Wednesday, June 8, 2011

Corporate Governance Lessons from the 2008 Financial Crisis: Assessing the Effectiveness of Corporate Governance Through a Look at Troubled Companies

I. Introduction

Everyone loves a scapegoat. The financial crisis of 2008 is no exception. When share values plunged around the world, companies closed and millions lost their jobs, homes and savings. Shareholders, the public and politicians pointed fingers everywhere. Directors of troubled companies found themselves directly in the line of fire, regardless of whether their companies were the "cause" of the problem, or were simply caught in the general economic decline.

Criticism leveled at Boards of Directors (Boards) included allegations that they were too complacent in:

  • allowing their executives to engage in risky behavior;
  • adopting compensation programs (prepared by management) that encouraged risky behavior;
  • succumbing to pressure from shareholders to exceed prior results, which led to cost-cutting measures and other risky behavior; and
  • failing to assure that they had the necessary expertise and information needed to monitor the business and assess its risk profile.

Query, however, whether it is appropriate to blame directors for failing to predict and prevent these troubles. Directors serve on their Boards as a part-time endeavor. They necessarily rely on professional advice from consultants and independent auditors in addition to information provided by management. Is it fair to assume that they could have predicted the most severe economic downturn since the Great Depression of the 1930s, let alone directed their companies to take steps to ameliorate its effects?

Commentators have split on these issues. Grant Kirkpatrick, for example, believes that corporate governance failed in significant respects in preventing the latest financial crisis. (1) In contrast, Professor Brian Cheffins believes that corporate governance mechanisms performed their intended functions in important respects during the most recent financial downturn, so there is not a significant need for reforming corporate governance. Professor Cheffins studied the thirty seven companies that were removed from the S&P 500 index during 2008. (2)

While commentators may debate the extent to which corporate governance was to blame for the latest financial crisis, it is helpful to review common governance mechanisms and to assess how these mechanisms performed during these troubled times. This analysis is anecdotal only, due to the difficulty of obtaining detailed information about the existing governance mechanisms in place and due to the confidentiality of Board proceedings. Nevertheless, important lessons can be gleaned from this assessment, as discussed more fully below.

While companies can always improve their corporate governance, it appears that the existing structures should suffice to protect most companies, provided that Boards and their management actively perform those functions in a meaningful way.

The importance of this proviso, however, cannot be overstated. In many of the major failures over the past decade, Boards may have had appropriate mechanisms in place that should have recognized and prevented the troubles, yet they failed to exercise independent judgment and oversight. Accordingly, the problems that arose could fairly be blamed to a large extent on implementation, rather than the need for additional governance regulation.

Similarly, in assessing the need for additional reforms, it is important to remember that directors do not have a duty to be omniscient, but rather should exercise their sound judgment after careful analysis of the information available to them. Blame for the general economic decline resulting from the latest financial crisis should be limited to the few firms that aggressively engaged in unduly risky behavior without adequate analysis and mitigation of risk.

This article reviews some of the more common methods of addressing corporate governance. Some of the procedures are mandatory in various jurisdictions due to government regulation or stock exchange listing requirements. Others are adopted on a voluntary basis. Each company should consider which of these procedures are best suited to its particular circumstances. Recommendations for Boards to consider appear at the end of this analysis.

In reviewing these governance mechanisms, keep in mind that, in recent decades, a large part of the emphasis in corporate governance has been designed to align the interests of the Board and executives with that of the equity owners. While that goal is generally laudable, it is important to remember that seeking current returns and profitability should be balanced with also preserving those equity interests. Executives often feel pressured to produce short-term profitability, which may result in a liquidity crisis that could jeopardize the entire long-term ownership interests of the shareholders. Notable failures, like Enron, The FINOVA Group, Inc., and Lehman Brothers serve to remind us of those dangers.

II. Existing Corporate Governance Procedures

A. Introduction

Following the financial crisis of 2000, Congress enacted the Sarbanes-Oxley Act of 2002 (Sarbanes-Oxley). (3) Sarbanes-Oxley required important new governance mechanisms, including increased:

  • audit committee membership and responsibilities; (4)
  • financial expert requirements; (5)
  • certifications of public reports by CEOs and CF0s; (6)
  • performance of a risk analysis; (7) and
  • tightening the standards for auditing requirements/independence. (8)


These reforms, among others, became mandatory for public companies, with certain exceptions. Other existing governance mechanisms that are commonly used or may impact the Sarbanes-Oxley requirements include:

  • splitting the Chairman and CEO functions;
  • enhancing director qualifications (through selection and training);
  • Board independence and replacement of executives;
  • presence of independent advisors for the Board (e.g., as to legal, risk, compensation, business, and/or financial);
  • legal liability;
  • institutional shareholder activism;
  • shareholder rights (elections and meetings); and
  • regulatory authority.

