Why CSR is an important part of your risk universe

Well isn't that a pretty CSR / Sustainability report? All the right tables, indexes, pictures of windmills and daisies, but yes, some fairly data rich tables and reports. There is also the great summary that shows that the company met 80% of its CSR targets for the year, and can even show how those targets have evolved over a number of years. 

That report, of course, is your competitors. And the boss is not terribly happy about that.

Call in the troops, raise the alarm, set some goals, and produce that CSR report that makes us look like we care, dammit.

Yes sir, no sir, three pages full of pretty pictures sir!

And so the company starts down (or continues down the already well worn) path to CSR or Sustainability or ESG (Environmental, Social, Governance) reporting. Goals are set and agreed, business cases are produced, and external consultants are engaged to help with the process. A standard is selected, and soon, but realistically most of a year later, the company has its first CSR report ready to go. All that is needed is a nice front-piece from the CEO, written by marketing or the CSR team, and it is time for the press release and marketing event.

Did you, as the Risk Manager or Internal Auditor, know what was happening, and have you included the CSR reporting process on your risk register or audit programme? If not, why not?

I know of one Risk Manager who was invited into the CSR programme from the beginning, and he is convinced that the result has greater validity and value because of Risk Management's participation.

CSR (Corporate Social Responsibility) reporting is important, but it also exposes the business to a new set of risks; operational, reputational and regulatory. CSR (or similar) reporting processes and content represent an uncharted area for too many risk managers and internal auditors. The information has rarely been determined to be “material”, so even when the CSR programme or report has been in the risk universe, it infrequently rose to a perceived level of significance to draw attention and review.

Yet I would argue that the reputational risk alone should be enough to encourage attention. Add the regulatory risk and there is a clear rationale for Risk Management and Internal Audit (IA). IA in particular has a mandate to review and report on the effectiveness of the system of internal controls, and that the programme of reviews should be based on a risk weighting of processes, systems and operational areas of the business. For too long we have assumed that this means controls over financial reporting and IT systems.

Consider the easiest regulatory and reputational risk. Does the CSR report contain the same information as the regulatory reports? In an SEC context, are the risks reported in the 10K the same as in the CSR report. As a specific example, does the CSR report in any way discuss climate change or the risks associated with exploitation of scarce resources such as water? If these are discussed in the CSR report, then they must also be in the risks section of the 10K, or face the danger of an investor or regulator asking why there are different risk factors being reported as being important to the current or future of the company.

This is as true for statutory reports in other jurisdictions. 

This is also true regardless of the reporting standard that you use, be it the GRI, IIRC's Integrated Report, UN Global Compact, SASB, or any other standard.

There are also metrics. Imagine reporting the level of carbon emissions or carbon offsets in a CSR type report, only to not report this information in statutory reports, regardless of what IFRS or US GAAP (or any other GAAP) requires.

While there are valid and important reasons to produce CSR/Sustainability reports, the information contained should be subject to independent review, and Internal Audit would be well placed to confirm the effective functioning of controls over the production of the information.

Likewise, Risk Management can provide valuable support in the establishment and operation of a CSR programme, and can ensure effective consideration of the risks being reported, both in range and in depth. This can include ensuring that common data sources are used for CSR and statutory reports, reducing the risk of different and potentially contradictory information being reported.

Key points:

·         The world of CSR/Sustainability reporting is undergoing massive change

·         Most CSR data is financial data, just packaged differently

·         Many CSR reporting standards are little more than marketing standards

·         Most CSR reports cover only a subset of the actual business. Disclosures in CSR/Sustainability reports do not always mirror disclosures in statutory reports

·         One activist with a smartphone can seriously ruin your day

·         CSR/Sustainability reporting practices can be a bellwether of other reporting practices, good and bad

For these reason Risk Managers and Internal Auditors should take a close look at what the company is saying to the world, and IA should confirm the effectiveness of the control environment that is producing the information that is reported, including the process (and costs) and the benefits.

Governance; Ethics and Morals versus Regulation

In London at the CRSA Forum last week (25th March 2015), once again speakers talked about the importance of the ethical foundation of leaders and companies, and as usual rubbished the need for or importance of "rules based systems" of governance or regulation . Implicit in the comments was the importance of ethics as the foundation of any successful business. Explicit were the statements "ethics are better than regulation" and "rule based systems are less effective than moral or ethics based systems".

Unfortunately, that is bollocks. There is simply too much weight placed on the idea that ethics and morals actually deliver more effective governance than rules. On the one hand, absolutely, effective corporate (and personal) governance for long term benefit needs a moral and ethical foundation. On the other, remove the rules and only the ethical or moral will comply.

