"Remarks at the 2005 Corporate Governance Conference: Red Flags, Toronto"
"The impact of a question of
integrity on a stock price is instantaneous."
From a study on risk management by Deloitte & Touche.
Today I'll be talking about moving beyond red flags. When I reread the brief description of my topic in the brochure for this conference, I was struck by the somewhat daunting reference to "identifying issues before they surface." It reminded me a bit of the initial hype around one of Germany's high performing cars adding a new X-Drive all wheel drive system. The ads promised that it would anticipate wheel spin before it occurred. While I bought a car with X-Drive and it works well, I am quite sure that what it really does is react extremely quickly to wheel spin. Driving sensibly, one tries to avoid wheel spin and when it does happen the system reacts quickly to correct the situation. Similarly, my topic might better have been described as trying to ensure that structures, systems and processes are in place to prevent bad things from happening, and to deal with them in a quick and appropriate manner when they do occur, which is almost inevitable in any large commercial enterprise.
How do we accomplish this goal? I believe that the key is a culture that includes a commitment to good governance. This should include policies and processes designed to minimize the likelihood of problems. But it should also include systems to identify those inevitable problems when they occur and processes to elevate and deal with them. I hope to address some of these issues today.
What do we mean when we speak of corporate governance? The Office of the Superintendent of Financial Institution (OSFI) has published a corporate governance guideline in which it states that "[corporate] governance refers to oversight mechanisms, including the processes, structures and information used for directing and overseeing the management of a company. It encompasses the means by which directors and senior management are held accountable for their actions and for the establishment of oversight functions and processes." In addition to the oversight mechanisms and the means by which directors and management are held accountable, I will refer to that more nebulous concept of a "governance culture." An established governance culture helps ensure accountability without having to resort to "heavy-handedness."
Like many other large companies, we have a strong risk management group in place to monitor, assess and manage risk on behalf of the company. This team scans for red flags in all of our businesses to determine everything from market to credit to operational risk -- quantitative risks that can be calculated and managed every day. Many of the risks we manage are considered an acceptable part of doing business and don't tend to involve problematic or unusual governance issues.
Today many agree that the single biggest threat to the future of most companies is the one that is hardest to quantify - loss of reputation. What takes years and years to build - consumer trust, investor confidence, brand strength - can be wiped out in a single day. The threat can come from a number of different sources: someone deliberately ignoring the rules in favour of short term profit over long term gain; a system error or an innocent human error; an adverse business environment; or changes in the environment in which one operates that alter the standard for acceptable behaviour. This is an area that everyone is concerned about. Nobody wants their good name dragged through the mud.
Strong governance is a company's best defense against reputational damage. Having the right policies and charters is just the beginning. Putting them in practice and making them work is crucial. As I speak, I'll be sharing stories and examples from TD - not because we're a paragon of governance (although we like to think we are!), but because it's what I know, and I think we get it right most of the time.
Let's begin by looking at three key points to making governance work and then I'll discuss each in greater detail.
- Effective boards with the appropriate mix of skills and experience coupled with the will to govern.
- A positive corporate governance culture - which includes an environment, championed by the firm's leadership, that encourages all employees to be on the alert for and report potential issues before they become a real threat.
- The ability to spot problems early, and heed the red flags when you see them.
I'll talk first about what makes a board effective.
The tone of governance at a firm is set at the top - by the board. For that board to be effective, it must be strong and willing to make real change. I will touch on a few things that I believe can help to achieve this goal.
Each director should be personally committed to high ethical standards and should have the will to do what is right even if it is not popular or the best way to maximize short-term results.
Years ago, when I first joined the Bank, the idea of an independent chair was considered exotic, even unpopular. Everyone said it would be expensive, more time consuming. But TD was determined to be a leader in governance and we became one of the first Canadian banks to split the chair and CEO positions. Now that we've lived with this structure for a while I can tell you that it is more expensive and time consuming because you have to deal with a chair and a CEO who sometimes have differing views. But it is well worth it to have someone whose principal focus can be the board and corporate governance and who is available to provide valuable counsel to the CEO on a variety of matters.
While the role of chair is key, the entire board needs skills, experience and information of the highest quality. Every member needs to understand the fundamentals of the business and to be aware of its inherent risks. Every member needs to be engaged and involved.
To ensure this is the case at TD for example, we start with an orientation program for new directors, to provide a background and context for their work. Our incumbent directors are welcome to attend for refreshers as well. We also try to provide ongoing educational seminars for the directors although it is sometimes difficult with competing demands for directors' time. Recently, we've introduced term limits in order to renew and refresh the board so it doesn't get "tired." A healthy turnover helps to create a stronger, more diverse board with a variety of perspectives. Board members have a maximum term of 10 years, with the possibility of renewal for a further five years after their term is up. This is, of course, subject to annual assessments and re-elections.
