EIOPA proposal for Regulatory Technical Standards (RTS) on management of sustainability risks including sustainability risk plans – Part 2

Publié le par hanswillertbleuazurconsultingeu

Our recent article presented EIOPA’s RTS proposal regarding the requirements of sustainability risk management with respect to ORSA, governance and key functions within the future, significantly broadened Solvency II framework.

This article will focus on materiality and financial assessment of sustainability risks as well as on proposed metrics, targets, and actions described by the RTS draft.

Materiality assessment

The definition of materiality under Solvency II and the European Sustainability Reporting Standards (ESRS) are aligned in their focus on the potential impact of information on decision-making.

  • Under Solvency II, for public disclosure purposes, materiality means that if an issue is omitted or misstated, it could influence the decision-making or judgment of users of the information, including supervisory authorities. As to financial materiality, sustainability risks can translate in a financial impact on the (re)insurer’s assets and liabilities through existing risk categories, such as underwriting, market, counterparty default or operational risk as well as reputational risk or strategic risk. In other words, they are ‘drivers’ to existing risk categories.
  • Similarly, the ESRS defines materiality as the potential for sustainability-related information to influence decisions that users make on the basis of the undertaking’s reporting. In the context of financial materiality, which is relevant for Solvency II purposes, the ESRS specifies that a sustainability matter is considered material if it could trigger or reasonably be expected to trigger material financial effects on the undertaking. This includes material influence on the undertaking’s development, financial position, financial performance, cash flows, access to finance or cost of capital over the short-, medium- or long-term. The materiality of risks is based on a combination of the likelihood of occurrence and the potential magnitude of the financial effects.

The two frameworks are aligned as material financial effects, as defined by the ESRS, would likely influence the decision-making or judgment of users of the information, including supervisory authorities. This alignment enables undertakings to apply a consistent materiality assessment approach across both Solvency II and ESRS reporting requirements.

Both Solvency II and ESRS do not set a quantitative threshold for defining materiality. The RTS do not specify a threshold for materiality either, considering this should be entity-specific. The undertakings should however define and document clear and quantifiable materiality thresholds, taking into account the above and provide an explanation on the assumptions made for the categorisation into non-material and on how the conclusion on the materiality has been reached. The classification of an exposure or risk as material has bearing on its prudential treatment, as it is a factor that determines whether the risk should be further subject to scenario analysis in the undertaking’s ORSA. The RTS require the undertaking to explain its materiality threshold in the plan: the assumptions for classifying risks as (non-) material in light of the undertaking’s risk appetite and strategy.

The materiality assessment should consider that:

  • Sustainability risks are potential drivers of prudential risk on both sides of the (re)insurers’ balance sheet.
  • Sustainability risks can lead to potential secondary effects or indirect impacts.
  • The exposure of undertakings to sustainability risks can vary across regions, sectors, and lines of business.
  • Sustainability risks can materialise well beyond the one-year time horizon as well as have sudden and immediate impact. Therefore, the materiality assessment necessitates a forwardlooking perspective, including short, medium, and long term. For example, certain geographical locations may not be subject to flood risk today but may be so in the future due to sea level rise. The risk assessment should be performed gross and net of reinsurance, to measure the risk of reliance on reinsurance.

The materiality assessment would consist of a high-level description of the business context of the undertaking considering sustainability risks (‘narrative’) and the assessment of the exposure of the business strategy and model to sustainability risk (‘exposure assessment’), to decide whether a risk could be potentially material. Following this, based on the identification of a potentially material risk, the undertaking would perform an assessment of the potential financial impact (i.e., financial risk assessment, as part of ORSA).

The narrative should describe the business context of the undertaking regarding sustainability risks, and the current strategy of the undertaking. It also describes the long-term outcome, the pathway to that outcome, and the related actions to achieve that outcome (e.g., emissions pathways, technology developments, policy changes and socio-economic impacts).

The narrative would include a view on the broader impact of national or European transition targets on the economy, or the effect of a transition risk throughout the value chain. The narrative should include other relevant sustainability risks than climate, such as risks related to loss of biodiversity, or social and governance risks, as well as interlinkages between sustainability risks (e.g., between climate and biodiversity or climate and social) and spill-over and compounding effects looking beyond specific sustainability risk drivers on particular lines of business.

