Why Greece?

Yes, we've moved to Greece; Thessaloniki to be specific. On seeing this, a long-time friend sent me a message asking "But why move when the country seems in so much turmoil?"

It is a great question. Why would anyone move to a country that is in such a sorry state, after years of economic devastation and waste, where the pictures we see juxtapose ancient ruins with modern ruins and riots? Really though, the decision was easy.

Consider this the first, and not the complete, post on "Why Greece", and expect more posts to come. There is simply no way to say all there is to say in one post. 

Ivory figurine from the
tomb of Phillip II
(actual size: ~2cmx2cm)

When Francoise and I were considering where after Panama, which as you'll have seen is simply too corrupt for us to do anything meaningful, and the weather is too brutal to be enjoyable for other than a few months of the year, we considered several places. In Panama, the food is terrible, and the service culture simply does not exist, and "gringos" (any "white" or "European" looking person regardless of nationality, language or accent) are not welcomed other than as marks.

Greece is entirely different, in almost every way (other than corruption, but that will be a different story).

So where to begin? Greece is lovely, and the food is incredible. It is cheap, plentiful and fresh. Eating out is inexpensive (our meals out when there was no real kitchen where we are staying) have averaged Euro 35 (approx $40 for two people, with wine). And we have been over-ordering and over-eating. Since then, we have learned to order a third less.

And while it is possible to eat nothing but "classic" Greek food (tzatziki, souvlaki, fried calamari, fish, etc) is is also easy to find variations and experimentation, creating simply fantastic dishes and eating experiences. And all at very reasonable prices.

We have found a wonderful little place in the market in downtown Thessaloniki.
A small cafe on the market square, next door to a tourist souvenir shop on one side, and a bread shop and Orthodox icon shop on the other.

Greek people are famous for their hospitality and friendliness, and we see that around us every day, and in small ways. Certainly, there are rude people; they exist in every culture and community. But here it seems even the boy-racers in their (older) speedy kids cars, are polite and will wave a thank you as you let them merge ahead of you. I've had taxis wave me into traffic to merge ahead of them, and the natural response is, next time, to wave a taxi or other car into traffic in front of me. Simple politeness is contagious.


More important than simply being friendly, the people are good. What do I base that on? The way they treat animals. Complete strangers feed the stray dogs and cats, of which there are many. Every restaurant seems to have a cat or two, or three, wandering around outside. We joke that if the cats won't eat there, there you probably shouldn't either. Yet no one shoos the cats away, and the servers negotiate their way around the cats. Dogs definitely stay outside, but they lay around on the sidewalks and in the grass, waiting their turn.

Greece certainly has been through very difficult times and is still in that difficulty. But it has, I believe, turned a corner, and certainly, Europe has turned a corner in its view of Greece. After all, Greece carries a national debt of close to 200% of GDP (it was smaller, but the IMF/Troika's programme actually shrank the Greek economy, so the debt grew as a percentage of GDP). Greece has gone through a terrible depression, and many young Greeks have left the country in search of work. In addition, Greece is one of the countries on the fringe of Europe with a serious immigrant problem, fuelled by Turkey and the games that they are playing with Europe and the US.

Yet Greece has much going for it. For one, the terrible economic conditions have been buffered by the close family ties that exist in Greece. As families lost jobs and homes, the larger family welcomed them in. Children, including adult and married, moved back home with parents. The coffee culture ensured that the young unemployed could sit outside with their friends nursing a coffee for hours (at 1.20 Euro per, instead of $4 - $5 in the US or the UK).

As the difficulties really bit, shops failed across the country, more jobs were lost, and the cycle continued for years. But then something else began to happen. New stored opened, but with cheaper goods. New jobs were created at half the previous salaries. Rents went down, home prices dropped by almost 50% (they are beginning to rise again, but slowly). The economy "reset".

Of course, Greece is also on the front-lines of the Migrant Crisis, and its position in the Mediterranean and as a "front-line" state facing Turkey makes that inevitable. There are UN and EU programmes to help, but mostly common Greeks and international volunteers are filling the gaps.  

So why Greece? Yes, my own history and the fact that there are still friends here plays a big part. But another part is looking at the global, US and European situations. When we considered France, my comment to Francoise was that this is a country (just like the UK and especially the US) that is waiting for it's "Greek moment". I said that I would rather live in a country that had that moment behind it, and not in front of it. I want us to buy a property closer to the bottom of the market than near the top, even if we will be buying mortgage-free. 

5 seconds of the Thessaloniki waterfront

Remember also that part of the horror of the Greek depression, imposed by the Troika/IMF/Germany was a requirement that the Greek government run a 3.5% national surplus. Greece for a few years now has been running a budget surplus. Imagine what would happen in the US if Washington actually ran a surplus? How many jobs would disappear overnight? Almost all US economic growth over the past decade has come from increased government deficits. Turn off the borrowed money, and the economy would contract massively. 