The foregoing mechanisms have received varying levels of criticism following the latest financial crisis. After reviewing the reports of Kirkpatrick and Cheffins, (9) and reflecting my own experience and observations, this article offers an assessment of these governance methods.

B. Audit Committees and Financial Experts

The presence of independent members of the audit committees, especially financial experts, has helped to strengthen the performance of those committees. Those directors, however, need to rely to a large extent on the advice of financial professionals, including the company's auditors, to advise them on sophisticated financial matters. Even the audit committee financial experts cannot be expected to fully understand the nuances of the financial statements or to uncover potentially risky behavior or inappropriate activity that is not discovered by those with more exposure to the operations (e.g., internal and external auditors).

While companies with independent audit committees and financial experts did not always discover fraud or self-dealing (e.g., in Enron and Worldcom) the relative absence of fraud in the latest financial crisis, as compared to 2000, (10) reveals that the independent audit committee functions appear to be fulfilling their purpose. Companies, however, could benefit from a more robust risk assessment process, including challenging assumptions regarding liquidity and other critical areas. If the audit committees are to perform those functions, then they should consider methods in which they can help assure their companies undertake that analysis. (Alternatively, companies may seek to have that function supervised by a separate risk committee.)

C. CEO and CFO Certifications

Again, the reduction of fraud in the latest crisis as compared to 2000 could largely be attributable to the requirement that the CEOs and CFOs certify the company financial statements, as mandated by Sarbanes-Oxley. Most executives probably continue to exercise the same degree of oversight over the financial statements as they did prior to the adoption of this requirement. They will continue to rely on advice from professional advisors as to whether company financial statements are proper. Sarbanes-Oxley, however, helps to focus their attention on items within their knowledge, including the identification of risk factors.

D. Risk Analysis and Chief Risk Officers

This area of the law perhaps deserves the most criticism, although it also has probably been the most maligned. Since the adoption of Sarbanes-Oxley, companies have undertaken to better assess their risks, although the quality of that analysis necessarily varies among companies. Even the best risk analysis, however, would not have predicted the severity of the 2008 economic decline for most companies, at least for those outside of the financial services and real estate arenas. Nevertheless, Boards can help fulfill an important function by challenging their executives to perform a robust risk analysis and to develop strategies for minimizing the impact if foreseeable risks occur. Those risks can include crises relating to liquidity, key customers, key employees, litigation, governmental investigations, product or service failures and other potential risks that could severely impact the company.

Risks like these can occur at any time. For example, long before the Deepwater Horizon oil spill of 2010, BP suffered a refinery explosion in Texas. (11) The risks apparently were known at lower levels in the company. (12) Siemens and Boeing have had to deal with issues of bribery of foreign officials and breaching public tender rules, respectively. (13) And Citibank lost its private bank license in Japan due to money laundering charges. (14) Boards would benefit from adequate crisis management training in a broad range of potential issues.

Some companies may have performed risk analyses without undertaking a true "stress test" based on severe assumptions. Although the severity of the 2008 financial crisis was unprecedented in recent times, the occurrence of economic cycles in various industries, particularly financial and real estate, are not unprecedented. (15) As a result, directors of all companies can help to preserve shareholder values by assuring that their executives undertake a risk assessment and help to develop methods of addressing the potential problems.

Enron is a prime example of a company that implemented procedures to address a known risk, but the procedures were not implemented in an independent and thoughtful manner. I understand that Enron required Board committee approval of conflict of interest transactions involving senior executives and the company, but those transactions were routinely approved without modification. Moreover, there were no apparent mechanisms in place to monitor the performance of those transactions or assess the aggregate impact of those cumulative approvals.

Similarly, Lehman Brothers had a risk committee, but that committee only met twice in 2006 and 2007, and Bear Stearns only established its committee shortly before it failed. (16) Obviously, those committees were not successful in preventing their subsequent downfalls. To be most effective, a risk committee should be implemented long before the crisis has developed. Otherwise, the committee will necessarily serve in a reactive rather than a proactive manner, and its available courses of action will be more limited once the troubles have surfaced.

