Introduction
Ladies and gentlemen, it is my pleasure to be invited to deliver this keynote speech at your Annual Audit Committee Conference. Your topic remains very relevant for our times, as the impact of the Great Financial Crisis, now acronymed GFC, continues to lurk in the corridors of our global financial system and threatens our global economic recovery.
While we are still trying to get to grips with the GFC and to put regulatory measures in place to prevent the same crisis happening again, a new but related threat is rearing its head at us – sovereign debt risk.
Causes of the GFC
As we now all know, the GFC was triggered by poor market conduct from financial institutions in the form of loose credit extension and non-disclosure to non- creditworthy individuals.
This unfortunate trend was underpinned by superficially low interest rates in the USA, resulting in a flood of liquidity in the global economy and the frantic chase for high yielding financial instruments.
The long held wisdom that house prices would continue to increase provided an illusory comfort to both the lender and the borrower that their investments in property will always be “in-the-money”.
As interest rates started to reset to higher rates, something which was not disclosed to all borrowers, many of the household debtors started to default. To make matters worse, a lot of these mortgages were packaged, moved from balance sheets and sold to other investors, thereby transferring the risk out of the retail banking system to other financial systems. These packaged assets came to be known as the Subprime Mortgage Backed Securities.
As individuals started to default on their loans, the performance of Subprime Mortgage Backed Securities started to be negatively affected, thereby adversely affecting the various institutional investors, and also the investment and retail banks.
Because banks could no longer trust each other, as they did not know which bank was sitting on good or bad assets, they started shying away from lending to each other. To further preserve their already strained balance sheets, banks started deleveraging and avoiding further lending to corporates and individuals. So we entered the great global economic recession.
Then we had institutions which veered away from their traditional business and started to do quasi-banking business. AIG is a classic example of an insurance company which got caught in the GFC web because of excessively providing Credit Default Swaps – that is insurance against credit defaults. Needless to mention, when the defaults started, even one of the largest global insurance companies could not deal with the crisis.
At the root of all these is short-termism and greed. The excessive desire to make excessive money encouraged the creation of complex financial instruments with the sole purpose of making more money. As the rush for such complex instruments surged, people traded and others invested in instruments they did not even understand, let alone the regulator.
Credit rating agencies (CRAs) did not help the situation by assigning high ratings to complex structured subprime debt based on inadequate historical data and in some cases flawed models. Financial institutions too relied heavily and blindly on the CRAs and put less reliance on their own internal risk management mechanisms.
Governance lapses: global and corporate
The big question, which I suppose is very relevant for all of us here today, is: to what extent did the failures or weaknesses in corporate governance contribute to the GFC? Could good corporate governance, proper risk management and effective board oversight have prevented all these? The answer, to a certain extent, should be a yes.
The weaknesses in the global financial architecture surely did not do much to help. Failures in co-ordination between different country regulators responsible for supervising multinational financial institutions weakened their ability to respond swiftly and adequately to prevent and ameliorate the spread of risk and the crisis.
Major financial and even non-financial companies had in place reward systems that encouraged and rewarded high levels of risk-taking, focusing on short term benefits, without taking into account the long term performance and the interests of their companies. Institutional investors need to take some responsibility here as they are everyday drivers of share prices, and most of them tend to suffer from short term “herding” behaviour.
A lot of the people who played a role in the GFC didn’t care much if things went under because they would have made their quick bucks and moved on to something else. And we should dare say that probably the banks themselves, consciously or subconsciously, believed that they were too big to be ignored, let alone fail.
What has been evident, post the crisis, is that there have been significant failures of internal risk management systems in some major multinational financial institutions, made even worse by incentive systems that encouraged and rewarded high levels of risk taking.
The former CEO of Citibank has been widely quoted as having said: “While the music is playing, you have to dance”. This highlighted the "short-termism‟ mind-set prevailing at the time, which promoted short term gains and performances at the expense of long term growth, including also society gains, as many people lost their jobs in the wake of the GFC.
We must all ask ourselves, to what extent were company boards clear about the strategies and risk appetite of their companies. Were the independent board members exercising proper oversight on their executive? Were they asking “stupid” or “obvious” questions – because it is such “stupid” and “obvious” questions which can reveal issues taken for granted by the executive.
As we all are gathered here today, I am certain that we want to equip ourselves adequately in order to discharge our duties in our respective institutions where we operate. And we must not stop with our institutions, we must think of the impact, both positive and negative, our institutions have on our societies. You, as audit committees and auditors, must all recognise the important role you play in helping companies and other entities to identify weaknesses and put in place measures to strengthen their governance mechanisms. You must be the whistle-blowers for society.
I would even include the often overlooked Remuneration Committees in this governance role, which have to come up with remuneration and reward policies commensurate to “fit and proper” managers, and reasonable risk taking.
The role of boards
As a country, we did relatively well amid the GFC. However, we should never be complacent. We now have the benefit of the recent financial crisis from which we can draw lessons on the failures of governance and how best to avoid the destructive path that led the entire world to this current situation. How did it all come to this? To what extent did boards understand their mandates and scope? Did they exercise the oversight powers as they were required and expected to?
The question is a challenging one. Do we need more stringent governance rules, or actually, have the rules always been there and we just took them for granted?
Various standard setting bodies and regulators internationally, such as the Basel Committee on Banking Supervision, International Organisation of Securities Commission (IOSCO), Organisation for Economic Cooperation and Development (OECD) have in place codes and principles on governance of financial institutions, for both banking and non-banking institutions.
