CHAPTER 3

Risk Management and Corporate Finance

Frank Moxon

Evolution Securities Limited

Introduction

It is tempting in today’s heavily regulated securities industry to think that risk is something to be eliminated or avoided in order both to achieve full regulatory compliance and maximize profitability. All business activities, however, involve some degree of risk and most entrepreneurial managers, at least, acknowledge that risks often need to be taken in order to gain a competitive advantage or to secure higher financial returns. Among the issues, therefore, facing senior management in any business enterprise are:

  • the identification of key risks within the business;
  • the establishment of an effective risk management and reporting system to record the actual incidence of risk and ensure that it is mitigated quickly and efficiently; and
  • the review, maintenance, and upgrading of those systems from time to time.

While senior management may not fully understand certain ­business activities under their control, as was clearly demonstrated in the Nick Leeson affair at Barings Bank, a well thought-out operational risk ­management system should enable them to control and mitigate risks in these areas.

There is a wide range of risks faced by any investment bank but those in corporate finance tend to be specific to that particular discipline. In contrast, many of the risks faced by staff trading in equities, bonds, and currencies or advising or acting as an agent for private, institutional or other investors are identical or at least fairly similar in nature. To this end, it is essential that in establishing an effective operational risk management system for a corporate finance business the experience and expertise of a firm’s central management team is optimized by the flexible application of the professional expertise of the firm’s senior corporate finance ­practitioners. If handled properly, this in itself can be an educational and ­performance-enhancing experience in its own right. In the words of ­General George Patton, “Don’t tell people how to do something. Tell them what to do and let them surprise you with their ingenuity.”

Other chapters in this book cover the main concepts behind the need for and the effective management and measurement of risk management procedures in general. During the remainder of this chapter, I intend, mainly, to restrict the subject to the issues faced by corporate financiers in particular.

Overall Risk Environment

There is often a tendency among corporate financiers to consider themselves to be in a far less-risky environment than their trading counterparts. After all, corporate finance is a profession governed by financial services laws and regulations, market rulebooks, and internal procedures ­manuals. The corporate financier is often aided by legal and other ­professional advisers and can usually count on his compliance department to act as an additional resource in times of doubt. As much as regulators might operate, often retrospectively, as policemen, they can also act as helpful consultants or interlocutors, for example, the UKLA readers involved in some Official List transactions.

To this fortuitous mix of “how to” guides and help on hand can be added other resources and structures provided by the corporate financier’s own firm. Staff have been selected using rigorous recruitment ­procedures and, as their time is served, acquire years of relevant transaction experience and other necessary life skills. They are then organized into transaction teams or other structures designed to maximize ­efficiency and skills coverage. They are regularly trained and attend continuing professional development courses. Senior members of the firm vet new transactions and the head of corporate finance maintains regular contact with corporate finance directors and their teams to ensure that all problems arising and the risks they bring with them are recognized and dealt with on an efficient and timely basis. As if this were not enough, engagement letters with corporate clients often contain sweeping indemnities in favor of the corporate financier’s firm. So, what could possibly go wrong?

Sadly, life is not so simple. Regardless of all these aids and benefits, corporate finance business involves a number of risks. At an internal staff level alone, these can present a number of issues for senior management to consider when formulating operational risk management ­systems. At one extreme is the rogue employee. He presents the, hopefully unlikely, ­scenario of an individual who overrides systems, either willfully or through incompetence, resulting in damage to the firm and its clients. This risk should be mitigated through careful selection procedures and internal transaction monitoring. At the other extreme is the scenario of the truly conscientious employee who is faced with a difficult professional decision within the bounds of his own operational competence and authority but who makes a wrong judgment call. This risk should be mitigated by internal transaction monitoring systems, adequate training, a clearly understood company policy on acceptable risk levels and a work environment in which consultation and risk reporting are considered by all to be an available benefit.

Nevertheless, both these extremes along a particular operational risk curve remain potential threats regardless of the preventative measures a firm may put in place. The US diplomat, Edward J. Phelps, reminds us, “The man who makes no mistakes does not usually make anything.” Risk can be mitigated but can rarely be eliminated altogether.