Of course, the operation of any business involves risk, and an appropriate level of risk should be accepted. Some Boards, however, may have inappropriately accepted undue risk, presumably to enhance profitability rather than to protect liquidity. For example, Northern Rock's Board apparently consciously decided not to hedge its liquidity with back-up lines of credit. (17)

Companies could enhance their risk assessments by including those assessments in their planning process. Some companies are enhancing this process through the creation of a Chief Risk Officer (CRO). An independent CRO who reports to the Board, rather than the CEO, and whose compensation is established by the Board and not the CEO, might be an appropriate method of assuring independence of and attention to this critical function. Without these features, the CRO' s independence will depend on the officer's ability to exercise those functions while being subordinate to an executive focused on things other than risk analysis and mitigation. Of course, there are other methods to address this issue, including incorporating risk analysis and avoidance into compensation programs for all executives. Each Board should decide on the best method for addressing these issues based on its own risk profile and management structure.

Engagement of an executive focused primarily on analysis and mitigation of risks could help to identify problems that the Board and auditors might not otherwise catch. For example, many financial institutions jeopardized their liquidity position by supporting the capital of their financing conduits with lines of credit maturing in 364 days, because credit lines with a maturity of a year or longer had to be supported by the bank's capital. (18) The aggregate impact of those lines severely impacted many of those institutions.

In France and the UK, risk management has been introduced into corporate governance principles. (19) The Basel II capital accord requires Boards to review and guide corporate strategy, major plans of action and risk policy. (20)

The risk assessments should evaluate the impact that compensation programs have on the company' s risk profile. The latest financial crisis has emphasized the imbalance of those programs in financial services firms and how those programs helped lead to risky behavior that was not adequately protected. Granted, firms often thought that the presence of credit ratings, insurance and other provisions would help to insulate them from significant loss, but those protections were apparently insufficient to prevent or mitigate the losses at many companies.

Companies like UBS and JP Morgan have begun to tie compensation to long-term results, requiring deferral of bonuses, mandating share ownership, and factoring in risk-weighting into their compensation formulas. Seventy percent of the companies listed on the FTSE defer some part of their annual bonuses. (21) Boards should be careful to understand the consequences of the incentives created by the performance objectives.

E. Auditor Independence and Requirements

Since the enactment of Sarbanes-Oxley, auditors have been more vigilant about assessing risk exposure. The collapse of Arthur Anderson has served as an example of what can happen if they fail to do so. Again, the absence of significant fraud demonstrates that, in most companies, this governance mechanism is functioning reasonably well. It is important, however, to remember that auditors are not guarantors of company activity, regardless of their independent function. Ultimately, the company needs to manage and control itself, rather than to rely on inappropriate activity being discovered by the auditors.

F. Splitting the Chairman and CEO Roles

Having a separate Chairman from the CEO can provide an independent person to help guide the Board's oversight of the company and reduce the ability of the CEO to control the Board's agenda. It would also provide a person to whom the CFO, CRO, general counsel and others who are to exercise independent judgment from the CEO could discuss concerns. In the absence of an independent chairman, the audit or risk committee Chairs also could fulfill that function. In the UK, companies listed on the London Stock Exchange must have an independent Chairman separate from management or explain why they do not do so. (22) However, given that the British banking sector failed to perform any better than its U.S. counterparts, it is questionable whether the presence of an independent chairman would have made a difference in most cases. (23) Again, each Board should decide these issues for itself.

G. Enhancing Director Qualifications

As Carl Ichan has said: "[M]any board members were demonstrably unqualified, abjectly remiss or simply too cozy with management." (24) Many Board members are appointed due to their friendship with the executives or other Board members. Some are appointed to help fulfill perceived needs to add diversity to the Board along gender or racial lines. While those goals are laudable, they should not be at the expense of assuring that the Board is capable of exercising its oversight duties and is sufficiently skilled to understand and exercise independence over the company's direction. A sophisticated company probably needs more experienced and dedicated directors, who can understand the complexity of the matters before them.

Examples of Boards that lacked Board expertise in the company' s business or independence include Bear Stearns and Dillards. (25) At eight major U.S. financial institutions, two thirds of their Board members lacked any banking experience. (26)

Director qualifications can be enhanced through appropriate "onboarding" and periodic training to help assure that the directors understand the company, their duties and the technical aspect of their committee duties, whether it be related to compensation, financial risk or otherwise. Boards help to monitor the qualifications and contributions of their members through evaluations and feedback from shareholders.

