they should consider thattransgressions o morality tend to be seen, at least by themedia, as being perpetrated at the executive level. Enron isthe classic example here. Non-executive members o theboard would be well advised to pay attention both to theirown and their executives moral compasses.

Boards can help to ensure a working moral compass bystating the desired corporate values clearly, thendemonstrating clearly by word, incentive andper ormance management systems and, most importantlyby personal example that boards are serious about them.

It is sometimes said that we have a case-basedunderstanding o ethics. Ethics can be di cult to considerin abstract terms; it is much easier to think o ethics and

morality by re erring to examples. This is consistent withthe approach taken in the ACCA quali cation (explainedlater in this paper). Rather than train people in ethics, themost e ective way to help a company make sure it has aworking moral compass is probably or it to encouragepeople, at all levels, to consider decisions rom an ethicalperspective, and to discuss in groups both hypotheticaland real ethical dilemmas. Companies that have done thishave ound that the e ect on the ethical health o thecompany is like an inoculation against a virus. Executivesand sta become more aware o , and sensitised to, ethicalconsiderations, so unethical behaviour is more likely to beweeded out.

Finally, we should note that there can be competingbusiness, compliance, ethical and moral requirements. Atthe time o writing, banks are being told to adhere togreater capital requirements but are also beingpressurised to lend more. So there seem to be ethicalpressures in conficting directions.

It has been argued that the current nancial problemshave exploded previous certainties which set o rulesshould businesses ollow? Is being ethical more importantor is trying to do whats necessary to save your companyin a harsh economic environment? Compliance is one omany expectations which cannot be reconciled. Thereneeds to be a hierarchy o priorities, in which, or example,sa ety trumps pro t.

It has been put to us that, in some areas o business,ethics have not always been taken seriously, and lip-service only has been paid to them. This situation seemsto have changed somewhat, but what will ensure that suchchange is permanent? Is the solution to nd a way to allowpeoples better nature to come to the ore in the businesscontext, or is it to resort to stronger en orcement on thepart o regulators? And when companies comply withethical rules or codes or ear o being jailed, does thisreally count as ethical behaviour, or is it just sel -

preservation? Does it even matter as long as the behaviouris good?

Ultimately, i ethics in business are not to be disregarded,it must make business sense. The comments we havereceived, suggesting business people believe there is a linkbetween ethics and good per ormance, are greatlyencouraging. Kenneth Henry FCCA, Pro essor oAccounting at Florida International University, told us: Anentrepreneur has to choose whether to buy into it he hasto believe it is good or his business in the long term.


23/48


The amount o legislation, regulatory rules, codes opractice and the like has never been greater. Compliancecosts or the largest companies are immense, both in

nancial and time terms; the accumulated weight o thesecompliance burdens adds substantially to the cost o doingbusiness, and means that companies must strive to earnever greater revenues in order to cover their costs. Theregulatory machinery needed to operate these controls iscorrespondingly great. With each successive nancialscandal and human tragedy there are invariably calls ornew controls on business to be brought in this hascertainly happened in the wake o the 2007 global bankingcrisis. But the way to reduce the all-out rom corporate

ailures cannot simply be to increase the number o legaland regulatory rules that are imposed on businesses. Inthe case o the banking sector, it o ten tends to be

orgotten that regulatory rules leading up to the crisis wereextensive and very prescriptive, suggesting that the variousbanking ailures occurred, not because o a lack o

regulatory controls, but despite them. 12 Likewise, majorcorporate ailures have occurred despite accounting rulesand corporate governance guidance being ollowed to theletter by the companies concerned. It seems inevitablethat, irrespective o what governments and regulators doto tighten and expand regulatory controls, scandals willcontinue to occur, and the controls will continue to ail tostop businesses rom engaging in conduct which might bedescribed as irresponsible.

