Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIG

1,825 views

Published on

Our webinar illustrates how risk managers can support their boards in expressing the risk appetite of the organisation and provide input in the ‘annual report’ process. The EU system will be compared to the US approach.

- role of the risk manager as a strategic advisor when it comes to respond to Board questions on transparency requirements (risk reporting, reputation…)
- role of the risk manager about the quality of the reported data about risks, their identification, collection and assessment

A strong disclosure regime that promotes real transparency is a pivotal feature of market-based monitoring of companies and is central to shareholders’ ability to exercise their shareholder rights on an informed basis.

Over the past years, transparency has largely been the leitmotiv for regulators to require additional disclosures that goes beyond the financial and operating results of the company.

Published in: Business
  • Be the first to comment

  • Be the first to like this

Increased Risk Reporting Requirements: 5th webinar with ecoDa and AIG

  1. 1. Daniel Lebègue Chairman of the Board Transparency International (French section) Dr. Alexandra Lajoux Chief Knowledge Officer Emeritus NACD Eric Miller Head of Tax Advisory EMEA AIG Helle Friberg FERMA Board Member
  2. 2. THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040 Joint webinar with ecoDa/AIG and FERMA 2 Days of Professional Development for European Directors “Increased Risk Reporting Requirements” 9 March 2017 Daniel Lebègue, Chairman of the Board of the French section of "Transparency International"
  3. 3. THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040 Joint webinar with ecoDa/AIG and FERMA 2 Days of Professional Development for European Directors From financial reporting to shareholders to integrated reporting to all the stakeholders  Integrated reporting: financial and non financial (CSR,for example climate change, prevention of corruption, human rights)  Increased requirement from investors (SR asset managers, pension funds, sovereign funds)  Reporting required more and more by the different stakeholders of the company: employees, clients, business partners, NGOs, public entities
  4. 4. THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040 Joint webinar with ecoDa/AIG and FERMA 2 Days of Professional Development for European Directors Accountability / reputation: the most valuable asset for a company (for everybody in fact! )
  5. 5. THE EUROPEAN CONFEDERATION OF DIRECTORS ASSOCIATIONS - AVENUE DES ARTS 41 - BRUSSELS 1040 Joint webinar with ecoDa/AIG and FERMA 2 Days of Professional Development for European Directors Are there limits to transparency? Yes!  Protection of private life (for clients, employees)  Secret of production, research  What about strategy?
  6. 6. NACD Advancing exemplary board leadership Alexandra Lajoux Chief Knowledge Officer Emeritus
  7. 7. National Association of Corporate Directors (NACD) To coin shorthand for today, we can call them “government” vs. “governance” • The first term implies mere compliance (complying with laws, rules, or listing requirements). • The second term refers to practices in the private sector intended to complement such rules (practices called variously voluntary, best, leading, aspirational or recommended practice). NACD reports on government requirements but also fosters better governance. “In the U.S., we are slowly moving from an age of compliance (ensuring disclosures on material issues are made) to an age of transparency (where as a result of technology, consumer activism and the primacy of ethics) where corporate (bad) behaviors and practices are almost instantaneously exposed and can severely damage reputation. Corporations can no longer control their reputation, they really have to earn it.” Friso van der Oord, Director of Research, NACD, March 3, 2017 Today’s talk will encompass both “government” and “governance”. 8 Origins of U.S. risk reporting
  8. 8. “Government” • In U.S. we have both federal and state governments, each of which have a legislative, executive, and judicial branch. Each and all are potentially important with respect to risk reporting. – At the federal level, we have federal laws, which with respect to business tend to apply to all companies that are large (e.g.,50 employees or more) or publicly owned (e.g., registered with the Securities and Exchange Commission) comprises national statutes passed by Congress; federal regulations promulgated by federal agencies enforcing or promulgating those laws (including both agencies controlled by the executive branch and independent agencies such as the Securities and Exchange Commission [SEC], which promulgates rules relating to various laws, including most notably the 1933 Securities Act and 1934 Securities Exchange Act, pertaining to the sale and exchange of securities, respectively, which oversees our stock exchanges); and, within specific boundaries, executive orders. We also have federal courts that interpret federal laws and of course the U.S. Supreme Court, the final arbiter, based on Constitutional law. The most well-known risk reporting rules (as discussed later) are federal, and stem from language in the 1933 and 1934 Acts (as amended), and the Sarbanes-Oxley Act of 2002. – At the state level, there are state laws, including most generally corporation statutes enshrining duties of loyalty and care, which are continually interpreted by courts – notably Chancery Court of Delaware, one of the few states that has a Chancery Court of equity for business. Under ordinary circumstances, corporations (including most financial institutions) are chartered by states, which may also have industry-specific laws, especially in industries such as insurance. Commercial banking is particularly complex, with different federal agencies enforcing capital standards for state-chartered banks and bank holding companies (FDIC, Federal Reserve) vs. nationally chartered banks (OCC). – The 1996 Caremark decision from the Delaware Chancery Court stated that directors needed to ensure an adequate system of compliance and reporting. – The current initiative to dismantle Dodd-Frank (2010) is focused on both banking provisions (via executive orders to review regulations, relying on laws allowing this); and on governance provisions such as pay ratio, now under review (under Acting SEC Chair Michael Piwowar). It is not likely that there will be a rollback of any rules pertaining to risk committees or risk reporting. 9
  9. 9. “Government” (continued) • Risk reporting rules and expectations are many and diverse, and stem mostly from the above-mentioned laws, i.e., 1933 and 1934 Acts; Sarbanes-Oxley (2002); Dodd-Frank (2010), and related listing requirements of the two main exchanges, the New York Stock Exchange and Nasdaq. Here are some important rules in chronological order (all are still in force). – All public companies must produce annual reports filed on Form 10-K that include a Management’s Discussion and Analysis of Financial Conditions and Results of Operations (MD&A) listing known risks. Origin: Regulation S-K under the 1933 and 1934 acts, as amended. Comment: Most MD&As today are extremely comprehensive (listing every single conceivable risk for fear of violating federal law) but some complain that they list too many risks, accusing them of being boilerplate and failing to prioritize risks. – On June 29, 2016, The U.S. Department of Treasury and its Internal Revenue Service (IRS) released for publication in the Federal Register final regulations (T.D. 9773) that require annual country-by-country reporting by “certain U.S. persons that are the ultimate parent entity of a multinational enterprise group that has annual revenue for the preceding annual accounting period of $850 million or more.” – Audit committees of companies listed on the NYSE have a duty to “discuss policies with respect to risk assessment and risk management.” In its commentary on this rule, the NYSE clarifies: “The audit committee is not required to be the sole body responsible for risk assessment and management, but, as stated above, the committee must discuss guidelines and policies to govern the process by which risk assessment and management is undertaken.” Origin: a listing rules approved November 4, 2003, post Sarbanes-Oxley, as part of the required elements of an audit committee charter for NYSE-listed companies. – All public companies must include in their annual proxy statement filings under Form DEF 14A a disclosure of “compensation policies and practices that present material risks to the company.” Origin: proxy disclosure enhancement rules passed in December 2009, seven months before passage of Dodd-Frank. – Large banks must have an independent risk committee. Origin: a banking rule passed by the Federal Reserve (Fed) in 2014 post Dodd- Frank. Under Dodd-Frank Title I, Section 165, any publicly traded bank holding company with consolidated assets of $10 billion or more must have a board-level risk committee to oversee enterprise-wide risk management. According to a final rule on enhanced prudential standards for domestic banks issued by the Fed in February 2014 and effective June 1 of that year, this committee must have at least one expert with experience in “identifying, assessing, and managing risk exposures of large, complex financial firms”; the committee must also be chaired by a director who meets certain independence requirements1. Similar Fed requirements have been in effect since December 2012 for foreign-bank risk committees.2 1“Enhanced Prudential Standards for Bank Holding Companies and Foreign Banking Organization,” Federal Register 79, no. 59 (Mar. 27, 2014), p. 17427; 2 Ibid, p. 17289. 10
  10. 10. “Governance” NACD has issued a great deal of guidance on risk oversight (which includes risk reporting). Here are some of our publications: • Report of the NACD Blue Ribbon Commission on Risk Oversight (2002) • Report of the NACD Blue Ribbon Commission on Risk Governance (2009) • Director Essentials: Strengthening Risk Oversight (2016) Director Essentials: Strengthening Risk Oversight, draws on a survey of more than 1,000 directors (in our annual corporate governance survey) plus in-depth interviews with several public company directors. In this report, NACD recommends these improvements to ensure the “validity and relevance” of internal risk reporting from management to the board (as well as to external constituencies, as advise by legal counsel). 1. To reduce subjectivity and variability in risk reporting, ask management to clearly define how significant a “high risk” is, how much difference there is between a “high” risk and a “low” risk, and what the difference is between one “high” risk and another. Risk scorecards can be used to track the status of critical enterprise risks, linked to the company’s risk appetite. 2. Make sure that the time horizons used to assess the likelihood of risks are consistent with the time horizon of associated business objectives. For example, the risk is seen as likely to occur within the time horizon contemplated by the objective. 3. Understand the velocity and duration of risks. As the current environment has shown, risk velocity—or how quickly a risk’s results will manifest if it comes to pass—is an important factor in risk rating. Furthermore, the relative duration of a risk (if it comes to pass, how long will it impact a company?)—for example, a regulatory or macroeconomic risk—is an important dimension. 4. Ensure two-way information flow, both top-down and bottom-up. It’s important to communicate with management (including risk managers) about the types of risk information the board requires. Companies need strong escalation processes for critical risks. A good risk reporting system will deter the need for formal whistleblowing—whether the bottom-to-top process mandated by Sarbanes-Oxley or the director regulatory contact incentivized by Dodd-Frank. 5. Make sure there’s a regular cadence of risk reporting, allowing the board to frequently assess changes in risk exposure and keep a pulse on the effectiveness of risk management. The NACD 2016-2017 Public Company Governance Survey benchmarks show both frequency and the topical treatment of risk reporting. 11