H. Director Independence and Management Changes

As Mr. Ichan noted, (27) many directors at troubled companies failed to exercise independence. UCLA professor Avanidhar Subrahmanym found that as the degree of social interaction increased between directors and the executives, their effectiveness as independent directors decreased. While it is important for directors to interact with management, including those who need access to the Board (CFO, CRO, general counsel), the relationship should not interfere with their respective duties to the company and its equity owners, creditors and others, as appropriate.

It takes courage to emphasize risk analysis and prevention measures when shareholders demand increased performance. Warren Buffett had the courage to do so throughout the 1990s when he resisted investing in the "dot com" and telecom bubbles, publicly stating that the valuations in those industries could not be justified, let alone sustained. Ultimately, his judgment proved correct following the market tumbles of the early 2000s. Few directors had the courage to follow suit in subsequent years, but those companies that have withstood the recent turmoil have perhaps been cognizant of their risk profiles and have taken appropriate protective measures.

Directors exercised independent judgment during the latest financial crisis. For example, at the thirty-seven companies removed from the S&P 500 in 2008, Boards replaced CEOs and other executives much more frequently than general trends would predict. They replaced thirteen CEOs and twelve other executives at those companies. (28) This forty percent rate of dismissal for CEOs exceeded the 2.1 percent ten-year average ending in 2007 for the largest 2,500 companies. (29)

While directors appear to have exercised independence in dismissing executives when problems surfaced, it is questionable whether they exercised appropriate independence in approving management proposals for operations and compensation that led to those troubles in later years. Perhaps directors would better serve their constituents by exercising that independence from the start, through a robust risk analysis and planning process, rather than reacting to a crisis when it arises.

In addition, while executives were dismissed, in many instances the departing executives were entitled to severance arrangements that did not provide the Board with an adequate means of withholding those payments, at least without the likelihood of an expensive and distracting litigation. Similarly, when Boards are seeking to hire replacements for the departed executives, they may be pressured to again adopt similar assured severance arrangements. In approving executive agreements, Boards might consider the impact that this insulation from financial results might have on the company's risk profile.

I. Independent Board

Advisors Boards would be well advised to have access to independent advisors when they deem it appropriate. Sarbanes-Oxley requires that the Board have the freedom to engage counsel and other advisors when it desires it, but Boards appear to exercise that prerogative infrequently. Boards might consider engagement of independent professionals to independently guide the Board on issues, particularly those involving Board independence, duties, risk management and liability. Those professionals could be the same as those supporting the company's risk analysis. If the company appointed a Chief Risk Officer, that officer could independently report to the Board and use the same professionals. Ultimately, this is merely one aspect of the overall risk assessment process.

J. Legal Liability

While an expensive and destructive method of helping to assure corporate governance, the legal system serves an important role in helping to assure that companies and their managers fulfill their duties. Because the defense of legal action is enormously expensive, however, companies would be well served to rely on other corporate governance mechanisms to properly manage the company.

Because suits are often commenced when share prices fall, regardless of causation, essentially in an attempt at legal extortion, it is not possible to assess the impact of this method of enforcing corporate governance. Similarly, government investigations often follow financial turmoil, in part due to pressure from the agencies to demonstrate that they have addressed the issue, as well as to address actual violations.

K. Institutional

Shareholder Activism Major shareholders frequently flex their muscles to contact management and attempt to influence the company's direction. While institutional investors may not have been unusually active in this regard after the latest crisis, (30) they helped obtain important changes at a number of troubled companies. In addition, those institutions most likely had a larger impact through informal discussions that were never reported. Of course, shareholders owning a sufficient number of shares to implement change can collectively cause the company to do so, whether through cooperative measures or proxy contests.

While discussions between shareholders, the Board, and management can be a healthy method of obtaining input on the market's reaction to current operations and results, Boards should independently evaluate those inputs to be sure that the interests of some equity holders do not unduly influence the company's overall direction to the detriment of others, especially if those equity owners are seeking short-term results at the expense of capital preservation.

L. Shareholder Rights

Shareholders often seek to elect directors annually and to reserve the right to call a special meeting with a small number of shares. In practice, it would appear that most shareholders routinely approve management proposals and Board slates, so this mechanism is not an effective method of governing the company, with notable exceptions. Troubled companies often bow to pressure to install new directors, or adopt shareholder proposals to avoid a proxy fight. Most shareholders, however, do not engage in this kind of activism. Instead, they tend to sell their shares or simply voice their displeasure to management. In the UK, shareholders owning five percent of a company can call a meeting to dismiss a director, although this power is rarely used. (31) It is too early to determine whether the SEC' s new "proxy access" rules, (32) which allow shareholders to nominate directors, will impact corporate governance.

