Boards of directors are used to taking flack for executive compensation practices, but this time it is serious. Spurred on by angry taxpayers, the government will be pressuring boards of directors of financial companies to see that their compensation practices do not incent inappropriate risk taking that could lead to taxpayer losses. But how can a board do that if the company does not have a defensible framework for assessing and managing its enterprise risks? How can directors estimate the effect that different compensation policies will have on their company’s risk if they don’t know how much risk the company is taking or where it comes from? The urgent need to defend compensation practices may finally prod managements and boards to do what they should have been doing all along – building effective enterprise risk management capabilities.
Grumblings about excessive executive pay have a long history but petulant investors armed with peashooters have now been reinforced by government officials bearing automatic weapons. Boards are in the cross hairs because it is their direct responsibility to set executive pay and the public is outraged that some people collected huge payouts for blowing up companies that required government bailouts. (Of course, the government itself played a leading role in creating the crisis, but that is another story.)
The public outrage has been duly noted by regulators and politicians and they are doing something about it. TARP recipients have had their board-approved compensation policies summarily rewritten by the government. Double-dipping TARP recipients now have a government pay czar micro-managing their entire compensation process. Banking supervisors have announced that they will review compensation policies at all banks to see that pay practices do not incent excessive risk-taking. Treasury Secretary Geithner has issued principles of compensation that he believes are consistent with sound risk management and long term growth for all firms, not just financial institutions. He is seeking legislation that would require Board compensation committees to be more independent and to be given better access to outside expertise. Of course, greater independence and resources will mean fewer excuses for failure. The G-20 has announced that its members have reached broad agreement on reforming compensation in financial institutions and will seek to implement similar standards in each participating country.
Taken together, the various government pronouncements place the onus squarely on the Board to be much more assertive in carrying out its duty to design and oversee the company’s compensation plans. This time the government will be watching to see if Boards are serious about linking the amount and form of pay to long term value creation, to the amount and nature of the risks being taken and to the time horizons over which results are experienced by the company. The intended result is clear and hard to argue with. The public does not want to see this movie again: Executives Walk Away with Millions After Wrecking the Company and Handing the Keys to Taxpayers.
Granted, some of this is common sense. There are some compensation practices that, on their face, create perverse incentives for excessive risk taking, such as mortgage brokers being paid upfront commissions for generating mortgage volume without regard to the ability of the borrowers to repay the loans. Or institutional sales people being paid big bonuses for selling tranches of long-term, illiquid CDO’s packed with complex and poorly understood risks which will blow up long after the bonus checks are cashed. These, and many other compensation schemes that thrived before the crisis, are variations of the well-known “trader’s option”. A trader takes a big risk that management doesn’t see clearly. Heads, the trader and the firm win big. Tails, the firm loses big and the trader doesn’t get a bonus or has to get a job elsewhere. Better yet for the trader is pocketing a big bonus that can’t be clawed back after the bet blows up. A cynical trader’s agenda is simple. Why not take big risks with the firm’s money when the rewards of success are huge and the penalties for failure – in the worst case — are small? This sort of thing has gone on a long time on Wall Street but never on such a grand scale as during the prelude to the financial crisis. Employees had trader’s options on management. Management had trader’s options on the shareholders. Shareholders had traders options on the taxpayers.
So why not just use common sense to ferret out all the trader’s options and be done with it? First, you cannot be sure that you will find and eliminate all the trader’s options if you cannot monitor and limit how much risk people take. This requires effective risk management capabilities at ground level. Second, trader’s options and other perverse temptations must be replaced with other incentives. What are these new incentives going to be and how will they affect the total amount and types of risk taken by the company? There is no easy way out because risks must be taken – zero risk means zero profit.
Many boards have wrestled with linking pay to long term value creation, but linking pay to risk-taking is brand new territory for most. Wise boards will conclude that a company with an effective enterprise risk management capability has a much better chance of taking smart, profitable risks, while avoiding excessive risk-taking — and of convincing a skeptical world that it is doing so.
The logical starting point for demonstrating that your compensation plans do not incent excessive risk-taking is to define and quantify the risk you are taking now in comparison to the maximum amount of risk that is prudent for your company to take. This is just the sort of question that an enterprise risk framework is designed to address. The framework will treat all types of risk consistently so they can be aggregated for the company as a whole. It does this by posing the same question for any and all activities that produce risk: “How much could we lose in a given period of time with a given probability”. The potential losses from all activities are combined to determine the total risk that the company is taking now. The framework also helps management and the board arrive at a credible number for the maximum risk that is prudent. One way of doing this is by choosing a target debt rating that is necessary for a sustainable and successful business strategy and observing the potential loss that is associated with that debt rating. If the total risk of the company exceeds the maximum prudent risk, the company is, by definition, taking excessive risk.
These risk assessments are not easy or uncontroversial. Many assumptions and judgment calls are required. In fact, many firms did this badly in the run up to the financial crisis, providing a painful learning experience. Despite the difficulties, a company that uses best practice risk management methodologies to determine if it is taking excessive risks will be in a far stronger position to defend itself than a company that relies only on uniformed, seat-of-the-pants guesswork.
With these risk tools in place, the other elements of a defendable compensation system can be more easily identified and implemented. Risks must be tracked so that they can be visible to management and be available as input into the compensation process. Excessive risk-taking is much more likely in a company where risks are hidden, ignored or not subject to enforceable limits. Decisions must be made about who is responsible for taking each kind of risk and how much risk they will be allowed to take. The company must decide how risk-adjusted performance of business units or individuals will be measured. One established method is to adjust earnings by subtracting a risk capital charge proportional to the risks that are taken.
With this solid foundation, the compensation committee can address the crucial question of how much to pay for risk-adjusted performance. Many factors come in to play here that require balanced judgment. The most difficult issue may be reconciling a risk adjusted compensation plan to the realities of the talent market. If that market continues to ignore risk, then the company may lose people for doing the right thing. But if the current public mood persists, risk-adjusted performance will emerge as a prominent element of any defensible compensation system.
Before getting enmeshed in the narrow technicalities and conventional wisdom of different compensation formulas, the Board should remember that compensation is only one part of a much bigger question: Is the company doing a good job of assessing and managing its enterprise risks? If not, diving right in to complicated compensation schemes is putting the cart before the horse. If a company does not have or is not building effective enterprise risk management, it will not be in a position to know what its risks are in the first place and it will be poorly positioned to demonstrate that its compensation practices do not incent excessive risks or value-destroying business decisions.
Dan Borge is a director at LECG, an expert services group, in New York.
The appropriate place for risk management within a financial company (or any other for that matter) is mostly within the internal practices and controls surrounding investment and spending decisions. If, within those bounds, decisions can be made that carry widely divergent levels of risk, then it may indeed be a great idea to handicap certain components of incentive compensation associated with taking on higher levels of risk that are still within the bounds of internal practices and controls. For instance, if engineers and salesmen of financial products have an incentive comp system based on the production of fee income, and it falls within the acceptable bounds of internal practices and controls to buy or sell credit default swaps in which neither party has a direct interest in the underlying, then that may be a failure of the internal controls (or of regulation), but as you correctly point out incentives paid out for capturing fee income by entering into these more risky contracts should have been handicapped. Maybe that would have modified decision-making somewhat. But the bulk of risk management of financial institutions should be external via regulation, and what is left should be addressed by the governance of the board. Managers are working there to make money for themselves. They live by the creed “IBG, YBG” when considering risk… (I’ll be gone, and you’ll be gone…if the risk doesn’t work out).