Reform Goes Beyond Legislation

Corporate leaders, regulators must manage better, transform culture.

There comes a point in complex policy debates when voices of realism — or lower expectations — take control. It happened in the two big legislative battles of the past year in the United States: health care and financial reform. The resulting bills were “not perfect” or “not everything we would have liked to see,” went the common refrain, but they were “the best we could accomplish” and “better than doing nothing.”

This is not purely an American pattern. Central banks, regulators and parliaments throughout the G-20 zone are confronting similar limitations as they try to establish global standards and principles to “learn the lessons of this crisis so we don’t doom ourselves to repeat it,” as President Obama said in his April 22 speech to Wall Street leaders.

But this crisis has not met its match in policymaking, and it is unreasonable to expect otherwise. No single speech — let alone the thousands upon thousands of words of academic and popular literature expended so far on those lessons and potential solutions — can do complete justice to all the institutional failures and systemic breakdowns that are, or need to be, undergoing repair.

Authorities have haggled over such matters as capital and liquidity requirements, trading rules for derivatives, and which agencies should supervise which firms. The result may prevent a repeat of 2007 and 2008 — the last war, so to speak — but even perfectly targeted rulemaking cannot abolish certain realities. Among these are business cycles, the likelihood of unanticipated or “black swan” events (perhaps the principal lesson of the recent meltdown), the vagaries of human behavior and inevitability of human error.

Some things, alas, cannot be legislated. Stringent capital ratios and supervision can have an effect on the way institutions are run, but they go only so far in establishing the trust, confidence, management discipline and checks and balances that make for a well-functioning industry.

Missing from legislation, and ultimately beyond its reach, are corporate leadership and culture. Bankers seem to be on to this. Witness their heightened organizational sensitivity to risk management. In a survey last year covering more than 100 major financial companies worldwide, Deloitte & Touche found that 53 percent of chief risk officers reported to their CEO, and an overlapping 52 percent of CROs reported to the board or a board-level committee. Those figures were up from 42 and 37 percent, respectively, in 2006.

The effectiveness of these reporting lines, their influence on corporate values and how risk management fares within cultures that disregarded or disdained it during the boom remain to be proven through the next crisis. Management quality is one factor that supervisors assess, but it needs to be more than just a checklist item — and risk management must be foremost among the concerns.

What about those regulators and supervisors? Their errors have been well documented, as in the endless buck-passing when Bernard Madoff’s wrongdoing was brought to the Securities and Exchange Commission’s attention and in the failure of the SEC or any of several other bodies overseeing American International Group to catch its credit derivative shenanigans. Regulators must come to grips with leadership and cultural gaps akin to those of the firms they oversee.

Here, too, structural steps have been taken. Last fall, Sally Dewar, who had been overseeing wholesale markets supervision at the U.K.’s Financial Services Authority, became managing director for risk, reporting to CEO Hector Sants. Concurrently, Obama-appointed SEC chief Mary Schapiro upgraded the midlevel Office of Risk Assessment (established in reaction to the Enron Corp. and WorldCom debacles) to a full-scale Division of Risk, Strategy and Financial Innovation, naming University of Texas law professor Henry Hu its director. Schapiro sent a clear, culture-changing message. Hu brought in other noncareer regulators as advisers, including hedge fund veteran Richard Bookstaber, author of 2007’s prescient crisis narrative A Demon of Our Own Design.

Time — and the enforcement of these new rules and standards — will tell if regulators have sufficiently raised their game. Their numbers and latitude to take action are not lacking, but their education level could use a boost, according to Promontory Financial Group CEO and former top U.S. bank regulator Eugene Ludwig. Speaking in April at the annual economics conference of Bard College’s Levy Institute, Ludwig noted, “You can’t get a degree in supervision and regulation,” and suggested that something beyond the traditional “apprenticeship training” would be better preparation for 21st-century challenges.

Former Federal Reserve chairman Paul Volcker conceded that even the boldest regulators will have difficulty slamming the brakes on a questionable activity or innovation when times are good, likening the situation to “removing the punch bowl when the party is in full swing.” Said Volcker: “You need structural elements in the system, a few guideposts of what is and is not appropriate.”

Jeffrey Kutler is editor-in-chief of Risk Professional magazine, published by the Global Association of Risk Professionals.

Related