Anxiety over the yet unplugged oil leak into the Gulf of Mexico and the discontent over the grim state of affairs more than 25 years after the Bhopal gas leak are two issues that have recently grabbed the news. These are emblematic of the disastrous consequences that industrial activity can sometimes have on society. While several questions regarding the cause of these tragic episodes remain unanswered, vital lessons can be drawn, one of which is the importance of risk management.
Risk management means companies should early on identify the risks emanating from their business activities, assess them, prioritize them and then devise a strategy to minimize any possible adverse impact. This forms an integral part of corporate governance. Given the ever-increasing complexity of risks faced by companies, whether environment, health and safety, financial or fraud risks, the task of managing and mitigating them cannot be delegated to managers down the line. It is a function that ought to receive attention at the highest levels in the corporate hierarchy. There is a need to “set the tone at the top”. The responsibility of oversight of risk management would ultimately vest with the board of directors of the company.
It is not as if regulators in India are oblivious to this concern. Corporate governance norms introduced in the stock exchange listing agreement in 2000 require each listed company to lay down procedures to inform the board about risk assessment procedures.
In practice, though, it is usually the audit committee of the board that is foisted with the risk management oversight role. That committee is already burdened with a wide array of tasks relating to audit and reporting of financial statements, and its ability to effectively carry on the additional task of risk oversight remains in doubt.
While it is laudable that regulators recognize the importance of risk management, what they do is less than adequate. It calls for more detailed treatment.
Boards of companies can lay down comprehensive risk management policies to be implemented throughout the organization. They may define the risk appetite and culture, which can then percolate across all levels. A one-size-fits-all approach may be counterproductive; in fact, it is possible to subject companies operating in sensitive industries to higher standards of risk management. For example, the banking and financial services industry tends to be held to a higher standard because financial risks could lead to systemic problems. Hence, banks are required to constitute risk committees of directors to determine and implement their risk management policy. Similar regulatory requirements should be extended to other industries that are sensitive to risk, such as oil and gas, mining or other sectors that pose hazard to environment and safety. The advantage of such a focused committee is that it can be populated with industry experts.
Boards and, where they exist, risk committees need not be involved in the day-to-day aspects of risk management, but they can provide clear guidance for the rest of the organization to follow. Their emphasis on the importance of risk management and clear channels of communication within the organization would make managers and other employees appreciate the levels of risk tolerance. The experience these experts bring from past disasters helps. For instance, managers could accommodate whistle-blowers, whose calls earlier went unheeded. They could help grant unimpeded access to top management and the board without any risk of persecution. Finally, they can help create a public disclosure on the risk management policy and tolerance levels, to ensure an entirely transparent process.
Apart from board oversight, risk management at a more general level constitutes a shared responsibility across the firm. By treating the risk function in full partnership with the business function, and not merely as a back-office or support function, it will be imbibed as part of the organizational DNA.
More broadly, the way corporate activity affects both the environment and society means that there is a need to start reorienting the incentives of various corporate actors. That means steering clear of judging and rewarding the performance of managers solely by means of their dogged pursuit of profits. Instead, we should explore the possibility of judging performance through non-financial parameters—more long-term and sustainable factors such as environment friendliness and risk mitigation.
Admittedly, constructing such non-financial metrics to realign incentives is a daunting task, but as more people accept that corporations bear a social responsibility, the interests of wider stakeholders—other than shareholders—will begin to get defined and, then, taken into account. The Indian government’s voluntary guidelines in December 2009 on corporate social responsibility are a start in enumerating these interests.
Apart from managers, the incentives of shareholders, too, need to be realigned. If shareholders, whether promoters or other investors, do not succumb to short-termism, stock markets would stop pressuring managements to deliver strong results quarter upon quarter, at the risk of eroding long-term value. While concepts such as socially responsible investing have paved the way for such outlook in the West, they continue to remain nascent in India. If such an investing community became stronger in India, it would go a long way in reducing risky behaviour.
V. Umakanth teaches law at the National University of Singapore
Comments are welcome at firstname.lastname@example.org