Appendix B

What Happened in 2007?

One day after a session was over and people were leaving, Justin invited me to dinner.

I knew he had something serious on his mind. Justin does things on his own schedule and time, so I was not surprised that during dinner he regaled me with funny stories about his adventures in New Mexico and his childhood dreams of being a cowboy. As we waited for the dishes to be cleared, Justin turned serious. “I now understand risk management thanks to you. Something has been weighing on my mind, though, and it has nothing to do with PJI. As an expert can you tell me what happened to the U.S. banking system? I know that we were on the edge of the cliff and thankfully recovered somewhat. Was it a failure of risk management?”

I responded, “In my opinion the answer is Yes’ and ‘No.’”

Poor Risk Management Did Not Foster the Great Recession

The reason I say “No” is because what happened in the United States and abroad was a failure of many different systems. An event that wasn’t supposed to happen did happen. True to Murphy’s law, when one institution, such as the mortgage lending system, failed, it triggered a failure of another system, and that triggered the failure of another. Soon it became like a line of dominos in which one fallen domino triggers the next domino and so on.

I refer to this economic meltdown as the Great Recession, a term made popular by media pundits. According to the “experts,” this sort of fiscal collapse was not supposed to happen, yet it did happen. Douglas Hubbard, president of Hubbard Decision Research, said in a December 2009 interview in CFO magazine, “None of the events we’ve experienced was completely unforeseeable, even if it was extremely unlikely.”

As a direct result of the global decline and financial meltdown, these major risks hit businesses all at once:

• A credit crunch

• Volatile commodity pricing

• The size and scope of government debt

• Lingering and high unemployment

• Lower levels of consumer spending

• Local governments’ need for additional revenue

• Escalating oil prices caused in part by political instability in the Middle East

Each of these might be a negative event, yet by themselves they did not cause the Great Recession. They only weakened our economic structures that were supposed to prevent a global collapse.

I believe that, in part, risk management was not to blame for the Great Recession because perfect storms happen, and the best forecasting systems in the world could not have predicted this domino effect going global. It reminds me of a YouTube video that goes viral. No one can explain exactly what creates the feeding frenzy of people wanting to view and forward the video, but it happens anyway.

Poor Risk Management Contributed to the Great Recession

I say “Yes” because even though risk management will not prevent Murphy’s Law, it will serve as an early warning system that calls out, “Danger!” Even though the red lights were on, and signals blared out “Warning! Warning!” no one seemed to be paying close attention. Developing a risk management programme alone does not decrease risk or its negative consequences. The economic crash that preceded the Great Recession was in large part caused by poor risk management. Unwarranted risk engendered by these factors caused the financial meltdown:

• Banks that made reckless bets

• Credit rating agencies that endorsed risky mortgage bonds

• Government regulators who overlooked danger signs until the signs threatened our global financial system

• Advisers and consultants who did not understand the complexity of the securities that were being packaged, bought and sold

The Financial Crisis Inquiry Report published by the Financial Crisis Inquiry Commission in January 2011 concluded that the crisis might have been prevented if banks had been more careful, and regulators had asked tougher questions. According to the report complex investments backed by risky subprime mortgages were barely understood by both regulators and bank executives. Meanwhile the Federal Reserve was the only entity that could force higher standards on lenders that would have slowed the torrent of deals that led to the crisis. The Federal Reserve failed to act quickly enough.

In some situations executives claimed they were blindsided by unknown risks, mostly because they lacked sufficient infrastructure to identify, assess and monitor emerging risks within their organisation and because they were overconfident about their ad hoc approaches to managing risk.

I do believe that if those organisations that were too big to fail and that became the first dominos to fall had honestly been applying the principles of enterprise risk management (ERM), the global economic crisis would not have been as painful and disastrous as it turned out. Notice the big if. They were not applying ERM, strategic risk management or even simple risk management as it was designed to be used.

To me what happened for several years leading up to 2007 was a tale of woe.