How can this be? There seem to be our likely explanations:

There is a ailure to rame regulatory controls in theway which is most likely to achieve the regulatoryobjectives. The virtue o imposing detailed andprescriptive rules is that both sides, the business andthe regulator, should know exactly what is beingdemanded, and compliance can proceed accordingly.The disadvantage o an excessively rules-basedapproach is that it encourages a search or loop-holes,and can entitle a business to think that by complyingwith the precise terms o an instruction it can eeljusti ed in acting in ways which would otherwise beregarded as unacceptable. While a more principles-based approach ocuses attention on desirableoutcomes rather than procedural detail, businessesand regulators alike may eel that both their jobs are

made easier i there is more certainty about what isexpected o them.

12. The Future o Financial Regulation, ACCA, 2009.

The obligation to comply with regulations is seen by theregulated parties only as a bureaucratic burden, havingno undamental relevance to their operations. The riskhere is that the entities concerned may respond in amechanical ashion which aims to meet the precisestandards expected o them and no more. Thissituation will always create the potential or regulatedparties to observe the letter o requirements but notthe spirit (where such a spirit can be said to exist).

There is a lack o proper supervision and en orcemento regulatory rules/principles. I any set o compliancerules or principles is to be credible as a tool or drivingbusiness behaviour, there needs to be some e ectivemeans o assessing compliance with them and, whereappropriate, o taking remedial action against thosewho are non-compliant. It could be argued that thebigger and more complex a business becomes, themore di cult it will become or any o cial organ to

e ectively regulate it.

There is a ailure on the part o businesses to showgenuine commitment, not only to complying with theobjectives behind external compliance obligations,whether they are laws, rules or principles, but also tothe undamental virtue o acting in a way which, at theindividual human level, they must know is right. Theexperience o many recent high-pro le corporatescandals rom Maxwell to Enron and WorldCom to the2007 banking crisis suggests that, while governmentsand regulators may periodically re orm their laws andtechnical rulebooks, the deeper problem lies elsewhere.It lies in the ailure, conscious or otherwise, o some inthe corporate world to see ethical business behaviouras being in the interests o their company, and sharppractice as posing a material risk to those interests.

Laws and regulations, and the e ective en orcement othem, can certainly help business to pursue a responsiblealignment o risk with reward. For example, standardisationo accounting rules is highly desirable, so that all investorsand other interested parties are able to use in ormationprepared on a uni orm basis. The expanded legalapproach to the purpose o the limited company, asoutlined above, does help to encourage companies toacknowledge that thinking about long-term consequences,

and a wider range o stakeholder interests, is likely toimprove the quality o board-level decision making. And

9. I re l i fcie e c r e b i e e m e ri kre ibl ?


24/48

22

legislation to criminalise bribery and corruption alsoinjects a strong moral dimension into the environment inwhich business operates. The e ective en orcement olegal and regulatory measures also acts as a very power ultool o deterrence and persuasion (witness the recentseries o success ul prosecutions against the Germancompany Siemens), and serves to demonstrate orcibly tocompanies the business risk associated with engaging inunethical and illegal practices. Only the law, moreover, cane ectively intervene to set categorical boundaries or theconduct o certain types o business.

But, as noted above, external regulation can only hope toachieve so much by obliging companies to comply withtechnical laws, rules or principles. I businesses cannot seethe relevance or advantages o the regulation o theiroperations, they are likely to respond in a tick-boxmanner. As also noted above, rules which invitemanipulation may also, e ectively, legitimise underhand

and damaging practices. And it must be acknowledgedthat regulatory bodies in all countries will always besubject to resource limitations which will constrain theirability to supervise everything that is done in the sectorconcerned.

Ultimately, the actions o companies are the actions otheir people. In some cases, directors will knowingly allowtheir companies to engage in activities which are eitherplainly illegal or (arguably) unethical. At other times suchactions will be committed by executives below board levelwithout the directors being aware o what is going on.Alternatively, illegal or unethical conduct may be practisedby individual members o the work orce independently,and in breach o company rules or codes o conduct.However such conduct happens, the company willinvariably be held responsible or the actions o its people,and will risk su ering criminal and reputationalconsequences when it does. Even i a company does notappreciate the inherent virtue o avoiding illegal andunethical courses o conduct, it must surely understandthe business risk o incurring such repercussions.

