That primary role remains as important as ever. However, since the financial crisis in 2008 there has been a growing awareness that to truly protect a company, including its financial performance, a more holistic approach to risk management is needed – not just in the risk function but across the company. As such, treasurers are increasingly seeing enterprise risk management (ERM) enter their remit.
It is indeed true that only by looking at wider corporate risks – such as supply chain, reputational risks and strategic risks – can a company be truly prepared for the next potential crisis. After all, it is often the intangible failures that cause the most catastrophic crises, and these inevitably affect the bottom line.
Apart from avoiding bad things, there are positive benefits from taking a holistic approach to risk management. In 2014 Airmic commissioned the report
Roads to Resilience
to analyse the common underlying features of some of the most successful companies. The research clearly revealed that companies in which ERM is truly embedded throughout the organisation are not only more likely to avoid a crisis, but also make optimal use of their resources and are ultimately more profitable.
Shifting from a focus on traditional treasury risks, such as financial risk, to a more enterprise-wide approach represents a significant corporate challenge. In particular, it requires a culture shift in two areas, and treasurers can play an important role in facilitating these changes.
First, risk management must be seen as much more than compliance exercise. Risk management has undoubtedly moved up the corporate agenda since the financial crisis. This is encouraging, but all too often we continue to see evidence that it is approached with a purely regulatory mindset. Only when it is valued for its own sake and viewed as a business enabler will a company see the benefits of a successful risk management programme.
Second, management of risk within a company must not be siloed. Businesses, and the various functions within them, are usually very good at managing their core risks. But looking at these risks in isolation means that some of the really big exposures get overlooked.
For example, how can risks to the supply chain be minimised without all players, inside and outside the company, communicating with one another? Similarly, with a siloed approach to risk, who is taking responsibility for the broader strategic risks which transcend the separate business functions? Damage to reputation, for example, is one of biggest concerns of c-suite executives, but this can only be addressed at an enterprise-wide level.
Failure at the Top
Achieving a culture shift requires strong leadership.
Roads to Ruin
– the predecessor to
Roads to Resilience
– analysed the causes of a series of corporate disasters. The study highlighted that there are common underlying causes to corporate failure. All too often the problems emanate from an inadequate grasp of risk at the very top of the company. Indeed, in almost all high profile crises – such as the collapse of UK bank Northern Rock, Independent Insurance and Enron, or BP’s Texas City explosion in 2005 – there was a failure by boards to engage with important risks known elsewhere in the organisation to the same degree that they engaged with reward and opportunity.
We call this lapse ‘board risk blindness’. It is extremely important that any company wishing to achieve resilience takes steps to ensure that information essential to risk management reaches the top of the organisation.
This philosophy is at the heart of the recent risk management guidance issued by the UK’s Financial Reporting Council last September. According to the FRC, “ultimate responsibility” for risk management should lie with the board of directors. While other functions will continue to take care of day-to-day risk responsibilities, it is up to the board to ensure that the appropriate policies and culture are in place, that board understanding of risk is high, that risks are maintained within tolerable levels, and that risk mitigation is appropriate.
Ultimately, companies must be able to demonstrate that their board members have an active understanding of the wider risks affecting their business – the ones that really get to the heart of an organisation’s reputation and ability to function. After all, business leaders take risks to be successful – to implement a strategy. The FRC wants to see how the risks and strategy join up, from the top of the company to the bottom.
While many boards already meet this requirement, some still fall short – and few companies approach risk in quite the structured manner that is now required.
A Champion for Risk
Airmic would take the argument for risk leadership one stage further and argue that all companies should consider appointing a dedicated executive risk leader, reporting to the board. The complexity of risks facing businesses today is unprecedented, and with the FRC guidance, the pressure on boards to understand these risks is at an all-time high. As we have seen, the challenge is not just to manage the expanding array of risks but to navigate them in a way that turns them into an advantage.
It is not practically feasible for board members to receive detailed papers on all risks facing the company in today’s environment. But if companies were to have in place a single voice to lead the risk agenda they could feed into the board a 360-degree view of the company through the lens of risk. Such a person would be able to navigate the risk agenda over both the immediate and longer-term horizons and could link risk to the business model in order to drive business performance and financial success.
Such a person might be a chief risk officer (CRO), or a slightly different role, depending on what works best for the company. But whatever the job title, the role holder must – and this is imperative – be able to see and integrate the risk agenda for the whole business. They must also be in a position to understand and influence the wider business model and manage the risk agenda accordingly. This will include an ability to look beyond the horizon and gaining an appreciation of how the external environment can impact the business. Certainly, risk leaders will require independence and assuredness.
Quite how this role would fit within the corporate structure will vary across businesses and sectors. Yet what is clear is that in all organisations, the treasury plays a central role and touches all parts of the business, both internally and externally. It also has significant influence with the board and can play a vital link between senior management and other parts of the business. Therefore, whether a company has in place an executive risk leader or not, the role of the treasury should be pivotal for achieving an effective risk culture throughout the company.
Achieving a successful risk management environment – one that can genuinely contribute to commercial success – is ultimately about creating the right corporate culture. No easy task, but treasury professionals undoubtedly have a growing role to play.
Consumers, companies and regulators are increasingly demanding sustainably-made and socially responsible products, so it has never been more important for corporates to maintain a responsible supply chain.
Many banks around the world, large and small, continue to experience major security failures. Biometric systems such as pay-by-selfie, iris scanners and vein pattern authentication can help.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Banks might feel justified in victim blaming when fraud occurs, but it does little for customer confidence.