Without the deep family ties that exist in Greece, and with the even greater social fracture that is happening in the US, the period of adjustment to a "new normal" will be even worse. Charleston and Portland will be remembered as the opening shots in a new civil war. Yes, I really do think that is possible in the US. Especially when China and the rest of the world stop buying US debt.

In all of this, I'm taking the long(er) view. Greece has better prospects simply because it was been through the worst, while other countries have not started down that debt imposed path.

The imposed reforms of the Greek economy are, finally, beginning to pay off. The Bank of Greece has projected a 1.9% growth in 2019, and up to 2.5% growth in 2020. Yet unemployment remains just under 20%, and is exacerbated by a lopsided annual business cycle, with high tourism-based employment for six months of the year, and cyclical unemployment the other six months. 

What else then?

Casket of Philip II of Macedon

There is more history here than almost anywhere we can go, and it is all around us. Athens is only 4.5 hours from away, with all its history. 1.5 hours from here is the tomb (and associated museum, one of the best I have ever been in) of Philip II of Macedon, the father of Alexander the Great. The tomb was discovered intact in 1977, and all the artefacts are in the museum that is built around and over the tomb. 

A 1.5 hours drive and we are at the base of Mount Olympus (which on a clear day/night can be seen from Thessaloniki where we are) - Home of the Gods. 1 - 1.5 hours away are some wonderful beaches in the holiday area of Halkidiki. Paris is a 2.5-hour flight away on discount airlines, and London, where I will continue to work, is a 3.5-hour flight, also on discount airlines.

That is why Greece, for what it has now, what it had, and for what it will be like in the future.

The economy is recovering, and house prices have been inching upward over the past year, though they remain 40% down from their peak.

So to summarise, yes, even though Greece remains in a perilous state, it remains a wonderful place to live, and it is improving every day.

Hong Kong – THE Geopolitical Risk

What happens when Beijing loses patience with the Hong Kong demonstrators? What happens when Beijing decides ongoing trade / diplomatic conditions cannot get worse? What happens when Beijing decides it can ride out any storm? 

Hong Kong, and the ongoing protests, is now THE only geopolitical risk that matters.

22 years ago Governor Chris Patten presided over the lowering of the flag of the United Kingdom and the raising of the flag of the Special Administrative Region of Hong Kong. The 1st of July 1997 saw the end of British rule over Hong Kong, and a promise of a 50-year transition under the “One Country, Two Systems” principle. 

“In accordance with the "One country, two systems" principle agreed between the United Kingdom and the People's Republic of China, the socialist system of the People's Republic of China would not be practised in the Hong Kong Special Administrative Region (HKSAR), and Hong Kong's previous capitalist system and its way of life would remain unchanged for a period of 50 years. This would have left Hong Kong unchanged until 2047.”

Fairly obviously that was never going to happen, and the underlying rationale for agreement to the principle was to avoid the collapse of the economic golden goose and to ease the way for a potential peaceful unification with Taiwan. Well, the golden goose has done its part, but Taiwan has not budged. Furthermore, China itself was able to assimilate Hong Kong while at the same time expanding its own economy to the point that Hong Kong is no longer the entry to China. 

Fundamentally Hong Kong has become just another Chinese city, albeit a separate financial centre and vibrant port. We are continually told that the Chinese are masters at the long game and, given the current situation in Hong Kong, and the increasingly uncertain global economic status, that long game could go either way.  If they want to preserve the economic benefits, they play long; if a unified China is the prize, then it is possible that the current global situation may give Beijing confidence that with global attention diverted in so many areas including Iran, this may be their opportunity. 

So why is this THE Geopolitical Risk?

Yes, Iran is a major geopolitical risk, but nothing compared to Hong Kong right now. Iran provides focus and noise, being at the crossroads (and chokepoint) of global oil traffic. Yet the world has been through a "tanker war" once already during the Iran-Iraq war of the 1980s. 

Over the past two and a half decades the West has tied itself economically to China, to an extent that is simply frightening. Were it done as a national policy with alternative plans and capacity already in place and maintained, the West would, in theory, be able to recover quickly from the isolation that a true economic war or sanctions regime would entail. Yet across the developed world, critical national capacity and capability have been outsourced to Chinese companies and/or had production itself moved to China.


The steel industry is a good example. In search of cheaper steel (and cleaner air at home), the West has happily watched and contributed to the growth of the Chinese steel industry. Currently, over 50% of world steel production is in China. Chinese overproduction and dumping of steel on global markets has further undermined Western economies, closed steel mills and slowly built greater reliance on China. This capacity does not return overnight.