General Risk Areas

There are a number of risks facing the dealing and trading areas of broking firms or banks that do not necessarily affect directly their corporate finance counterparts such as currency risk, hedging risk or, per se, systematic risk. Nevertheless, other macro risks are relevant, including:

  • Market risk. Significant market movements or, more often, general market sentiment can adversely affect ­corporate finance business if they result in timetable delays or an ­inability to secure investors in sufficient numbers to fund transactions.
  • Credit risk. Brokers and bankers often deduct fees from funds remitted to their clients and therefore suffer little or no credit risk once a transaction has been successfully ­completed. Some transactions, however, involve raising funds for ­companies that are, without such new funds, an effective credit risk and there is always the potential for a dispute with a client resulting in nonpayment of fees.
  • Financial risk. Other than nonpayment of fees and loss of fees due to adverse market conditions terminating transactions, this has other relevant forms such as underwriting risk and, in rare cases, events such as the incurring of additional legal fees outside of those normally covered by the client.
  • Regulatory risk. There is always a risk that the rules themselves are infringed on a transaction but other important regulatory risks can be overlooked. These would include, for example, the risk that transaction files have not been properly maintained, perhaps even with vital documents missing.
  • Litigation risk. This tends to be a rarity and, sadly, when it does occur is often when least expected. From a risk ­management point of view, this can be difficult to detect or prevent as there is always the possibility that the litigation can be very successfully defended (that is, it should never have arisen).
  • Reputational risk. This can usually be avoided, if adequate due diligence procedures are maintained, but is sometimes embraced as part of the acceptable risks of a particular ­transaction. Risk management systems should be designed to cope with both scenarios.
  • Operational risk. This covers most other identifiable risks from staff errors and inadequacies to the risks inherent in any particular transaction. For example, in the financing of natural resource transactions, country risk, political risk, and legal title risk are key considerations on many transactions.

These are the sorts of risk that need to be taken into account in the macro sense when creating risk management systems for corporate finance departments. Next, some of the micro risk considerations are considered.

Specific Risk Areas

It is useful to start by reflecting on some fairly basic questions before responding to a request by the compliance department, the risk management department or senior management to assist with the development or refining of risk management systems and their application to corporate finance. It can be difficult for corporate financiers to wrestle with the fact that there are inherent risks to their business. In a peculiar way, precisely because corporate financiers are often by nature either control freaks or risk-takers, or an interesting combination of both, they can, in conceptualizing appropriate risk management systems, be their own worst enemies.

To this end, the sort of questions that should be framed before sitting down to design any corporate finance-related risk management system might include:

