Thanks to the Turnbull Report and resulting changes to the City’s corporate governance rules, UK listed companies have lately become much sharper at assessing and managing financial risks than they used to be.
But while all risks tend to have a financial effect, many are not financial in nature. Indeed, you only have to look at the recent Sars outbreak to see how such a development can have ramifications that are as severe as something like the collapse of Enron.
Even more serious for many companies are changes to the rules of business or other aspects of society made by governments or their agencies. And yet it seems that few companies see the need to go beyond modelling financial risks to predict the chance of changes to the law or the effects of such changes.
How important a lapse this might be can be seen with the Enterprise Act, which came into operation in June 2003 and is generally regarded as representing the introduction to Britain of US-style rules on cartels and other aspects of anticompetitive behaviour. Moreover, observers feel this new legislation is the latest step in a trend toward what a report published last year by the law firm DLA and the London School of Economics and Political Science called, A new punitive approach to regulation and corporate accountability in the UK.
Since directors are facing personal liability in relation to the actions of their companies, and corporate stakeholders within the City and beyond consider the management of these risks a key issue, the focus on what is being termed regulatory or legal risk is intensifying.
The DLA/LSE report added that even the best-performing companies had some progress to make before they could be said to have “come to grips fully with developments in regulatory risks”. And Professor Robert Baldwin of LSE suggests that – several months on – this is still the case. “What seems to be holding them back is that their number-one priority is operational efficiency – the bottom line,” he says. “This is short-sighted and increasingly being seen as short-sighted by the best companies.”
As he points out, there is ample evidence that the bottom line may be affected by failing to manage risks of this kind. Rather than doing as the report suggested and integrating the approach to such risks within the general risk management policy, too many companies are still being reactive, he believes.
It is a view borne out by the Policy Analysis Group (PAG), a consultancy set up specifically to help companies deal with regulation. PAG’s Charles Miller, a former civil servant, says that by taking such an approach companies are not only better prepared for threats but are likely to be in a better position to take advantage of opportunities.
He accepts that this sort of forward planning has long been a fact of life for Shell and other oil companies, simply because their fates are so tied up with world politics that it is a necessity. Likewise, BT and other regulated utilities have teams dedicated to monitoring policymakers’ thinking and plans. But he believes the rising tide of regulation means that increasing numbers of companies in other sectors need to follow suit.
Though PAG’s research suggests that nine out of 10 corporates believe forecasting political and regulatory risk is “highly important”, the firm is hard-pushed to come up with examples of organisations that are doing it well.
Among the companies that are showing a lead are, says Miller, the consumer goods producer Procter & Gamble and the aero engines maker Rolls-Royce.
Both have systems for picking up intelligence from around their groups that might have an effect on operations. There are processes for analysing this information, assessing whether it constitutes a threat or an opportunity, and working out the costs and benefits of taking action.
It sounds simple, but Miller stresses that it is highly dependent upon the co-operation of management in different parts of the operation. And to make this happen, the buy-in of the FD – as an executive with more clout than the head of corporate affairs or regulatory matters – is vital.
Baldwin is hopeful that things are changing. “I think we may be in a transitional phase in which a number of companies seem to be picking up on the need to manage risks,” he says.
One sign is the oversubscription to LSE’s MSc degree in risk management, and the emergence of specialist advisers at law firms and consultancies.
But, with fewer than one-fifth of the respondents to LSE’s research confident that their companies had reliable risk identification systems, and a third saying that such matters were not discussed at board level, there would appear to be a commitment problem that is going to take more than a training programme to sort out.