Download - NEW CHALLENGES FOR BOARDS - Oliver Wyman
AUTHORMichael Wagner, Partner
Financial Services
NEW CHALLENGES FOR BOARDS
This paper is the first in an annual series that seeks to provide a perspective on challenges for
boards for the coming year. We draw on the experience of our senior advisory board members
and our work with boards and regulators on the topics addressed in this document.
Over the past four years, the boards of
financial firms have focused on improving risk
governance and controls and establishing
firmer oversight of the compensation and
bonus pool allocation processes. The last 18
months, however, have seen a significant
increase in the pressure many financial
services boards now face:
• Regulators have become increasingly
uncompromising in their “fit and proper”
interviews of individual board members
(both for group and subsidiary boards).
In a number of cases they have withheld
approval of individual board members.
This has made it much harder for banks
to attract non-executive candidates
• Zero tolerance and large fines for conduct
failures paired with increased scrutiny
from conduct regulators across Europe
and the US are leading to reputational
damage, board resignations and
immediate large provisions in the financial
accounts of individual institutions
• All stakeholders are demanding increased
resilience and strategic sustainability in
the light of continued global imbalances
and volatility (e.g. G-SIBs, recovery and
resolution plans, ring-fencing of business
and geographic activities, etc.).
Many boards now struggle to get through
the long list of priority items and retain
strategic direction setting and oversight.
Ten years ago conduct-related reporting
to the board was manageable (typically a
short summary and update); now it takes up
a large part of board meetings with reports
running into hundreds of pages.
Financial risk and its control are now fairly
well understood, and well-established
control frameworks exist for financial
risks as a result. Risk, compliance and
audit have traditionally focussed on
improving governance and establishing
an independent function that sets the
boundaries and then checks if these are
adhered to. While the frameworks have
worked well for quantifiable financial risks in
stable regulatory requirements (e.g. capital
ratios), the new set of challenges can only
be imperfectly addressed through these
frameworks for the following reasons:
1. Regulators are themselves under
pressure in today’s changing and
complex environment and therefore
cannot give “bright line” rules and
definitions for conduct. Institutions will
need to find their own definitions of what
constitutes a sustainable business and
operating model for each institution
2. Public opinion and the perception of
fairness has changed fundamentally in
recent years. Consumers are less willing
to accept the principle of caveat emptor
when it comes to financial products. This
provides institutions with a fundamental
challenge as what is acceptable today
may be deemed unacceptable tomorrow.
Throughout the past eight years, provisions
for conduct-related risks have risen fourfold
for our sample of 17 of the largest global
financial institutions. In 2012 this almost
reached the size of credit provisions for the
four largest UK institutions.
Copyright © 2013 Oliver Wyman
ExhIBIT 1: PROVISIONS TAKEN ON LEGAL AND CONDUCT MATTERS OVER ThE PAST DECADE
30,000
20,000
10,000
40,000
0
50,000
TOTAL CONDUCT/LEGAL PROVISIONS FROM SELECTED BANKS† 2005-2012 ($MM)
2005 2006 2007 2008 2009 2010 2011 2012
† Banks included in the analysis: hSBC, Barclays, RBS, LBG, JPMorgan, Citi, BoA, Wells Fargo, UBS, Credit Suisse, Deutsche Bank, Commerzbank, Credit Agricole, Coc Gen, GNP, Unicredit, ING
Source: Banks’ annual reports, news releases, SEC website, Oliver Wyman analysis, SNL
ExhIBIT 2: FINES FOR PRODUCT GOVERNANCE (USA AND UK)
MEDIAN FSA AND SEC FINE SIZE 2003-2012 (US$ ‘000)
REASONS FOR FINES
2002 2012
1,200
800
400
0
1,600
2003 2004 2005 2006 2007 20092008 2010 2011 2012UK
US
Market abuse and financial crime
Client assets
Treating customers fairly
Product governance
Other8%21%
13%
19%
15%32%
8%
8%
7%
69%
Source: FSA and SEC official website and databases, SEC settlement trends: 2h12 update, January, 2013, Oliver Wyman analysis
While the bulk of fines in 2002 were related to market abuse and manipulation, product
governance was the most frequent reason for fines in 2012 in the US and UK. Products of
medium complexity (e.g. PPI) are responsible for the lion’s share of fines.