Image from Worldsteel.org

In the area of microchip production, China has set out to meet all domestic needs as well as positioning itself to be able to economically undercut and dominate international markets. In July 2017, the Wall Street Journal stated:

The U.S. views China as its biggest semiconductor challenge since Japan in the late 1980s. The U.S. triumphed then through trade sanctions and technological advances. Japanese firms couldn’t match U.S. microprocessor technology, which powered the personal computer revolution, and fell behind South Korea in low-margin memory chips.

China has advantages Japan didn’t. It is the world’s biggest chip market, consuming 58.5% of the global $354 billion semiconductor sales in 2015 according to PricewaterhouseCoopers LLP. That gives Beijing power to discriminate, if it wants, against overseas suppliers.

With these two sectors, China has positioned itself to be able to survive any attempts to isolate it or to economically undermine it. More importantly, China has positioned itself to be able to thwart any attempts at a sanctions regime, knowing that sanctions will hurt the sectioning countries more than they will hurt China. 

Imagine the impact on global trade and development if access to steel and microchips were to be curtailed or limited by sanctions or political risk?

No one should be fooled by the promise of 50 years of limited interference. Beijing has been there all along, and if Beijing has not run out of patience, it will very soon. It is also realistic to expect that in the 22 years since handover there would be changes, and there have been.

The protests started over the extradition law that would have allowed the Hong Kong government to extradite individuals to be tried in China proper. The protests managed to force the Hong Kong government to back down. All well and good, to that point.

It was time for the protesters to go back to university, back to work, and back home. A little local difference that we can all learn from.

But having forced the local government to back down, like so many “protest” movements, they did not see that their primary goal was all that they could actually gain in concessions. They are pushing further, and they may have pushed too far. The current general strike and protest actions such as blocking the subways, roads, and painting over street lights to block traffic are bad enough. To call for “revolution” will probably push Beijing over the line.

“Restore Hong Kong. Revolution of our time,” protesters chanted in a demonstration on Monday at a temple in Wong Tai Sin, a working-class neighborhood that was the site of weekend clashes in which enraged residents went into the streets in flip-flops and shorts to drive out police.

In a broader geopolitical context, Hong Kong is now a proxy that is never should have been, and that it really does not want to be. It is a bastion of Western Liberalism deep in the heart of China. Protests are acceptable when they are local only. But when China is facing off against the United States, loyalties are being examined. 

The breakdown in relations with the West (the United States anyway) make any overt and internationally extravagant protest a form of disloyalty, and that is not acceptable to Beijing. 

There have been reports of Chinese forces (vague reports) on the Chinese side of the border between China and Hong Kong. I expect we will see more such reports. It will be interesting to see what units are included, both by name and by type of units. Those forces will not stay there indefinitely.

Late last week (1st August) the Hong Kong element of the PLA (People’s Liberation Army) released a video showing the unit practising anti-riot exercises “showing its soldiers dressed in riot gear and riding in tanks in scenes that bore striking similarities to the Tiananmen Square protests in 1989”. It is not possible to see this as anything other than a warning that what was done 31 years ago, to protect China and more importantly the Communist Party, will be visited on the people of Hong Kong if they continue to protest.

With no end in sight to the protests, Beijing may well have come to the conclusion that now is the time to end two systems. “The PLA can help restore peace in Hong Kong if necessary: Hong Kong lawmaker Junius Ho Kwan-yiu”. It might not be the 27th Group Army (responsible for Tiananmen Square, and disbanded in 2017), but that will not stop them from being equally brutal and effective.

If they have, Hong Kong will be crushed, and we will see an impotent West rush to the UN Security Council fully aware that China will veto any resolution.

Tiananmen Square may be visited on all of Hong Kong. If this happens, the bloodshed will be terrible, and it will be broadcast to the world. The outrage will be both real and impotent. But within China, the message will be two-fold; Hong Kong is now fully integrated into China, and internal dissent will be tolerated only as long as the role of the Communist Party is not questioned.

The West (and Beijing) will discover if it is possible to engage in urban warfare in a modern mega-city. What better place and time to test doctrine, in a place where they control all physical access, and where, eventually, they can control all communications (though that one will take some time). Beijing will also be watching closely to see what lessons they can learn in relation to Taiwan. 

It will not be fast, but it will be effective. Professionals will be "spared" though families may be invited to visit the countryside. After all, the financial systems and global trade must continue.

By the time the international community is able to respond meaningfully, Hong Kong will be subjugated. China (and the rest of the world) knows full well that Hong Kong is not Kuwait, and Xi Jinping is not Saddam. The United States will not be pushing the PLA out of Hong Kong.