Rules do not exist to stop ethical behaviour, nor to make companies profitable or unprofitable, or to ensure that a manager "earns" a bonus. Rules and regulations are enacted by governments to promote what the government of the day has determined to be desirable behaviours, and to discourage or punish those that are undesirable.

While the good news is that only 4% of CEOs may be psychopaths (Forbes "Why some psychopaths make great CEOs") that is four times the average in society as a whole. And while only a small percentage of CEOs may be psychopaths, their CFOs and FDs are under pressures of their own to ensure the numbers are right. The penalties for missing the quarterly numbers can be decidedly unpleasant (CFO.com).

"Comply or Explain", the UK reporting mantra, is held up as the alternative to rules based systems of reporting and governance. IFRS is a wonderful example of principles based reporting, yet the IFRS (International Financial Reporting Standard) still runs to over 2700 pages, excluding various national GAAP extensions to IFRS. Still, this is better than the 17,000 pages of US GAAP (Moss Adams LLP, 2009). Yet anyone who has attempted to use IFRS will find that it is as mired in rules as any GAAP. This also overlooks that so much of US GAAP is based on permutations of tax law specific to the US or to individual states. Oh, and US GAAP has been around a little longer than IFRS.

A victory for principles based reporting? Or, as a friends says "If self-reporting was the only requirement, there would be no murder".

Rules exist for a reason. They provide the boundaries beyond which behaviours are unacceptable in law and regulation, if not in culture and society. Yet to point out that principles based systems are inadequate is all it takes to be branded in favour of a rules based system, as if that is something bad.

There are good rules, and there are bad rules. Don't eat your soup with a fork is a good rule. Allowing companies to discriminate against any minority based on the presumed religion of the company is NOT a good law (and is not religious freedom).

Allowing the CEO and Chairman to be the same person in a public company is not a good principle, but it would be a good rule. Because as a principle, it can be applied or not, it is only a principle. Make it a rule, and there is no weasling around it, it is worse than bad practice (and a fine indicator that the company is being run for the enrichment of the managers and now the owners) and it would not be permitted.

Independent directors are a sound principle, and I see no need for a rule on this. An independent Audit Committee chair is a very sound principle. So sound that maybe it should be a rule.

Board effectiveness reviews? Great principle, but no, I wouldn't make them mandatory.

After all, the purpose of rules is not to over-ride good principles, sound ethics and strong morals. The purpose of rules is to limit the flexibility of those that pay lip services to good principles, or those that are not ethical or moral. Fraudsters, or just those under pressure to produces the target numbers by any means, can more easily justify bending principles, but they cannot justify bending the rules.

Indeed, I continue to say "Principles and ethical standards only apply to principled and ethical people".

The GFC is not over; It might not have begun

Ever since the GFC (Global Financial Crisis) of 2008 - present, there has been a constant refrain that "no one saw this coming". That is rubbish of course.

Just as rubbish as the idea that somehow we either are out of the crisis, or that we will soon be in the clear.  All that has happened is that national governments have continued to kick the can further down the road, playing loan-shark to themselves and to each other. Greece is only one example of the fate of virtually all developed countries.

Why, and what is coming?

First Why. As a matter of principle, marketing exists as a discipline specifically to convince people to buy something (a tangible product or an idea) that may or may not actually be good for them, but the selling of which will delivery greater benefit to the seller. As a second matter of principle, wealth is invested with purpose of gaining a greater return on the wealth invested, at a return greater than the passive "parking" of that wealth in non-productive assets. Or, in simpler terms, money wants to gather more money. Or, even cruder, the Rich want to get Richer, happily at the expense of either other Rich, or at the expense of everyone else.

So, consider the investment in renting politicians and pundits as marketing spend, with the objective selling the idea (which is the product) that the amassing of wealth is both possible for anyone, and that any breaks on the amassing of wealth is a tax on the aspirations of those that are not wealthy. From this lens it is easy to accept union busting as a valid exercise, as unions by their nature act as blocks on the concentration of wealth.

Equally, economic crashes serve to undermine the increase in wealth. Therefore, it is advantageous for markets to either be reasonably stable, or to increase in value. As the wealth in markets is concentrate in the share-owning class(es), then the increase the value of markets defacto increases the wealth of the owners.

Debt as a venture capitalist tool

What is a great way to amass wealth? How about increasing a company's debt burden through the sale of bonds, and then spend a portion of that debt to "buy back" shares or pay dividends. In both cases, wealth is concentrated in the hands of the owners, while the risk and eventual debt burden is passed to the company and the owners of the bonds who carry a risk of default by a failing company.

