Tag Archives: Compliance Risk

Who is the Keeper of the Black Swan?

Posted on by
Reply

BLACK SWANS And Supply Chains

What happens if your key supplier goes out of business?  What happens if your logistics channel suddenly breaks?  What happens if you can’t ship to your top customer?  What happens if the recovery stalls? Within the last several weeks, we have all seen the news about the impact of serious events impacting enterprises’ supply chains:

-          Tsunami in Japan and subsequent events

-          Civil unrest in Egypt, Syria, Libya, etc.

-          Significant escalation of the price of oil

-          Sony’s PlayStation network outage

-          Oil disaster in the Caribbean (one-year anniversary)

While many have documented the importance of having contingency plans and identifying risk along the end-to-end value chain (from suppliers’ suppliers to customers’ customers), I cannot help thinking about who within an enterprise is ultimately responsible for managing risk? Is there a different answer depending on the nature of the risk? Are there thresholds below which identified risks should be managed by decentralized functional or business unit management?

The organization’s CFO or Treasurer is traditionally responsible for managing “financial” risks but many of the recent Black Swan events are operational in nature, significantly impacting not only supply chains but financial results as well. If the CFO/Treasurer is responsible, does that individual have the competencies necessary to assess and mitigate operating risks? Does the CFO/Treasurer have visibility to the information needed to make the right calls and create adequate contingency plans?  If not, what then?

Is the Chief Operating Officer (COO) or supply chain leader responsible for these kinds of risks? If so, do those individuals have the requisite competencies and or authority to manage the potential financial impact? Does the COO/Supply Chain leader have the appropriate information and tools required to plan for risks that are well outside of the normal variability of supply / demand events? Who communicates and coordinates with the Suppliers? Customers? Employees? Public? Is it and should it be the same person, a group acting in consort or several individuals acting independently? If capacity becomes constrained, who decides which customers get the “limited supply of product”?

At a higher level, are there DECISION PRINCIPLES and GOVERNANCE STRUCTURES in place to help an organization clarify roles and responsibilities? If not, the speed with which an organization can react to Black Swan events may be significantly longer than necessary. A set of pre-determined decisions or rules with set tolerances/thresholds would eliminate confusion and accelerate decision-making during undoubtedly difficult situations.

Should there be a “committee” of the supply chain organization and the CFO/Treasurer groups to identify potential operational risks, assess the likelihood of occurrence, estimate potential impacts to each stakeholder group, set guidelines or rules, establish ultimate accountability, and periodically review contingency plans for adequacy? Or, should “risk” be parceled out with various functional leaders

As the events referred to above continue to unfold and are resolved, there will certainly be a case study of how well each enterprise handled the events and the speed with which they were able to react.

Did you like this? Share it:

Risk Management Lessons From Barings Bank (RIP)

Posted on by
Reply

Today’s post is from Dr. Lowell Yarusso, Senior Vice-President, Talent Management, of The MPower Group (TMG) and a contributor to the News U Can Use TMG blog.

In February of 1995, the financial world was shocked to its core. Barings Bank, the 200 year-old flagship bank of the British Empire, the bank that financed the Louisiana Purchase and funded the Napoleonic Wars, among other historic accomplishments, declared bankruptcy. What had happened? There was a massive failure in risk assessment and risk management. As a result, Nick Leeson had run amok on the Singapore Exchange. By the time his superiors figured out what had happened, the bank faced a $1.4 billion shortfall and its directors had no alternative but to declare the bank insolvent.

It is instructive to speculate on whether or not Leeson would have been successful were he not half a world away from his bank’s headquarters in London. In a sense, Barings had outsourced a large share of their futures and derivative trading staff. If the five third-party risk categories cited by the Office of the Comptroller of the Currency (OCC) were faithfully and regularly assessed, Barings may have averted financial disaster. The five risk categories OCC looks to are:

  • Strategic Risk
  • Reputation Risk
  • Compliance Risk
  • Transaction Risk
  • Credit Risk

The OCC’s risk assessment guidance indicates that these five categories apply to any function or service the FSO might consider outsourcing. When services are taken off-shore, it is imperative that “Country Risk” be added to the list. The remainder of this article will focus on the unique aspects of these six risk categories for financial services firms.

