Future Students, Alumni & Visitors

Archive for the ‘Legislation’ Category

Boards Should Not Misjudge Regulators

When a regulator advises corporate directors that progress on gender diversity is “simply not good enough,” that is code that the status quo will not continue, and that more regulation may result. And the second wave of regulation is often worse than the first.

Regulators have limited levers at their discretion. They are not going to come into boardrooms and assess performance. Thus, they are tending to land on numbers: ranging from 9-10 years for director tenure and 25% – 50% quotas for women.

Once or if this happens, directors will complain that the regulator is imposing a ‘one sized fits all’ or ‘check the box’ solution, when directors had the chance to act but chose not to. We have seen this pattern before. Paradoxically, directors may choose not to act, waiting for stronger regulation, to which they can then point and say, “now we have no choice.” Even the CEO of a major bank told regulators, “you should push us on gender targets.”

Canadian regulators have adopted a flexible and progressive ‘comply or explain’ approach to director term limits and gender diversity.

The progress recently reported is, in a word, inadequate: Only 19% of boards surveyed have term limits; only 14% disclose written diversity policies; and only 7% have targets for women on their board.

Our comply or explain regime has the disadvantage of permitting explanations that are irrelevant or spurious, such as targets for women not being adopted because candidates are selected based on merit, as if both goals are mutually exclusive. There is not an excuse for inadequate governance progress that I have not encountered.

But the real reason for the above low figures, which is not in the public domain, is self-interest. Why would any director, particularly an over-tenured male director, agree to a policy that moved him out of the boardroom? Directors speak in code publicly, but in private interviews, many open up. I had a 28-year director tear up when I recommended a 12-year term limit for his board, without grandfathering.

The academic evidence in favor of director term limits and diversity is becoming more clear: Diverse groups make better decisions. And over-tenured directors are worse for innovation and shareholder value. Regulators – in several countries – are acting. Regulators want independent directors who are the most qualified sitting in boardroom seats. As they should.

In Canada, regulators have not imposed quotas or term limits, but these should not be ruled out if inadequate progress continues. Regulators have asked boards to articulate their own numbers, and why that number works for them.

This brings us to what directors and boards should be doing to forestall further regulation. Here are my recommendations:

  • Do not misjudge the regulator, or the importance of gender diversity for the new federal and the current provincial Liberal governments. Tone-deaf boards should listen.
  • Act on conflicts of interest. If a tenure or diversity policy affects one or more of your directors, excuse these directors from the room. They should not influence the decision.
  • Do not assume director consensus. There are directors who believe that other directors have outlived their usefulness and should be replaced.
  • Land on a target. If your board has zero women, start with one woman as your target. Targets should be aspirational and dynamic.
  • If you think 9 years is too low for director tenure, choose 12 years. 15 years is on the high end, and companies are landing on 12, particularly large, complex companies. But pick a target.
  • If you do not pick a target for director tenure, then you best have a rigorous and consequential peer director assessment regime, whose output is actual director resignations. The evidence is that many boards do not have or do this.
  • Do not assume that your board can draft an inadequate tenure or diversity policy, and that this will go unnoticed. The regulator is offering guidance and examples of robust policies.
  • Own the policy. Draft the policy yourself, or have an independent advisor assist you. Management or company advisors are not independent. They work for you and have a vested interest in keeping you satisfied.
  • Watch for past practices that might bias women, including assertions that your talent pool is shallow. If your talent pool are directors whom you know, rather than the best directors available, then you best enlarge your talent pool.
  • Regulators are giving you an opportunity to craft policies that work for you. Do so. No director is irreplaceable, and directorships are not lifetime appointments. But if you believe a particular director’s tenure is advantageous, use average director tenure or have exceptions built into a policy to give you degrees of freedom.

The regulatory evidence, above, is that boards may be incapable of changing from within. As such, regulators will act when boards do not.