4
ExhIBIT 3: TOP 10 METRICS USED
80% 60%
Long-term rating
Earnings volatility
Op. loss as % of revenues
Reputational risk
Regulatory compliance
Core Tier I capital ratio
Total capital ratio
Liquidity buffer/survival horizon
Credit concentration
AFR vs. Ecap
% OF SAMPLE
Solvency
Earnings
Liquidity
Non-financial risks
40%
76%
65%
59%
53%
Firms in emerging markets are also
increasingly dealing with conduct-related
issues as private investors diversify their
exposures. For example, the Lehman crisis
had direct effects on hong Kong investors in
structured products. Institutions in markets
with an explosive development of new
investment vehicles and credit products
should consider modifying their board
committees and oversight procedures as
outlined in this paper. To safeguard the
reputation of the institutions, these boards
may require additional experience, such as
a global perspective and knowledge of the
more complex investment or credit product
markets and their related conduct issues.
hOW DOES ThE WORK OF BOARDS
ChANGE IN ThIS NEW ENVIRONMENT?
The board is there to challenge, approve and
then support the strategy proposed by the
management of the company. The power of
a board comes from one of its key remits – to
consider the medium to long-term strategy
and shape of the company. Especially in
times of uncertainty, having a board which
can stand for a long-term strategy will give
the company the strength to weather storms
and make the right decisions (acquisitions,
investments, divestments, etc.).
The main issue for boards in the new
environment is the lack of surety and specific
guidance given by regulators. This requires
a new approach by the board to be sure
that standards are adhered to in day-to-day
business conduct. We see eight areas where
modifications should be considered:
1. RISK APPETITE
Traditional risk appetite statements focus
on the liquidity, capital and business
composition. Non-financial risks are often
under represented and monitored at a
fairly aggregated level, such as simply
“reputation”, according to our recent survey
of a set of European and American risk
appetite statements. The non-financial
statements are rarely linked to business KPIs
or other metrics that would allow them to be
translated into business specific directions.
Copyright © 2013 Oliver Wyman
Our recent revisions to risk appetite
statements included the addition of
statements that regard suitability, customer
treatment/complaints, employee conduct,
emerging risks and low tolerance levels
for audit points and the speed at which
these are resolved. These statements are
then explicitly linked to business metrics to
provide guidance for individual businesses.
For example, in the case of product suitability
assessment, this requires that all products
be reviewed with regard to their suitability
for serving some genuine customer needs
and for their transparency to customers. The
sales process and qualifications of the sellers
must also be assessed for safety. A set of
indicators is then developed and tracked at
the business, enterprise and board level (see
section two below). Monitoring customer
complaints, for example, can provide an
early warning indicator for conduct risks.
The risk appetite statement is traditionally
implemented by the Chief Risk Officer.
The new additional conduct risk appetite
metrics will require the involvement of the
compliance function of the bank and buy in
from the first line of defence, the sellers.
Finally, we recommend an in-depth review of
the various committees that deal with non-
financial risks (e.g. customer, reputational
risk, operational risk, audit, product approval
committees) to ensure they are linked at
the executive level and that there is cross-
committee reporting and issue resolution.
2. NEW REPORTS ARE REQUIRED TO
COMPREhENSIVELY COVER NON-
FINANCIAL RISKS
New indicators and reports are required for
the board to capture additional information
related to conduct risks. Below we outline
the areas where new information needs to
be captured and transferred into board level
indicators. (The areas for development of
additional indicators are highlighted in grey.)