  • Can the risks be identified? What sort of risks are they? Can they be easily recognized or categorized? Can they be prioritized or graded in some way? It is also important to consider what sorts of liabilities are involved. This might be a turnover or balance-sheet issue or it could have a nonmonetary impact, reputational for example.
  • What sort of timetables are involved? Some risks are relatively instant in their occurrence such as the discovery of fraud or a failure picked up as part of a due diligence process. Other risks may be contingent or otherwise involve a longer time frame such as a financing transaction for a client whose ­financial survival is dependent upon the success of the ­fundraising.
  • Are staff adequately qualified, trained, and experienced? This question can be extended in a number of different directions and, where weaknesses are identified, teams can be assembled with a view to covering all necessary skills and degrees of experience. At a basic compliance level, it is also important to ensure that employees are actually familiar with relevant internal codes such as the department’s procedures manual and the firm’s own ethos and approach to risk. On another level, consideration needs to be given to mitigating risk in situations where regardless of the skill and experience of those involved the transaction is unique, the first of its kind or where factors involved in executing the transaction have not been encountered before.
  • On a related issue, are staff properly incentivized? An incentivization policy centered purely on revenue generation may, without adequate safeguards, expose the firm to an unacceptable level of risk. At the same time, employees are often encouraged to take risks or make executive ­decisions to address risk as part of their mandate procurement and transaction execution responsibilities and need to be ­incentivized accordingly. The key issue is to ensure that the financial and other interests of both employer and employee are aligned at a level of business risk acceptable to the firm.
  • Does the firm have an adequately disclosed culture or policy in respect of risk? Clearly, whether written or oral, it is important that these things are readily accessible to and understood by staff. Apart from internal regulations and compliance manuals, the tools for inculcating such values and implementing successful risk controls may include, for example, committees to screen new business proposals and authorize the entering into of underwriting and other financial risks.
  • Are conflicts of interest adequately identified and resolved? This applies not only to conflicts of interest within the firm but also those applicable to individuals such as personal account dealings and nonexecutive directorships held.
  • Are transactions adequately monitored internally? Risk management systems need to cope with a range of different scenarios here. Some transactions may involve a degree of contingent risk that needs to be monitored until resolved. In other situations, a material adverse change may occur during a transaction and need to be resolved. It is important not only that the system can identify and monitor risks but also that staff operate in a culture where risks, adverse circumstances and even mistakes can be readily reported and discussed without fear of retribution.
  • Are due diligence, documentation, and other transaction-­processing and reporting procedures adequate? On the one hand, too much bureaucracy and form-filling can stifle deal flow and general effectiveness. On the other, risk management ­procedures must be able to identify failings in the system, whether human or systematic, that could expose either the firm or its corporate clients to unnecessary ­levels of ­commercial or regulatory risk.
  • Is the firm winning or losing clients? Most firms can expect a reasonable degree of client and indeed staff turnover as part of the ordinary course of business. Even if the firm is gaining clients on a net basis, it is important to monitor leavers and understand their reasons for doing so. There are times when a firm is simply experiencing a bad period. Most likely, there is an underlying trend, identification of which might prevent undetected client management issues from ­manifesting themselves as material commercial or ­regulatory problems.
  • Does the firm learn from its mistakes? This is not simply a ­question of accepting that a risk has transposed itself into a problem but also of amending procedures both at the operational level as well as the risk-management level in order to benefit from the experience. In a business that involves a high degree of risk as a matter of course, recognizing honest ­mistakes and learning from them is sometimes more important than identifying scapegoats.

This is not an exhaustive list, if indeed such a thing exists. There is a slightly nebulous aspect to this general scoping process in that manifestations of risk in the form of problems or other negative outcomes are often quantitative. The damage can be measured in terms of a financial cost or loss. However, identifying and grading the sort of risks that a risk management system should manage has a qualitative aspect. It requires judgments to be made, often subjectively, on the potential issues involved.

Selecting Appropriate Key Risk Indicators (KRIs)

Having established what sort of risks are involved in a corporate finance business, at both a macro and a micro level, senior management must come up with a risk management system which is realistically operable while adequately fulfilling its key purpose. This is often an optimizing rather than a maximizing process. Some simplification is also required at times in order to ensure that objectives are met. Too much detail can confuse both operational and risk management personnel if it results in the means becoming an end in itself.

On the one hand is the detail. By their very nature, risk management systems need to cater for the “impossible” and “unlikely” scenarios. Do not be afraid therefore to think the unthinkable. “The reason the mainstream is referred to as a stream is because of its shallowness” (George Carlin). Yet, if the systems are designed in the first instance to identify risk at a very precise level of detail, there is a danger of inventing thousands of key risk indicators, none of which is ever likely to arise let alone be recorded. A broad category such as “due diligence failure” may make a better KRI than a more specific derivative such as “due diligence failure: person A did not accurately fill in form B.”

KRIs are the basic reporting units on which a risk management system is based. Across most departments in a financial services group, there are some common areas for KRIs such as bad debts and counterparty risk (in its more general sense). Most of these can have either a large number of readily identifiable forms or a small number of less likely manifestations. Corporate finance can present problems for those attempting to design an appropriate risk management module for it with prior knowledge of only similar modules for trading and dealing departments. There are hundreds of ways, I suspect, in which a trade can be badly executed but thousands in which a corporate finance transaction can go awry.

For this reason, it makes for a more manageable system if KRIs can be few in number but broad in scope. Consider that in an optimally functioning risk management system, KRIs serve not only as a reporting requirement but also as a management tool.

Examples of useful corporate finance KRIs include:

  • Breaches of any terms set by the committees authorizing the entering into of new transaction mandates or underwriting commitments;
  • Breaches of the corporate finance procedures manual or relevant industry regulations;
  • Termination of live transactions;
  • Complaints from or loss of corporate clients;
  • Loss of potential transactions (e.g., either due to a competitive tender process or due to advice given or alleged personality clashes);
  • Bad debts or nonpayment of fees; and
  • Regulatory enquiries (whether the regulator is making enquiries regarding the conduct of the corporate financier or of his corporate client).

