Where Angels Prey

Where Angels Prey is a novel by Ramesh S Arunachalam. Please refer to www.whereangelsprey.com for more information

Wednesday, April 6, 2016

The Governance of Compensation: Lessons From The 2007/2008 Financial Crisis!

Ramesh S Arunachalam 
Compensation is indeed a very sensitive and critical aspect in the governance of banks and financial intermediaries and in my opinion, it is one factor that perhaps accelerated and/or led to the 2007/2008 financial crisis. The Financial Crisis Inquiry Commission (FCIC) Final Report[i] (Dated January 2011) also concurs and indeed states compensation as one factor, among many, that contributed to the financial crisis of 2007/2008 in the United States and elsewhere! And I quote the relevant sections from the FCIC report below:

“Both before and after going public, investment banks typically paid out half their revenues in compensation. For example, Goldman Sachs spent between 44% and 49% a year between 2005 and 2008, when Morgan Stanley allotted between 46% and 59%. Merrill paid out similar percentages in 2005 and 2006, but gave 141% in 2007—a year it suffered dramatic losses.[ii]

As the scale, revenue, and profitability of the firms grew, compensation packages soared for senior executives and other key employees. John Gutfreund, reported to be the highest-paid executive on Wall Street in the late 1980s, received $3.2 million in 1986 as CEO of Salomon Brothers.[iii] Stanley O’Neal’s package was worth more than $91 million in 2006, the last full year he was CEO of Merrill Lynch.[iv] In 2007, Lloyd Blankfein, CEO at Goldman Sachs, received $68.5 million;[v] Richard Fuld, CEO of Lehman Brothers, and Jamie Dimon, CEO of JPMorgan Chase, received about $34 million and $28 million, respectively.[vi] That year Wall Street paid workers in New York roughly $33 billion in year-end bonuses alone.[vii] Total compensation for the major U.S. banks and securities firms was estimated at $137 billion.[viii](FCIC Report)

In effect, what was happening was that, in all these firms, the focus was on the short-term performance, incentives, and compensation when, in reality the risks (which existed) were mostly, medium and/or long-term. And of course, the regulator and law/policy makers sat and watched as compensation soared way beyond acceptable levels and firms started paying as high as 50% of their revenues in compensation.

Did not the regulators and policy/law makers find it strange that: a) Goldman Sachs spent between 44% and 49% of its revenue a year on compensation (during the years 2005 to 2008); b) Morgan Stanley allotted between 46% and 59%; and c) Merrill paid out similar percentages in 2005 and 2006, and more importantly, gave as high as 141% in 2007 (a year it suffered dramatic losses). What, on earth, were the regulators and policy/law makers doing?

The above are just few instances, and as we have moved through the financial crisis of 2008 (but are still recovering from its aftermath), there are several important lessons here with regard to the governance of compensation in the larger financial sector that we all need to understand and come to terms with. I will try and articulate some of these here for their benefit of various stakeholders.

Lesson #1: Lack of arm's-length decisions and negotiations: The governance of remuneration and incentive systems seems to have (apparently) failed because decisions and negotiations (carried out) were not been at arm's length. Conflicts of interest at various levels have aided such improper decision-making and negotiation and much of this is applicable to remuneration and incentive systems for a range of senior management personnel and not just the CEO or managing director or chairman of the board. While there are several examples from the 2007/2008 financial crisis, the paragraphs cited from The FCIC offer good factual insights.

Lesson #2: Inordinate level of influence of senior management in establishing remuneration schemes: In my opinion, senior management generally appears to have had far too much influence over the level and conditions (including measures) set for performance based remuneration. On the other hand, boards were often unable to or, sometimes, even incapable of exercising objective, independent judgement. Here again, there were serious conflicts of interest, which certainly exacerbated this whole issue - in fact, this has been one of the most important reasons for inaction by the board against inappropriate remuneration proposals of senior management at many of the institutions at the centre of the 2007/2008 financial crisis.