Every year, under the leadership of our chair and with the help of an independent consultant, our board undergoes a rigorous process of self-evaluation. This includes both peer and self-evaluation by individual directors. Selected members of the management team are also invited to provide feedback on board performance. This comprehensive feedback is used to help improve the effectiveness of individual board members, who have told us they find the information very useful. While board assessment may not always mean a change in directors, it often ensures a change in director behaviour.
Effective boards require objectivity - the independence to enable them to act in shareholders' best interests. That means the majority of members should have no material or significant ties to the business in order to ensure decisions are never taken out of self-interest. However, I also feel that a board will function better where there is collegiality among the directors. They need to be strong and independent, unafraid to express their views, but will work more effectively as a team if they see themselves as partners with each other as well as, to a certain extent, with management.
Boards should be able to request, and receive, any information or documentation needed and should have the resources and the ability to hire outside consultants to provide objective advice. For example, TD's board regularly uses the services of an independent consultant to provide advice on executive compensation and has retained consultants on other matters from time to time.
Boards should have a strong risk committee that meets frequently and spends a good amount of time discussing actual strategic risk issues, like those affecting reputation. I read recently that an outside auditor found the risk committee at a major firm had spent a total of 12 minutes over the course of a full year discussing actual risk issues. I find it hard to believe that there is a firm anywhere that faces only 12 minutes worth of risk a year. If there is would someone please tell us who it is, we have some money to invest [on second thought, if there is no risk there is generally not much return].
Appropriate issues for risk committees might include volatility of the regulatory environment - especially in financial institutions where the big firms are increasingly expected to assume a gatekeeper role for market participants - industry consolidation and convergence, and expansion, both locally and internationally. Finally, in order to have a meaningful discussion boards need to be kept informed of any red flags or potential problems.
If you have an engaged, knowledgeable, well-equipped, well-informed ethical, and independent board you will experience fewer governance problems and there will be fewer red flags to worry about - guaranteed.
Now let's look at how to make governance part of your culture.
The best defense is a good offence. Companies should actively and aggressively foster an environment that encourages ethical behaviour and decision making. This is harder than it sounds and it requires championing at the top and belief right through to the bottom of the ranks in order to succeed. This kind of culture can take years to build. The first and most important thing is that it has to be real and transparent. You can't just say you have a positive governance culture and then not live it. To quote U of T professor Don Tapscott: "If you're going to be transparent, you'd better be buff."
One way to build a "buff" culture is to reinforce the message regularly. The message? "Tell us about any problems you find. Nobody ever gets fired for bringing an error or an issue into the light." Don't ignore problems when they are identified, but don't overreact either. Losing one's cool in an adverse situation is seldom helpful. Act like a good partner in trying to solve the problem.
How do you reinforce this message? With clear direction from the board, the CEO and other senior managers, through media interviews, internal notes, remarks to internal audiences, and actions.
In a bank-wide publication, TD's Ed Clark recently told employees, "Organizations need to communicate regularly with employees on issues that affect them and the company, good or bad, and employees need to see their bosses walking their talk - admitting mistakes when they happen and working to fix them right away."
This message was reinforced by a piece that appeared in the Vancouver Sun after Ed spoke to the Executive Women's Network. Ed was quoted as saying, "When someone comes to you with problems, don't react negatively. You have to be supportive. If you're going to create a real dialogue, people have to be able to speak up and you'll only get people to speak up if they see you speaking up. If you can't create that culture, you're incredibly vulnerable."
In other words, managers at all levels need to reinforce the message from the top and, most importantly, send the message to employees that they are ready and able to hear bad news. Managers who send the message that they only want to hear good news will not know what's really going on.
Other ways to reinforce the message and encourage a good governance culture include:
- Try hard to hire and retain good people.
- You cannot regulate ethical behaviour. But you can do your best to attract and hire people with integrity. And you can enforce penalties against those in the organization who do not act with integrity. Compensation structures should be designed to incent appropriate behaviours.
- A code of conduct or code of ethics. Every year all employees of TD must read and attest to their understanding and acceptance of TD's rules of conduct. With the added availability of the code on-line, there really is no excuse for not knowing what is acceptable conduct and what is not.
- Proper training for employees on legal and other issues that affect the business. All TD employees have had training on privacy laws and correct procedures. Other important training includes anti-money laundering, compliance, and regular refreshers on bank regulation. Some of this is accomplished through broadly used, online training modules. In other cases, such as the training we conducted in relation to reputational risk in the structured finance area, we conducted live sessions lead by senior people. If employees clearly know what the rules and the laws are they will know a problem when they see one - that is the only way a governance culture can actually work.
- A whistle blower procedure. One of the fail-safe mechanisms to try to identify those circumstances where something has gone wrong is a whistle blower procedure. TD uses an outside provider to manage the process of whistle blowing confidentially and beyond the reach of managers and executives. Hopefully, most employees will feel comfortable raising problems with their manager or someone like me. However, employees are encouraged to call or report online if they see something wrong or unethical and they don't feel comfortable about going to their manager. Information collected on the whistle blower line is thoroughly investigated.
The last key point to making governance work is spotting and heeding red flags.
This is the part where you have to walk the talk. You know right from wrong. Your employees know right from wrong. How do you identify issues? What are you going to DO about them? If you do nothing, then everything we've discussed up until now is worthless.
One of the most valuable tools for spotting red flags is an early warning system. For many firms, including TD, this takes the form of a risk dashboard that visually displays and identifies key risk elements throughout the company. TD uses a red/green/amber system that shows risks going up and down across the enterprise. This dashboard has proved to be a popular tool for visually showing risks, so much so that its use has expanded to the point where some of us are calling it a "marathon-board." We are working to keep the volume of information at a level that will maintain its effectiveness.
In financial services as in other businesses, there are areas where risks naturally go up and down depending on external forces. There are also risks that go up and down depending on internal forces. Here are a few red flags to watch for:
- Results that seem too good to be true (probably aren't);
- Structures and transactions that seem too complicated (if it's too hard to understand then it could be breeding ground for problems);
- Poor reporting (if you don't know what they're doing, they probably don't either);
- Profits or fees that seem disproportionate to the value of products or services sold.
Outside risk assessors can be useful in spotting real or potential problems. For example, TD has retained a firm to assist in identifying any potential conflicts of interest the company may have in some of our U.S. businesses. We want to continue to grow our business there and it's important to us to avoid any problems that might impede that goal. This is an area where we are trying to anticipate problems before they arise. If we actively search for potential conflicts, using a firm that is well versed in the US business and regulatory environments, we believe that we can prevent them or ensure that they are managed in an acceptable manner.
In Canada, we frequently assess what we are doing and how we are doing it for signs of unacceptable conflicts of interest or ethical gaps. Some conflicts of interest, of course, are acceptable - customers want to bank for free, we want to charge for our services, and that will never change. Others can be managed in an appropriate way, perhaps with good disclosure. Still others are not acceptable - if the rules aren't clear, just ask yourself: "What if I read about this in the paper?" or "What if the regulators decided to investigate Y?" If you don't like the answer then you may be doing something wrong.
Look around you. TD's board and management try scan the horizon to see what's out there. What issues are your competitors struggling with? What bone has the media got hold of? How does any of it impact your business and do you have the same problems? TD learned this the hard way when it took a major reputational hit with investors after suffering loan losses in the telecom sector. We were so close to that business that we didn't see the turn in the market quickly enough.
Once you've spotted a red flag, there are a number of steps that can be taken. First, the issue should be elevated appropriately. Make sure the right senior people are involved. As I said earlier, those senior people should avoid over reaction and assigning blame, but rather should work as partners in coming up with the appropriate reaction. This may include bringing the issue out into the open - contact the regulator if appropriate, let the right people know, do the right thing and fix it fast. Stop the offending behaviour and institute any corrective measures that might be appropriate. The only thing worse than having a problem, is ignoring a problem.
As an example, I would use the fallout around the Enron matters. As you are probably aware, we were one of many bankers to Enron, although not in the top tier of their financial institutions. We engaged in some structured finance transactions of a type structured between this then-top-ten Fortune 500 corporation and some leading, reputable financial institutions. The structures were reviewed by a leading audit firm at the time. In these circumstances, we missed, we think understandably, any red flags.
However, once the issue was identified, it was elevated to senior business leaders as well as senior people on the control side. Our CEO and board were kept well informed. Having recognized the changing regulatory view of our role, we worked in partnership with the business leaders to design and institute new processes to review potential reputational risk issues in structured finance, and as I mentioned earlier have provided training on these processes. I believe it was important that those working in the business saw their leaders working with the support and control functions to provide a proactive solution, rather than see people shy away from a difficult issue.
In closing I'd like to say that I think that corporate Canada has come a long way in a short time. The popularity of conferences like this, the continued public attention, and the many changes we've seen in the way business is done are all proof of the fact that governance and good practices are at the top of the corporate agenda.
However, this focus on "red flags" is consistent with the recent emphasis on what some refer to as "fiduciary governance," or the monitoring function of boards. I fear, and I know others do as well, that this emphasis may be leaving little time for the other important function of boards, being the strategic or advisory role. I believe that it is important that a balance be struck between these two equally important functions. If your directors are inundated with detailed materials in its monitoring role, that may be a "red flag" that the other role is going unfulfilled. Hopefully, as we absorb these changes in fiduciary governance, the pendulum will swing back to a better balance and we can move beyond that red flag.
As the business landscape evolves, our policies and practices must and will evolve, for as Charles Darwin said, "It is not the strongest species that survive, nor the most intelligent, but the ones most responsive to change."