Again, this list is not exhaustive. It is important not only that all key areas of risk are covered by KRIs but also that the reporting system allows for, and that staff involved in the process are aware of, the provision of further information in respect of the incident that has necessitated the reporting of a KRI event. If a KRI report is issued because a corporate client has resigned, the reporter should provide details as to why the client has resigned.

As with all corporate finance-related issues, the designers of the risk management system also need to take into account the fact that corporate finance sits on the secret side of the Chinese Wall. Access to the detail contained within the risk reporting and monitoring system may need to be made available to staff on two or more levels of restricted access, depending upon the compliance department’s view on appropriate access to unpublished price sensitive or otherwise privileged information.

Further Points on Setting and Interpreting KRIs

In designing and effectively operating a risk management system in corporate finance, it is well to remember that each of us is, after all, only human. The design, commissioning, and operation of such a system are not always an infallible process and further adjustments will inevitably need to be made throughout the life of the system. The useful interpretation of the data collated by the system is also subject to human error. These failings include such things as self-deception, probability calibration issues, cognitive dissonance, and hindsight bias.

Self-deception is the trait that makes us think something will never happen because it has never happened before. This can manifest itself in a number of ways. Probability calibration issues arise where something is forecast not to happen. Unfortunately for us, a study by Kahneman and Riepe1 showed that only two professions showed good probability calibration skills. Neither one was financial-services related. The theory of cognitive dissonance2 is based on an observed tendency for humans to ignore facts contrary to their own beliefs and even to seek evidence on a selective basis in order to confirm the original, unscientific view. Clearly, these types of failings can make it difficult either to frame the right sort of KRIs or to interpret them properly and therefore learn from the data collected in order to prevent repetitions of the same problem.

Hindsight bias acts in a similar manner. It is too easy either to blame someone in a situation where the risk was actually unavoidable or, on the other hand, to overlook or waive concerns about a risk because it is considered that the next manifestation of it is likely to be detected earlier. An associated failing is a tendency to only prepare for or seek to identify those risks that are perceived as more likely to occur, simply because they are related to the most frequently occurring problems in our recent experience. As an old Chinese proverb says, “A man who has been bitten by a snake is afraid of a piece of rope.”

Conclusion

Although corporate finance often embraces risk and despite the skill of its practitioners and the fact that they have recourse to all manner of professional advice and other assistance, it does still require a degree of risk management monitoring, over and above that normally performed by, say, the compliance department.

Risk management in corporate finance is based on the same principles as any other financial services risk management system. However, the specifics are necessarily different to those of trading and dealing departments and require careful thought not just to identify key risks but also to ensure that the system is not undermined either by too much detail in the level of KRI reporting or an excessive degree of generality.

Planners of such systems therefore need to utilize the skills of those they seek to police. The thought processes required by corporate financiers in order to participate in the task are, in my experience, a useful educational tool and likely to ensure the overall success of the system both as a reporting function and as an effective management program.

Finally, in implementing a risk management system, real success depends upon more than simply creating a well-designed, beautifully crafted mechanical system. The system comprises not just a few thousand carefully considered words and a bespoke ORM computer program but also the people who use it and maximize its performance. There is another old Chinese proverb that advises: “If you are planning for one year, plant rice. If you are planning for 10 years, plant trees. If you are planning for 100 years, educate people.”

A Securities and Investment Institute Master Class on Behavioural Finance by Mark Tapley of the London Business School contributed significantly to the ideas presented here on some of the pitfalls of setting and interpreting KRIs. I am also indebted to a number of my colleagues at Evolution Securities, in particular Zoe Hine, Ngaire Stone, Mitchell Gibb, and Laurence Blake who patiently reviewed this chapter and also provided helpful comments and advice.

1 Kahneman, D., and M. Riepe. 1998. Journal of Port Management, summer.

2 Festinger, L. 1957. A Theory of Cognitive Dissonance. Stanford, CA: Stanford University Press.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset