From CapitaRegistrars' Registration Matters, October 2011 - interview with Peter Bonisch There's a fundamental flaw in the way people have come to think about risk. We have somehow managed to divorce risk from other aspects of the work we do, when in fact risk pertains to absolutely everything we do, at every level of our organisations. It has become a defensive exercise in compliance rather than an essential and pervasive element of corporate decision-making and action.
As a result of our failure to get to grips with that truth, most risk practice is simply worthless. Companies find themselves concentrating on silly procedures such as risk registers and matrices and other things that, if we were to examine them from any rational or analytical understanding of behaviour, would serve no useful purpose whatsoever.
This current approach to risk is really not good enough for two reasons. The first is that we're using other people's money and I think they are entitled to expect a greater level of diligence. The second, and far more important, point is that we currently take - systematically and systemically - far too little risk. As a society, we need to take massively more risk than we do at the moment and yet we do not, because we are still dealing with it in silly ways or, at best, informally.
Focus on the future
Why is it so important to take more risk? Because if you run present rates of corporate profitability into the future and compare it to the demographic changes that we face, you will see a large and growing discrepancy between our expectations of livelihood and what that profitability is going to able to deliver through pensions.
Are these issues that corporate business needs to grapple with? I think they are, because fundamentally we need all business but especially corporate business to be creating wealth far more successfully than it is at the moment. And we only do that by innovation, by people doing things differently - by which will involve taking risks.
Therefore we need to honestly and directly to address the problems we face so that we can move corporate performance - which includes risk- taking - to a higher level. Because until we take more risk, we will not get more performance. We need to get considerably less risk averse about experimentation and innovation, otherwise we are not going to be able to achieve ongoing increases in wealth.
The cost for that is that more firms need to be able to fail - we need Joseph Schumpeter's ‘gales of creative destruction’ to flow unimpeded through the market - and so we need a legal infrastructure that allows firms to fail in a smoother way. Capital needs to be able to be redeployed more efficiently throughout the system as the gale of creative destruction blows.
So the answer is not less risk - it is more, better- managed risk. Firms need to get better at recognising what risks are managed well within their core competencies and what that means for them. Then they need to get better at shedding or managing the other sets of risks that impede their progress as firms.
Put that way it sounds very simple - but trying to simplify our approach to risk brings its own dangers. We must recognise that the systems that firms use to manage risk need to be capable of dealing with the complexity and variety that exists within those firms and the markets in which they operate. Shunning complexity in a risk system just because it is difficult to deal with is silly - it is just the wrong starting point. We need to get away from the idea that we can create a simple system for managing risk because in reality there is no such thing.
Of all the official reports into the financial crisis, the only one that has grasped the real nature of the problem that we face is Sir David Walker's review of corporate governance of the UK banking industry. His simple, and brilliant, and rather obvious insight was to realise that these things operate within a behavioural system, therefore when we design regulation we need to recognise the importance of this behaviour and how it creates ‘feedback’ within the system. For the first time in a very long time, rather than laying down a series of edicts, there was an attempt to observe empirically how people behave and to adapt the system to that behaviour. And for that he deserves another knighthood.
Walker realised that we are not allowing buy-side analysts to do their job because we are over-regulating through "comply or explain". As a result, the compliance is both unverified and unsure in quality and the explanations are distorted because everyone wants to look the same for fear of upsetting the very buy-side analysts who fundamentally need the insights into the quality of the management of the firm that would come with a genuine statement of the firm's understanding of risk. Some reporting firms get this, but the vast majority don’t. Regulation has made being different a negative. That is unconstructive – it is part of the problem.
Regardless of the relative merits of comply or explain, it is not the only way of doing things. But we have become used to defending it and what people like to think of as the "big principles" of corporate governance in the UK as being superior to the alternatives. That would be fine if corporate governance was delivering the results we need. But it's not, or at least I believe that there's a very sound case that could be mounted to suggest that it is not. Therefore we need to be open to revisiting some of these pillars of how things are done - because if we keep going the way we're going, we will end up poorer, dirtier and at war with everybody.
Why regulation fails
Milton Friedman was absolutely right, the business of business is to make profit. Profit is a good thing and, as I've outlined above, we need a whole lot more of it. We have tools for analysing what that profit may look like and how much risk is associated with various levels of it. In fact, how much risk a firm should take financially is something that can be reasonably readily analytically derived. The discipline of corporate finance informs us about the relationship between risk and return over time in a market for listed entities. The problem is not that this work is not done - it is that it is not recognised as risk-related work.