Regulatory forces may also return risk to the purview of the CFO. Basel II, for example, was intended to recognize advances in risk management by allowing banks to reduce the amount of capital on their balance sheets relative to their risk position. Now banks are likely to find themselves under renewed scrutiny from red-faced regulators, who could push those capital requirements up. Fair-value accounting is also making CFOs become more involved in day-to-day monitoring of positions.
Viewing risk through a companywide lens and establishing an environment in which the CFO and risk officer communicate regularly could take years, says Prodyot Samanta, an enterprise risk management specialist at S&P. “Developing a risk function,” he adds, “is a cultural change, and it takes time to see if these are committed actions or just a form of window dressing.”
Banks would do well to commit now, while there is little to distract them. Says Richard Sylla, an economics professor at New York University’s Stern School of Business: Banks “will be cautious for a while, and then some other boom will come along and everyone will jump on it.”
Avital Louria Hahn is a senior editor at CFO.
To see what CFOs initially said about the subprime fallout — and what really happened to their companies — click here.
Many banks now have new investors to answer to.
Merrill Lynch: $6.2 billion by Singapore’s Temasek Holdings and Davis Selected Advisors
Citigroup: $7.5 billion by Abu Dhabi Investment Authority
Morgan Stanley: $5 billion by China’s sovereign-wealth fund
Bear Stearns: $1 billion each by U.S. investor Joseph Lewis and China’s CITIC Securities
UBS: $9.8 billion by Government of Singapore Investment Corp.; $1.8 billion by unnamed Middle East investor (believed to be either Abu Dhabi or Oman entities)
Internal Controls: The Invisible Link
CFOs may not be in charge of risk management at some Wall Street banks. However, management is responsible for certifying a company’s internal control over financial reporting in accordance with Section 404 of Sarbanes-Oxley.
“As CFO, you are signing off that internal control over financial reporting is effective,” says Joseph Atkinson, U.S. advisory operations leader for governance, risk, and compliance at PricewaterhouseCoopers. But while internal controls over financial reporting are designed to provide reasonable assurances, he says, “they don’t provide absolute assurance.” The subprime crisis, he adds, involved “instruments that were complex to value and impacted by market events. While you can definitely see large changes in values, that does not necessarily mean there was a failure in internal control over financial reporting.”
Still, the ultimate authority for raising risk questions lies with the board’s audit committee, according to Section 303A of the NYSE Listed Company Manual. Of course, it stands to reason that most audit committees would turn to one of their main liaisons — the CFO — for advice in that area. And if that happens at most public companies, why not banks? — A.L.H.