Sustainability narratives, indicators, and interlinkages

  • Narrative: For example, for climate change undertakings may refer to publicly available climate change pathways (i.e., the Representative Concentration Pathways (RCPs) developed by the Intergovernmental Panel on Climate Change (IPCC); Network for Greening the Financial System (NGFS)) or develop their own climate change pathway.
  • Indicators: Macro-prudential risk indicators or conduct indicators may provide additional insights and help the undertaking form its view on the future development of sustainability risks. Especially over a longer horizon, sustainability risk could have a wider and compounding impact on the economy and interactions between the financial and the real economy would need to be considered. For example, indirect impacts of climate change could lead to increase in food prices, migration, repricing of assets and rising social inequalities. All these indirect drivers will, in turn, impact the real economy as well as the financial sector, even more so as they could also trigger political instability. Macroprudential concerns could include, for example, plausible unfavourable forward-looking scenarios and risks related to the credit cycle and economic downturn, adverse investments behaviours or excessive exposure concentrations at the sectoral and/or country level. For example, EIOPA financial stability and conduct ESG risk indicators can be used to assess the external environment and business context in which climate change-related risks/opportunities can arise for the undertakings, the risk indicators will give an indication of macro-prudential risk in the insurance sector, and potential ESG related developments at sector level to the detriment of consumer protection.
  • Interlinkages: For example, increasing temperatures leading to increased mortality risk affecting health business can potentially create underwriting as well as legal transition risk if the conditions for triggering a liability insurance have been met (e.g. a company failing to mitigate/adapt the risk). But also, a sharp increase in physical risks can lead to public policies focusing on a faster economy transition, leading in turn to higher transition risks. Physical and transition risks can impact economic activities, which in turn can impact the financial system. At the same time, the interconnectedness of the financial sector, and more generally of the economy, can create secondary effects: physical risk reducing the value of property, reducing in turn the value of collateral for lending purposes or increasing the cost of credit insurance, leading to economic slowdown; or physical damage caused by extreme weather events to critical infrastructure increasing the potential for operational/IT risks, amplifying supply chain disruption and disruption to global production of goods.

Based on the narrative, through qualitative and quantitative analyses, undertakings should arrive at an assessment of the materiality of their exposure to sustainability risks. A qualitative analysis could provide insight in the relevance of the main drivers in terms of traditional prudential risks. A quantitative analysis could assess the exposure of assets and underwriting portfolios to sustainability risk.

Exposure assessment

The aim is to identify sustainability risk drivers and their transmission channels to traditional prudential risks (i.e. market risk, counterparty risk, underwriting risk, operational risk, reputational risk and strategic
risk). Additionally, the assessment should provide insight into (direct) legal, reputational or operational risks or potential (indirect) market or underwriting risks, which could arise from investing in or underwriting activities with negative sustainability impacts, or from the undertaking misrepresenting its sustainability profile in public disclosure.

  • Qualitative analysis to help identifying the main drivers of climate change risks:
    • Transition risk drivers include changes in policies, technologies, and market preferences as well as the business activities of investees and commercial policyholders and policyholder preferences. At macro level, it may include consideration of failure of national governments to meet transition targets.
    • Physical risk drivers include level of both acute and chronic physical events associated with different transition pathways and climate scenarios. This involves assessing the impact of physical risks to counterparties (investees, policyholders, reinsurers) as well the insurer’s own operations (e.g.to insurer’s business continuity, also for outsourced services). For climate change-related risks, the assessment should consider the evolution of extreme weather-related events for insurers underwriting natural catastrophe risks (incl. in property and health insurance).
  • Geographical exposure: Identify potential exposure of assets or insured objects to sustainability risk based on, for example, the location of operations, assets or insured objects or supply chain dependencies of investee companies in geographical areas, regions or jurisdictions prone to (physical) climate, other environmental or social risks.
    • Natural catastrophe and environmental risk datahubs such as the Copernicus datasets on land (use) or biodiversity can give an indication of relevant environmental risks across regions.
    • Social risk indicators identify countries or regions that are vulnerable to social risk, measure social inequality or development. These can give an indication on potential social risk exposure of assets or liabilities located in those regions.
  • Economic activity/sector-based exposure: Identify potential exposure of assets or lines of business or insured risks to potential sustainability risks based on the impact of the investee (or supply chain dependencies of the investee) or the policyholder’s economic activity, or their dependency on environmental or social factors. Such assessment should however not only focus on for example, exposures to climate related sectors, but also to other sectors which may be indirectly affected by (transition) risks.
    • Alignment of the economic activity with the climate and environmental objectives and screening criteria set out in the Taxonomy Regulation and Climate, Environmental Delegated Regulations, as supported by the taxonomyrelated disclosures.
    • Biodiversity loss, a high-level exposure assessment of could be carried out using the level of premiums written in economic sectors with a high dependence on ecosystem services and/or a high biodiversity footprint (economic exposure) and the probability of occurrence of the associated nature-related risk factors.
    • Social risks, exposure of assets or liabilities to economic activities in ‘high risk social sectors’, can be identified by referring to the Business and Human Rights Navigator (UN Global Compact), which can help mapping exposure to sectors at high risk of relying on child labour, forced labour, or sectors negatively impacting on equal treatment (incl. restrictions to freedom of association) or on working conditions (inadequate occupational safety and health, living wage, working time, gender equality, heavy reliance on migrant workers) or have negative impacts on indigenous people.