Consider then this same tactic at national scales. The creation of new money through QE (Quantitative Easing) serves a similar function as the issuing of company debt. The national debt is increased, interest rates are suppressed, and there are limited places that "money can go" to make a return. So where does the money go? To the markets, which continue to rise on a tide of new debt. And as with the company debt, while the "dividends" in the form of increased value of the markets are concentrated, the risk is diffused across the entire population - the national "bond holders" in effect. Individual gain (the markets) balanced against socialized pain (the national debt).

After all, as the wealth is concentrated in the markets (or more accurately, in the wallets of the shareholders) the nation(s) find that the money they could have either not spent, or spent for the good of the nation, is wasted through debt repayments and reduced national investment. 

In this way the venture capitalist playbook of pumping up company debt, shifting the value from the company to the shareholders, and leaving the company and bond holders with the risk and reduced returns, is translated into national policy.

So wheres the problem?

Someday, the company must either pay back that debt, or go bankrupt. Paying that debt adds to the overall costs of the company, reducing the future potential returns. As John Mauldin in his February 24th "Thoughts from the Front Line" newsletter says "Debt is Future Consumption Denied". And that future consumption denied is as true at a company as at a national level.

So here's the problem, and the future. Governments such as Japan have proved that you can continue to produce new money for an almost infinite period of time (or for decades at least) without actually collapsing your economy. And if Japan can get away with it, certainly the United State, the UK, Europe, or almost any other government can accomplish the same scam, keeping markets afloat and continuing to concentrate wealth while diffusing the risk, and the resulting burden.

Unfortunately governments do not act in a void. And when all government are playing the same game, eventually there is no one left to buy their debt but themselves, from themselves.

Exist from QE cannot happen, because to do so will mean that the existing stock of financial capacity will be required to start paying off those corporate (oops, national) bonds. And borrowing money from yourself only works if the only person you are paying is yourself.

The next crisis, the real one

Various writers have been predicting that 2012, 2013, 2015, 201x will be the year that Japan effectively goes under. I don't know when it will happen, but it will.

Greece, currently under the thumb of the loan sharks of the Troika, will "file for bankruptcy" and leave the Euro. That is a given. When? I don't know, but my prediction is May 2015, through a weekend of new laws on the creation of the New Drachma. The playbook already exists, and Varoufakis's (the Greek Finance Minister) goal with the extension is not to actually capitulate to Berlin and Brussels, but to manage the Grexit to Syrisa's schedule, not to be forced into an exist at with Berlin and Brussels in control.

Grexit is the future, so watch it closely. It is the future of the West (and much of the East). As ugly as the Grexit will be, Greece will be back, and in a few years it will actually be a growing, vibrant economy again. Greeks will come home.

The rest of the central bankers will cower in fear of the lynch mobs and continue to pump money, while the wealthy continue to rent politician and marketeers to sell the concept of perpetual aspiration. Money will continue to be printed. But national investment will falter, fear will continue to stalk the land, and the wealth will continue to trust in the gated community and private security.

The moment central banks attempt to raise rates, the markets will collapse, therefore interest rates will be artificially held down. Raise rates and governments will need to spend more of their limited budgets on interest payments, taking budget from other national spending priorities, or increasing borrowing (against themselves again). Yet to admit that they cannot raise rates will confirm the trap that the banks are stuck in. So they will continue to hint, and might even, once, raise rates, only a little, before dropping them again.

The debt bubble will burst, and massive wealth will be destroyed, and the suffering will be terrible. For five or even ten years.

And yes, we'll have years of people writing that we could not have predicted this, and that no one saw it coming. And that is, and will be rubbish.

But the sun will come out again.

Greece - a Grexit, Eurogeddon, or a big Yawn?

Get ready for Grexit. Or not.

1. A Greek exit may not happen.
2. Greek exit from the Eurozone will not destroy the Euro.
3. A Grexit will not be unprecedented.
4. The "playbook" for exiting a currency union already exists.
5. If, finally, it does happen, it will be controlled, and fast.

But, just in case, you should be considering carefully the potential impact on your business.

So here we are, again

On Sunday the 25th of January the Greeks went to the polls in a snap election that saw Syriza (a left wing part that barely registered in the voting five years ago) win 39% percent of the vote, and with that the right to form a government. This they have done in a remarkably short period of time.

Of course, with Syriza's win and forming of a government, a Grexit is neither a certainty, nor is will it happen immediately. Negotiations with Brussels and more importantly Berlin (even though the Greeks have said they will not negotiate with the Germans) will take weeks, with plenty of bluff and noise from all quarters. We can expect negotiations to break down two or three times, and eventually a very rapid dissolution, probably over the course of a weekend.

Is there a plan?

From late 2011 through the middle of 2012 when a Grexit seemed about to happen, central bankers, national finance ministries across Europe held "Non-meetings" with "Non-Papers" in unlisted conference rooms, thus ensuring that any participant could put hand on heart and say they had been to no meetings, and seen no papers, and that all was well and calm. We suspect that "Non-meeting" invitations have "not been sent" again, and "Non-Papers" are being dusted off and reviewed to confirm their continued relevance.