ExhIBIT 4: TYPES OF PERFORMANCE INDICATORS AND APPLICABILITY TO CONDUCT RISK TYPES
Process
• E�ectiveness of bank processes inmanaging conduct risk
• E.g. % customers where suitability/understanding is identified andevidenced, compliance breaches,training completion, incentives
Profitability
• Indicators of underlying productand customer profitability
• E.g. systems downtime, processfailures, SLA breaches
External
• External indicators of customer outcomes
• E.g. customer outcome testing/surveys, social networking/customer complaints
Cultural
• Metrics to indicate strength of conductculture in organisation
• E.g. sta� survey results, percentage training completion
OPS. PROFIT PROCESS EXTERNAL CULTURAL
Suitability and understanding
A
Fee justification
B
Performance
C
6
For example, the new profitability metrics for
fee justification should include:
• Percentage contribution to
overall profitability
• Customer profitability skews
• Revenue margins (revenue/volumes)
• Front vs. back book pricing/
spread differential
• Percentage of customers on back book
vs. front book rates
• historic margin evolution.
As with all board reports, these metrics will
need to be appropriately contextualised and
annotated to be meaningful. We recommend
that the board regularly invites the relevant
business heads to review their businesses
in the context of the new metrics and to be
present for the discussion of the results of
thematic reviews (see below).
3. BOARD MEMBER EDUCATION,
SELECTION AND TIME COMMITMENTS
The new environment has vastly increased
the complexity and breadth of issues
confronting boards. This increases the
importance of including members with
suitable backgrounds in risk and finance.
Non-executive directors with backgrounds
outside financial services – for example, from
the consumer, oil or pharmaceutical/medical
industries, where conduct and franchise
risks are common – can bring important new
perspectives on conduct to the table.
Discussions on the board will also require
deliberate management from the Chair to
ensure that the breadth of experience of all
board members is accessed. This in turn will
require high quality board papers to ensure
appropriate preparation. Too many boards
are drowning in a mass of information that
does not allows appropriate preparation,
given the time available. The Corporate
Secretary function should include staff with
sufficient experience to guide executives in
the preparation of summaries that convey
the key points of the materials in a one to
two page summary. This can help to increase
business leaders’ accountability to the board.
Finally, we recommend extending the board’s
schedule to include enough meetings
to accommodate the review of all issues
throughout the calendar year. We expect this
will limit the number of financial institution
boards any individual can feasibly join.
4. NEW ROLE FOR ThE COMPENSATION
COMMITTEE OF ThE BOARD?
Remuneration committees have grown
used to reviewing an increasing number
of compensation issues in recent years.
The conduct-related requirements add
a significant set of responsibilities. The
Financial Conduct Authority requires
assessment of how institutions embed fair
treatment of customers and ensure market
integrity through four modules:
• Governance and culture
• Product design
• Sales or transaction process
• Post-sales/services and
transaction handling
This requires that every individual in a firm
takes consistent actions in line with the firm’s
standards culture and risk appetite that are
consistent with the high set of standards
expected by the mayor stakeholders.
Furthermore the onus is on the first line of
defence, the front office sellers and product
development personnel, who are expected
to consistently answer the following three
questions related to their actions:
• Is it legal (rules-based with focus on
if behaviour is within the confines of
the law)?
Copyright © 2013 Oliver Wyman
• Is it good (utilitarian approach that
seeks to maximise benefit for the
most people)?
• Is it right (principles-based approach
emphasising personal judgment)?
This will require the board to scrutinize the
value statements or codes of conduct of
individual lines of business and how these
align with:
• Incentive systems
• The annual review processes
and assessments
• Promotion decisions
• Training programs
The board must also make sure that
executives approach leadership holistically
across commercial instinct, risk and conduct
awareness, crisis management and people
development. This is a significant change
from the practices of the past 20 years where
sophisticated control systems were put
in place that increasingly substituted for
holistic decision making (i.e. considering
profit, growth goals and adherence to
standards and control goals) from front
office leaders (as they would often rely
on independent control mechanisms to
ensure compliance).