Financial risk assessment

Where the exposure is deemed material, based on the thresholds set by the undertaking, a more detailed evaluation of the financial risks combining quantitative and/or qualitative approaches should inform the financial impact on the undertaking’s balance sheet. Here the assessment should aim to identify the key financial risk metrics and provide a view of the expected impact of such risks under different scenarios and time horizons at various levels of granularity.

Scenarios

When assessing the potential financial impact of material sustainability risks, the RTS sets out that undertakings should specify at a minimum two scenarios that reflect the materiality of the exposure and the size and complexity of the business. One of the scenarios should be based on the narrative
underpinning the materiality assessment. Where relevant, the scenarios should consider prolonged,
clustered, or repeated events, and reflect these in the overall strategy and business model including
potential stresses linked to the

  • availability and pricing of reinsurance,
  • dividend restrictions,
  • premium increases/exclusions,
  • new business restrictions,
  • or redundancies.

For climate change risks, the Solvency II Directive requires undertakings with a material exposure to climate change risks to specify at least two long term climate change scenarios:

(a) a long-term climate change scenario where the global temperature increase remains below two degrees Celsius;

(b) a longterm climate change scenario where the global temperature increase is significantly higher than two degrees Celsius.

Experience to date shows that the most used scenarios are those designed by NGFS43, IPCC Shared Socioeconomic Pathways (SSPs) or tailor-made scenarios (set by regulators, e.g. for nature-related scenarios or for stress testing purposes.

Time horizons

The time horizon should ensure that the time horizon for analysing sustainability risks is consistent with the undertaking’s long-term commitments. The time horizon should allow to capture risks which may affect the business planning over a short-to-medium term and the strategic planning over a longer term.

The time horizon chosen for the materiality assessment in sustainability risk plan should also enable the integration of the risk assessment process with time horizons applied for the purposes of the ORSA for risk assessment purposes.

Taking the example of the impact of climate change: its impact can materialise over a longer time horizon than the typical 3-5 years (re)insurers’ strategic and business planning time horizons considered in the ORSA. It is argued that ORSA time horizons are too short to integrate the results of such longer-term climate change scenarios. Nevertheless, the ORSA should allow for the monitoring of the materialisation of risks over a longer term. At the same time, climate change-related risks and opportunities can affect the business planning over a short term and the strategic planning over a longer term.

The RTS specify the time horizons for sustainability risk assessment, to promote supervisory convergence and increase the consistency of risk assessment across undertakings and with decisionmaking. For this purpose, the RTS stipulates that the following time horizons for the sustainability risk assessment apply:

  • Short term projection: 1-5 years
  • Medium term projection: 5-15 years
  • Long term projection: min. 15 years

Documentation and data requirements

The sustainability risk assessment should be properly documented. This would include documenting the methodologies, tools, uncertainties, assumptions, and thresholds used, inputs and factors considered, and main results and conclusions reached.

Undertakings’ internal procedures should provide for the implementation of sound systems to collect and aggregate sustainability risks-related data across the institution as part of the overall data governance and IT infrastructure, including to assess and improve sustainability data quality.

Undertakings would need to build on available sustainability data, including by regularly reviewing and
making use of sustainability information disclosed by their counterparties, in particular in accordance with the CSRD or made available by public bodies.

Additional data can be sourced from interaction with investees and policyholders at the time of the
investment or underwriting of the risk, or estimates obtained from own analysis and external sources.
Undertakings should, where data from counterparties and public sources is not available or has shortcomings for risk management needs, assess these gaps and their potential impacts. Undertakings
should document remediating actions, including at least the following: using estimates or (sectoral) proxies as an intermediate step – the use of such estimates should be clearly indicated – , and seeking to reduce their use over time as sustainability data availability and quality improve; or assessing the need to use services of third-party providers to gain access to sustainability data, while ensuring sufficient understanding of the sources, data and methodologies used by data providers and performing regular quality assurance.

Frequency

The RTS aim to align the frequency of performance of the materiality and financial risk assessments
with, on the one hand, the cycle of the submission of the regular supervisory report to the supervisor ‘at least every three years’, if not stipulated differently by the supervisor, and the requirement for undertakings to assess material risks as part of their ORSA ‘regularly and without any delay following any significant change in their risk profile’.

Significant changes to the undertaking’s risk profile can include material change to its business environment including in relation to sustainability factors, such as significant new public policies or shifts in the institution’s business model, portfolios, and operations.

In addition, for the frequency of the financial risk assessment, the RTS need to consider that undertakings (except for SNCUs) are required to conduct at regular intervals, at a minimum every three years, the analysis of the impact of at least two long-term climate change scenarios for material climate change risks on the undertaking’s business.

Based on these considerations, the RTS set out that the materiality and financial risk assessment should be conducted at least every three years, and regularly and without any delay following any significant change in their risk profile.

Building on the requirements , the RTS specifies that key metrics and the results of the sustainability risk
plan should be disclosed at least every year or, for smaller and non-complex undertakings, at least every two years or more frequently in case of a material change to their business environment in relation to sustainability factors.

Metrics

Prescribing a list of metrics in sustainability risk plans can help

  • in promoting risk assessment,
  • improve comparability of risks across undertakings,
  • promote supervisory convergence in the monitoring of the risks and
  • enable relevant disclosures.

At the same time, it is important to allow undertakings flexibility in defining their metrics to avoid missing useful undertaking-specific information. Therefore, the RTS describes the key characteristics of the metrics and provides a minimum list of relevant metrics to compute.

Backward-looking (current view) and forward-looking, can be tailored to the undertaking’s business model and complexity, while following key characteristics apply. Metrics should

  • provide a fair representation of the undertakings’ risks and financial position using the most up-to-date information.
  • be appropriate for the identification, measurement, and monitoring of the actions to achieve the risk management targets.
  • be calculated with sufficient granularity (absolute and relative) to evaluate eventual concentration issues per relevant business lines, geographies, economic sectors, activities, and products to quantify and reflect the nature, scale, and complexity of specific risks.
  • allow supervisors to compare and benchmark exposure and risks of different undertakings over different time horizons.
  • be documented to a sufficient level to provide relevant and reliable information to the undertaking’s management and at the same time be used as part of supervisory reporting and, where relevant for public disclosure, ensuring sufficient transparency on the data (e.g. source, limitations, proxies, assumptions) and methodology (e.g. scope, formula) used.

The RTS requires the following minimum current view metrics:

The following list includes optional metrics which could be considered by the undertaking on a voluntary basis to report on the results of scenarios analysis (financial risk assessment) for material sustainability risks.

Targets

Based on the results of the sustainability risk assessment, the undertaking’s risk appetite and long-term
strategy, the undertaking should set quantifiable targets to reduce or manage material sustainabilityrelated exposure/risks or limits sustainability-related exposure/risks to monitoring prudential risks over the short, medium, and long term.

The undertaking should, based on its risk appetite, specify the type and extent of the material sustainability risks the undertaking is willing to assume in relation to all relevant lines of business, geographies, economic sectors, activities and products (considering its concentration and diversification objectives) and set its risk management targets accordingly.

Undertakings shall explain the way the target will be achieved or what is their approach to achieve the
target. Intermediate targets or milestones should allow for the monitoring of progress of the undertaking in addressing the risks. The undertakings should specify the percentage of portfolio covered by targets.

The targets should be consistent with any (transition) targets used in the undertaking’s transition plans and disclosed where applicable. The targets and measures to address the sustainability risks will consider the latest reports and measures prescribed by the European Scientific Advisory Board on climate change, in particular in relation to the achievement of the climate targets of the Union.

Relation between targets, metrics, and actions across transition plans, sustainability risk plans and ORSA, applied to an example for transition risk assessment for climate risk-related investments

Actions

Actions to manage risks should be risk-based and entity-specific.

  • Actions set out in undertakings’ transition plans, for example under CSDDD can inform the sustainability (transition) risk to the undertaking’s business, investment, and underwriting. Such transition plan actions typically involve:
  • Limiting investment in non-sustainable activities/companies Introduction of sustainability criteria in the investment decision.
  • Re-pricing of risks.
  • Integrating sustainability into the investment guidelines.
  • Stewardship, impact investing, impact underwriting.
  • Integrating ESG into the underwriting standards and guidelines of the undertaking.
  • Product development considering the impact on climate change.

The measures in the transition plan and actions to address financial risks arising from the transition need to be integrated into the investment, underwriting and business strategy of the undertaking. They need to be measurable and where actions fail to meet their expressed target, these should be monitored and, where necessary, adjusted.

Cliquer pour accéder à click-here-to-access-eiopa-bos-24-458-consultation-paper-on-regulatory-technical-standards-on-management-of-sustainability-risks-2.pdf

Where to start on your ESG journey

Publié le par hanswillertbleuazurconsultingeu

Where to start on your ESG journey

Initiating your company’s commitment to reporting its environmental, social, and governance (ESG) metrics can prove a daunting task. But keep in mind: It’s a marathon, not a sprint.

“You don’t have to be perfect on Day 1, Your suppliers and stakeholders want to see progress.”

If your company is at this stage—perhaps bracing for the climate-related disclosure rule proposal put forward by the Securities and Exchange Commission (SEC) in March—a roadmap for getting your ESG efforts off the ground could look like this:

Transparency and annual reporting: “Start by identifying all the things your company is doing on ESG and build a baseline, that will give you an indication of how mature your program is today. Most likely you’re doing a lot already.”

Peer benchmarking: Where are your competitors in their ESG journeys? Have any of them experienced public success or failure you can learn from? From this exercise, your company can set realistic expectations of where it wants to be to keep pace with the competitive landscape.

Materiality assessment: “Understanding the materiality drivers for your industry or industries, depending on how your company is structured, is helpful”. The Sustainability Accounting Standards Board (SASB) offers a materiality map that provides guidance for 77 different industries. “Having something at the bottom doesn’t mean it’s not important and you stop doing it, but it helps you focus on the top tier, those are the items you need to set public goals on.” External materiality assessments also add credibility. »

Strategy framework: You know what your peers are doing, you know what’s important to the company and its investors— now is when you build out your strategy. “What does ESG mean for us?” “What are we trying to achieve?” ESG means different things for different companies, but “there’s also some fundamental truths about what ESG is and how and who ESG is serving—the stakeholders involved in your business.” Particularly for compliance professionals, serving shareholders is a natural strategic goal to build around.

Goal setting/resetting: During the peer benchmarking stage, you might note some of the milestones your competitors are striving toward. Their goals can help shape your own. “Do you want to be with the group where you’re just managing expectations, or do you want to compete or lead? It doesn’t happen overnight; you have to go through it step-by-step and build your goals for the long term to move the needle on this. If you’re setting carbon-neutral or net-zero deadlines, be realistic. “Put something out there that is achievable but not too easy”.

Implementing and measuring: This is the most important step because “it’s not in your hands anymore, You have to depend on your cross-functional teams … they will be the ones doing the work and implementing the initiatives.” Legal, human resources, operations, and other departments each have a part to play. You set up a dashboard to track how it was progressing on its key performance indicators on a quarterly basis. “We didn’t wait until the annual report to find out how we did”.

Improvement and adjustment: ESG reporting is a cycle, as evidenced by the arrow in the roadmap image. Going through these steps each year will help ensure a business is tailoring its objectives to continue to serve the most important piece of the puzzle. “This (ESG) is about the people, this is not about the processes, procedures, or requirements. It’s about the people—inspiring the people, collaborating cross-functionally, getting that momentum. That will help you move a lot faster.”

ESG: Adapting businesses should look beyond what is financially material

Environmental, as many would expect, covered climate-related elements, including carbon, energy, water, waste, and circularity. Diversity and inclusion, workplace safety, data privacy and protection, and customers and community fell under social. Governance claimed ethical business practices, board structure, disclosures and reporting, and executive compensation.

While ESG is comprised of just three words, it represents a lot more, encompassing many aspects of how businesses can operate efficiently, ethically, and more financially sound. “Sometimes you have to take out some of the buzzwords that cause people to lock in to certain thinking and open it up. One way to do that is to call it strategic nonfinancial materiality.”

It’s important to think of sustainability initiatives in terms of strategic nonfinancial materiality when it comes to the “tragedy of the commons,” a popular term in environmental science. “When we come across something we can use with no associated cost, we historically 100 percent of the time overuse and mismanage it. If something is common, we manage to mess it up.”

Examples of this include the atmosphere, oceans, and low earth orbit. Prudent corporations can innovate their thinking by getting ahead of an issue and “band[ing] together with industry [or] with other people who use those commons.” One way to think about this, is the term “double materiality,” which is often associated with the European Union’s Nonfinancial Reporting Directive. Double materiality calls for companies to consider their impact on society and the environment in addition to how sustainability issues affect the company.

“In the United States, we’re very well focused on financial materiality.” Also worth considering is “dynamic materiality,” a term utilized by the World Economic Forum that encourages companies to track certain factors year-over-year that might not be material now but could be in the future as the environment changes rapidly.

“These are dynamically material risks. You may still not know anything about them, but it is important to track them potentially as emerging risks, so, innovate how you look at not just what’s a snapshot material now but what are those things that are likely to be material soon.”

Regarding social, it’s suggested to contemplate news stories over the last few years that have changed how we deal with employees as an example. “They didn’t happen in a continuity, one day you weren’t talking about it, the next day it was on the front page and didn’t go off. Those are dynamically material things that drastically change, and you should be able to look for them.”

The Securities and Exchange Commission’s (SEC) proposed climate-related disclosure rule released in March puts forward a similar process, asking companies “to report items that aren’t financially material but are risks nonetheless. This is new, and it’s going to affect the assurance functions,” including

  • internal audit,
  • enterprise risk management,
  • and trade compliance.

“Assurance functions rely on governance and rules, and as we do this, we are going to expand that governance. When you do, you can expand assurance.”

Under the SEC’s proposal, assurance—first limited, then reasonable—is required for Scope 1 and 2 greenhouse gas emissions disclosures outside of the financial statements for accelerated and large accelerated filers. There is no initial attestation requirement for Scope 3 disclosures, which are also subject to a safe harbor provision for affected registrants.

Regarding internal audit, “Maybe we can apply more automation [and] more data analytics to those areas. There is going to be more governance and rigor applied. Maybe more of our creative aspects and our more human and complex audits can go to other places because if greenhouse gas emissions are going to be extremely rigorized, similar to financials, maybe that can be a robotic process automation.”

Hidden Opportunities of Aligning Ethics and Compliance with ESG

ESG is rapidly evolving from grass-roots activism into a top down, board-driven mandate. It’s no mystery why, given that ESG assets make up a third of total global assets under management and are expected to surpass $50 trillion by 2025. ESG investing (also known as “impact investing”) was born of a growing awareness that long-term financial performance of businesses is inextricably intertwined with environmental, social, and governance factors. It has gained considerable traction as research suggests that companies with high ESG ratings tend to outperform their counterparts.

As a result, companies are moving beyond “check the box” ESG disclosures, to instead build out substantive ESG programs, identify appropriate quantitative and qualitative metrics to measure and validate their ESG initiatives, and distinguish themselves with “AAA” ESG ratings. Corporations are devoting significant capital, time, and resources to embedding environmental, social and governance factors into their business strategies and preparing annual ESG disclosures. Because ethics and compliance is so tightly woven into the social and governance elements of ESG, ethics and compliance officers are uniquely poised to support this broader effort in a number of ways.

THE OVERLAP BETWEEN E&C AND ESG

While ESG is strongly associated with environmental initiatives such as lowering carbon footprint, social and governance factors have achieved equal prominence. “Social” and “governance” define a company’s corporate citizen persona—or how it behaves—which is the heart and soul of ethics and compliance and, increasingly, a key factor in market valuation.

Ensuring a company behaves responsibly and ethically is both the mission of a Chief Ethics and Compliance Officer and the purpose of an ESG program. CECOs therefore have oversight of much of the infrastructure that supports social responsibility and prevents corruption, such as

  • internal controls,
  • Code of Conduct and policies,
  • workplace health and safety,
  • data protection and privacy,
  • whistleblower hotlines, workforce training,
  • and prevention of fraud, bribery and money laundering.

Ethics and compliance is mission critical because it is the reputational guardian of the company, the first line of defense against ethical fading. Thanks in large part to the lightning speed of today’s news cycle and the instantaneous impact of social media, corporate malfeasance scandals can have massive immediate impact on reputation and by extension valuation. It’s not unusual for news of bad corporate behavior to be accompanied by an immediate 20-30% drop in market cap. For a $3 billion company, that can equate to a one-day loss of $1 billion.

WHY SHOULD CECOS ALIGN WITH ESG?

It’s early days for ESG, relatively speaking, and best practices for building, quantifying, and disclosing ESG programs are rapidly evolving. As companies move towards transparency and begin walking the talk by aligning corporate culture to the stated ESG values, the historical function of E&C rolls up naturally to support these efforts. Opportunities abound for ethics and compliance leaders who join the challenge to improve their company’s ESG report card:

  1. Board visibility: Boards have come to recognize that robust ESG programs not only attract investors, but also offer a framework to mitigate business risk and future proof the company. Boards are now dedicating agenda time to embedding ESG into company strategy and risk mitigation. As a result, the head or coordinator of a company’s ESG program often reports to the board.
  2. More funding: A traditional ethics and compliance framework is often insufficient to meet the broader mandate of ESG. The top accounting and consulting firms are investing in building capability and capacity for ESG advisory services, and CECOs should be doing likewise internally. By tying ethics and compliance programming to ESG, E&C officers can tap into a bigger budget pool.
  3. Organizational clout: ESG planning and disclosure requires holistic engagement across the organization. By ensuring ethics and compliance is a strong complement of, and contributor to, the high-visibility high-value ESG initiative, CECOs can break organizational silos and increase the intrinsic value of ethics and compliance (and their roles) in the process.
click-here-to-access-compliance-weeks-ebook

