As an old joke goes, if an American finds a rat in a can of soup, he sues. If a European finds a rat in a can of soup, he returns the can to the store.

As Toyota found out, when something goes wrong with your product, Americans prefer to sue first and then haul you in front of Congress for a public tongue-lashing. But as regulators have found, the threat of a lawsuit doesn’t always keep a company on the straight and narrow. Often there are incentives in place not to do the best thing for stakeholders. To shore up gaps in corporate governance, regulators around the world are cracking down on how companies manage risk.

In the wake of the Worldcom and Enron scandals of recent times, a number of laws and directives have been adopted in the U.S. and abroad to close gaps in corporate responsibility and provide more accountability to stakeholders. Of note are Sarbanes-Oxley (SOX), which Congress passed in 2002, and the 2004 Basel II Framework. SOX is aimed at making corporate top brass more accountable for financial decisions, and Basel II establishes new international corporate standards and best practices for banks. The European Commission has also developed risk management and governance standards for member countries, which it is in the process of updating.

But the near financial collapse of our world economy has triggered a new round of debate over how companies manage risks and the potential fallout for stakeholders and the economy. The Securities and Exchange Commission has issued new risk management disclosure requirements for public companies. The rules took effect at the end of February.

In adopting the new requirements, the SEC identified the absence of risk management as a root cause of the financial crisis. The rule requires disclosure of a board’s role in risk management decisions and how company-wide compensation practices may affect a company’s decision about operational, credit and liquidity risk exposures. The SEC uses a principles-based approach to the rules and does not dictate how companies should achieve the objectives. It does require companies to assess the procedures in place and fill in the gaps.

A key provision of the rule requires companies to disclose in detail compensation policies and practices for all employees, including non-executive directors, if those policies and practices “are reasonably likely” to create a “material adverse effect on the company.”

The SEC provides examples that it believes could trigger discussion of compensation policies and practices within a company when:

  • A business unit carries a significant portion of the company’s risk profile
  • A business unit’s compensation structure is significantly different than other units within the company
  • A business unit is significantly more profitable than others within the company
  • A business unit’s compensation expense is a significant percentage of the unit’s revenues
  • Policies vary significantly from the overall risk and reward structure of the company, such as when bonuses are awarded upon accomplishment of a task, while the income and risk to the company from the task extend over a significantly longer period of time.

Other key provisions of the SEC’s new rule include disclosure of:

  • The board’s leadership structure
  • Any legal proceedings against a director or nominee
  • The board’s role in overseeing risk management decisions
  • Potential conflicts of interest of compensation consultants that advise the companies or their board of directors
  • Stock and option awards to company executives and directors.

As we become more financially interdependent globally, we can expect more focus on corporate accountability, transparency and risk management. In the past, a company’s risk management policy largely has been driven by the need to comply with regulations. A Lloyd’s survey found that boards at global businesses are failing to identify and manage emerging risks effectively. One in five companies reported suffering significant harm from their failure to manage risks.

That is changing, and many companies have created a chief risk officer who is responsible for looking at an enterprise’s whole risk profile. Broadly defined, enterprise risk management (ERM) is the management of any facet of risk and uncertainty that threatens a company’s ability to achieve its strategic objectives of building value for stakeholders. 

The new standards for corporate governance pose challenges for businesses—but also opportunities. Brokers can play a valuable role in helping their clients identify risks and build strong risk management programs that promote financial sustainability.

As a Treasury official told Congress last June, the “goal is to help ensure that there is a much closer alignment between compensation, sound risk management and long-term value creation for firms and the economy as a whole.”

The cost to business of not managing risk is high, but, as we learned, the cost to stakeholders and the economy is even higher.