We recommend that the board’s
compensation and nomination committee
responsibilities be broadened to encompass
conduct-related supervision elements. The
link between the compensation committee
and the risk committee (e.g. through
cross representation or joint sessions on
compensation and incentives) will also
need to be strengthened to ensure the
appropriate flow of information.
5. MEET ThE ORGANISATION TO SEE
hOW CULTURE IS LIVED
Many boards’ interactions with executives
are confined to the CEO and the top control
function executives. While this was often
complemented by presentations and
discussions with the top business leaders of
the organisation, few board members will
have met the broader group of executives.
This will need to happen more often so
that board members tell if the values of
the organisation are lived in practice.
Attendance at a bank’s top leadership
conference (which many organisations
hold regularly) and access rights to all of
the organisation’s key buildings and floors
are key instruments for the board to get a
detailed impression as to how values are
lived every day throughout the organisation.
6. REGULAR ThEMATIC REVIEWS OF
hIGh RISK PROCESSES
Sensitive or high risk processes should be
reviewed on a regular basis and the results
reported to the board risk committee. These
reviews should cover businesses, products
and segments that are growing rapidly or
have high profitability. They should be based
on a rigorous audit framework and identify
the inherent risks of a business, product
or channel, the mitigating actions that are
being taken and the residual risks. These
residual risks need constant surveillance
and discussion in the context of the bank’s
risk appetite. While post mortem reviews
of conduct related failures routinely involve
cross functional joint teams (of audit, risk,
finance, operations, technology, controls,
front office), regular process reviews are
typically conducted solely by compliance.
Thematic reviews should be led by
compliance or audit but involve the key
business, functional and control functions
as part of the review team. This ensures that
8
the relevant experts give continuous input
throughout the review and that assumptions
can be cross checked. Reviews should
cover business processes end-to-end: for
example, trading activity from trade entry to
settlement and record keeping.
The new compliance review process relies
on a series of scenario based workshops (led
by compliance) that engage all or a subset
of the experts involved in the management
and control of a particular process. The
compliance function will need new skills
as it moves away from a pure advisory and
control function into a role that allows
it to challenge business processes, run
what-if scenarios and lead he debate and
convergence process.
7. SUSTAINABILITY, REVIEW
OF EMERGING RISKS AND
MITIGATION STRATEGIES
Boards should commission a comprehensive
view of the sustainability of a financial
institution and emerging risks to
complement their views on the spectrum
of risks facing the organisation and to be
able to take action early. Many insurance
companies routinely run processes to
identify emerging risks. Their long-term
liabilities mean they need to understand
potential discontinuities. Boards often
conduct dedicated strategy off-sites with
contributions from academics, think tanks
and leaders from politics and industry. Such
gatherings should explicitly cover emerging
risks, since these will affect the strategy and
risk appetite discussions.
Some banks run a continuous “worry list”
to identify medium term financial scenarios
based on economic events (the US fiscal
cliff, commodity price shocks, sovereign
insolvencies, etc.). The effect of the most
probable scenarios on P&L, balance sheet,
liquidity position and capital are routinely
tested and presented for debate to the board
risk committee.
A review of sustainability and emerging risks
follows a similar process, but focusses on a
broader set of risks and includes:
• Environmental risks (e.g.
greenhouse gas emissions,
mismanaged urbanisation)
• Geo political risks (e.g. terrorism,
organised crime, armed conflicts)
• Social and societal risks (e.g.
mismanagement of ageing
population trends, long-term and
youth unemployment)
• Science and technological risks (e.g.
cyber-attacks, data fraud/theft)
• Legal and regulatory risks (e.g.
Dodd-Frank implementation, shift in
customer responsibilities).
Exhibit 5 is an example of such an emerging
risks map (produced annually by the World
Economic Forum and Oliver Wyman).
Similar reports on international emerging
risks and similar sources (e.g. discussion
with re-insurance providers) are used as
an input for multidisciplinary workshops.
Relevant internal stakeholders and
experts discuss risk types and evaluate
their likelihood and severity as well as the
adequacy of internal controls and mitigation
plans if a scenario realises. The results are
then transferred into a set of metrics and
incorporated in to the senior management
and board’s dashboard for emerging risks.
Mitigation plans and strategies are signed off
in a dedicated discussion on the appropriate
executive or board risk committee.
Copyright © 2013 Oliver Wyman
8. RECOVERY PLANS FOR NON-
FINANCIAL RISKS
Many banks now need to submit recovery
plans to regulators. Few financial institutions
have extended this to their non-financial risks.
By contrast, many non-banks have action
plans for reputational and conduct risks
embedded in their risk response and damage
control frameworks. These plans include:
• Pre-agreed crisis responsibilities and
protocols (including a clear change of
command) for the executive, including
response to regulators and government
• A comprehensive framework for
public relations initiatives for all
key communication channels and
social networks
• Comprehensive impact assessment
to assess the best immediate remedial
actions in the case of adverse consumer
impact. This includes compensation
offers and damage controls in case of
security breaches
• On-going monitoring of actions and
their effects.
Banks should establish such mechanisms
and conduct a number of “fire drills”. A clear
framework that includes board notification,
consultation and intervention in the case of a
crisis will limit damage and safeguard the brand.
ExhIBIT 5: LIKELIhOOD AND IMPACT OF 50 RISKS GAUGED BY 469 RESPONDENTS
4.0
4.1
3.9
3.8
3.7
3.6
3.5
3.4
3.3
3.2
3.1
3.0
2.9
2.8
2.7
2.6
4.2
2.5
4.24.0 4.13.0 3.1 3.2 3.3 3.4 3.5 3.6 3.7 3.8 3.92.6 2.7 2.8 2.92.5
LIKELIHOOD
Economic risks
Geopolitical risks
Societal risks
Technological risks
Environmental risks
IMPACT
Severe income disparity
Chronic fiscal imbalancesWater supply crises
Failure of climage change adaption
Extreme volatility in energy and agriculture prices
Major systemic financial failure
Food shortage crisis
Global governance failure
Critical systems failure
Backlash against globalization
Unprecedented geophysical destruction
Massive digital misinformation
Unforeseen negativeconsequences
of regulation
Ineffective illicit drug policies
Failure of intellectual property regime
Proliferation of orbital debris
Widespread illicit trade
Entrenched organized crime
Massive incident of data fraud theft
Species overexploitationMismanaged urbanization
Prolonged infrastrucure neglect
Rising rates ofchronic disease
Unmanagedmigration
Mineral resource supply vulnerability
Unforeseen consequencesof climagechange mitigation
Militarizationof space
Vulnerabilityto geomagnetic storms
Pervasive entrenched corruption
Cyber attacksLand and waterwayuse mismanagement
Atibiotic-resistent bacteria
Recurring liquiditycrisesVulnerabil-
ity to pandemics
Rising religious
fanaticismTerrorism
Failure of diplomatic conflict resolution
Persistent extreme weather
Unilateral resource nationalization
Hard landing of an emerging economy
Critical fragile states
Irremediable pollution
Unsustainable population growth
Unmanageable inflation or deflation
Unforeseen consequences of new life science technologies
Unforeseen consequencesof nanotechnologies
Diffusion of weapons of mass destruction
Mismanagement of population ageing
Chronic labour market imbalances
Rising greenhouse gas emissions
Source: Global Risks 2012: Seventh Edition, World Economic Forum and partners including Oliver Wyman. Oliver Wyman analysis.
10
SENIOR ADVISORY BOARD MEMBERS, OLIVER WYMAN, FINANCIAL SERVICES GROUP PRACTICE
GLOBAL ADVISOR
William (Bill) Rhodes – Bill Rhodes is President and
CEO of William R. Rhodes Global Advisors, LLC and
Professor-at-Large at Brown University. he is also a
Senior Advisor for Citi, having stepped back from
full time responsibilities after more than 53 years with
the institution. he is a retired Senior Vice Chairman and
Senior International Officer of Citigroup and Citibank.