For instance, the Basel II capital accord contains mechanisms in Pillar II enabling regulators to impose additional capital charges for incentive structures that encourage risky behaviour. Interestingly, and to the credit of our banks and regulator, our banks have always held a higher than required Capital Adequacy Ratio.
A report published by the OECD in 2009 revealed a number of worrying trends on the failures of governance at board and management level of most multinational financial institutions. In particular, the OECD noted that some boards had not put in place mechanisms to monitor the implementation of strategic decisions such as balance sheet growth.
The financial turmoil has revealed severe shortcomings in practices both in internal risk management and in the role of the boards in overseeing risk management systems at a number of banks and financial institutions. So again, the best practice in terms of rules and codes seem to be there, but either we do not understand them well or we simply take them for granted.
A number of existing codes also stress that executive directors should have a meaningful shareholding in their companies in order to align incentives with those of the shareholders.
The Senior Supervisors Group noted that “an issue for a number of firms is whether compensation and other incentives have been sufficiently well designed to achieve an appropriate balance between risk appetite and risk controls, between short run and longer run performance, and between individual or local business unit goals and firm-wide objectives”.
This concern was also shared by the Financial Stability Forum (2008). Another report published by the Securities Exchange Commission about Bear Sterns also noted proximity of risk managers to traders, suggesting lack of independence.
The role of auditors
Where do you come in as audit committees or auditors? To answer these questions, we must all understand what governance means. I like the definition by Deloitte Touche Tohmatsu: governance is the term used to describe the role of persons entrusted with the supervision, control and direction of an entity.
This role can be exercised by three entities, or a combination thereof: the Board of Directors, the Audit Committee, and other supervisory committees.
For the Board of Directors to make decisions, and proper decisions, they require relevant and reliable information. The auditor’s primary role is to verify the accuracy of this information, among other things. Ultimately, they contribute to ensuring that financial information given to investors is reliable. This is important since it enables discipline by the market.
Audit Committees can also play a more holistic role than ensuring that the financial statements are accurate and reliable. For example, would you not assist us greatly as a society if you also checked that the company had an Environment, Social and Governance (ESG) policy framework, that this ESG framework was sound, and most
importantly, that the company, through its board, was complying with this policy? Should we not focus on group audits rather than individual audits?
Policy responses at international level
The G20 has come up with a number of key policy principles to provide further guidance to national regulatory frameworks, and strengthen institutions and cross- border regulatory arrangements through creating more formal mechanisms to co- ordinate the work of regulators across borders.
Through the Financial Stability Board (FSB) and other standard setting bodies, a lot of what emerged from the G20 has already found resonance with various countries, and South Africa has not been an exception.
At international level, the crisis has also revealed the weaknesses of narrow focus of financial regulation by only dealing with supervision of individual entities at a micro- prudential level.
The new approach, which was mooted by the G20, is to move towards a macro- prudential approach to financial regulation, which focuses on identifying global and domestic macroeconomic and financial stability risks together. Put differently, it focuses on systems and financial institutions‟ links, domestically and abroad.
South Africa’s response
The global financial crisis has presented South Africa, like other countries, with the opportunity to see how best to enhance its financial architecture and regulatory framework.
During his annual Budget Speech in Parliament in February 2011, the Minister of Finance announced the release of a document titled: “A Safer Financial Sector to Serve South Africa Better”, which outlines a number of policy priorities which National Treasury will be focusing on in the next few years.
One of the most important announcements covered in the document is the shift to a “twin peaks” model. The twin peaks model is an objective-driven approach to regulation and seeks to establish two dedicated regulatory bodies, one responsible for prudential regulation and the other for market conduct. As I indicated earlier in my speech, the failure in market conduct, and its supervision, played an important role in the GFC.
No system of regulation can be successful unless it is transparent, independent and accountable, not only as far as Government is concerned but also the regulated industries and the public at large. Appointment of competent and highly skilled senior executives, board members and applying „fit and proper‟ tests to ensure highest levels of integrity, are important for all entities, both public and private.
We are fortunate in South Africa to have dedicated professionals like Mr Mervin King, who has since provided us with a blueprint for governance.
Conclusion
I would like to conclude with a cynical note and in agreement with the statement from Deloitte Touche Tehmatsu: “No governance system, no matter how well designed, will fully prevent greedy, dishonest people from putting their personal interest ahead of the interests of the companies they manage”.
So, my answer to the question you posed is as follows: there are already codes and principles of good corporate governance which are tried and tested. These international and local best practices should be incorporated in internal risk management.
Where we fail, as Boards of Directors, is when we ignore these principles or take them for granted. We also fail when we, as independent directors, are scared to ask the “obvious” and “stupid” questions. We should ask the executive; are you running the company properly and treating your customers fairly?
However, there are areas which certainly require enhancement; for example the focus on group supervision, co-ordination and auditing of multinational financial entities. We also need to strike a good balance between rewarding hard work and excessive risk taking. As a member of the G20, we will continue to participate in the global forums and adopt best practices where applicable.
Good corporate governance alone will not solve all problems. The most important ingredient is the change of attitude and behaviour, and adherence to high levels of integrity and moral fortitude. To the extent that this is not the case, there will always be a need to regulate behaviour by putting rules and codes in place. It is incumbent on all of us to strive for good corporate citizenship.
Thank you.