Mr Smith invests in a costly and state-of-the-art security system for his expensive and richly furnished home. Smith leaves for a month-long vacation but leaves his system turned off. Upon his return Smith is surprised to find that his house has been burglarised and vandalised. Even though he wants to blame the perpetrators, Smith needs to own his culpability. Smith told everyone about his plans. He failed to cancel his newspaper delivery. He failed to arrange for someone to cut the grass and water the lawn. Smith left all the blinds and curtains shut and did not leave on any lights, inside or out. Worst of all Smith failed to ask a trusted neighbour to watch his house.

I previously quoted Douglas Hubbard who said that much of what happened was unforeseeable and extremely unlikely. He also stated, “The data [that foretold the problem] exists, but we get lost and overwhelmed by it.”

I shared with Justin 10 reasons for my opinion.

Reason One: Unreasonable Expectations

We all know that the rising prices in land and buildings were out of control well in advance of 2007. With land and buildings values growing between 4% and 10% per year, it was an unreasonable expectation that it could continue. Growth in many parts of the economy occurred mostly due to a continuing rise in valuations. Despite many experts and pundits claiming the bubble had to burst, very few people and companies changed their expectations about the future of land and buildings. When the collapses occurred at AIG, Lehman Brothers and so on, the dominos quickly fell. Washington Mutual (WaMu) was one company that had unreasonable expectations about the land and buildings market. Its collapse was unexpected, but now that the secrets are out, it can be viewed as inevitable.

In 2003 WaMu adopted a corporate slogan of “The Power of Yes.” At approximately that same time, the leaders decided to heavily rely on adjustable rate mortgages because Wall Street had a ravenous appetite for them, and the accounting rules of revenue recognition allowed WaMu to book all the revenue up front without needing to be concerned, profit-wise, about the risk of bad debts. Kerry Killinger, CEO of WaMu, had a vision. He wanted his institution to be the biggest provider of financing for the American public. He envisioned WaMu being among the top five retail banks. He made acquisitions, one after the other, that helped him fulfil that dream. Some acquisitions were risky, but he believed the risks were worth it because of his role in carrying out WaMu’s vision and mission.

The primary measurements that Mr. Killinger and his direct reports used to define success were

• share value (stock price).

• quantity of loans sold to Wall Street.

• balance of loans outstanding.

• revenue growth.

When “The Power of Yes” became the cultural mantra, WaMu’s revenue and growth soared. WaMu grew to become the nation’s sixth largest bank. To make this occur its leaders took on even greater risk, with certain decisions:

• WaMu paid large incentives in the form of commissions (as high as $10,000) to agents who brought in applicants and to brokers who steered WaMu mortgages that it could package and sell.

• WaMu’s underwriting employees were pressured to fund the mortgages, but the top producers were lavished with rewards and incentives. One “sweatshop” mortgage centre in southern California produced $1 billion in loans just in 2004. The team’s leader was lavished with bonuses and a perennial member of Kerry’s President’s Club, receiving multiple awards at the club’s annual meeting. Other team leaders wanted to get the same recognition.

In the ongoing investigations of WaMu’s failure, it came out that its mortgage lenders were ridiculed and chastised whenever they turned down a loan application. That was a direct result of “The Power of Yes.” In hindsight the cost of these risks outweighed all the benefits. In July 2008 WaMu reported the biggest quarterly loss in its history: $3.3 billion in the second quarter. The bank added to its loss reserves at a furious pace. The losses from land and buildings mortgage financing ranged between $12m and $19m over the next few years, according to WaMu executives.

Others costs that WaMu could not afford but had to pay were

• having to immediately reduce more than $10 billion in operating expenses.

• getting out of the subprime lending business.

• having to infuse new capital, thus diluting existing shareholders’ equity.

Even these actions were too little too late. The Federal Reserve took over WaMu in September 2008.

The risks WaMu undertook through its unreasonable expectations for profits and growth, focusing solely on the upside of higher than average returns and rapid growth, came back to undermine its finances and reputation. Every opportunity comes with a cost.

Reason Two: ERM Software Was Not Used Properly

It is both ironic and surprising that a majority of the financial institutions that got in trouble in the numerous events that led to the Great Recession all used ERM software. Companies that had ERM software in place were not paying attention to it or taking it seriously.