So while the directors, shareholders and employees o anycommercial company will always have an understandableinterest in trying to enhance its pro tability, companiesmust at the same time recognise the sel -interest, as well

perhaps as the wider social interest, o acting inaccordance with high standards o business conduct. Inparticular it must be seen to be in the interests ocompanies and their various stakeholders that all thosewho work or a company share a commitment toconducting business honestly and in a way which aims toreduce the level o risk to the company and thosestakeholders. Along with the need or companies to havepersonnel with the right abilities and experience, thisapproach must represent the best chance o achieving thee ective regulation o business.

A commitment to ethical business conduct can beencouraged by external regulation, and in this context it iswelcome that tness and propriety checks are now beingundertaken, in the UK and elsewhere, on new directors andsenior executives in the nance sector, in the wake o thepost-2007 banking scandals. Ultimately though, thecommitment must come rom within the individual

company. This has to involve the recognition that seniorgures in a company, in particular CEOs and CFOs, should

be required to have personal qualities that are conduciveto ethical business conduct. There needs also to be aserious e ort on the part o companies to install an ethicalculture: this should be su ciently robust to ensure thatunacceptable practices are identi ed and managedappropriately, and su ciently credible to allow individualswho have legitimate concerns about business practices tochannel those concerns within the company without ear oadverse consequences.

An ethical culture should involve the application o ethicalconsiderations to all aspects o its operations, includingobjective setting, its policy on remuneration andincentives, nancial reporting and personnel management.In the case o larger companies at least, an integral part otheir ethical business culture must be an acceptance othe need to be transparent about corporate strategies andworking practices, and a preparedness to reconcile themwith known and anticipated stakeholder reactions. Withinthis sort o culture there should also be a genuinecommitment to encouraging the responsible use owhistle-blowing procedures, which must involve sa eguardsto ensure that people who do make use o suchprocedures do not su er as a result.


25/48


It is not reasonable to expect businesses to actaltruistically. The rationale o any commercial business isinvariably to make money and to make pro ts. Eachbusiness sets about doing this in a competitiveenvironment in which it and its competitors all seek to winbusiness by o ering attractive goods and services atprices that they think will appeal to consumers. Becomingmore success ul than your competitors, and driving themout o business as a result, may be detrimental to theinterests o those other rms and their stakeholders, butas long as business is conducted legally and in line withprinciples o air competition ailure is a normal eature othe ree market.

A business that voluntarily orgoes economic opportunitieswill not only jeopardise its own existence but may wellharm the interests o its shareholders, and invite legalaction rom them or doing so. Thus, when we talk aboutbusinesses behaving ethically, we must acknowledge that

their situation is quite di erent rom that o the individual,who enjoys much greater reedom to make choices:expectations o ethical conduct in the business world mustacknowledge at the outset that each business operates ina competitive market and is motivated by the legitimatepursuit o business and pro t. The special challenge in thehighly competitive world o business is how to encourageeach party to conduct its operations in a way whichensures that the pursuit o its own short-term sel -interestdoes not un airly in ringe upon the interests o either theircompetitors or their own stakeholders.

Acknowledging the special character o the business worldis sometimes a problem or governments and regulatorswhen they try, or understandable reasons, to imposepolitically motivated norms upon it. Arguably the bestexample o this comes rom the United States in the1990s, re erred to earlier in this paper, when the then-government sought to increase home ownership amongcertain sections o the community. This intervention wasarguably a signi cant contributory actor (albeit only one)in the sub-prime crisis which broke some years later.During the Clinton administration, the Community Re-Investment Act (CRA) o 1977, which had been passed tooutlaw discrimination by banks against low-incomehouseholds, was rein orced with a view to exerting morepressures on the banks to lend to sections o society not

previously associated with home ownership. With the sameend in mind, the administration reduced the capitalrequirements o Fannie Mae and Freddie Mac, andinstructed them to provide more credit to those who wouldnormally be regarded as being poor credit risks. Loans tothe sub-prime market in the US increased rom 2.4% ototal mortgage loans in 2000 to 13.7% in 2006. The hugeincrease in the demand or credit, or which theseinitiatives were partly responsible, led the banks to borrowheavily rom abroad, creating the substantial macro-economic imbalances that we saw by the mid-2000s; theadditional risk that they took on by lending to the sub-prime market prompted their ill- ated involvement in thesecuritisation market.