What will happen to global markets? From China’s perspective, nothing that they are not willing to allow anyway, in their trade fight with the United States. In Asia “Face” is all-important, and to allow insults of the leader and the country is to lose face.

So anyone who thinks that China will not “invade” and “pacify” Hong Kong should be careful with their assumptions. Geopolitical risk is exceptionally high, and unless both China and the United States have a way to convince the protesters to end their protests and calm their slogans, there will be major trouble.

China has positioned itself to be able to survive any sanctions regime, or at least to impose a greater cost on sanctioning countries. This limits the ability to use threats of sanctions to influence China. This also means that China may feel that they will be given a "free hand" to suppress Hong Kong. 

There is a very significant danger of miscalculation. We already know that words alone will move markets. A Chinese "Tiananmen" style suppression of Hong Kong could generate global market chaos.

Today, next to China and Hong Kong, all other geopolitical risk pales. 

Saving the SEC’s XBRL Program

Some years ago I promised myself that I would not write about XBRL again. I’m breaking that promise. eXtensible Business Reporting Language was a major conceptual breakthrough when it was first developed in 1998. But that was over 20 years ago, and XBRL has progressed little beyond a regulator-demanded user-unfriendly standard with little (voluntary) uptake by report producers, and less evidence that anyone actually consumer and uses native XBRL. There are financial analysts in university (and possibly beyond) who were not born when XBRL was developed. 

At the heart of displeasure with the SEC’s XBRL program at the core of XBRL, the “eXtensible” concept, or as the XBRL community liked to sell the concept, “tell your story, your way”. Thankfully there is a “simple” fix that will save the SEC’s XBRL program, save filers time and money, enable to (almost) pain-free expansion of the program, and increase the likelihood of uptake by consumers of financial information.

Unfortunately, the complexity of XBRL has been a problem from day one. My all-time favourite condemnation of XBRL goes all the way back to 2008 when someone said that XBRL was “using a dinosaur to crack a walnut”.

But first some background:

There are uses for XBRL and XBRL-type reporting technology, but if you are considering going down that route, beware.

The idea was simple; each piece of information in a financial statement/report could be tagged in such a way as to enable the machine to machine communication of financial and business information. The use of a common taxonomy of elements ensured that a piece of data (a “fact”) tagged would mean the same thing to any consumer of that piece of data. Anyone producing financial or business data that was to be shared would be able to ensure that the consumers of that data would know exactly what they were consuming.

Soon, the FDIC (Federal Deposit Insurance Corporation), the US banking regulator, had incorporated XBRL into the Call Report process, ensuring as early as 2004 that all reporting banks in the United States were reporting using a common taxonomy.

All “successful” XBRL implementations share one key factor; they use “closed” taxonomies and do not allow filers or providers to add extension elements.

Today, around the world, XBRL is required by various regulators are the standard for data tagging of financial statements. And in virtually all of those implementations, from the UK to Singapore to Japan and the Netherlands (to name a few), financial statements are provided to the accountant or service provider who then converts Excel into XBRL and then submits that file to the regulator. The regulator then gets to convert the XBRL back into Excel for analysis. Why? Because XBRL is complex and resource-hungry, where the equivalent benefit can be achieved from a spreadsheet.

In the US, the SEC (Securities and Exchange Commission) requires that financial statements in the 10Q, 10K and a range of other filings, be filed in HTML and in an XBRL version. The SEC is also moving to require “Inline-XBRL” filings. Unfortunately, the SEC’s XBRL program remains a burden for which there has simply not been adequate, or even partial, buy-in from the producers or the consumers of companies SEC filings.

Fundamentally the SEC’s XBRL program has been a failure.

Producers of filings to not like it, and consider the production of XBRL to be costly and time-consuming. Don’t take my word for it, read the recent article following the SEC’s roundtable on short-termism from July 2019.

In listing the bullet points from the discussion of how to improve the 10Q process, the final bullet point stated: “And then, what about XBRL? (It was noted here that many issuers find XBRL expensive and very time-consuming and highly doubt its usefulness, not to mention that the SEC has just increased the XBRL burden for companies. Another panellist quoted an issuer as describing it as the “worst part” of the process.)” (emphasis mine).

The SEC itself is a lukewarm user, and if they have ever announced that it was the XBRL that allowed them to spot a case of fraud or financial misstatement then I missed that announcement. 

Data providers such as Yahoo Finance do not bother to provide a “download XBRL” button, and if you want the data, download it in Excel. If you want to XBRL, you’ll need to go to individual filing companies’ websites and download the files from their Invest Relations page, or you will need to go into the SEC’s EDGAR system and search on the company and download the XBRL from the SEC’s site.