Other firms were having closed-door debates about whether their investment in ERM was worth it. Although a major investment in ERM software is required to fully implement it, many senior executives of large organisations delayed or curtailed implementation due to the required cash layout. They saw the software as a risky move for several reasons:

• They were experiencing a shortage of cash and other resources.

• They were concerned about the lengthy and challenging implementation process.

• They were not sure that the investment in the software would pay for itself.

Reason Three: Governance Was Not a Priority

Proper governance is big news in business and not for profits and is now a very popular discussion topic. As a direct result of the fallout of the ongoing economic crisis, failures associated with existing risk management processes are already generating calls for reform and increased regulatory scrutiny.

Corporate boards of public companies are under great pressure to explicitly address risk management as part of their governance responsibilities. The need has tremendously grown for boards to ensure that the management team in place is proactively managing risk and preventing fraud. The firm’s management team has a great opportunity to help its board of directors build an organisation’s risk management processes, so the board can focus on strategic risks. Experienced boards want ERM incorporated into their organisation’s governance risk management and compliance initiatives because it requires ongoing assessments of everyday business risk.

This being said, many boards and executives only play the governance game when it is easy. The moment governance gets difficult through the examination of sacred cows, such as executive compensation, stock options and conflicts of interest, governance is pushed aside for more “important” things.

Reason Four: Excessive Demand for Profit of Share Price

In most public companies and many smaller ones, the most “important” priorities are generating profits and increasing the stock value. When the bottom line and share price are the most important key performance indicators, anything that interferes with these priorities gets ignored. Investments in ERM implementation have slowed down because executives and boards are not sure the return on investment is there. Also the implementation is long and expensive, mostly because every employee must be repeatedly trained, and ERM requires an upgrade of many systems and technology. The prevailing belief is that this effort takes employees’ attention away from making sales and increasing profits. We constantly hear from executives that ERM would be nice to have but not if it costs a lot to implement and maintain. Add to that the message that Wall Street sends to public companies: more profits.

Senior leaders create expectations, which is part of their job. A leader needs an internal drive to get things done through people. Yet this drive and zeal can also cause the leader to cross the line. We see stories about CEOs, CFOs and politicians who have gotten themselves into trouble with their relentless drive to win no matter the cost. Kerry Killinger, former CEO of WaMu, is a poster child for this. His drive for ever increasing profits to satisfy Wall Street, in his mind, gave him permission to take the risks that he did, harming his company, its investors and WaMu’s employees.

Reason Five: Assumption Was ERM Runs Itself

The October 2010 report from the Senior Supervisors Group (SSG), comprising financial regulators in seven countries, stated that, despite some recent progress, financial institutions (the first dominos to fall) overestimated the quality of their risk management systems. The SSG reported that despite the failure of their systems in 2007, the banks even today continue to let ERM operate without their involvement. This leads to the practice of allowing ERM to operate at a low level of the organisation without any management concern regarding the risks it uncovers. This is akin to putting your car on cruise control, so you can text while believing the system will warn you when the traffic ahead of you slows down.

Reason Six: Complexity Hid the Problems

Bundling mortgages and turning them into securities was another line of dominos. The underlying assumption of this practice was that as long as the default rate was small, there would be no problems. As soon as real estate values fell, and mortgages went into default, things began to unravel. It appears that all the financial modelling performed was solely focused on the upside of this risk, and apparently the sophisticated algorithms never considered the twin scenarios of falling values and high defaults.

A lot of the risk was hidden or undetected because these deals became more and more complex. A recent survey discussed in the article “Rethinking Risk” in the January 2009 issue of CFO magazine reported on the opinions of 125 CFOs who have intimate knowledge about the securitisation of mortgages and other exotic investment schemes. Sixty-two per cent of these senior executives blamed the 2007-08 financial crisis on risk management’s inability to understand complex financial instruments.

Reason Seven: ERM Was Not an Executive Priority

In February 2011, Deloitte & Touche reported on the results of a survey it conducted on 1,541 executives, Creating a Risk Intelligent infrastructure: Getting Risk Intelligence done. It asked, “How would you rate your organization’s current risk infrastructure capability?”