Lesson #3: Medium and long-term risks are not taken into account: In many cases that I have closely observed, the relationship between performance and remuneration has been rather tenuous and, sometimes, even difficult to establish, especially given the nature of the operations. A very critical aspect here is that medium as well as long-term risks were rarely factored into the whole process - something that should have been done naturally. How can the rewards be in the short-term, when the risks are medium-long term?

Lesson #4: Complicated and opaque remuneration schemes: The remuneration schemes have also been fairly complicated and also opaque in terms of shrouding actual conditions in the operation of the scheme and the consequences. What I am saying is that these (operational conditions and terms) are perhaps not clear and obvious to the naked eye of an unassuming observer. These conditions also tended to encourage excessive and mindless (growth and) risk-taking and especially with a short-term orientation.

Lesson #5: Mere disclosure is not transparency: While transparency (in some cases) did exist in terms of disclosure, several institutions couched the main characteristics of their performance related remuneration programs in verbose technical language and thereby made it very difficult for comprehension to the normal reader. In fact, it was very difficult to get comprehensive information on (a) The total cost of the remuneration program to the institution; (b) The specific performance criteria and measures along with their conceptual and operational definitions; and (c) The manner in which remuneration has been adjusted for relevant risks-especially, medium- and long-term risks (which is so relevant today). That from a shareholder’s perspective was NOT ideal by any means!

Without question, institutions will surely need to have remuneration and incentive systems that focus and encourage at least the medium-term, if not long-term performance. This, in turn, means that they must choose to reward their senior management after some actual performance has been realised and that has not usually been the case - there are several examples of high front-loaded bonuses paid to senior management executives and the results are there for everyone to see. In fact, this single minded focus on the short-term incentives and compensation needs to be changed to reflect the medium- and/or long-term performance and operations. That is very critical going forward!

Also, remuneration at many of these institutions does NOT seem to have been established through an explicit governance process where the roles and responsibilities of all stakeholders involved, including committee members, consultants, risk managers and others, were clearly defined and separated (without conflict of interest). The roles given to non-executive independent board members in the process - although they may seem somewhat appropriate -again appear to be laden with serious conflicts of interest. And finally, while remuneration policies are sometimes submitted to the annual meeting and subjected to shareholder approval, much of this seems to be a routine matter, with minimal (informed) discussion because of aspects mentioned earlier.

Therefore, as has been often mentioned, "Compensation is one factor among many that contributed to the financial crisis that began in 2007. Official action to address unsound compensation systems must therefore be embedded in the broader financial regulatory reform program, built around a substantially stronger and more resilient capital and liquidity framework. Action must be speedy, determined and coherent. Urgency is particularly important to prevent a return to the compensation practices that contributed to the crisis.”[ix]

I sincerely hope that the regulators and supervisors (worldwide) focus on this aspect and ensure that the same compensation practices and incentives that (adversely) affected institutions in the United States in 2007/2008, do not impact the larger financial sector in the future again!

[ii] Goldman Sachs, 2006 and 2009 10-K; Morgan Stanley, 2008 10-K; Merrill Lynch, 2005 and 2008 10-K.
[iii] “Gutfreund’s Pay Is Cut,” New York Times, December 23, 1987.
[iv] Merrill Lynch, “2007 Proxy Statement,” p. 38.
[v] Goldman Sachs, “Proxy Statement for 2008 Annual Meeting of Shareholders,” March 7, 2008, p. 16: Blankfein received $600,000 base salary and a 2007 year-end bonus of $67.9 million.
[vi] Lehman Brothers, “Proxy Statement for Year-end 2007,” p. 28; JP Morgan Chase, “2007 Proxy
Statement,” p. 16.
[vii] New York State Office of the State Comptroller, “New York City Securities Industry Bonus Pool,”
February 23, 2010. The bonus pool is for securities industry (NAICS 523) employees who work in New
York City.
[viii] “Banks Set for Record Pay, Top Firms on Pace to Award $145 Billion for 2009, Up 18%, WSJ Study
Finds,” WSJ.com, January 14, 2010.
[ix] Quoted from BIS paper on Compensation and Corporate Governance, 2010.