UBS’s $2B fraud: Teachable moments for risk management, corporate governance & banking regulation

After the 2008 financial crisis, I wrote to Professor John Hull, a derivatives expert at University of Toronto’s Rotman School, and asked whether the boards of investment banks should have directors with derivatives expertise on them. His response was “There is no question in my mind that a large financial institution should have on its board people (perhaps 2 or 3) who understand derivatives and other complex financial products. They should also receive stress test results. One of the problems is that, although stress tests are carried out, their results are often ignored by senior management.”

We now are witnessing a stunning 2B alleged fraud by a 31 year-old so-called “rogue” trader – one Kweku Adoboli – at the Delta One desk (read: ETFs – Exchange-Traded Fund and index related trading) of UBS, who had intimate back-office booking knowledge of how trades are reconciled with counterparties. This is a teachable moment, namely that the risk management, corporate governance and banking reforms to date have been wholly inadequate. The 2008 crisis can occur again and “Too Big to Fail” has not been addressed.

We need to admit that most – if not the vast majority – of corporate directors simply do not understand complex derivative products, and we are demanding too much of them when we expect that they do. If we want directors to understand derivatives, they need to be chosen differently. A current or former CEO may not understand. And there is evidence that CEOs do not make better directors. A common refrain from directors I interview of large complex institutions is “Richard I don’t understand.” And these are very senior business people. In the words of one Chief Risk Officer of a bank, “Directors cannot possibly understand.”

Derivatives experts exist. They have narrow subject-matter expertise. What are the odds this type of person would be asked to serve on an investment bank board, pushing back on management all the time, when management and directors themselves select one another under the current system, rather than directors being selected by shareholders? The derivatives expert may not be asked because “they haven’t run anything.” As we move towards expert and diverse boards, these types of individuals need to populate boards to make them more effective.

Next, the trader, Mr. Adoboli, is not simply a “rogue” as UBS maintains. He is an employee operating within a system of deficient internal controls. The bank, the management and regulators are at fault.

Surveys and studies indicate that risk management is presently inadequate. There needs to be a significant restructuring of risk and assurance of risk. Risk management is a cost, and money spent on internal controls to mitigate risk does not contribute to the bottom line. CEOs resist, boards don’t understand, and regulators need to regulate.

The BP disaster resulted from flawed risk management according to expert reports. NewsCorp phone hacking is flawed risk management. The Canadian corporate governance guidelines on (National Policy 58-201) mentions the word “risk” twice in its entire set of guidelines, and the risk management provision is twenty-one words in length (section 3.4 c). Many governance codes addressing risk are similarly sparse and written at high levels, with rare exception. Without proper regulation, as a “stick,” boards have little to point to in insisting on robust risk management and internal controls.

When a CEO or CFO attests to a board of directors that the internal controls over risks are adequate, that attestation should be subject to external review, especially for operational risks such as environmental compliance, information technology, bribery, or complex derivatives – whatever it is that can materially affect – and if unchecked bring down – a company.

Internal controls exist – authorization of transactions, electronic safeguards, segregation of duties, control limits, and prevention of manual override. They cost money to implement and are often perceived by management as a “drag” on profit-making.

The rigor of internal controls over financial reporting for S-Ox needs to apply to all major business risks, not just financial. Companies will resist because of cost and distraction, so policy choices needs to be made. Are we willing to live with trusting a CEO?

More needs to be done as well in the governance context. Here is advice to the chairs of investment banks, in light of UBS:

The chair of the compensation committee should retain an independent compensation consultant to study the compensation for each material risk-taker, and report to the chair on how their remuneration is incenting adverse risk-taking. The compensation consultant must tailor risk-adjustment advice to suit that bank, and comply fully with all Basel Committee on Banking Supervision reports and recommendations. (Any blowback by management that we need to pay our people and traders this way or they will move to a competitor should be met by requests for empirical evidence, which, according to Ken Feinberg, the former US pay czar, does not exist.)