An Animal Kingdom Of Disruptive Risks -How boards can oversee black swans, gray rhinos, and white elephants

Publié le par hanswillertbleuazurconsultingeu

Where was the board? As a corporate director, imagine you find yourself in one of these difficult situations:

  • Unexpected financial losses mount as your bank faces a sudden collapse during a 1-in-100-year economic crisis.
  • Customers leave and profits drop year after year as a new technology start-up takes over your No. 1 market position.
  • Negative headlines and regulatory actions besiege your company following undesirable tweets and other belligerent behavior from the CEO.

These scenarios are not hard to imagine when you consider what unfolded before the boards of Lehman Brothers, Blockbuster, Tesla, and others. In the context of disruptive risks, these events can be referred to as black swans, gray rhinos, and white elephants, respectively. While each has unique characteristics, the commonality is that all of these risks can have a major impact on a company’s profitability, competitive position, and reputation.

In a VUCA (volatile, uncertain, complex, and ambiguous) world, boards need to expand their risk governance and oversight to include disruptive risks. This article addresses three fundamental questions:

  • What are black swans, gray rhinos, and white elephants?
  • Why are they so complex and difficult to deal with?
  • How should directors incorporate these disruptive risks as part of their oversight?

Why are companies so ill prepared for disruptive risks? There are three main challenges:

  1. standard enterprise risk management (ERM) programs may not capture them;
  2. they each present unique characteristics and complexities;
  3. and cognitive biases prevent directors and executives from addressing them.

Standard tools used in ERM, including risk assessments and heat maps, are not timely or dynamic enough to capture unconventional and atypical risks. Most risk quantification models—such as earnings volatility and value-at-risk models—measure potential loss within a 95 percent or 99 percent confidence level. Black swan events, on the other hand, may have a much smaller than 0.1 percent chance of happening. Gray rhinos and white elephants are atypical risks that may have no historical precedent or operational playbooks. As such, disruptive risks may not be adequately addressed in standard ERM programs even if they have the potential to destroy the company. The characteristics and complexities of each type of disruptive risk are unique. The key challenge with black swans is prediction. They are outliers that were previously unthinkable. That is not the case with gray rhinos, since they are generally observable trends. With gray rhinos the main culprit is inertia: companies see the megatrends charging at them, but they can’t seem to mitigate the risk or seize the opportunity. The key issue with white elephants is subjectivity. These no-win situations are often highly charged with emotions and conflicts. Doing nothing is usually the easiest choice but leads to the worst possible outcome. While it is imperative to respond to disruptive risks, cognitive biases can lead to systematic errors in decision making. Behavioral economists have identified dozens of biases, but several are especially pertinent in dealing with disruptive risks:

  • Availability and hindsight bias is the underestimation of risks that we have not experienced and the overestimation of risks that we have. This bias is a key barrier to acknowledging atypical risks until it is too late.
  • Optimism bias is a tendency to overestimate the likelihood of positive outcomes and to underestimate the likelihood of negative outcomes. This is a general issue for risk management, but it is especially problematic in navigating disruptive risks.
  • Confirmation bias is the preference for information that is consistent with one’s own beliefs. This behavior prevents us from processing new and contradictory information, or from responding to early signals.
  • Groupthink or herding occurs when individuals strive for group consensus at the cost of objective assessment of alternative viewpoints. This is related to the sense of safety in being part of a larger group, regardless if their actions are rational or not.
  • Myopia or short-termism is the tendency to have a narrow view of risks and a focus on short-term results (e.g., quarterly earnings), resulting in a reluctance to invest for the longer term.
  • Status quo bias is a preference to preserve the current state. This powerful bias creates inertia and stands in the way of appropriate actions.

To overcome cognitive biases, directors must recognize that they exist and consider how they impact decision making. Moreover,

  • board diversity,
  • objective data,
  • and access to independent experts

can counter cognitive biases in the boardroom.

Recommendations for Consideration

How should directors help their organizations navigate disruptive risks? They can start by asking the right questions in the context of the organization’s business model and strategy. The chart below lists 10 questions that directors can ask themselves and management.