Strategic Risk: The risk arising from adverse business decisions or improper implementation of those decisions.

Strategic risk is an issue anytime a third-party conducts banking functions or offers products and services in lieu of the bank doing so. Going off shore adds to those risks in three key ways:

  • Distance
  • Experience
  • Cost

Distance between the FSO’s home office and the off-shore provider’s location can significantly increase strategic risk. Oversight of an off-shore provider typically requires on-site review of processes, management, personnel, and so on.

Compounding the distance issue is the FSO’s potential lack of experience in overseeing off-shore operations. Lack of experience in assessing third-party risk can make managers too willing to accept “black box” explanations (“You don’t need to know how we do it; focus on the outputs”.) Finally, the decision to move the function off-shore is often driven by cost factors.  There can be a reluctance to make expensive trips that were not part of the economic analysis supporting the off-shoring decision.

Reputation Risk: The risk arising from negative public opinion.

For Barings, this one is obvious. Your reputation takes a big hit when you declare bankruptcy. Similar (though less spectacularly destructive) “image problems” abound in the current economy. The image of many financial institutions in the U.S. will long be tarnished by the image of “millions of dollars in bonuses on the taxpayers’ dime”.  For FSOs, this risk gains significance given the importance of good faith and trust to successful financial dealings.

Compliance Risk: The risk arising from violations of laws, rules, or regulations and / or from nonconformance with internal policies, procedures, or ethical standards.

The OCC guidance on this risk area is clear. The FSO is responsible for compliance, regardlessPrivacy of who actually does the work. It is critical that the off-shore provider and its management be brought into the FSO’s cultural and ethical milieu. The evaluation of potential suppliers must include a detailed and comprehensive assessment of organizational alignment, especially around cultures, values, and ethics.

Transaction Risk: The risk arising from problems with service or product delivery.

This risk relates most directly to the off-shore supplier’s inability to actually deliver the products and services promised.  It not only “Acts of God”, it also includes situations where the third party’s internal systems, processes, etc. are not compatible with the FSOs. Ability to deliver goes beyond the technical issues of competence with a system or process. It is important to also evaluate the way in which the process is implemented by the people who are involved.

Credit Risk: The risk arising from an obligor’s failure to meet the terms of their contract or otherwise to perform as agreed.

Credit risk is a measure of the FSO’s financial vulnerability based on obligations that are passed through from the third-party’s action to the FSO. This risk has two dimensions. First, what are the financial implications if the provider breaches their contract? Second, what are the financial implications of customers, underwritings, programs, etc. that are established by the provider acting as the agent of the FSO? One of the dangers of outsourcing in general and off-shoring in particular is the temptation to erroneously assume that, because the FSO was not directly involved, there is a wall of separation between the FSO and any financial impact that results from obligations of the third-party provider.

Country Risk: The risk that economic, social, and political conditions and events will have an adverse impact on the third-party relationship.

One impact of an ever shrinking world is a significant increase in the risk that country differences in, for example, the technical and / or legal definition of fraud will affect results. It is critical that part of the selection process include gaining upfront knowledge of such issues as:

  • How stable is the country’s political system?
  • Which country will have jurisdiction should legal issues arise?
  • How will differences in accounting practices impact both operations and reporting of results?
  • Are there restrictions / limitations on the flow of capital into and, more importantly, out of a given country?
  • What is the ethical climate in the provider’s local business community?
  • And so on

A key point is that this risk does not go away. There must be an ongoing process to remain current on the political, social, economic, etc. evolution of third party nations over time.

Conclusion:

Going off-shore is a viable option if outsourcing is a viable option. Taking the third-party provider off- shore does increase the risks, however. As we have discussed here, FSOs must actively manage those risks to ensure financial integrity and stability over time and to comply with the OCC’s third-party risk guidelines. To manage these six risk factors successfully, two key questions need to be asked throughout process: “Can They?” and “Will They?”  It is highly likely that the next Barings Bank will fall victim to third-party and not to internal providers. Risk assessment and risk management are the only way to reduce the likelihood of occurrence and the impact of adverse events in an off shore environment.

[polldaddy poll=3645227]

Did you like this? Share it: