This post was originally written as part of the Institute for Risk Management’s Risk Agenda 2025 – a project investigating the future of risk and risk management in 2025. Dr Tuveson’s post is also available to be read here.
It is a truth universally acknowledged that a corporation in possession of a good fortune is fraught with risks. The risks might be internally focussed such as those related to talent and culture or be driven by external exogenous events, ranging from regime changes in regulation to cyber-security attacks. Since corporations are in the business of creating value for their shareholders, we assume that their business processes include effectively embracing and managing their risks. It follows that a firm’s competitive advantage should lead to maximizing stakeholder value. In the next 25 years, business and wider society will place increasing value in the ability to view and quantify the true state of a corporation’s collective risks at any moment in time, and have insights into corresponding hedging strategies.
Some may question why the risk management field should focus on further empowering corporations when some scholars argue that during the last several decades, corporations have expanded in dominance, as measured by their contribution to economic output, ownership of intellectual property, and political, educational and cultural influences on society. As a trade-off for the creation of jobs and livelihoods in communities, the world seems to have accepted a societal evolution towards what Keynes referred to as economic statesmanship. Many corporations have been empowered to be on equal footing with the state and certain corporate controls have passed beyond the confines of private enterprise and into society more broadly.
The publication of Ronald Coase’s “Nature of the Firm” with its ground-breaking rationalization for the firm set the foundation for the eventual rise of the corporation in the following decades. Today, however, Coase’s transaction cost optimization argument for the existence of the firm is declining in applicability in many instances due to the equalization created by digital and technology disruptions. Digital progress has allowed all business enterprises to equally leverage similar efficiencies and specifically, technology companies have experienced scaling like their industrial predecessors. For the foreseeable future, corporations will continue their societal predominance even as they redefine their rationalization for existence and models for value creation.
Corporations are seemingly private enterprises with independent governance structures that dictate their operations; however, precedence suggests that they have the potential to rapidly become state responsibilities during times of distress. The concept of widespread bail-outs of “too big to fail” financial institutions was probably unimaginable in previous decades, especially after having experienced the savings and loan crisis in the US.
The lessons learned by society, firms and other stakeholders should be that scenarios of systemic failure and collapse of corporations or entire sectors are possible. In the next several decades, “too big to fail” status could conceivably extend beyond financial services firms to companies in the technology, energy, health, or defense sectors. A number of triggers such as mass litigation, demand destruction, liquidity events, or cyber-security attacks could swiftly threaten the viability of entire corporations, in which case, governments would be left as creditors of last resort.
The average multi-national corporation today faces very different threats to their businesses than it did in the 1980s when dominant forms of risk and compliance practices were formed. Active areas of research support the contention that corporations’ overall risk profiles have increased since then, simply from the effects of a more globalised and closely networked world.
The issue of managing a firm’s collective risks is not often raised in the same discussion as maximizing shareholder value. A firm’s risk exposure is defined over a certain return period, which may not overlap with shareholder’s short-term aperture. Recently, we have seen evidence of aligning strategic decisions to a firm’s overall risk profile such as exiting certain markets to reduce financial crime risk or human rights violation claims – decisions which may not have unfolded similarly several decades ago. The process of sacrificing near term profits as a trade-off against probabilistic risk exposures requires development of a range of methodologies and tools.
Reminiscent of efforts leading up to the development of the Solvency II and Basel directives, governments and corporations are just at the dawn of incorporating concepts related to viability and de-risking insolvency into regulatory frameworks for corporations. This includes the mandatory filing of viability statements for corporations in the UK and expanded risk factor disclosures in the 10-K public filings in the US. The field of risk management and its supporting research will need to expand to address the demand for greater clarity in modelling and communicating collective risks and foreseeable harm that corporations might face in the future, and better understanding their financial implications. Organisations that lead in identifying and assessing risks that today are both nonstandardised and foreseeable will indeed be creating a competitive advantage.
Philip Brice
The intervention of governments and central banks in the risk management of banks and financial institutions is understandable – they insure deposits and are the ultimate providers of liquidity if things go wrong.
But corporates are very different. They can go bankrupt, or shrink, or change industry. What continues to matter is shareholder value (not the next quarterly P&L, but discounted long-term free cashflow to shareholders). There is no similar justification for central regulation. Viability statements, and discussions on risk in the Annual Report are not really much use. If a shareholder in an oil company is unaware of the risks of the oil industry, they have a problem that will not be solved by suggesting they read the multi-page risk section of the Annual Report.
What is needed is a real and open discussion between shareholders, the Board, and senior management on risks. How to get that without the company opening up its underbelly to the rapacious claws of its competitors will be a challenge.
Perhaps our only hope is to see real openness and shared understanding between the company and its non-execs in their role as shareholder representatives. We still have far to go.