While iXBRL (inline-XBRL) will be a boon to consumers of XBRL, at least those reading documents through their eyes, and wondering if the XBRL-tagged facts actually match the information on the printed form, this does little or nothing to solve the main problem; the difficulty of producing the XBRL in the first place.

The “FIX”

The US GAAP Taxonomy, the “dictionary” of allowable tags for financial statements contains over 18,000 elements. Or, as the AICPA said, “The US GAAP Taxonomies contain over 15,000 elements representing commonly reported financial concepts for US GAAP financial statements”. That was a number of years ago. But really? 15,000 “commonly reported”. And this number does not include the plethora of company-specific extension elements that are created every year. 

Fundamentally, every significant implementation of XBRL for the past 15 years (as long as there really have been any implementations of XBRL) has been based on a “closed” taxonomy in which filers are not able to create company-specific extensions.

To fix the SEC’s XBRL program, they should consider the following:

1. Create a limited-set US GAAP Taxonomy. The original estimate was that at fully functioning IS GAAP taxonomy could be created with 4500 elements. While that number clearly is low, it should be possible to create a taxonomy that allows companies to report all “common” concepts in under 10,000 elements.
2. Where companies cannot find the “perfect” fit element, they should use the closest element, and/or revise their reporting to ensure that they are reporting information that is common to their industry of to US GAAP principles.
3. Encourage the development of “templates” for reporting. This will enable companies and service providers to produce XBRL as standard output, saving time and cost, especially for smaller filing companies.

Yes, this sounds simplistic, and it probably will not happen. 

Why not? Unfortunately, there are drivers for the retention of the complex system of company-specific extensions. Simply put, too many jobs are on the line. 

The FASB maintains a team whose job is the “maintain” the US GAAP taxonomy. This includes the annual release of an updated taxonomy in which new elements are added to cater for “common” company-specific extensions. Companies providing software will see their market disappear if the reporting process can be simplified. And of course, if XBRL is actually simplified, then it will become clear that almost anything that can be done with XBRL should be possible with learning engines and (gasp) Excel.  

After all, XBRL has been around for 20 years. That is 20 years of Moore’s Law improving the speed of processes, 20 years of improvements in systems and analytic capabilities, and 20 years in which IA and learning engines have, if not matured, then at least become mainstream.

It is time to fix the SEC's filing program. Fix it, or abandon XBRL.

In search of a seamless relationship between Operational Management, Risk Management and Internal Audit.

I continue to be amazed by the too frequent disconnect between Internal Audit, Risk Management, and Operational Management. The artificial, though regulator sanctified, “second line” and “third line” functions are too often used to justify two (complementary) functions seeking complete independence from each other, independence that can undermine the effective identification and management of risks.

Operational Management (OM) is responsible for delivering the objectives of the organisation, and specifically the objectives of their function(s). Risk Management (RM) provides support to OM by providing the framework for identifying and helping OM determine and implement the most appropriate management strategies to cover the risks to the accomplishment of the objectives. Internal Audit (IA), by focusing limited resources on the areas of highest risk, confirms that key controls are in place and that they are functioning effectively to ensure that risks to the achievement of objectives are managed within the risk appetite of the business.

Within that previous paragraph, there are a number of important words and concepts, too frequently considered separately, when they should be viewed as part of a seamless set of processes and responsibilities. Sadly too often the three are not seen as part of that seamless delivery, with the second two being detached from OM and from each other.

Operational Management is responsible for delivery of results, and as such is provided with resources (budget) that are almost always limited in relation to the provision of any “extras”. Managers face annual budget challenges, and not infrequently are asked to make “savings”. Sometimes this can (sacrilege) include reducing headcount or increasing the level of output expected without increasing resources. Frequently it is the control environment that suffers when this happens. 

Risk Management can help OM to identify and consider the risks that they face, and can assist OM in identifying the controls that would be needed to manage the risks to the level acceptable within the business’s risk appetite. It remains, however, OM’s responsibility to implement the controls and to ensure the controls are functioning. RM can, and should, provide ongoing monitoring at an observation level of the risks and controls across the business.

(There is, of course, also the critical role that RM plays in the identification and mitigation of Emerging Risks and External Risks, but for our purposes here, we are looking only at the internal relationships and management of risks.)

RM confirms with OM that the control environment is functioning, as confirmed by OM and reviewed selectively by RM. The assessment of the current status of any risk is the responsibility of OM who own the risk and who is responsible for managing the risk. RM can suggest alternative views on the effectiveness of the management or the risks, both to OM and to senior management and the Board, but ultimately OM is responsible for the risks and controls. Furthermore, OM is responsible for determining how the provided resources will be applied for the achievement of objectives.

