This blogpost is shared as part of a series of insights from INSEAD Directors Network, based on roundtable discussions held during INSEAD Directors Forum October 2018. The Directors Forum Round Table Discussions were held with IDN members led by IDN board members or IDN Ambassadors. Other Blogpost in Series shared last.
The round table discussion “Align Risk Management with Strategy and Operating Performance, but also Reward and Remuneration” was led by Susana Gomez-Smith, NED and IDN Ambassador for Portugal with the introduction
As the ultimate steward of value and overseer of risk, the board must grasp the relationship between strategy and risk and assist management, in gaining that understanding but also in putting it to practical use. The Board must also ensure that remuneration policies/practices are consistent with and promote sound and effective risk management and in line with the business strategy.
- Why should the Board consider and discuss strategy and risk appetite in tandem? How to do it in practice?
- What can the board do to drive greater awareness of the risks to the strategy throughout the organization?
- “Remuneration forms part of the culture and governance priority as set out in our Business Plan. As a key driver of behavior, remuneration of senior and risk taking staff is an important area of focus for the FCA to ensure that risk and reward are aligned in firms that we regulate through our Remuneration Codes (the Codes). Whilst our remuneration rules only apply to specific groups of firms, remuneration is a key driver of behavior for all firms and individuals. Implementing appropriate remuneration policies and practices helps to ensure appropriate outcomes and reduces the likelihood of harm from occurring “
Financial Conduct Authority, Remuneration Codes
How can Boards satisfy themselves that firms remuneration practices lead to appropriate outcomes and risk and reward are aligned?
Strategic Risk Management: A Primer for Directors, Harvard Law School Forum on Corporate Governance and Financial Regulation
The UK Corporate Code, Financial Reporting Council (from page 16)
The strategy and risk areas has historically kept as quite separate topic, as the risk focus has tended to be quite operational in focus. As the strategic risk has been in steep increase for many companies the boards needs to find more appropriate ways to work with the topics in tandem. Some key insights from the board members were noted as;
- The strategy of the firm is and has to be the starting point of all the considerations
- The Strategy should comprise the areas of the core business and potential new business areas
- The risk appetite for both areas has to be set and will be overseen by the Board (in a regular exercise)
- The risk culture is set at the top of the company!
- The second line of defence (Risk Management, Compliance) as well as the third line of defence are supporting the first line (operations) – clear definitions needed
- Especially the Risk Management and Compliance functions must be filled with experienced and independent staff
- With regard to risk measurement and risk identification, the right KPIs (which are rather backward looking) and KRIs have to be defined (better start with few but the most telling ones). Monitor not only your risks but also how the probability, impact of such risk is evolving.
- The Risk Management process is not static, it is a constant effort. Risk managers should be incentivized to identify emerging risks. Some companies on the side of the regular Risk Committees perform regular exercises to reflect on emerging risks. It is advisable to include in such exercises different areas of the company and not only a closed inward exercise of the risk department.
- At Board level, a trade-off between investments in new business areas and investments to mitigate/eliminate existing risks has to be found
- The remuneration should be linked to
- Implementation of the strategy (s-t, m-t, l-t) and hence parts of the variable compensation be deferred
- Accomplishments in the core business areas as well as in developing new business areas
- Risk taking and risk management
- Implementation and living the risk culture in the firm
- The Remuneration Committee should be given the power to override formulaic outcomes of bonus schemes
- Remember: The Management is responsible for Risk Management, the Board is responsible for Risk Oversight.
Conclusion: Strategy and risk needs a framework to be jointly considered as the strategic risk is increasing for many companies, and it needs to be fully aligned also with new and balanced remuneration schemes.
Recommended additional reading;
Enterprise risk Management – Integrating with Strategy and Performance, (COSO)
Using a Risk Appetite Framework to Align Strategy and Risk, (Moody’s)
Letters to Remuneration Committee Chairs (FCA UK)
Certified Independent Director IDP-C and IDN Ambassador Portugal
Other blogpost in this series:
Governance in a Disruptive World by IDN Board Member Liselotte Engstam
From Board oversight of Strategy, to creating a Sustainable Business, by Helen Pitcher OBE, IDP-C, Vice President IDN
Anticipate and manage for geopolitical trade, corporate governance codes and regulatory changes by Cleopatra Kitty, IDN Cyprus Ambassador
The impact of technology on Strategy & Business Models by Mary Francia, IDN Board Member
Align Risk Management with Strategy and Operating Performance, Reward and Remuneration by Susana Gomez- Smith, IDN Portugal Ambassador
Accelerate Board Effectiveness by IDN Board Member Thomas Seale
More insight from INSEAD Directors Network, will be shared based on INSEAD Directors Forum 2018, Round Table Discussions – Look out for more upcoming blogposts!