When the fraud at Societe Generale burst into view several months ago, I analyzed what went wrong and why in “Why It’s So Shocking Societe Generale Was Shocked” (in the March 2008 edition). Well, now we see that CEO Daniel Bouton is stepping down, which comes as no surprise. He was at the helm when the SocGen ship hit an iceberg that clearly should have been seen and avoided. Management knew the company was in dangerous waters (regulators and others apprised them that damage appeared to have already been done), but did nothing to investigate and steer clear of disaster.
With the more than $7 billion in losses incurred on Bouton’s watch, calls for his ouster started almost immediately, and it seemed inevitable that he would leave. True, he is staying on as board chairman, but he’s been replaced as chief executive by the CFO, who now has responsibility for running the bank.
As we’ve seen in a number of the world’s largest financial institutions—including Citigroup and Merrill Lynch, to name just two—boards of directors, regulators, and investors are holding CEOs accountable for major fiascos. Losing tens of billions of dollars, and consequently requiring huge capital injections at firesale prices, certainly qualifies as a major fiasco. At Bear Stearns, not only is the CEO gone, but also the entire once-prestigious firm no longer exists.
In today’s environment, this result should surprise no one. But the reality is that in many such cases, the CEO never saw it coming.
There are many reasons why that’s the case. From years of experience working with CEOs of some of the largest companies, I believe perhaps the most relevant underlying cause is that these business leaders truly didn’t know the nature or extent of risk their companies were taking on. Worse, they didn’t know what they didn’t know.
How is that possible? Aren’t these companies supposed to have some of the most sophisticated risk-management systems anywhere? We know they deal with ongoing market risk, counterparty risk, liquidity risk, credit risk, operational risk, and so forth and so on. Yet, the losses these institutions suffered stagger the imagination, and have cost the chief executives their jobs and possibly their reputations.
How Good Is Risk Management?
Any company is in business to take risk. How well the C-suite manages that risk directly drives the company’s success or failure. Yes, a sound strategy is critical, as are the people and processes for effective implementation. But identifying and managing risks to achieving the company’s business objectives plays a crucial role in whether the company will succeed, and indeed whether it will survive.
All too often, however, the problem is that the chief executive truly believes his or her senior management team understands what the risks are, has analyzed them, and is effectively managing them—when, in fact, the team doesn’t know the risks as well as they should. I’ve seen this first-hand in major companies in advising how to enhance risk-management processes. Corollary realities are:
The board of directors often is not apprised of the risks, because the chief executive isn’t positioned to provide relevant information to the board.
Managers at lower levels in the organization usually do know what the risks are, but are not reacting to them nor communicating them up to more senior levels.
While there are many companies where this is not the case, in too many businesses it is. It’s worth looking into why.
Going for the Gusto
Of course no single management style or personality profile fits all CEOs. Nevertheless, in many instances there are some commonalities, which influences the focus on risk. First, chief executives typically have a laser-like focus on major growth and return objectives and the strategic and tactical plans needed to achieve them. They look at the positive, identifying opportunities to open new markets, bring new products to the marketplace, and recognize and satisfy customer needs and wants. On top of that, they’re deal-doers, looking to develop new alliances or partners or to build further growth through acquisition. And of course, they spend significant amounts of time with the company’s board of directors on an array of governance issues.
The point is, the chief executive’s mindset is ”forward-moving,” seizing opportunities and motivating direct reports and other senior managers to climb aboard a ship that’s going as fast as possible to the identified goal.
Yes, chief executives are well aware that risks exist. They or their company might have been previously burned, and they may well spend some time on the discussion of risk factors in their annual reports’ Management Discussion and Analysis. But what we’ve seen time and again is that many CEOs presume other senior managers are dealing with the possibility that things can go wrong and that they are well positioned and equipped to manage those risks. That presumption, made unconsciously or otherwise, has resulted in disaster for too many CEOs and the businesses they’ve run.
The Reality
What we’ve seen is that other managers indeed do recognize that risks are inherent in what they’re doing (more so as we move away from the C-suite). These managers deal with day-to-day implementation, working toward their individual and business unit goals. They usually recognize the pitfalls that exist, and depending on the risk-management process in place, may or may not take the necessary actions to counteract those risks.
But even where appropriate risk-management activities occur at some levels in an organization, a problem that happens too often—and which seems to be the culprit of major breakdowns in the large financial institutions recently—is that the communication simply isn’t there. If the risks are known within an organization (which often is the case) but aren’t known at the top, then communication is lacking. And if the CEO doesn’t recognize the nature and magnitude of risk the company faces, then it’s highly unlikely that the board is appropriately apprised.
There’s little doubt in my mind that directors ask many of the right questions of the CEO. Experienced directors have a great sense of whether the chief executive is being straight and forthcoming. Where, then, is the problem at the board level? In several areas:
The chief executive truly has not been apprised of the severity of the risks facing the business and so honestly provides misleading information to the board.
The board doesn’t probe sufficiently and fails to make sure it gets complete and accurate information about the risks.
The board is apprised of risk factors, but does not, for one reason or another, receive relevant information on the aggregate risks, on a “portfolio” basis, related to the company’s established risk appetite.
Motivations
I’ve mentioned in previous columns the crucial importance of how reward systems can provide unintended motivations for people to do bad things. That includes taking chances with shareholder resources for personal gain, whether in the form of positive recognition, bonuses, promotions, or stock price appreciation.
Looking back at what Chairman Bouton said soon after learning of the unauthorized trades, one of the more telling statements was: “We have no explanation for why [rouge trader Jerome Kerviel] took these positions, and we have no reason to believe he benefited from a financial point of view. We don’t understand why he took such a massive position.” It’s truly amazing that anyone would think the only motivation of a trader is to put money directly into one’s pocket. The other motivations (fame, respect, career advancement, to name a few) have been long recognized, and indeed are obvious.
An important point is that any company considering developing or upgrading its risk-management process should recognize the critical relevance of personnel policies and programs, including their measurement and motivating factors, to be sure they have a positive effect not only on goal achievement, but also managing related risks.
Moving On
It’s interesting to note that one week after SocGen announced Bouton’s stepping aside as CEO and it held a farewell party for two managers of the derivatives trading desk who “resigned” in the wake of the scandal, “rouge” trader Kerviel started work at a consulting firm specializing in computer security.
Kerviel certainly did bad things. But as we know, banks and other businesses must have the processes in place and people sufficiently tuned into what’s going on in their business units to manage the risks, in addition to effective internal communication systems. SocGen didn’t, and many have paid the price. Managers ignored the radar screen. Thus, the ship hit the iceberg and took on massive amounts of water, with some officers jumping overboard—and leaving to others who remain the struggle to save the ship and get it back on course.
No comments yet