The re orm o the CRA may have been motivated bylegitimate egalitarian aims which the elected governmento the day was entitled to pursue. But, in retrospect atleast, it cannot be said that it was help ul to the banks in

terms o encouraging them to operate e ective riskmanagement practices. And neither can it be said that itwas help ul in ethical terms, since the political aims o thegovernment were not e ectively integrated with thebusiness objectives o the nancial institutions a ected.The nancial sector was asked to incorporate into itsbusiness plans quasi-ethical actors which wereinconsistent with responsible commercial practice in thatsector, and the eventual result was to the enormousdetriment o the banks, and had disastrous results or theira ected customers.

A ar less dramatic example o the issues involved in tryingto square the circle is the UK Companies Act 2006,re erred to above, in which the interests o all stakeholdershave to be borne in mind by directors. However, theinterests o shareholders who want higher dividends i theyare to invest in the company will inevitably clash with thoseo employees who want higher wages. Some o therespondents ACCA spoke to in the preparation o thispaper argue that this has complicated the UKs businessarena in an already tough economic climate.

The US example suggests that the imposition on businesso ethical or quasi-ethical principles rom above may notonly be unhelp ul but dangerously counter-productive.Ethical policies and practices need to be appropriate to

10. C e hic l d rd be im ed r m b ve?


26/48

24

the environment in which the business operates, whichmeans that government and regulators are not necessarilythe right source o ethical guidance. It should also beborne in mind that ideas about what constitutesresponsible business conduct may vary between di erentbusiness sectors and di erent markets. Pro essionalbodies, or example, are well placed to identi y the ethicalstandards which are to be adopted by members o thepro ession concerned, because o their knowledge o thecircumstances in which those individuals operate, and thespeci c pressures which threaten the integrity o theiractions. While it may be air to argue that certain

undamental principles should be able to be applied to allsectors and markets, it must also be accepted that normso acceptable business practice and custom may vary: thiswill o ten be the case rom country to country, and alsowhere the ethical principles ollowed by a business orcommunity are based on undamental religious principles.

While it is per ectly reasonable, there ore, or the law andregulation to expect businesses to behave in a responsibleand ethical way ( or the reasons already discussed), it isnot realistic to expect ethical principles to be ramed in auni orm way, or expect them to be applied in the sameway in all circumstances.


27/48


The 2007 nancial crisis involved a catalogue ounintended consequences o regulation o one orm oranother. Prior to 2002, a culture o con orming to the letterand not the spirit o accounting requirements meant thatEnron could use accounting tricks to hide liabilities o itsbalance sheet and book pro ts which could never berealised. Even a ter the Enron scandal, banks were still ableto use a variety o accounting devices to move assets andliabilities into special purpose vehicles (SPVs) which werenot consolidated on their group balance sheets. And, ashas been alleged, Lehman made assets and liabilitiese ectively disappear rom its balance sheet by cherry-picking the jurisdiction in which to obtain its legal opinions,and in which to select its accounting or reporting standards.

These problems arose in the US. However, a paperpublished by ACCA The Accounting Statements o GlobalFinancial Institutions and the Recent Crisis 13 describessome o the other unintended consequences o nancial

reporting requirements which applied to both US andEuropean banks. Many commentators in those marketsare now arguing that nancial reporting and auditingrequirements have become too rules-based and have notle t enough room or judgment.

ACCA supports principles-based systems, which work wellin a principled environment. But in businesses where theculture is to comply with the letter and not the spirit o therules, such a regime can appear to lack teeth.

We see this with corporate governance requirements. Inthe UK, the corporate governance regime or listedcompanies consists o a code o principles and provisions.The Listing Rules require companies to state in theirannual reports how they apply these principles, and tostate whether they comply with the more rule-likeprovisions or explain why they do not . Un ortunately,attention by shareholders and others has always ocusedmore on compliance with the provisions than on howcompanies apply the principles. Not surprisingly, ewcompanies bother to give meaning ul descriptions o howthey do apply the governance principles.