This is how executives described the status of their programmes:

• ERM is in the initial stage (7%).

• ERM efforts are fragmented (21%).

• ERM is top down (23%).

• ERM is fully integrated (17%).

• ERM is risk intelligent (8%).

• Don’t know or not applicable (24%).

The survey also asked, “To what extent has your organization implemented ‘common’ risk management processes?”

The executives responded along with their reasons:

• Not at all. Have redundancy and lack a common risk language (6%).

• A little. Rationalised some control processes but still lack a common risk language (24%).

• Fair amount. Rationalised many key programmes and share common definitions (33%).

• Great deal. Eliminated most redundant processes and share a common risk language (10%).

• Don’t know or not applicable (27%).

As discussed in the article “Disaster Averted?” in the April 2011 issue of CFO magazine, Deloitte & Touche posed this question to 131 financial institutions worldwide. These firms have an aggregated asset base of over $17 trillion. The survey showed the changes over four years.

Does your organisation have an ERM programme in place?

In 2010

• twenty-seven per cent had a programme in place.

• fifty-two per cent were currently implementing one.

In 2008

• twenty-three per cent had a programme in place.

• thirty-six per cent were currently implementing one.

In 2006

• thirty-two per cent had a programme in place.

• thirty-five per cent were currently implementing one.

Does your organisation have a chief risk officer or equivalent?

• In 2010 86% said “Yes.”

• In 2008 73% said “Yes.”

• In 2006 84% said “Yes.”

Notice that prior to the Great Recession and after, ERM carried the same sense of urgency or importance.

Reason Eight: Black Swans

According to Nassim Nicholas Taleb who coined the term in his book The Black Swan: The Impact of the Highly Improbable, a black swan is an event that has high magnitude and low frequency. For an event to be considered a black swan it has three attributes:

• It is an outlier, which means it falls outside the realm of normal expectations.

• It carries an extreme impact.

• Despite its outlier status, human nature makes us concoct explanations for its occurrence after the fact, making it explainable and predictable.

In most applications of ERM, users focus their attention on normal or frequently occurring risks, even if they are improbable, such as a citywide fire or an epidemic outbreak. Yet ERM could and should be used to include scenarios when brainstorming for potential risks.

Although no one could be expected to predict Japan’s 2011 earthquake, tsunami and nuclear plant explosion, any firm that outsources its entire production facilities to one location is taking on a huge risk. Many U.S. companies that did entirely rely on Japan as their only source of production, such as Toyota and Mazda, were negatively affected. This sort of vulnerability needs to be examined, so the organisation can come up with a backup or mitigation plan.

Similarly, China’s recent decision to limit exports of rare earth elements hurt the automotive, energy and high-tech industries. This might be considered as beyond the realm of possibility, but when something is rare and necessary for your products, it must be discussed in a what if manner. This type of forward pessimistic thinking is what contributes to your organisation having the confidence to survive anything, including a black swan event.

Reason Nine: Attempts to Legislate Out Fraud Were Doomed

ERM, if properly applied, can prevent or at least deter fraud because of the increase in transparency. Any area that could be at risk for fraud from the inside or out will be managed and monitored. Also ERM requires that the cultural norms and attitudes towards ethical conduct be addressed and elevated.

Each time a major fraud takes place, a new law designed to stop the fraud from occurring is enacted, yet legislating fraud does not work. Despite the fraud provisions contained in the Sarbanes-Oxley Act of 2002 and the Dodd-Frank Wall Street Reform and Consumer Protection Act, it is still relatively easy for people to commit fraud, as it was during the days of Enron, WorldCom, and so on. According to the article “Where There’s Smoke, There’s Fraud” in the March 2011 issue of CFO magazine, there is a consensus amongst fraud experts that financial games and unethical practices have markedly increased. The method and ways of committing financial fraud have not significantly changed, and traditional measures of corporate governance still have limited impact on predicting fraud. With the amount of financial malfeasance that takes place, if fraud were the flu, its size and scope would qualify as a pandemic.

Fraud is not a one-time event. It is like a cancer that spreads. The risk consulting firm Kroll reported in the 2010-11 Global Fraud Report that business losses due to fraud increased 20% in 12 months, from $1.4m to $1.7m per billion dollars of sales. Kroll surveyed over 800 senior executives from 760 companies around the world and found that 80% of the respondents reported being victims of corporate fraud over the last 12 months.

In the March 2011 issue of CFO magazine, the article “Where There’s Smoke, There’s Fraud,” states that, often, the institutions that are established to protect investors and the public are not effective. Sam E. Antar is the former CFO of the now defunct electronics chain Crazy Eddie. He and his cousin, the firm’s CEO, were indicted for defrauding shareholders. He now lectures on corporate fraud. Sam, who has an insider’s perspective, is pessimistic about the efforts to prevent fraud. “Nothing’s changed. Wall Street analysts are just as gullible, internal controls remain weak, and the SEC is underfunded and, at best, ineffective. [Bernie] Madoff only got caught because the economy tanked. If I were out of retirement today, I’d be bigger than Bernie Madoff.”

Of course we cannot forget the human element of fraud. Today many people have the attitude, “It’s my turn to get rich,” and they find shortcuts for getting what they believe they deserve. Steve Pedneault heads the firm Forensic Accounting Services, a company that arrives after fraud occurs to assess the damage. Steve commented in the same article, “There’s a lot more employee fraud and embezzlement today than there was 10 years ago, and this past year [2010] there was much more than a year ago. People blame the economy, but much of the fraud and embezzlement that’s coming to the surface now was in the works for four or five years before the recession hit.”

Reason Ten: Accounting Practices Allow Game Playing

As a CPA this one concerns me. The accounting profession has yet to take a position on the enforcement of ethical accounting. This honoured profession can undermine risk management when it allows a firm’s management to bend the rules in their favour. An extensive study was conducted on the failure of Lehman Brothers by the federal government, and its findings illustrate how accounting can allow unethical executives to play a shell game. The collapse of Lehman Brothers illustrates how leaders in an organisation can override efforts to practise proper risk management. This tale contains many of the reasons I cited: unreasonable expectations, governance was not a priority, demand for profit, complexity was hiding the problem, ERM was not an executive priority and existing accounting practices allowed games to be played.

Case Study-Lehman Brothers’ Demise

In March 2010 the report of the bankruptcy examiner outlined the reasons for Lehman Brothers’ failure and described how the firm’s deteriorating financial position led to aggressive and allegedly misleading financial reporting practices. The findings of the report were summarised in the August 2010 issue of Strategic Finance magazine in the article “Lehman’s $hell Game.”

In 2006, Lehman made a deliberate business decision to pursue a higher-growth business strategy. To do so, it switched from a low-risk brokerage model to a high-risk, capital-intensive banking model. Prior to 2006, Lehman would acquire assets primarily to “move” them to third parties, but starting in 2006, it acquired assets to “store” them as its own investments, hence internalizing the risk and returns of those investments. The mismatch between short-term debt and long-term, illiquid investments required Lehman to continuously roll over its debt, creating significant business risk. Lehman borrowed hundreds of billions of dollars on a daily basis. Since market confidence in a company’s viability and debt-servicing ability is critical for accessing funds of this magnitude, it was imperative for Lehman to maintain good credit ratings.

Lehman pursued “an aggressive 13% growth rate in revenues. To support this growth, the company was targeting an even faster (15%) increase in his balance sheet and capital base.”

Lehman’s new strategy drastically increased its exposure to risk because its investments in long-term assets “had more uncertain prospects and were less liquid than its traditional investments. As the subprime crisis unfolded, the company doubled its holdings in illiquid investments” from $87 billion to $275 billion in less than two years. “Lehman couldn’t use these assets to generate cash on short notice or as collateral to borrow funds.”

This practice further increased its risk of potentially large losses should Lehman’s assets lose their value, which they did. “As economic conditions worsened and markets declined in 2007 and 2008, Lehman slid further into financial distress and had to reduce its exposure and leverage.”

