If you were left in any doubt that, as Bob Dylan once said, “the times they are a changin’,” you needed only to listen to the broadcast of the Chancellor’s speech to Parliament on 22 April 2009. Starting a couple of minutes late at 12:32 pm., Mr Darling delivered a Budget that swept away any pretence at hanging on to the ‘New Labour’ epithet just as the capital of most of our major banking institutions has been swept away before it. In choosing to deliver a politically-inspired budget, he nailed the Labour Government’s colours to the wall: our aim is to survive electorally. As a perfectly viable alternative, he could have done very little other than announce that the fiscal and monetary stimuli already announced will need to run their course, as he fully expects them to; limited electoral advantage in that, however. At exactly the same time as Mr Darling was standing up, I was sitting down – to chair a Securities and Investment Institute seminar in the City at which two officials of the Financial Services Authority were speaking about the changes to the FSA’s Approved Persons’ Regime (APER) and Significant Influence Functions, the subject of a recent Consultation Paper. These are, most notably, changes to the way in which the FSA will view the appointment of and responsibilities of directors in UK financial companies including, importantly, subsidiary companies of financial institutions. For the first time, all people deemed to be significant influencers will need to be Approved Persons under the APER regulations.
So what? The changes themselves are not sweeping and in my view do not go anywhere near far enough (but more of that shortly). More importantly, though, they are part of a torrent of regulatory attention to the issues of corporate governance in financial institutions in general and risk governance in particular. And this attention is not spurred solely by recent turmoil in the banking sector. It is part of an inexorable trend of moving regulatory attention from the numbers themselves (Pillar One calculations) to the thinking around the numbers and how that thinking affects or should affect management decisions and actions in regulated firms in financial services. Solvency II is talking about it (well, CEIOPS, the European insurance regulator is, anyway), securities regulators are talking about it and banking supervisors are positively yelling it from the roof-tops: the time has come to take governance more seriously and to recognise the critical role of directors and organisational leaders in making sure ‘the [firm’s] system works.’
Since its introduction in 1988, the Basel process has been about ‘the numbers’ – about what is now known as ‘Pillar One’: the calculation of capital required to support risk-weighted assets. Change after increment after adjustment has been about the numbers. The supervisory review process and thinking beyond the numbers of Pillar One is a relatively new phenomenon; remember, Basel II was only published in 2004, a mere four years before a banking and financial market crisis so severe it is exceeded only by the mother of all crashes: 1929 (oh, and a couple of others, but why spoil a good story for the sake of the truth?).
Yet, as the post mortems unfold, the emphasis has been increasingly on bringing some risk classes previously in Pillar Two in to Pillar One-type calculations: liquidity and reputational risk, for example, and to introduce more rigorous stress testing across all risk classes and in aggregate. But that is only part of the story. Closer reading of the analyses by the likes of the Financial Stability Forum, the Institute for International Finance, the Senior Supervisors’ Group and the President’s Working Group on Financial Markets, as well as the FSA’s own Turner Review (by Adair Turner, FSA Chairman) all focus on the role of improved governance in general and of banks’ governance of risk and the firm’s risk management system specifically.
What should we make of all this? Since Mssrs Merton (1973) and Black and Scholes (also 1973) let the option pricing genie out of the bottle, we have had growing armies of ‘rocket-scientist’ types crunching numbers on pricing and valuation models and risk models creating ever-more-arcane financial instruments structured around uncertainty and uncertain outcomes. To anyone without Master’s level mathematics, their calculations are impenetrable. These have been the black boxes of finance which seem to have morphed, rather inconveniently, in to black holes, into which now trillions of dollars of taxpayers’ money have been sucked. Yet, the truth of the this financial crisis is rather more pedestrian: it has come about as a result of bad lending decisions driven by poorly-designed incentives that have been poorly understood by the people who approved them; the problem has been very understandable to anyone who paid attention and was very preventable. The failings have not been the black boxes (although bond rating methodologies have been seriously flawed); the problems have been the assumptions behind the systems that create and oversee incentives and performance motivators and that ask (or fail to ask) fundamental questions about the nature of risks being taken and their quantum – not a black box in sight.
The response of supervisors has been to focus on exactly the right things – on the role of directors and their governance routines to ensure that they understand the parameters of performance of their firms and that they keep the activities of their firms within their abilities to understand, direct and monitor them. This is hardly unreasonable. The difficulty is that it is easier said than done.
Within the insurance sector, the focus has been on improving enterprise-level risk management – bringing together the analyses of different risk classes in to a single loss distribution and capital-at-risk analysis and (here is the relevant bit) making sure the firm has the means to understand and process that information managerially and at board level. In the banking sector, the emerging expectation has been that firms will think more broadly as well as more deeply about risks of activities before decisions are taken and commitments made, that capital will be allocated more realistically according to the underlying direct and portfolio-level risks of economic activities and that incentives will be better aligned to risk decision-making and therefore to shareholders’ interests (assuming a stable shareholding pattern, that is). All this will then be overseen by a competent and engaged board of directors that does not allow the bank’s risk takers to conduct business beyond the institution’s ability to understand, anticipate, monitor and establish resilience against foreseeable financial outcomes from the business it has written.
But how competent is enough? The question is posed, in effect, by the criteria for fitness and propriety under the FSA Approved Persons regime. The FSA itself, in the form of the recent Consultation Paper on Significant Influence Functions, has made an attempt at answering this question. The attempt was not brave or even adventurous, but it was credible. The paper makes it clear that non-executive directors – on whom all regulatory initiatives in the UK seem to place extraordinary expectations (but that discussion is for another day) – can be quizzed in advance about their competence and their understanding of their role, and that the FSA can and will hold them to account for their performance (under pre-existing powers). But competent at what? These two competence questions hang in the air rather like a sulphur bomb at a children’s birthday party: at what should directors be competent and how much competence is enough? And that is without even trying to deconstruct ‘competence’.
In my view, the current FSA consultative paper does not go far enough to answer those questions, and where it does – the areas of the firm’s activity in which the non-executive director should “seek to establish and continually maintain his confidence” for example, the list is unremarkable, and the standards of performance unspecified. The competence required to achieve these expectations, which would always be proportionate to the complexity of the firm and the instruments it trades, goes wholly unstated.
Without a doubt, the Consultation Paper on Significant Influence Functions shows that the UK regulator is thinking about the right things: the role of the firm’s board of directors in ensuring (i) that the business is well and prudently managed; (ii) that risks are understood and changes in the risk profile are anticipated or detected as they emerge; (iii) that the firm is thought about by its managers and directors as a portfolio of assets with a related funding profile and combined liquidity profile; and (iv),that the firm is also a portfolio of risks which must be combined, measured, compared against tolerances and risk-holding capacity (established by capital and the firm’s knowledge set) and managed.
But, until the FSA, BIS Basel Committee on Banking Supervision or the Committee of European Banking Supervisors steps up to the plate and makes clear the expectations of boards of directors in relation to management of risk, opacity will prevail. Given this opacity, the current Consultation Paper has made a reasonable stab at codifying the currently-stated expectations of non-executive directors. It is a difficult area and a misstep would damage their credibility considerably. However, the corollary to “if it ain’t broke, don’t fix it” should surely be: “if it is demonstrably broke, you should set about fixing it with determination” (or something like that). In light of such an adage, a more determined and aggressive regulatory statement is clearly justified. Restoring the confidence of the public and investors in our financial institutions necessitates it. Perhaps the FSA would do well to make it clear that this is a first, tentative step and there is more to come. Fixing for the future requires more than codifying the past.
TO VIEW THE FSA CONSULTATION PAPER, CLICK HERE