  11. 11. 13 What is Country-By-Country Reporting • Assessing high level transfer pricing risks and other base erosion and profit shifting related risks, including non compliance with transfer pricing rules and economic and statistical analysis Purpose and Use • CbC report required to be filed for fiscal years beginning on or after Jan 1 2016 • First report generally filed on or after Dec 31 2017 (12 months after fiscal year end) • First CbC report to be exchanged between tax authorities no later than 18 months after last day of fiscal year (e.g., June 30 2018) and 15 months for subsequent fiscal years Timeline • CbC reporting for groups with revenues above 750 million Euro Threshold • CbC report to be filed with tax authority in which ultimate parent is resident • Legal and administrative means of implementation by individual countries still to be determined • CbC reports to be exchanged electronically using common XML Filing of report
  12. 12. 14 What is In the Report? 1) Overview of allocation of income, tax and business activities by tax jurisdiction 2) List of constituent legal entities and business activities by tax jurisdiction ReseachandDevelopment HoldingorManaging intellectualproperty Purchasingor Procurement Manufacturingor Production Sales,Marketingor Distribution Adminstrative, ManagementorSupport Services ProvisionofServicesto unrelatedparties InternalGroupFinance RegulatedFinancial Services Insurance Holdingsharesorother equityinstruments Dormant Other2. 1 2 Tax Jurisdiction Constituent Entities resident in the Tax Juridication Tax Jurisdication of organisation or incorporation if different from Tax Jurisdiction of Residence Name of the MNE group: Ficsal year concerned: Main business activity(ies) Unrelated Party Related Party Total Name of the MNEgroup: Fiscal year concerned: Income Tax Accrued (Current Year) Stated capital Accumalated earnings Number of Employees Revenues Tax Jurisdiction Profit (Loss) Before Income Tax Income Tax Paid (on cash basis) Tangible Assets other than Cash and Cash Equivalents
  13. 13. 1. The report is going to be shared and data analytics applied to it 2. Some multinationals are concerned that jurisdictions with special purpose entities, primarily financing entities and captive insurance entities are going to show large revenue numbers despite the small number of employees present. 3. These entities, if in certain smaller jurisdictions (e.g., Jersey, Cayman Islands, Bermuda, etc.) where there are not other operations, will “pop” out of the report. The fact that the entities may be required to be in such jurisdictions because that is where the relevant regulatory framework is in place is not a feature of the report. 4. The report does have a section or “box” for explanations. 15 What is Going to Come Out of the Report
  14. 14. 1. How much did the entities in my jurisdiction pay to the captive? 2. How were the arrangements priced? 3. Did the captive insurer pay losses? 4. Can you prove that the arrangement provided a genuine economic benefit for the group beyond any tax savings (e.g., UK or Australian diverted profits tax)? 5. How was the risk bearing entity managed? Did it have the expertise to manage the risks it was assuming (see Actions 8-10 of the BEPS project)? 16 What Will Tax Authorities Be Asking?
  15. 15. Increased transparency – what role for the risk manager? Helle Friberg FERMA board member
  16. 16. Views of the risk management community on transparency In 2014 73% of risk managers indicated in the European Risk and Insurance Report (ERIR) that they played an active role in providing input in the 'annual report' process For half of them, the disclosure of profits and paid taxes on a country by country basis would pose a confidentiality issue regarding strategy
  17. 17. Views of the risk management community on transparency In the 2016 ERIR, risk managers ranked “corporate governance and transparency” in third position as a European priorities for FERMA.
  18. 18. How can the Risk Manager add value? The risk manager can make use of the already implemented appropriate risk management process • identification, collection of useful, sound and appropriate data, implementation of risk solutions, and monitoring As a key person in the external reporting process • the risk manager should risk- assess the content of the report - to identify the positive or negative impact that the information can have on the future business
  19. 19. Internal challenges • to answer questions from the Board when it comes to transparency requirements (risk reporting, reputation…). Act as a strategic advisor • before it is made public - to anticipate unintended consequences (positive and negative). Perform a risk assessment of the content • It could be tremendous - and in the end devastating to a company. Review the cost of not being prepared
  20. 20. External challenges Reporting is not only about the numbers • Figures needs to have a context to avoid mis- interpretation by the public, taking into account the full spectrum of the company’s value chain. The risk manager will be an essential contributor to external reporting • They should have a significant role in the creation of the reports for external use. The Board signs off the report for public release • They have the ultimate responsibility.
  21. 21. Conclusion: risk manager can add value Providing a risk management process to ensure the quality of the reported elements. Ensuring that the risks of unintended impact on the future business have been made aware of and scrutinized by management. Being one of the strategic advisors for the Board when it comes to questions re. transparency requirements.
  22. 22. Any Questions? Please use the GoToWebinar Dashboard to send a question to the Moderator

×