The chair of the audit committee of the investment bank should instruct internal audit to complete a thorough review of the design and effectiveness of internal controls over all trading activities, and report directly to the chair. The chair should approve the budget, resources and work plan. If the head of internal audit is not up to the task, the chair should fire him or her and find someone who is. If necessary, external assurance providers —not the external auditor— should be retained by the chair as well, and report directly to the committee not management.

Next, the chairs of these two committees, together with the board chair should meet with the CEO and CFO to inform them of the above two studies, and direct them to cooperate fully with all requests for information. Directors need to direct more, if and when required.

How many chairs have the fortitude to do this, I wonder? If directors are there to control management, then they must have the statutory authority and resources to do so.

Lastly, regulators need to regulate if and when required. Specifically, all regulators should separate, permanently, global wholesale/investment banking’s proprietary trading from retail banking. Otherwise taxpayers will be on the hook for a very dangerous industry, akin to “casino gambling” by critics. It is totally unacceptable that one person, reputed to have “bet $10bn,” can cause this much damage. If you multiply it, with contagion, the investment banking system is broke and dangerous. Regulators need to address this issue. It has been three years since the financial crisis. In the words of Martin Wolf, a member of the UK’s Independent Commission on Banking, “No sane country can allow taxpayers to stand behind such risks.”

The Dodd-Frank Wall Street Reform and Consumer Protection Act ~ Significant Corporate Governance and Financial Services Changes Forthcoming

On July 15th, after passing the US House of Representatives, the US Senate passed, by a vote of 60 to 39, the Dodd-Frank Wall Street Reform and Consumer Protection Act.  The Act was signed into law by President Obama on July 21st.  This legislation (over 2,300 pages) is the most significant omnibus financial services and corporate governance legislation since the Great Depression.  Mary Schapiro, the Chairwoman of the Securities and Exchange Commission (SEC), called it a “giant step.”  Paul Volcker, former Chairman of the US Federal Reserve, said the bill “must be supported by more effective and disciplined regulation and supervision.”  The President remarked, “For years, our financial sector was governed by antiquated and poorly enforced rules that allowed some to game the system and take risks that endangered the entire economy.”

Here are some of the most significant highlights of the Act:[1]

  • “Say-on-pay” – Shareholders will have a right to a non-binding vote on executive pay and “golden parachutes” arising from mergers and acquisitions.
  • Proxy access – The Act affirms the authority of the SEC to create rules over proxy access (these are forthcoming).
  • Board leadership – Companies must disclose and explain whether the board chair is independent and separate from the CEO, as well as the structure of their board leadership.


  • Women and minorities – The Act creates an Office of Minority and Women Inclusion at each of the federal banking and securities regulatory agencies, to coordinate assistance, address diversity matters and seek diversity in the workforce of regulators.


  • Clawbacks – Companies must recover executive incentive pay derived from incorrect financial statements.
  • Compensation committees and compensation disclosure – Compensation committees must have fully independent members and advisors.  Committees must disclose the relationship between past compensation and company performance, and the ratio between the median annual compensation of all employees of a company, excluding the CEO, and the annual compensation of the CEO.
  • Oversight of compensation in the financial services industry – The Act requires full disclosure of incentive compensation.  Regulators can prohibit any incentives deemed excessive or that could lead to significant financial losses.


  • Hedging – There is to be full disclosure of directors’ or employees’ use of instruments to hedge against decreases in the value of the company’s shares.
  • Broker voting – Beneficial owners must consent for a broker to vote shares on their behalf.