EMEA SENIOR ADVISORY BOARD
Sir Andrew Large – Chairman of Oliver Wyman
Financial Services EMEA Senior Advisory Board.
Former Deputy Governor (Financial Stability) at the
Bank of England, former FSA board member, Chairman
of the International Advisory Council of INSEAD
Dr Rolf Breuer – Former Chairman, Deutsche Bank
Korkmaz Ilkorur – Former banker, Turkey
Jeroen Kremers – Current Executive and head of
Global Country Risk Management for the Royal Bank
of Scotland. his former roles include Deputy Treasurer
in the Dutch Ministry of Finance, board member of the
IMF with responsibility for central and southern Europe
and head of Public Affairs at ABN Amro.
David Murray – Former CEO of Commonwealth Bank
and current Chairman of the Future Fund
Emmanuel Rodocanachi – Former member of French
Ministry of Economy and Finance, former Chairman
and CEO of Natexis and Senior Advisor of Citigroup
Rafael Gil-Tienda – Chairman for Marsh & McLennan
Companies in Asia, based in hong Kong. Prior to joining
MMC, he was Group head of Global Emerging Markets
at Standard Chartered Bank based in hong Kong.
Before that he was with Citigroup for over 20 years.
Keki Dadiseth – Convening Chairman of the MMC
Group of Companies, India
ThE AMERICAS SENIOR ADVISORY BOARD
Susan Schmidt Bies – retired Member of the Board of
Governors of the Federal Reserve System, Board Member
of Zurich Financial Services and Bank of America.
Chuck Bralver – Founding Partner of Oliver Wyman & Co,
Senior Associate Dean of International Business & Finance
and Executive Director of the Center for Emerging Market
Enterprises at The Fletcher School at Tufts University.
Nigel Morris – Co-founder of Capital One Financial
Services, Managing Partner of QED Investors, Advisor
to General Atlantic Partners and Columbia Capital,
Board Member of the Economist Group, London
Business School and Venture Philanthropy Partners.
Mac Gardner – Retired head of Merrill Lynch’s Private
Client business in the Americas and the Global Bank
Group with the firm’s Global Wealth Management
Group, President of the Board of Trustees at the
Princeton Charter School.
David Sidwell – Retired CFO and Executive VP of
Morgan Stanley, former CFO of JPMorgan Chase &
Co. Investment Bank, Trustee of the International
Accounting Standards Committee Foundation, Board
Member of UBS AG and Fannie Mae
Guillermo Güémez García – Deputy Governor of Banco
de Mexico and Board Member of the National Insurance
Commission and Casa de Moneda de Mexico since 1995.
Copyright © 2013 Oliver Wyman
www.oliverwyman.com
Oliver Wyman is a global leader in management consulting that combines deep industry knowledge with specialized expertise in strategy, operations, risk management, and organization transformation.
For more information please contact the marketing department by email at [email protected] or by phone at one of the following locations:
AMERICAS
+1 212 541 8100
EMEA
+44 20 7333 8333
ASIA PACIFIC
+65 6510 9700
Copyright © 2013 Oliver Wyman
All rights reserved. This report may not be reproduced or redistributed, in whole or in part, without the written permission of Oliver Wyman and Oliver Wyman accepts no liability whatsoever for the actions of third parties in this respect.
The information and opinions in this report were prepared by Oliver Wyman. This report is not investment advice and should not be relied on for such advice or as a substitute for consultation with professional accountants, tax, legal or financial advisors. Oliver Wyman has made every effort to use reliable, up-to-date and comprehensive information and analysis, but all information is provided without warranty of any kind, express or implied. Oliver Wyman disclaims any responsibility to update the information or conclusions in this report. Oliver Wyman accepts no liability for any loss arising from any action taken or refrained from as a result of information contained in this report or any reports or sources of information referred to herein, or for any consequential, special or similar damages even if advised of the possibility of such damages. The report is not an offer to buy or sell securities or a solicitation of an offer to buy or sell securities. This report may not be sold without the written consent of Oliver Wyman.