In this the assessment of the effectiveness of the control environment if firstly the responsibility of OM, and unless there is a fundamental disagreement with RM, it is OM's prerogative as to how resources should be applied. This includes the development and implementation of controls. While RM (and IA) can recommend, as it is OM that ultimately carries the responsibility, it is OM's decision. Escalation is appropriate only when there is a fundamental disagreement between RM (and IA) and OM.

Of course, it is appropriate that the Board be provided with additional comfort that the control environment is effective. Sadly the conflicting priorities of OM can lead to misreporting or inaccurate reporting of the effectiveness of the control environment. Likewise, limited RM resources can provide a general level of comfort that risks are identified, and that controls appropriate to the risk appetite have been implemented. 

This means that, while RM can and does support the implementation and operation of a framework for identifying and managing risks, it may be outside RM's resources to perform "deep-dives" into all areas of risk.

I am reminded of a bank that told their regulator that they treated all customers as "high risk" customers for due diligence purposed. The regulator's response was that if all customers were "high risk", then no customers were, and the real "high risk" customers would slip past the due diligence process. The bank was required to segment its customers and implement a higher level of due diligence than they had been performing.

IA’s role is to fill the gaps and to provide additional assurance that key controls in high-risk areas are functioning as per asserted by OM and that such controls are functioning with the risk appetite. So, IA’s role is the provision a “deep-dive” assessments of high-risk areas, to ensure that the key risks have been identified, that appropriate responses have been considered and agreed, and that controls have been put in place that brings management of the risks within risk appetite.

To summarise then:

1. OM is responsible for delivering business objectives,
2. OM applies limited resources to accomplish this,
3. RM assists OM in identifying and assessing risks to the accomplishment of objectives,
4. OM provides RM (and others) with regular reporting to confirm that objectives will be achieved within the acceptable risk appetite,
5. RM confirms that risk across the enterprise is being managed within risk appetite, as reported by OM and as reviewed by RM,
6. IA provides detailed “deep dive” assessments of the effectiveness of controls in the highest risk areas of the business, or where there may be limited confidence that risks are being managed within risk appetite,
7. OM, RM and IA jointly provide assurance to the Board that there can be a reasonable expectation that business objectives will be accomplished with risk appetite.

A quick word about risk appetite: the risk appetite of the enterprise is set by the Board (with the assistance of senior management and RM) and it is the responsibility of OM to deliver objectives within that risk appetite. 

This means that RM should continuously confirm that OM understands the risk appetite as it applies to their areas and objectives, and should confirm that there is an effective control environment commensurate with the level of risk and the enterprise’s risk appetite. OM does not set the risk appetite; neither does RM or IA.

Being practical, this influences the reporting to the Board on risk and the effectiveness of the system of internal controls. Some practical suggestions that come from this:

1. All IA findings should include discussion of the risks that have been identified,
2. There is an IA finding only if the control environment is failing (or is expected to fail) to manage identified risks within risk appetite,
3. All actions agreed by OM should be reflected against the risks as recorded and managed through the risk register,
4. All IA findings and actions should be recorded against their associated risks, or new risks should be added to the risk register where there is no corresponding risk,
5. OM and RM then need to update their review processes to ensure that the identified risk and mitigation is actually functioning.
6. Where IA has requested confirmation of the implementation of new or updated controls, this should be provided.
7. Annual review and approval of the updated risk appetite should then drive a review by OM and RM of the risk and control environment and will inform the IA review cycle by potentially changing the perceived highest risk areas.

These steps will lead to a more seamless integration of OM, RM and IA, and will improve both relationships at the operational level, and provider greater confidence to the Board that the control environment if well established, operating and being effectively monitored. 

Prediction: A Minsky Moment is coming sooner than you think

Tipping points, unstable situations, Minsky Moments.  In 1996 Greenspan used the now famous phrase "irrational exuberance" to describe the Dot-Com bubble of the 1990s. "But how do we know when irrational exuberance has unduly escalated asset values, which then become subject to unexpected and prolonged contractions," he asked.

He was foreshadowing the coming Minsky Moment when the bubble popped. We are almost there, again.

Well, the US markets have reached a new record high. They have been pushing for that, ignoring data and building on the dream of new records. Each tweet from Trump is met with either a small market retreat (if bellicose) or a jump when he declares victory and withdraws (what I call the "Vietnam Solution"). Each manufactured crisis is shrugged off for the noise that it is, while each resolution of the manufactured crisis is greeted as a stunning "victory", and the markets move accordingly. Irrational Exuberance anyone?

Yet behind all the noise is the real economy, both the US and the Global economy as composed of a myriad of individual and linked economies. The reality is that the real economy(ies) are not in great shape, and this has not been priced in.

The past two weeks I've been watching the US markets go up and up, while at the same time the safe-haven, go-to-when afraid Gold price has bounced above $1400 for the first time since 2013. Normally when stocks go up, fear assets such as gold go down.