M. Regulatory Supervision

While shareholders and the public expect that regulatory authorities will help protect them from harm, those agencies are habitually unable to adequately monitor the activities of the myriad companies under their jurisdiction. They tend to investigate following complaints or after the troubles have already occurred. Following cyclical economic downturns, there has been a tendency to add additional regulations designed to address the perceived shortcomings with the existing rules. Some of that is a direct result of the political process, where the legislatures and administrators want to show how they have taken action to prevent a recurrence in the future. The Basel II capital accord enables bank regulators to impose capital charges for incentive structures that encourage risky behavior. (33)

Yet, the same problems continue to surface. The answer may well be in better enforcement of existing regulations, rather than the hurried creation of widespread reforms. Legislatures would be better served by enacting narrowly-tailored reforms to address only the actual deficiencies in corporate governance, rather than rushing to enact broad changes in response to public pressure to "do something."

III. Conclusion: Thoughts for Board Consideration

After reviewing the consequences of the most recent financial downturn, Boards should review their corporate governance procedures to assess their efficacy in light of their particular circumstances. Areas they may wish to evaluate could include:

  • undertaking a more robust risk analysis, with challenging assumptions and an evaluation of anticipated crises relating to:
    • liquidity;
    • loss of customers;
    • loss of key employees;
    • litigation/governmental investigations;
    • product/service failures; and
    • other anticipated risks;
    • appointment of a Risk Committee of the Board, if those functions are not exercised by the Audit Committee;
    • appointment of a Chief Risk Officer, and determining the reporting and compensation arrangements for that person;
    • strengthening the Board selection, training and evaluation programs to assure that directors are competent and willing to exercise their duties in light of the company's business and regulatory environment.
    • periodically evaluating Board independence;
    • determining whether the Chairman and the CEO should be separate persons; and
    • evaluating compensation programs in light of the risk analysis, including a review of severance arrangements.

While overall, corporate governance performed fairly well at most companies, Boards (along with almost everyone else) underestimated the scope of the recent economic downturn. Accordingly, while widespread reform is not clearly necessary, all Boards could benefit from an honest assessment of their risks, strengths and weaknesses in determining the course of their company' s future endeavors.

1 . Grant Kirkpatrick, The Corporate Governance Lessons from the Financial Crisis, 96 Fin. Market Trends 51 (July 2009).
2. See Brian R. Cheffins, Did Corporate Governance "Fail" During the 2008 Stock Market Meltdown? The Case of the S&P 500, 65 Bus. Law. 1 (2009). Cheffin is the S.J. Berwin Professor of Law, University of Cambridge.
3. Pub. Law 107-204, 116 Stat. 745 (July 30, 2002) (codified at 15 U.S.C. § 7201 [Sarbanes-Oxley].
4. Sarbanes-Oxley, supra note 3, at § 301.
5. Id. at § 407.
6. Id. at § 906.
7. Id. a t § 404.
8. Id. at §§ 201-206.
9. See supra notes 1 and 2.
10. See Cheffins, supra note 2, at 28-29.
11. See, e.g., Kirkpatrick, supra note 1, at 18.
12. Id.
13. Id.
14. Id.
15. See, e.g., S. Henke, The Great 18-Year Real Estate Cycle, Globe Asia (Feb. 2010), available at www.cato.org.
16. Kirkpatrick, supra note 1, at 19.
17. Id., at 28.
18. See, e.g., Kirkpatrick, supra note 1, at 11.
19. Id. at 24.
20. Id. at 17. See also Jacqui Hatfield & Gil Cohen, Banking Industry Regulatory Update, 64 Consumer Fin. L.Q. Rep. 134 (2010).
21. Kirkpatrick, supra note 1, at 28.
22. See Cheffins, supra note 2, at 55.
23. Id.
24. Id. at 54, quoting Carl Ichan, Corporate Boards that Do Their Job, Wash. Post, Feb. 16, 2009 at A15.
25. Cheffins, supra note 2, at 35
26. Kirkpatrick, supra note 1, at 22.
27. See supra note 24.
28. See Cheffins, supra note 2, at 37.
29. Id. at 40.
30. See id. at 45-50.
31. Id. at 59-60.
32. See SEC Rule 149-11
33. See, e.g., Kirkpatrick, supra note.1, at 16; Hatfield & Cohen,Banking Industry Regulatory Update, supra note 20.

Post a Comment