“Lehman had difficulty selling its illiquid assets so was unable to reduce its leverage rapidly through typical means.” It could “only offload their assets at a steep loss that would negatively impact the company in two ways. First, recognizing losses on the sale of assets would reduce equity. Second, the market’s negative perceptions of the quality of Lehman’s remaining assets would make it difficult for Lehman to borrow.” In response to its deteriorating ability to borrow huge amounts of cash, “Lehman attempted to paint a rosy—but misleading—picture of its financial health by employing an accounting trick the company called Repo 105’ and ‘Repo 108.’”

“Lehman created a new type of repurchase agreement. While a typical haircut was about 2% for the period under discussion, Lehman took haircuts of 5% for fixed income securities and 8% for equity securities.” For example if Lehman borrowed $100 million, it would transfer either $105 million of fixed income securities or $108 million of equity securities to its lender.

By taking this larger discount, Lehman characterised these transactions as a sale of a security, in accordance with its interpretation of Financial Accounting Standards Board Statement No. 140, Accounting for Transfers and Servicing of Financial Assets and Extinguishment of Liabilities—a replacement of FASB Statement No. 125. Lehman then recorded as a current asset, with an option to repurchase on a specified date, the difference between the value of the securities transferred and the cash received.

No liability was recorded when cash was received. Instead, the Investment Securities account (an asset account) was credited. Additionally, since the difference between the amount of securities transferred and cash received was allocated to an asset account, no gain or loss was recorded on the sale of the securities. Structuring a transaction as a Repo 105 left total assets, total liabilities, equity, and income unchanged at the time of the initial borrowing. This accounting treatment contrasts with a normal repo transaction, which increases both assets and liabilities.

As a separate transaction, Lehman would use the cash it borrowed to “pay down” other liabilities, reducing both assets and liabilities. At a later date, when the cash is paid back and the securities “repurchased,” the journal entry to record the purchase would [recognise the discount (haircut) as an interest expense].

Again, for all intents and purposes, the transaction looked and smelled like a loan, not a sale.

While the use of Repo 105 accounting had no material impact on the income statement, there was a significant impact on the balance sheet. Whereas accounting for ordinary repurchase agreements increases both total assets and total liabilities, Lehman’s Repo 105 accounting didn’t increase either assets or liabilities in the first leg of this transaction. When the cash proceeds from Repo 105 and 108 transactions were used to settle liabilities, both total assets and total liabilities were reduced, equity remained unchanged, and the leverage ratio improved.

Lehman continued to receive the stream of income through coupon payments from the securities it transferred. Additionally, just as in an ordinary repo transaction, Lehman was obligated to “repurchase” the transferred securities at a specified date. “Moreover, Lehman used the same documentation to execute both Repo 105 and ordinary repo transactions, conducting these transactions with the same collateral agreements substantially with the same counterparties. Thus the two transactions were similar in substance but differed significantly with respect to their balance sheet impact.

Since Repo 105 was a more expensive source of financing compared to ordinary repo agreements, its usage was timed around the end of reporting periods.

Here’s how this worked. The total amount of Repo 105 transactions on February 28, 2008 (the end of the first fiscal quarter) was $49 billion. This dipped to $24.6m as of April 30, 2008. At the end of the second quarter (May 31, 2008) it jumped to $50.4 billion.

“Asset reduction and the consequent liabilities reduction were critical to Lehman because of its urgent need for short-term financing. To obtain favorable financing terms and maintain investor confidence, Lehman had to maintain its superior credit rating as well as a favorable report from financial analysts.”

Lehman defined its leverage ratio as net assets divided by equity. Its measurement of net assets eliminated certain types of assets from total assets, including intangibles and assets held as collateral. A reduction in net assets without a corresponding change in equity reduces the leverage ratio and boosts a company’s perceived health. Accounting for a transaction as a Repo 105 instead of an ordinary repurchase agreement reduced assets and improved Lehman’s leverage ratio.

The use of Repo 105 improved Lehman’s reported net leverage by as much as 1.9 percentage points.

In hindsight it’s clear that Lehman’s reported leverage ratios misstated the company’s financial position, and, arguably, the amount of the misstatement was material.