  • Consumer protection – The Act provides for the creation of an independent Consumer Protection Financial Bureau with clearly defined oversight powers to develop rules and enforce them, to educate the public and, more generally, act in the interests of consumers.
  • Investor protection – The Act also provides for the creation of the Office of Investor Advocate and an Investment Advisory Committee for investor protection.  There is to be increased funding and resources provided to, and management reform of, the SEC, the creation of a SEC program whereby whistleblowers are incented financially to come forward (with the promise of 30 percent of funds recovered), and SEC authority to impose a fiduciary duty on brokers who give investment advice.
  • Derivatives trading – There is to be central clearance and exchange trading for derivatives that can be cleared, a code of conduct applied to swap dealers and participants, and enhanced market transparency and regulatory oversight for over-the-counter derivatives.
  • Systemic risks – The Act provides for the creation of the Financial Stability Oversight Council with expert membership and technical expertise.  There are strict rules for leverage, capital standards, liquidity and risk management.  Non-bank financial companies will come under regulation.  Finally, there will be the power to require large, complex companies to divest some of their holdings, subject to risk assessment.
  • Too big to fail – “Funeral plans” are to be submitted by large, complex financial companies to the Orderly Liquidation Authority and other regulators, and to the Treasury Secretary, who ultimately will determine whether the “failure of the financial company would threaten US financial stability.”  Orderly liquidation mechanisms (with judicial review) will provide for shareholders and creditors to bear losses and management and culpable directors to be removed.
  • Reform of the Federal Reserve – The Act provides for enhanced audit, transparency, governance and supervisory accountability of the Federal Reserve, the election of Federal Reserve Bank Presidents by elected and appointed directors who represent the public (not by members elected to represent member banks), and limits on emergency lending and debt guarantees to an individual entity.
  • Mortgage reform – Lenders are to ensure the ability of borrowers to repay.  Penalties are to be imposed for irresponsible lending.  Consumer disclosure is to be strengthened and consumers are to be protected from high cost mortgages.
  • Hedge funds – There is to be registration with, and trading portfolio disclosure to, the SEC and greater state supervision of hedge funds.
  • Credit rating agencies – The Act creates an Office of Credit Ratings at the SEC and requires the examination of “Nationally Recognized Statistical Ratings Organizations.”  These organizations are to have independent boards, disclose methodologies and track records, consider independent credible information, pass qualifying exams for personnel, institute continuing education, and address and disclose conflicts of interest.  The SEC is to create a new mechanism to prevent issuers of asset backed-securities from picking the agency that provides the highest rating.  Regulatory requirements for externally-sourced ratings are to be reduced and investors are to be encouraged to conduct their own analyses.  Investors are to have private rights of action against rating agencies.
  • Volcker rule – Proprietary trading by banks and investment in and sponsorship of hedge funds and private equity funds are to be prohibited, with small exceptions.
  • Credit card fees and scores – The Federal Reserve is to issue rules to ensure fees are reasonable and proportional.  Consumers are to have free access to their credit score as part of an adverse decision or action taken that is detrimental to the consumer.
  • Securitization – Companies selling mortgage-backed securities are to retain at least five percent of the credit risk and disclosure of the underlying asset quality is to occur.
  • Extraction Industry – The Act requires public disclosure of payments made to US and foreign governments relating to commercial development of oil, natural gas and minerals.

The above legislative changes are significant and far-reaching, affecting investors, consumers, credit rating agencies and financial services companies.  Several new and powerful regulatory offices are created, with recommendation and rule-making abilities yet to come.  The Act marks an end to regulatory deference to the financial services sector and signals a firm regulatory hand in this vital sector in the US.  There is no doubt that corporate governance practices in US financial services firms will need to adapt quickly to the new landscape.  Boards of non-financial firms should take note too as changes in this sector could signal further legislative and regulatory changes more broadly.

[1] Majority voting, interestingly, was not included in the legislation. Anne Simpson, head of corporate governance at Calpers, calls the lack of majority voting, coupled with proxy rules applied only to uncontested elections, a “big hole” in the Act. The Financial Times reports, “without majority voting [in the Act] to allow shareholders to remove incumbent directors, proxy access is next to worthless.”  See “Investing: Rules of Engagement” The Financial Times (July 11, 2010).