13. B. Davies, G. Levine and A. Milne, The Accounting Statements o GlobalFinancial Institutions and the Recent Crisis, ACCA, 2010.

A simple example contrasting rules and principles is the30mph driving speed limit. This is a rule: a principle mightbe always drive sa ely and a supporting principle toomuch speed kills. There should be ewer accidents ipeople ollow the principles. Depending on roadconditions, it may be sa e either to drive aster than30mph or dangerous to drive at that speed. A compliancementality would be that it is OK to drive at 30mph even iconditions mean that such a speed is unsa e. On the otherhand, in a culture where the drive sa ely principle isfouted, perhaps we need rules.

In the Netherlands, an approach called naked streets hasbeen tried. Dangerous junctions were stripped o tra clights, road signs, directional markers and pedestriancrossings. To the approaching driver there was nothing totell drivers what to do, so they had to think or themselves.As a result, drivers seemed to approach cautiously andwith an eye on what others around were doing. Supporters

o the naked streets concept argued that drivers,pedestrians and cyclists were orced to interact, make eyecontact and adapt to the tra c, instead o relying on signsand signals. They were given more responsibility or theiractions on the road. Without the conventional rules o theroad in place, drivers tended to slow down and develop anunderstanding o their environment. It may be that roadusers pay less attention to their surroundings i they eelprotected by an array o signs telling them what to do. Inthe UK, local councils trying this approach also ound thataccidents went down as did average speeds but,paradoxically, tra c moved more e ciently and journeytimes decreased. 14

14. Risk, Responsibility and Regulation: Whose Risk is it Anyway? , BetterRegulation Commission, 2005.

11. R le d ri ci le , d h w e rce hem


28/48

26

ACCA was one o the rst to point out, 15 and it is nowwidely accepted, that the 2007 banking crisis was acorporate governance ailure. As noted earlier, all thebanks that ailed had complied with corporate governancerequirements. What they did not do was apply all theprinciples in their behaviour. The Walker Review identi edthat the problem was one o behaviour, but its solution is,essentially, to have more requirements with which tocomply. It remains to be seen whether it will have thedesired e ect on the behaviour o companies. ACCA haslong argued that greater emphasis should be placed onprinciples, and it is encouraging to see that the FRCs newUK Corporate Governance Code does this. We would haveliked the new Code to have gone urther and requirecompanies to state how they apply, what has been asupporting principle, that boards should set the companysvalues and standards. We would also like companies tostate how they ensure and monitor that these values andstandards are in place.

Corporate governance is now in a hiatus. Many people nowrealise that, while in the 1990s it may have beenpracticable to expect institutional shareholders to en orcegood governance, this is now much more di cult. In theUK, or example, their ownership o UK plc is considerablyreduced. In 1992, pension unds and insurance companiesheld 53% o UK shares. By 2008, this dropped to 26% andthe proportion o UK shares held by investors outside theUK increased rom just 13% to 42%. 16 (Incidentally, thisreduction has been caused not only by shareholdersholding more shares o companies based outside the UKbut also, according to some managers o pension unds, tochanges in accounting standards and actuarial practice,which they say has led to pension unds now holding alower proportion o their investments in equities and ahigher proportion in other assets such as bonds. Thelatter, i true, would be another unintended consequence ocompliance.)

I shareholders will not en orce good governance then whowill? Neither the FSA nor the FRC has ever disciplined acompany or ailing to apply a combined code principle.Should they?

15. A. Berendt and P. Moxey, Corporate Governance and the Credit Crunch, ACCA, 2008.

16. Share Ownership Survey 2008, O ce or National Statistics Bulletin ,2010.

The Basel Committee on Banking Supervision set outcapital adequacy requirements intended to ensure thatbanks had adequate capital with which to withstand

nancial instability. Un ortunately, it was possible tocircumvent these seemingly sensible requirements bymoving assets into special purpose (also known asstructured investment) vehicles (SPVs). The Baselrequirements also encouraged all banks to operate verysimilar risk models. What this meant in practice was thatwhen one bank wanted to buy a type o asset, they all did,and when one bank wanted to sell it, they all did. A marketwhere there is e ectively only one participant is not amarket, so there should have been no surprise thatbubbles were ollowed by crashes. This is well describedby Avinash Persaud. 17

The Basel requirements and US SEC requirements alsomeant that the opinions o the three main ratings agencieswere essential to the banks ability to carry out business,

be it creating synthetic products or borrowing money.Such regulation stifed any potential or competition andcontributed to their di culties.

Another problem with regulation is its en orcement.Richard Scott Carnell, in Regulators Incentives ,18 describesthe di culties o the regulators job in the US.

A bank can look healthy and report record pro ts even asit slides toward major losses. A regulator may attract considerable resistance i he takes early corrective andpreventive action. Few people will think o the problemsaverted and a regulator may be criticised by bank tradeassociations, house builders, estate agents, the mediaand politicians or endangering jobs, housing markets,entrepreneurship, and the nations prosperity.

17. Avinash Persaud, Regulation, Valuation and Systemic Liquidity,Financial Stability Review , No. 12, October 2008.

18. Published in Make Markets be Markets , Roosevelt Institute, 2010.


29/48


Scott Carnell summed it up.

We have di culty telling good banks rom bad until itstoo late. We have di culty telling good regulation rombad until its too late. Lax regulation wins more riendsand plaudits than stringent regulation until its too late.Risky banks and their allies exert more political infuencethan taxpayers until its too late. These dynamicscontribute to a stubborn reality underlying the regulatory

ailures o the past our decades: bank soundnessregulation has no political constituency until its too late.

Compliance requirements can also hinder riskmanagement. According to Bank Governance LeadershipNetwork Update: 19

dealing with regulatory matters crowds out other crit icalrisk activities. The growing list o vaguely de ned andsometimes duplicative regulatory reporting requirements

is a major drain on the time and resources o the risk unction. At some banks, regulatory matters now take up

40% o the risk organizations time. At one organization,the CRO is currently completing 19 separate surveys inresponse to regulatory requests; another CRO hasidenti ed over 200 best practices that regulators areasking rms to benchmark themselves against. Someinstitutions are considering having all regulatory activitiesreport up to the CRO. Given this ocus on regulation(some organizations are requiring all people who handleregulation report to the CRO), in the uture, CRO may come to mean chie regulatory o cer as well as chie risk o cer. Risk executives point out that, ironically, in theend, this means we are spending less time looking or risks, analyzing risk, and helping to position the rm or success.

19. Bank Governance Leadership Network Update [online text],http:// www.Tapestrynetworks.Com , February 2010.

Finally, we argue that compliance is easier or humannature to deal with than applying judgment. It allows us tosurrender responsibility or our own actions and saves usthe trouble o wrestling with our conscience. The Lehmanrepo 105 story is a case in point. Its executives wereconcerned about risks to the bank and to their ownsecurity. They discovered that it was possible, throughusing an English legal opinion and US GAAP, to account orwhat was, in any commonsense interpretation, a nancingarrangement o $50bn as a sale, thus at a stroke removingthat sum o assets and liabilities rom the balance sheet. 20 While allowable in law and the relevant accountingstandards, this must still be a deeply questionable courseo action or an institution to take.

For a pro essional, however, it is not so simple.Accountants have a pro essional duty to comply withrelevant nancial reporting and auditing requirements andwith the law. I a legal opinion says a nancing transaction

is a sale, and it is then possible under US GAAP to accountor the $50bn transaction as a sale, it would be di cult or

a pro essional accountant to do otherwise. His/herconscience might say it is the wrong thing to do but inpractice there will be little choice.