Tuesday, April 5, 2016

Effective Control Systems at Investment/Commercial Banks and Other Financial Intermediaries: The Key to Accountable and Responsible Operations

Ramesh S Arunachalam

The importance of having properly functioning (effectively implemented) internal control systems[i] at investment and commercial banks and other financial intermediaries needs to be strongly emphasized, especially in the context of what happened in the lead up to the 2008 financial crisis. In fact, self-regulation, as a much touted and effective mechanism, miserably failed primarily because ‘internal controls’ were either absent or compromised at the major investment/commercial banks and financial intermediaries concerned (FCIC Report, 2011).

While specific examples of such internal control failures will be dealt with in a separate post, this one (in a series of posts) takes a look at such control systems and provides practical (starter) suggestions to investment/commercial banks/financial intermediaries[ii], regulators, policy makers, and other stakeholders on how (best) to structure such systems so as to achieve the goal of accountable and responsible operations in real time.

Having said that, let us now move on to substantive issues related to the control system.   

The formality of any control system will depend largely on an INSTITUTION’s size, the scale and complexity of its operations, its risk profile and so on. Less formal/structured internal control systems at smaller INSTITUTIONS can be as effective as highly formal/structured internal control systems at larger (and complexly structured) INSTITUTIONS. But the key is that every ‘INSTITUTION’ should have an internal control system, this system should be commensurate with the size, scale and complexity of its operations and most importantly, the system should actually work on the ground in real time.  

Many of the problems with investment/commercial banks/financial intermediaries[iii] could have (perhaps) been avoided in the lead up to the 2008 financial crisis, if and only if, the concerned INSTITUTIONS had an effective and appropriate internal control system operational in the first place—one that did not merely exist on paper but was rather implemented in reality. This is something that the concerned INSTITUTIONS (be it investment/commercial banks/financial intermediaries) will have to self-assess, with regard to their respective organizations and bring about the necessary changes. Regulators/supervisors and other stakeholders could also enable these INSTITUTIONS to assess the quality[iv] of their control systems and make the necessary changes.

That said, what then are the key components of such a system?

In my opinion, an effective control system (at any INSTITUTION) should have five key elements:

a)      An appropriate control environment,
b)      Supported by a proper risk management system,
c)      With control activities commensurate with the size, scale and complexity of operations,
d)     Aided by a transparent and accurate accounting, information, and communication system, and
e)      Backed by dispassionate, objective and independent self-assessment/monitoring.

Having set the context, let us now look at what each of these elements mean in reality through a series of posts. And in this first post, I focus on the strategic element of the “appropriate control environment”, an issue that is seldom thought about in practice but one that I believe is very (if not most) crucial to the long-term survival of the INSTITUTION.  

Why should each and every INSTITUTION have an appropriate control environment?

This is because the control environment is the foundation on which the institution’s control system is (to be) built. Basically, it reflects the board’s[v] (and also senior management’s) commitment to strong and effective internal control at the INSTITUTION. In other words, it provides the discipline and structure to the entire (internal) control system. Without this commitment by the board of directors (and senior management) to strong and effective controls, no (internal) control system (however well designed and structured) can actually work on the ground. And this commitment must clearly be visible throughout the INSTITUTION—for all staff to see and emulate. Let us be clear on that as otherwise accountable and responsible operations can never be the order of the day! Just look at the 2008 financial crisis which is replete with examples where board and senior management themselves showed scant respect for the control system that was (to be) in place at their INSTITUTIONS. They were equally guilty of ‘control system’ breaches due to their aggressive risk posture (s) caused by a compensation system that hugely rewarded short terms gains, when the risks were in fact medium to long term.

And who has to play a crucial role in establishing this at an INSTITUTION?