We would like to say that much has changed since 2011/2012, but realistically the only significant change has been a continually increasing total national debt burdens across of the Eurozone. The only other change has been the continued burden of austerity on the Greek people and economy, with little hope for any realistic prospects for improvement in the near term.

Greek unemployment in the younger cohort has since grown to as high as 60%, total employment continues to fall, incomes continue to fall, and the prospects are that this trend will continue. The Greek people have now lived through years of pain, and see only years of pain in front of them.

The Playbook already exist

Currency dissolutions are not new, and while they can be messy, though they can be handled quickly and effectively. Playbooks already exist, which call for a series of steps to take place very quickly, usually when the markets and banks are closed. So expect to see a breaking news flash on a Saturday afternoon saying that the Greek government has passed a number of new laws, including creation of the New Drachma pegged one for one to the Euro.

Also expect in those laws there to be:

1. Closure of the banking system for a week (at least)
2. Closure of the markets for a week (at least)
3. A requirement to have all Euro notes stamped (or hole-punched) at bank (that will be open for this purpose only) within a week
4. For contracts to be re-denominated in New Drachmas
5. For all national debt in the form of bond to be convertible at a rate of 1 New Drachma = 1 Euro

This is just a quick list. Search the internet and you will find a number of playbooks in much greater detail.

The next two years

Expect the New Drachma to devalue and a rocket pace. Of course this will be difficult to see in practice, as the only purchasers of New Drachmas will be those that are actually required to provide payments in New Drachmas in the immediate term. Virtually all others, including those with payments due, will defer payments by a week or two (at least) to get some idea of where the New Drachma will settle.

Imports to Greece will stop. 

Exporters will attempt to demand Euros for their exports, and will be in for protracted discussions / arguments with their customers over the terms of trade, and the currency in force.

Of course, there will be cheap - really cheap - holidays to Greece. Europe, and the US, will flood into Greece and the Greek Islands in a tourism boom never before seen. Exports will become very competitive. Greek olives and wine will be very affordable, and will bring "hard currency" into the country (along with the tourism sector).

Of course, that does not alone make an economy, but it will be a start, and a good start with a greatly deflated New Drachma. 

But no one should be deceived, it will come at a terrible cost in terms of Greek standards of living. These will continue to drop for another couple of years. No more BMWs for Greece, at least not for a number of years. And then, one day, there will be a positive GDP number, followed by more positive numbers, and finally, a growing and productive Greece.

Do you have a plan?

Of course, if it does happen, there will be some serious consequences for businesses across Europe and the UK. The implications could be considerable, including at a minimum the re-pricing of products and services in new currencies at a fixed conversion rate established at exit (with the potential for  a rapid devaluation of the new currency), potential liquidity issues, and sudden exposures to currency transactions between corporate entities that currently share the same currency. We would not be surprised, should any country exit the Euro, to find currency controls introduced in an attempt to limit the flow of capital out of the country. 

Cyprus taught people that cash is king, and we should expect to see runs on banks in Greece long before any actual Grexit.

This will not be TEOTWAWKI (The End Of The World As We Know It), nor will it be a ‘Big Yawn’?  Nobody knows right now, but we think it is worth running your business through a review to assess the impact you might face.

We recommend companies:

• Expect confusion and disruption for a period, but do not let this become all consuming, it shall pass
• Treat a potential Grexit as a Business Continuity event, and run a BCP exercise to confirm gaps and applicability of any plans
• Confirm that your CMT (Crisis Management Team) is appropraite for this type of crisis
• Shift where possible liquid assets out of jurisdictions with daily sweeps, ensuring that your specific capital control risk is minimised
• Identify the risk of write-downs in currency denominated assets, following devaluations
• Test processes for re-denomination or re-pricing of products and services
• Engage your legal counsel to ensure that contracts will survive an exit, or at least confirm te potential contractual impact of an exit, reviewing legal agreements to ensure continuity post any such change
• Speak with counter-parties to plan smooth transitions to any new currency
• Consider potential impacts of currency controls

Most importantly, consider your longer range options, including potentially shifting production of services capacity into Greece (or other exiting country) post the initial systemic shock. So, following a period of instability and currency fluctuation and probable significant devaluation, look to develop in a much cheaper labour market. Harvesting the upside is going to take time, planning and preparation.

And if nothing happens?

If there is no Grexit, you have lost nothing by dusting off your plans, running contingency exercises, reviewing contracts, and generally reconsidering your strategic risks. Greece will continue to deteriorate, and may actually become an attractive location for sourcing lower costs production or services.