NACD1

In addition, directors should consider the following five recommendations to enhance their risk governance and oversight:

  1. Incorporate disruptive risks into the board agenda. The full board should discuss the potential impact of disruptive risks as part of its review of the organization’s strategy to create sustainable long-term value. Disruptive risks may also appear on the agenda of key committees, including the risk committee’s assessment of enterprise risks, the audit committee’s review of risk disclosures, the compensation committee’s determination of executive incentive plans, and the governance committee’s processes for addressing undesirable executive behavior. The key is to explicitly incorporate disruptive risks into the board’s oversight and scope of work.
  2. Ensure that fundamental ERM practices are effective. Fundamental ERM practices—risk policy and analytics, management strategies, and metrics and reporting—provide the baseline from which disruptive risks can be considered. As an example, the definition of risk appetite can inform discussions of loss tolerance relative to disruptive risks. As an early step, the board should ensure that the overall ERM framework is robust and effective. Otherwise, the organization may fall victim to “managing risk by silo” and miss critical interdependencies between disruptive risks and other enterprise risks.
  3. Consider scenario planning and analysis. Directors should recognize that basic ERM tools may not fully capture disruptive risks. They should consider advocating for, and participating in, scenario planning and analysis. This is akin to tabletop exercises for cyber-risk events, except much broader in scope. Scenario analysis can be a valuable tool to help companies put a spotlight on hidden risks, generate strategic insights on performance drivers, and identify appropriate actions for disruptive trends. The objective is not to predict the future, but to identify the key assumptions and sensitivities in the company’s business model and strategy. In addition to scenario planning, dynamic simulation models and stress-testing exercises should be considered.
  4. Ensure board-level risk metrics and reports are effective. The quality of risk reports is key to the effectiveness of board risk oversight. Standard board risk reports often are comprised of insufficient information: historical loss and event data, qualitative risk assessments, and static heat maps. An effective board risk report should include quantitative analyses of risk impacts to earnings and value, key risk metrics measured against risk appetite, and forwardlooking information on emerging risks. By leveraging scenario planning, the following reporting components can enhance disruptive risk monitoring:
    • Market intelligence data that provides directors with useful “outside-in” information, including key business and industry developments, consumer and technology trends, competitive actions, and regulatory updates.
    • Enterprise performance and risk analysis including key performance and risk indicators that quantify the organization’s sensitivities to disruptive risks.
    • Geo-mapping that highlights global “hot spots” for economic, political, regulatory, and social instability. This can also show company-specific risks such as third-party vendor, supply chain, and cybersecurity issues.
    • Early-warning indicators that provide general or scenariospecific signals with respect to risk levels, effectiveness of controls, and external drivers.
    • Action triggers and plans to facilitate timely discussions and decisions in response to disruptive risks.
  5. Strengthen board culture and governance. To effectively oversee disruptive risks, the board must be fit for purpose. This requires creating a board culture that considers nontraditional views, questions key assumptions, and supports continuous improvement. Good governance practices should be in place in the event a white elephant appears. For example, what is the board protocol and playbook if the CEO acts inappropriately? In the United States, the 25th Amendment and impeachment clauses are in place ostensibly to remove a reprehensible president. Does the organization have procedures to remove a reprehensible CEO?

The following chart summarizes the key characteristics, examples, indicators, and strategies for identifying and addressing black swans, gray rhinos, and white elephants. The end goal should be to enhance oversight of disruptive risks and counter the specific challenges that are presented. To mitigate the unpredictability of black swans, the company should develop contingency plans with a focus on preparedness. To overcome inertia and deal with gray rhinos, the company needs to establish organizational processes and incentives to increase agility. To balance subjectivity and confront white elephants, directors should invest in good governance and objective input that will support decisiveness.

NACD2

The Opportunity for Boards

In a VUCA world, corporate directors must expand their traditional risk oversight beyond well-defined strategic, operational, and financial risks. They must consider atypical risks that are hard to predict, easy to ignore, and difficult to address. While black swans, gray rhinos, and white elephants may sound like exotic events, directors could enhance their recognization of them by reflecting on their own experiences serving on boards.

Given their experiences, directors should provide a leading voice to improve oversight of disruptive risks. They have a comparative advantage in seeing the big picture based on the nature of their work— part time, detached from day-to-day operations, and with experience gained from serving different companies and industries. Directors can add significant value by providing guidance to management and helping them see the forest for the trees. Finally, there is an opportunity side to risk. There are positive and negative black swans. A company can invest in the positive ones and be prepared for the negative ones. For every company that is trampled by a gray rhino, another company is riding it to a higher level of performance. By addressing the white elephant in the boardroom, a company can remediate an unspoken but serious problem. In the current environment, board oversight of disruptive risks represents both a risk management imperative and a strategic business opportunity.

Click here to access NACD’s summary