By DAN REYNOLDS, senior editor of Risk & Insurance®
People could probably argue forever about the effectiveness of the Securities and Exchange Commission. When Goldman Sachs succeeded in wrapping tens of billions of dollars in questionable mortgages together, called them an investment, and convinced AIG to insure them, people blamed a sleepy SEC for not stopping the whole thing, and those people could be right.
And certainly, the face and manner of the SEC changes as frequently as does that of the person that occupies the White House. But going forward, the SEC may have just uncorked a piece of regulation that, if effectively enforced, could make up for its past shortcomings, be they real or alleged.
What's known as SEC Rule No. 33-9089 was approved on Dec. 16, 2009, and went into effect on Feb. 28, 2010. The rule tells publicly traded companies, among many things, that the SEC wants them to document the role its board of directors is playing or has played in assessing such things as executive compensation and how that impacts the risk profile of the company.
In essence, the regulator is asking companies to show investors that there is visible, working linkage between risk management and compensation: not demanding or mandating it, mind you, but asking for it.
It's a beautiful piece of work, according to Mathew B. Allen, a New York-based enterprise risk services and global practice leader for Marsh, because it has the potential for taking the responsibility for enterprise risk management and driving it solidly into the C-suites and the board of directors' meeting rooms.
"It's sitting squarely in the hands of senior leadership now," is how Allen sees it.
"I don't know how the message can be made more clear. Regulatory guidance is now officially pushing an advanced risk management requirement into the C-suite. By logical extension, the board is now involved. Short of activity-level requirements, you can't ask for anything more detailed than what the SEC has asked for regarding board involvement in the risk management process," Allen said.
Here's just a few things that the SEC is asking for, according to a Marsh white paper on the topic.
The SEC is asking that companies examine compensation policies and practices at business units:
-- That carry a significant portion of a company's risk profile.
-- With compensation structured significantly differently from the rest of the company's business units.
-- That are significantly more profitable than other business units.
-- Where compensation expense is a significant percentage of the unit's revenues.
The SEC is also asking that companies take a hard look at compensation policies that vary significantly from the overall risk and reward structure of the company.
With this rule being so new, the tone on the street is similar to that of a bunch of boys standing by a deep pool in a stream and seeing who is going be the one who has the courage to leap in first.
"It's a little bit like a game of chicken right now," said Marsh's Allen.
"We're waiting to see who in the marketplace is going to do it, one, and do it in a comprehensive way. Then a wider swath of the marketplace will determine whether or not that's the right approach. In simple terms, there will be several different approaches, and the market will determine the desired version," he explained.
There is also a lack of certainty about what sort of penalties the SEC might bring to bear if companies don't comply with this new rule.
"I think there is going to be some leeway with respect to what the SEC is looking for," said Allen. "The Feb. 28 date is in the interest of giving a start point. When do you start bearing down on the marketplace regarding compliance, I don't know. My guess is that you'll see more formality around it in the next 12 months, but this all depends on the different types of responses we see in the filings," Allen said.
Fair enough. But let's consider this, shall we? The SEC has created a rule and whether the SEC will give it some real teeth in the terms of penalties remains to be seen. But the fact is that the rule exists and is now in effect.
Let's say your company has no linkage between compensation and risk management. Let's say your company hasn't even done an assessment of that relationship, which is what the SEC is asking for.
What happens when your company suffers a significant deterioration in its stock price, its net income or some other measure of its financial health and draws the attention of investors' plaintiff attorney? Do you think that attorneys will look at this new SEC rule and vet your company on its adherence to it? How much do you want to bet they will and that you might face a follow-up lawsuit that will strike your directors' and officers' liability insurance policies right in the teeth?
"I have not talked to a director on any board that is not concerned about it," said Allen.
"There are a lot of different questions, and I would call them much more critical questions related to exactly what their role is related to risk management. Specifically, what are they liable for? You don't have to look very far or be an actuary to realize that the directors of the companies at the epicenter of the economic meltdown are going to be involved in lots of legal proceedings and/or will be in court for a long time. The question then moves quickly to the tactical act of deciding how that personal exposure will be managed," Allen said.
April 1, 2010
Copyright 2010© LRP Publications