During the recent subprime crisis in the highly interconnected banking and financial services in the US, banks did not seem to know one another’s appetite for risk. They (and other investors) also do not seem to have been able to rely on auditors and rating agencies of counterparties to provide an objective measure of the latter’s financial position. This is surprising in a post-Sarbanes-Oxley world, where almost all information and controls are supposed to be monitored.
Some years ago, as the CFO of an entity that was listed on NYSE, I was exposed to the full force of the Sarbanes-Oxleys law, or SOX. For a period of nearly 12 months, teams of auditors explored the innards of business at our offices in Montreal and New Jersey, documenting every step of our processes and ensuring that whenever there was the likelihood of a control weakness, this was patched up, and furthermore ascertaining if we were following these processes. Little credence seemed to be placed merely on the views of senior management, and written evidence was always sought. Every month, hundreds of copies of documents landed on my desk for signature, and were then analysed, signed, dated and mailed back. In addition, many of us in the finance team kept copious notes and emails proving that we reviewed what was under our watch. This process, although seemingly onerous, has more positives and negatives. CFOs and accountants have a duty to review, track controls in an overt manner and codify their views on a piece of paper. This is what good bureaucrats do in the government, and a lot of finance is all about governance.
Many of the organizations that have between them written off over a hundred billion dollars of value during the so called subprime crisis were audited and were subject to the rigours of SOX. It should be fair to assume that the same process was carried out at Citibank, Merrill Lynch, UBS and Bear Sterns. The public would surely want to know why SOX, a law that has more teeth than a buzzsaw, missed it and what can be done to prevent a recurrence of such a crisis.
The Sarbanes-Oxley process asks some hard questions. Auditors are expected to query the tone at the top, i.e., the approach of the senior management to risk and controls. They are asked to explicitly review reports of credit agencies, internal auditors and risk management committees and comment on the same. Most specifically, there is an expectation that there will be a long and hard look at any liability that is off balance sheet and which may become contingent on the company at a later point in time. In a similar vein, rating agencies do look closely at the now maligned securitized contracts, often requiring of banks the credit history for each pool of securities on a monthly or quarterly basis. When such pools are not being collected, warnings and downgrades are expected to come sooner than later.
These questions are not asked casually over a beer at the closest pub. They are required to be responded to with written evidence and sign offs from the senior management. It is difficult to be persuaded, as many articles have us believe, that “nobody understood what the risks of subprime lending was”. Opacity is rarely accepted by either auditors or rating agencies as an argument. When something is complex to understand or unclear, there is a duty of responsibility to err on the side of conservatism and raise a red flag.
Competition, that most important requisite of a well-functioning economy, requires free and impartial sharing of information. Firms that truly run their business well are the ones that ought to obtain capital from the markets, and others should find the going difficult. Audit firms and credit rating agencies are often the oil that lubricates these markets and this time they seem to have missed a trick. Although there has been no evidence so far of wilful misrepresentation by either the auditors or rating agencies as was the case during the corporate crises involving Enron and WorldCom, this is the more worrisome aspect of the current crisis. If we cannot understand what were the root causes of the watchdogs having missed signals that they are paid to look for and report, there is no way to avoid these in future.
So, how can we improve transparency in the system? In order to further insulate rating agencies from the pressures of their client, it will make sense to make investors rather than issuers of debt pay for the rating and also place a restriction on raters from doing other business with their clients. Similar restraints were placed on statutory auditors through Sarbanes-Oxley.
It would also be desirable to be able to have a more detailed description of the rationale underpinning the rating given by credit raters and an exposition of why the raters believe what is placed before the shareholders to be true. It would also be useful to make public what new data leads to downgrades, and whether it might have been possible to guess that event earlier.
There is no single answer to this issue. What is however clear is that within five years of the implementation of one of the most stringent laws in the world, we again face a situation where shareholders are not able to rely on custodians of accuracy. Rating agencies and audit firms would do well to examine why they missed signs of a crisis and make these reasons public so that others may avoid those pitfalls in future.
Govind Sankaranarayanan is CFO, Tata Capital Ltd. He will write every other Friday on issues related to governance. The views expressed in this column are personal. Write to him at firstname.lastname@example.org