The US is now in uncharted territory, having entered the longest recovery on record. So just how much more "up-side" is there, or are investors "picking up nickels in front of a steamroller"?

Meanwhile, industrial production indices such as the monthly ISM are falling, and in some national (Germany) and US regional cases have fallen below 50, meaning contraction.

House prices have been falling in London for over a year, and housing starts and purchases in the US have been falling for months. 

The yield curve has now fully inverted. Why does this matter? Every (US) recession for the past 50 years has been preceded by a yield curve inversion, with the average time to start of the recession being 9 months from date of inversion. The yield curve inverted in March.

This to a background of continually rising corporate debt through the issuance of corporate bonds. "Companies from advanced economies, which hold 79% of the total global outstanding amount as of 2018, have seen their corporate bond volume grow by 70%, from USD 5.97 trillion in 2008 to USD 10.17 trillion in 2018." These bonds loads are easy to manage in a world of low interest rates and high liquidity.

And - the Fed is talking about cutting rates. Really? Cutting rate in the best economy ever? The entire point of starting to raise rates was to ensure there was enough "ammunition" (Feb rate cutting ability) to withstand another recession.

Finally, some are saying that the US (and the globe, for that matter) may already be in a recession.

Yet the US unemployment rate continues to fall, the participation rate (the percentage of the population that is employed) remains stubbornly lower than before the Great Recession.

So, when will we have our Minsky Moment, when sentiment turns and the rout begins in earnest?

It cannot be far away. And three months is probably very far at this point. 

How far will markets fall? That is anyone's guess. But they will fall, and it will be farther than most people would imagine today.

When is an Employee death not a strategic risk

I remember performing at Strategic Risk Review for a company in the Middle East. There were two of us on the team in-country, with support at "home". When attempting to come up with our starter set of assumed strategic risks, we included the usual; market and product risk, process and system risk, cyber and privacy, financial reporting and financial management risk, capital markets and exchange rate risk, and of course ownership and succession risk. My colleague then added "loss of life, the death of an employee" as one of the strategic risks.

Loss of life, it would seem obvious, is a major strategic risk, and the short and longer-term impacts could, if not managed well, be significant. Yet in this situation, I told my colleague that I did not agree, and for this company and country, the response to a workplace death would be "write a cheque". I'm not normally cold and disrespectful of human life, and certainly not disrespectful of the strategic risks facing organisations. But this time it simply did not rise to the level of strategic risk.

Strategic risks vary. Certainly, there are common strategic risks, but each country, industry, company and organisation, and the business lifecycle both at the global and at the individual entity level will influence the range of strategic risks applicable to the entity.  

Country influences

Businesses and entities function within countries, usually within their home country, sometimes across countries and regions. Each country has its idiosyncrasies, from cultural to political, regulatory or legal, or in many countries, extra-legal (corrupt practices embedded in the culture and government).

The UK provides a good example of a current strategic risk associated with that country: Brexit. The only good news is that like Y2K, Brexit will be here and gone soon enough, and the uncertainty will give way to response and management of the actual risk. but until the event actually happens (if indeed it does) then the potential impact is unknown in detail.

But certain aspects of the risk are known - there will be price discovery as new trading relationships come into place. Some of that discovery will be uncomfortable, with inflation and costs associated with the potential (temporary) breakdown in supply chains. What can be said with confidence is that such market discomfort will be temporary, as Brexit rewrites some rules, but does not rewrite the rules of markets, only the current set of "how to" rules. The underlying economics does not change, and therefore markets will return to efficient functioning, in as much as markets are ever efficient in their functioning.

For example, in a conversation with another colleague, he was concerned that post-Brexit, the cost of vegetables in the supermarkets would go up, and stay up. His argument was that the loss of supply from one source would result in increased cost of supply from other markets. My response was that as alternative sources were able to supply, prices would come down. His view was that "once the supermarkets raise their prices, they will not lower then even if the input costs reduce, as they will use this as an opportunity to increase profits". The flaw, of course, is that this assumes that fundamental market mechanisms of price discovery and competition will, for some reason, be different in a post-Brexit UK.

Other countries have their own market dynamics, not infrequently influenced by exchange rate movements due to global or even local political situations. Turkey today is suffering as the Lira drops due to a combination of economic and political pressures. Therefore, a strategic risk of doing business in Turkey will include the ability to forward hedge externally sourced raw materials, and to hedge, where possible, exchange rate risk against currencies in export markets. 

Then there is the systemic corruption in some countries, even to the point where we've seen corrupt practices in the awarding of contracts to introduce anti-corruption programmes. We bid to implement an anti-corruption programme in an East African country, partnering with a local former-Big-4 firm. I will say that I think it was a very good bid, in concept, content, team and pricing. We were shortlisted, and the local partner was invited to the procurement director's office to discuss the next steps.

