Managing Risk in the Financial Sector

On Sept. 16, 2009, Compliance Week and Navigant Consulting presented an exclusive editorial roundtable about compliance practices at financial services firms. A top concern among the executives who appeared at the forum, held at The Mandarin Oriental Hotel in Boston, was how to ensure that compliance and risk-management programs keep pace with new and evolving regulatory changes in a challenging economy. Moderated by CW Editor-in-Chief Matt Kelly, and featuring Daniel Bender and John Schneider, director and managing director of Navigant Consulting, respectively, the roundtable encouraged panelists to discuss compliance challenges and solutions. The following article provides readers with an in-depth look at their discussion.

THE PANELISTS

The following executives participated in the Sept. 16 roundtable on challenges facing chief compliance officers.

Daniel Bender,

Director,

Navigant Consulting

John Schneider,

CPA, Managing Director,

Navigant Consulting

James Bone,

Founder,

Global Compliance Advisors

Doug Cornelius,

Chief Compliance Officer,

Beacon Capital Partners

Mark Gilbert,

Principal,

Mercer

Louis Iglesias,

Chief Compliance Officer,

PanAgora Asset Management

Melissa LaGrant,

Managing Director,

Babson Capital Management

Kate Murtagh,

Managing Director & Chief Compliance Officer,

Harvard Management

Greg Pusch,

SVP & Head of GRC,

Pyramis Global Advisors

Just as efforts to overhaul the U.S. financial regulatory system intensify, so must the strategies of chief compliance and risk officers, struggling to keep up with it all.

Such was the sentiment among compliance and risk executives participating in a recent editorial roundtable hosted by Compliance Week and Navigant Consulting, which explored compliance issues in the financial services sector.

“It’s important that compliance and risk management programs continue to evolve in a way that keeps pace with the regulatory changes that are coming, and the expectations that continue to grow,” Mark Gilbert, deputy chief compliance officer at Marsh & McLennan subsidiary Mercer, said at the Sept. 16 event in Boston.

Other attendees said they view new regulations as an opportunity to strengthen their reputation as thought leaders in the field. “The greatest asset and the greatest risk we have is our reputation in the industry, so looking at reputational risk is always a huge concern of ours,” said Kate Murtagh, managing director and chief compliance officer of Harvard Management Company.

For Harvard Management, it’s about “wanting to be at the forefront of these issues as opposed to being a follower, wanting to be proactive instead of reactive, and making sure that we’re positioning value the best way that we can to really be responsive to these regulations when they come down,” she said.

But actually translating existing regulations into actions and then into oversight is where challenges arise, said Daniel Bender, director of Navigant Consulting.

Many at the roundtable agreed. Unlike lawyers and certified public accountants, no certification for risk and compliance professionals exists, noted James Bone, founder of GlobalComplianceAdvisors LLC. “There’s no standard body to decide what best practices are out there.”

Bone added that while some risk managers use standard risk practices, senior management often isn’t up to speed on those models. “They’re so complex in some cases, they don’t know how to use that data,” he said. As a result, one of the biggest challenges compliance and risk officers face is how to communicate risks to the board and to senior management so the right actions are taken.

John Schneider, managing director of Navigant Consulting, pointed to a recent survey conducted by Navigant and the Economist that found “most firms believe they have the ability to measure risk,” however do not have processes to escalate risk information to the right people and ensure that decisions are made, he said.

This is where the input of business owners plays an especially important role. “When the most senior leaders in an organization actively support compliance and risk-management efforts, the ‘buy-in’ effect tends to cascade throughout the entire organization,” said Gilbert of Mercer.

Developing stronger compliance practices, though, doesn’t just fall on companies. Participants at the roundtable also discussed the need for greater “regulatory transparency” by the Securities and Exchange Commission in terms of what the agency is seeing and looking for in its examinations, and sharing common deficiencies more frequently. “In some cases, we’re seeing the SEC dinging firms who have every intention to comply but may not have the crystal ball to know exactly what it is they should and should not be looking at,” said one executive.

Melissa LaGrant, a managing director at Babson Capital Management, offered an example in which another advisory firm recently self-reported to the SEC an issue it had discovered within its organization, and is now being asked to revamp its compliance program. Yet, the program, in its current state, is what discovered the problem in the first place, she noted. “Where’s the balance there?”

Asked LaGrant: Do such issues really derive from a compliance breakdown, or does it have to do with the much larger issue of risk ownership?

A common argument is that everybody should own risk, said Bone. “Well, if everybody owns it, than nobody really owns it.” Bone said accountability requires that key people—not solely the risk and compliance groups—own up to risk and compliance. He said, “We need to change the dialogue around to focus on what should go right versus a focus on what could go wrong.”

Incentive Compensation

Incentive compensation is a part of risk ownership, said Bone. If compensation was tied to managing risks, executive rewards might produce different outcomes. “How many CEOs—except for the firms that went under—really got their compensation taken away from them because of the risks they were taking?”

John Schneider, managing director of Navigant Consulting, offers some insight. At right is CW Editor-in-Chief Matt Kelly.

Business strategy doesn’t start out necessarily as an attempt just to drive compensation for a few individuals, but rather to drive revenue for the firm, continued Bone. Where conflict arises is when someone within the firm decides to try to make gains in the system some way. “You have to build a culture, whereby you can identify where it crosses over from being a good business strategy to going to a place where you start to create risk that threatens business strategy.”

Part of the solution is not being afraid to question the highest-paid managers in the company. “The people making the most money are probably the ones taking the most risk,” one executive noted. Compliance executives shouldn’t be afraid to ask: “Is there a reason behind why these people are performing the way they are, or is there a problem here?”

“Is it real or is it a façade?” asked one executive.

And if it is fraud—or potential fraud—how do you address that? Who do you turn to?

Schneider at Navigant Consulting offered a hypothetical example in which a portfolio manager is feeding all of the good ideas to the biggest funds that he manages in order to increase the portfolio’s performance and, in turn, increase his compensation, which is quantitatively tied to the overall performance of the portfolios he manages.

Greg Pusch, senior vice president and head of GRC at Pyramis Global Advisors stressed the need for some industry standard for client disclosures to clarify what amount of information is propriety and what isn’t. Pusch also predicted that the SEC would begin to use more quantitative tools to collect and monitor allocation investment ideas and how trading patterns are done.

Harvard Management’s Managing Director Kate Murtagh brings her thoughts to the table. Listening in from far left: James Bone, Founder of GlobalComplianceAdvisors, Doug Cornelius, CCO of Beacon Capital, and Louis Iglesias, PanAgora Asset CCO.

Daniel Bender, director of Navigant Consulting, expresses his views, while Mark Gilbert, a principal at Mercer (left) looks on.

Already, the SEC is putting those practices into use. Bender at Navigant Consulting cited an example in which the Commission recently analyzed a client hedge fund by quantitatively looking at the allocations of profitable investments to the hedge fund, which had a performance fee and other accounts, examining how much each fund received. Regulators are now at a level where they are clearly going after the inherent conflicts, he said.

Companies should be taking a process-driven approach. At the core of an effective process-driven program is the practice of closely monitoring your vendors and service providers, said Bender. Harvard Management’s Murtagh agreed. “It’s really critical for us to look at the local partners that we’re using, both from a legal perspective and from an accounting perspective, and know our managers and clients.”

Although, participants acknowledged that’s easier said than done. Noted LaGrant: Babson Compliance and Risk Group, given the wide variety of different investment strategies and products in the market today, “works hard to keep abreast of the risks associated with the various products Babson is offering, identifying the best plan to mitigate and accept those risks, and determining how these products fit into the various regulatory schemes with respect to both its internal controls and processes and those of our vendors and service providers.”

It’s no wonder why participants also cited the Foreign Corrupt Practices Act as another serious concern. “How closely can you monitor your local managers, and how much of a U.S. influence can you really put on people that are operating in jurisdictions that are not only emerging markets, but also frontier markets?” asked Murtagh. It makes it really difficult to show the SEC the amount of internal monitoring that you’re doing, she said.

Keeping Pace

Finally, because there is no school for compliance, continually developing new staff to keep up with regulations is also a challenge, said Bone. Even if you have an unlimited budget to hire talent, “finding people who have the right skill-set to do the things that you need to get done” isn’t always easy, he remarked.

Lou Iglesias, chief compliance officer of PanAgora Asset Management, noted that those individuals often best suited for the compliance role are the ones who have grown up through the organization and who know the business process and the business units they work with. “These aren’t the ones who always get promoted to manager, but often they’re the ones who have been there longer than their peers, and the ones that people always go to with questions,” he said.

Added Iglesias: Part of the role of a compliance and risk officer is “being a student of history” and learning from past industry mistakes. “And you don’t have to look back too far to find them.”