The foremost concern ...is Lehman’s assertion that its Repo 105 transactions satisfy certain criteria in SFAS No. 140 that seem to proscribe their treatment as short-term loans and thus require accounting for them as sales. Since Lehman was apparently the only bank using Repo 105-type transactions during this time period, and since apparently no U.S. law firm would support Lehman’s accounting treatment, the conclusion that Lehman’s interpretation of SFAS No. 140 had “general acceptance” seems tenuous.

As for disclosure of its risk and deviation from generally accepted accounting principles (GAAP),

a review of Lehman’s 10-K and 10-Q forms won’t reveal Lehman’s use of Repo 105 transactions ... Since the only apparent purpose of executing Repo 105 transactions in lieu of ordinary repo transactions was to manage Lehman’s leverage ratios in its financial statements, Lehman’s management must have known Repo 105 activity would affect users’ judgments.”

Lehman was entitled to collect interest and dividends from the “sold” securities. Additionally, Lehman used identical contract agreements and paperwork to document both normal repurchase agreements and Repo 105 transactions, implicitly acknowledging that the transactions were similar in substance.

In its conclusion the bankruptcy examiner’s report stated, “Lehman Brothers failed to adhere to the principles contained in [other accounting profession guidelines].” Its management unwisely acted and failed to implement an ethical culture within the organisation. In using its Repo 105 and 108 transactions, Lehman may have complied with the letter of existing financial reporting rules but definitely not the spirit. The actions it took were certainly unethical and intentionally misleading in order to cover a serious problem. Top management at Lehman failed to reinforce the system of internal controls. They were intent on reporting favourable leverage ratios and structured transactions to hide the substance and incredible risks without regard for the ethical implications of their actions.

Lehman Brothers, like WaMu, claimed to have formal risk management programmes in place prior to its demise.

The Moral of the Case Study

GAAP is guidelines established by the accounting profession to advise public companies on the proper way to account for turnover, expenses and so on. These principles are not rules or laws, only guidelines, so a company can choose to apply a principle in a way that makes it look good, as Lehman’s management did.

GAAP is often criticised as being rules based and as serving as a poor model for reporting profits because it permits the recording of transactions in a way that emphasises form over substance. Management accountants and auditors, however, violate professional standards whenever they allow their employers or clients to apply GAAP in a manner that deliberately obscures the economic substance of the transaction. A core objective of proper financial reporting is that the form of an accounting practice is irrelevant. What’s relevant is its economic substance. Even though Lehman claimed the Repos 105 and 108 were a sale by the way the transaction was recorded (the form), they were actually loans (the substance). Lehman used this form over substance approach for two years before it imploded.

Although one could argue that Lehman’s external auditors are at fault for failing to detect and report shortcomings in their financial reporting process, the ultimate responsibility lies with Lehman’s management for developing and using Repo 105 for the purpose of managing its balance sheet.

The final key lesson from Lehman’s and WaMu’s implosions is that corporate governance must apply to all organisations. The need for an ethical culture is perhaps greatest when an unplanned event occurs. Without a policy to refer to, employees will develop a course of action they believe represents the official policy of the organisation. Their actions will be based on what they believe are the organisation’s values or moral code, but that may not be the case.

Sign of the Future?

Ernst & Young issued a report, The multi-billion dollar black hole: Is your governance, risk and compliance investment being sucked in?, on governance in the financial sector, the industry whose actions caused the first dominos to fall.

Now, in the aftermath of the most severe economic crisis in a generation, they [financial and investment institutions] are acutely conscious of the need to demonstrate sound risk management. They believe that their reputations, customer loyalty and even their credit rating and access to capital depend on it. Some reports suggest that financial institutions alone will spend about US $100 billion globally on mitigating risk in 2010; others indicate that US companies alone will invest US $29.8 billion over the same period.

Ernst & Young also reported that “69% of companies believe that investors and shareholders increasingly look to [risk management] as a measure of their corporate stability. Companies are unwilling to tolerate and unable to afford lapses in risk management and, as a result, they spend even more shoring up their [ERM] capabilities as a defence against failure.”