At a very basic level, it is an INSTITUTION’s board of directors (perhaps along with and through senior management) who must assume responsibility for establishing and maintaining an effective internal control system that: a) meets statutory and regulatory requirements (if any); b) protects the INSTITUTION, its assets, operations, investors and other stakeholders; and c) responds to changes in the INSTITUTION’s environmental conditions. They need to ensure that the control system operates as it is intended to and is also modified (appropriately) when circumstances so dictate. Again, there are so many examples from the 2008 financial crisis that tell us that at many so called big and supposedly well run INSTITUTIONS in the United States, this sadly did NOT happen! And in India, the case of the erstwhile SATYAM COMPUTER’s is a great example where highly reputed independent directors[vi] merely sat on the board, watching the fraud that was being perpetuated by the founder promoter[vii]

And for discharging the above duties, the board of directors must fully understand the risks that the INSTITUTION could face, set the acceptable limits for these risks, and ensure that senior management takes the steps necessary to identify, monitor and control these risks. In turn, the senior management must then take the responsibility to implement the strategies approved by the board, to set appropriate internal control process/procedures, and to monitor the effectiveness of these process/procedures. There can be no substitute for this. And not to sound like a broken record but the fact of the matter is that this did not happen in the lead up to the 2008 financial crisis at many of the big institutions!

This makes it quite clear where the main responsibility for control rests and that is fairly and squarely on the strategic shoulders of the INSTITUTION’s board of directors (along with the senior management)—not on the compliance and audit departments. Please note this critical issue. However, having said that, everyone in an institution should share the responsibility to some extent and that is where the board (through the senior management) must play a catalytic role in shaping a positive control culture throughout the entire organization so that all stakeholders within the INSTITUTION respect the control system and act in accordance with it. Thus, a key task for the board (through senior management) is to establish the right culture within the INSTITUTION—a culture in which the importance of internal controls is STRONGLY stressed, and high ethical and integrity standards are promoted and adhered to. And this culture cannot be determined simply by what the board or top levels of management (merely) say in their policy pronouncements - it will have to be judged more importantly by what they (actually) do in real time?

For example, do the INSTITUTION’s policies (remuneration etc) reward risk-taking at the expense of accountable and responsible operations? For example, the pressure (at INSTITUTIONs) to achieve faster growth through highly innovative financial products have been known to be associated with remuneration policies that reward (immense) short term risk taking by individuals within INSTITUTIONs. And a related issue here is the question of whether the board/senior management displays a casual attitude towards breaches of (control) limits? Do they encourage the right attitude towards regulatory and/or control system compliance? Is there backing and respect at board/senior management levels for the internal audit and compliance functions?

Thus, the response of the board/senior management of the INSTITUTION to these kinds of issues will clearly determine how other staff (at the INSTITUTION) actually behave in practice, including their attitude to control issues and the overall control environment. This point needs emphasis here! If the board and senior management are casual towards control system breaches, then, managers and others down the line will behave in a similar or worse fashion, showing total disregard for control system limits. This is what happened at many big institutions in the 2008 financial crisis!

In summary, it is the responsibility of the board (along with senior management) to see that there are no differences between policy statements and actual implementation with regard to controls. This will go a long way in building a positive control culture at the INSTITUTION, which is a very necessary and integral component for building a proper internal control system, which, in turn, is very vital for accountable and responsible operations in real time.

[i] The term control system is used synonymously with the word internal control system
[ii] The term INSTITUTION is used to refer to commercial banks, investment banks and other kinds of financial intermediaries, as defined in common parlance!
[iii] Please see FCIC Report (2008)
[iv] Judging the quality will require not merely the examination of whether or not an appropriate internal control system exists on paper but rather studying if indeed what is said on paper actually works on the ground. That is the key to making inferences about quality.
[v] Board = Board of Directors or Equivalent as may be as per the legal form of the institution as per the relevant laws in the country of incorporation.
[vi] A separate article on independent directors will be posted!
[vii] The first court pronounced the founder promoter of Satyam (Ramalinga Raju) guilty, in line with his own famous confession dated Jan 2009. An appeal court is said to have however suspended the sentence however but the case is on-going. Nevertheless, it must be remembered that the founder promoter (Ramalinga Raju) himself self confessed to perpetrating a major fraud at the erstwhile Satyam Computers.