Unforeseen events are honing boards’ disaster-planning skills
Tsunamis, erupting volcanoes and terrorist attacks aren’t just the stuff of action movies; they’re central to the conversation savvy directors are having in boardrooms across America.
So-called ‘black swan’ events, a term popularized by Nassim Nicholas Taleb in his 2007 book The black swan, are unforeseen occurrences running the gamut from the near-collapse of too-big-to-fail financial institutions to oil spills and the September 11 attacks.
If disasters like these could have a silver lining, it’s that they are honing boards’ skills at black swan event planning. ‘Who would ever expect the Iceland volcano eruption to halt air traffic from Europe to the US?’ asks Maryanne Peabody, president of governance consulting firm Board Options. ‘People are saying, Hmm – what we thought was solid really wasn’t solid. These events are moving risk to the front of companies’ radar screens.’
Charles Elson, director of the John L Weinberg Center for Corporate Governance at the University of Delaware, believes directors are rising to the occasion when it comes to anticipating corporate risk. ‘Boards are stronger than they used to be,’ he says. ‘They’re much better at asking questions.’
Alex Zmoira, senior manager in the enterprise risk services group at Deloitte & Touche, agrees. ‘Before, a board member might have said, There are people paid to manage risk. It’s not my responsibility,’ he points out. ‘You’re not hearing that anymore.’
Legal liability
In early March 2009, the Delaware Chancery Court cleared Citigroup directors of legal responsibility for having failed to recognize the business risks of investing in subprime assets.
‘There wasn’t evidence that the directors had enough red flags waved in front of them to warn them of the risks to Citigroup investors. The directors had not failed to carry out their duty of care to the company,’ says Edward McNally, a partner at law firm Morris James. ‘In Delaware, to find the directors liable when they’ve failed to anticipate a risk is one of the hardest cases you can bring.’
Stephen Bainbridge, law professor at UCLA, notes that these types of cases tend to revolve around whether the events in question were true black swans: events or issues that no reasonable person would have anticipated, or events where there were clear but unheeded warning signs. ‘The fact that something bad ultimately happened is not enough for the board to be held liable,’ he explains. ‘You have to have had a board that was completely asleep at the switch to have liability.’
The judicial desire to avoid Monday morning quarterbacking makes sense given that black swans can confound even the experts. ‘Most of the financial catastrophes that have happened in the last couple of years were all blessed by the quants,’ says McNally. ‘Here you have extremely smart people who simply did not anticipate the events that occurred.’
Jill Fisch, business law professor at the University of Pennsylvania, believes boards are paying more attention to risk management but that there is a limit to what they can do. ‘To a large extent, a board has to rely on management members and outside advisers in terms of bringing serious risks to the board’s attention and recommending a course of action,’ she explains. ‘Boards are asking more questions but – ultimately – these events are not something they are very well equipped to assess on their own.’
A case in point is BP. ‘With the BP oil spill, you could say, The board should have done more with safety practices or tone at the top, and that’s absolutely right,’ says Fisch. ‘What the board couldn’t do, however, was make a judgment about whether the amount of cement used for filler for the well was adequate.’
Working together
Many experts agree that boards should take a group approach to risk. ‘Divide risk up and have each committee of the board consider risk on an ongoing basis,’ urges Elson. ‘This way, you incorporate risk evaluation into your ordinary conduct as a director.’
Fisch also advises boards to benchmark against their peers, asking whether the company is ‘an outlier’ or is addressing risk in a way that’s consistent with other industry players. She emphasizes that the board can’t simply converse with the CEO but should regularly engage operational leaders as well.
Zmoira believes techniques such as scenario planning and TAS – thesis, antithesis, synthesis – can help directors analyze businesses and uncover threats on the horizon. With TAS, for instance, directors look at the white swan (the company’s thesis) and then explore the opposite (the black swan, or antithesis) before attempting to reconcile the two.
In other words, Zmoira says, ‘Boards want to examine the assumptions of management and ask what would happen if those assumptions didn’t hold true.’ In Zmoira’s model, corporate secretaries would make sure directors are vigorously challenging assumptions by asking the tough questions.
Peabody advises boards to set aside time specifically to consider potential black swans. Some companies, she points out, dedicate part of each board meeting to risk management. Others use the annual retreat or a dedicated strategy session to engage in ‘creativity exercises’ focusing on risk.
Drawing the line
Another challenge for boards is deciding when a contingency is just too remote to warrant action – prudent boards don’t spend time or money protecting against asteroids hitting the earth or other equally far-fetched scenarios. Peter Jewett, a partner and chair of the corporate department at international business law firm Torys, poses the question thus: ‘How far do you go into the possible rather than the probable? Eventually you have to say, Okay, we’ve hit the point where we can’t justify spending more money on further precautions given the likelihood of this happening.’
Beyond actively insuring against risk, boards must assess the pros and cons of devoting precious time to highly unlikely events. ‘From a director’s point of view, let’s suppose you have eight board meetings a year and each meeting is six to eight hours long. How much of that limited time are you going to devote to blue-sky scenario planning?’ asks one director who prefers to remain anonymous. ‘What’s the cost benefit of devoting time to figuring out what your unknowns are? It’s a delicate balance.’
Ultimately, risk management extends deep into a company’s identity. ‘Most of the tools corporate directors use to deal with risk management overlap with the tools they use to take risks,’ says Bainbridge. ‘Deciding whether or not to put money into a particular project is a form of risk management. There’s no real way to separate the task of risk management from the underlying decision of how much risk a company is prepared to take in making investments, choosing projects and so on. They’re inextricably intertwined.’