"Your's is the best bid, and we expect we should be able to award this to you." All good so far. Then, "But we were wondering if there was something would be willing to 'do for the team' here in procurement?"

The local Partner did exactly what he should have done, and apologised and said that unfortunately, they were unable to, after all that might not appear to be within the spirit of the objectives of the project. I wish this had been the "test question", but unfortunately it was not.

I will not name them, but the bid was won by the local firm of one of the Big-4, days before I attended a conference in London in which that same Big-4 firm gave a presentation on anti-corruption and anti-bribery.

So in some countries, you pay or you do not play. It is that simple, FCPA and the UK Bribery Act be damned.

Industry Risk

Different industries have their own strategic risks, though of course there is massive overlap across industries. But Healthcare strategic risk is different from Steel industry strategic risk. 

While there are some strategic risks that are applicable to all industries (to a greater or lesser extent) such as Cyber threats and market and entity capacity, the specifics of the risk will vary according to the industry. For example, Cyber threats in service and financial industries centre around customer and personally identifiable data, while in Extraction and Manufacturing, the Cyber threat is one of attacks on infrastructure and SCADA (Supervisory Control and Data Acquisition) to disable plant and equipment. On a national scale, the Cyber threat relates to infrastructure attacks on power generation and distribution, and on national government databases. Recently in Panama, a security analyst was able to demonstrate that the health records of 90% of the citizens were held on servers that were inadequately secured. He demonstrated the ability to extract that data, for almost 4 million citizens.

I remember an FMCG (Fast Moving Consumer Goods) manufacturing company that did not seem to adequately consider one of its strategic risks. The company relies heavily on a distribution network that includes trains, trucking and local distribution. Trains provide most of the transportation of raw materials to factories, while much of the post-production distribution is trucked (from major train depots). During the mid-2000s, before fracking became economically possible, oil production appeared to be approaching a peak, and the price of oil was beginning to move. A sudden movement upward caught the company off-guard, and it appears they had not hedged their transportation capacity or costs.

In the extraction/mining sector, some of the specific strategic risks include political access and regulation, as in many countries access is a core element of doing business, and regulation can and in some cases needs to be leveraged. In one example, a major mining company wanted to improve mine safety by installing high capacity fans and extraction equipment. Unfortunately, local regulations limited the speed of airflow within underground mines, to a rate that the company's engineers had determined to be unsafe. The volumes of air that needed to be moved, due to the size of the mines simply made it impossible to ensure clean and fresh air for workers and equipment, at the regulated airspeed. Political access facilitated the company gaining the exemptions required to manage this risk.

In Brazil, we've already seen the extraction industry-specific strategic risks around company created infrastructure such as dams, and the dangers associated with inadequate investment in maintenance of such dams. Earthen dams, when they collapse, do so at a frightening speed, and the death toll can be significant, with over 200 killed and 100 missing in the Brumadinho dam disaster in January 2019.

In this case, the company clearly has prioritised capital cost containment over life, or simply had failed to listen to their engineers. Only good news travels up, and bad news has a way of dying or being converted into other news. At a major refining business, the Risk Manager was told that, while $2.5 million was required to reduce the risks of a blast furnace explosion (and consequent loss of a many tens of millions furnace) and the risk of death to many employees, the money would be spent on addressing Internal Audit findings that had nothing to do with the blast furnace. Why? Because the CEO of that subsidiary would be fired if he did not address Internal Audit findings, and was not authorised to exceed budget.

Therefore it is inappropriate to expect that there will be a set of strategic risks common to all companies and entities. While there certainly are common strategic risks, it is also clear that each industry will have strategic risks unique to that industry.

Loss of Life - the death of an employee

So returning to the original statement, that the loss of life would not be, for that company in that country, a strategic risk. Certainly is would be a significant risk, and considering the nature of the company, could result in a negative impact on reputation and perceptions. But a strategic risk, no.

Because in that country, the loss of life on an industrial site, for example, results in a mandatory payment of compensation to the family of the victim of twenty-four months of his basic wage, however, “the amount of compensation shall neither be less than Dh18,000 nor more than Dh35,000”.

So based on the exchange rate of May 27th 2019 (and it is worth noting that this exchange rate does not fluctuate significantly), the death of a worker will cost a company between under £4,000 to £7,500. Total.

Or as I said to my colleague, “5% of the capital cost of the bulldozer that ran him over”.

In a case like this when “write a cheque” is the response to the death of an employee, and absent significant reputational damage to a brand, it is sad to say that an employee death simply does not rise to the level of strategic risk.