Accountants pro essional duties are enshrined in theethical standards set out by their pro essional bodies,which are based on the International Federation oAccountants (IFAC) Code o Ethics. 21 These standards arepredicated on the basis that nancial reporting andauditing standards will give a sensible result. Under bothUK reporting standards and IFRS there is an overallrequirement that accounts show a true and air view o , or(in the case o IFRS) present airly, the a airs o thecompany. Both sets o standards allow or the possibilitythat compliance with the standards may result in amisleading picture, and i so then ull details should begiven. In the UK, this is known as the true and airoverride. It is rarely used, and it is not really clear whether,in practice, US GAAP has a similar requirement.

20. Anton R. Valukas, Proceedings Examiners Report , Lehman BrothersHoldings Inc , Chapter 11, 2010.

21. 2010 Handbook o the Code o Ethics or Pro essional Accountants , IFAC,2010.
http://www.tapestrynetworks.com/http://www.tapestrynetworks.com/


30/48

28

In its Introduction and Fundamental Principles the IFACCode sets out the public-interest duty o a pro essionalaccountant.

100.1 A distinguishing mark o the accountancy pro ession is its acceptance o the responsibility to act inthe public interest. There ore, a pro essional accountantsresponsibility is not exclusively to satis y the needs o anindividual client or employer. In acting in the publicinterest, a pro essional accountant shall observe andcomply with this Code. I a pro essional accountant isprohibited rom complying with certain parts o this Codeby law or regulation, the pro essional accountant shallcomply with all other parts o this Code.

The IFAC Code allows or the possibility that compliancewith the Code could result in an outcome which is not inthe public interest.

100.11 When a pro essional accountant encountersunusual circumstances in which the application o aspeci c requirement o the Code would result in adisproportionate outcome or an outcome that may not bein the public interest, it i s recommended that thepro essional accountant consult with a member body or the relevant regulator.

This provision would appear to apply to the Lehman repo105 situation. However, aced with the legal opinion andrequired treatment under US GAAP it would be unusual orany CFO to stand up and say that the action was wrong particularly i such a course could threaten the uture othe bank. What board is likely to consider the ethicalniceties o an accounting transaction when both the lawand the accounting requirements direct a particularcourse? What board would do this i the uture o thecompany and everyones job was on the line? Given thesecircumstances, it is easy to see how individuals would setaside any personal discom ort over not doing the rightthing and simply comply with the rules and standards.

In this context we accept that pro essional bodies andother organisations which exercise disciplinary unctionshave their own part to play in ensuring that individuals and

rms who operate within their jurisdiction do notcompromise the ethical and pro essional standards whichare expected o them.

One respondent summed up the dilemma as getting itright when there is no right answer. Perhaps the mostimportant advice to give to accountants and otherpro essionals in such situations would be always toconsider the long-term impact on the business: Focus onthe sustainability o pro tabilityor more importantly thevery existence o the business, which would clearly not bepossible i the business were to su er a seriousreputational risk on account o ignoring ethicalconsiderations.


31/48


Several surveys have suggested a correlation betweenethical behaviour and pro tability. For example, surveys byIBE in 2003 and 2007 22 ound that companies with ethicalcodes per ormed better on a variety o nancial and otherindicators than those without.

A survey carried out by CFO Research Services on behalo ACCA in 2006, 23 o companies in Europe, Asia-Paci cand the US, ound a correlation between companies havingpractices likely to result in ethical behaviour such astraining on ethics and including ethical per ormance insta appraisals, and where boards had given attention toethical matters and nancial per ormance rated (bythemselves) as exceeding expectations. Individualdescriptions rom respondents o the key bene ts o anethical culture also strongly suggested a clear link betweenethics and business per ormance (see Figure 4).

Moreover, CFOs said that a strong ethical culture has a

bene cial e ect on business per ormance in terms o statrust, loyalty and motivation, more reliable nancialreporting, and improved corporate culture; and it alsoboosts external relationships such as those with investors,customers and analysts. CFOs also perceived a risk to theirpersonal and corporate reputations i they did not giveethics a high enough priority.

22. K. Ug Oji, N, Dando and L. Moir, Does Business Ethics Pay? , IBE, 2007.http://www.Ibe.o

ACCA paper on risk and reward

Documents

Transcript of ACCA paper on risk and reward