Imagining Life without the FSA

If the Polls are to be believed (questionable!), and the victors’ promises to be delivered (who knows, we are talking about politicians!) then the FSA just may soon become a memory. Then what? The Bank of England takes over and the regulatory review teams will be....either the same people with new titles fresh from the FSA or perhaps a whole new class of graduates with fresh faces, high aspirations, and zero experience.

Remember, before the FSA existed Lloyd's was quite literally a power unto itself. As judge, jury, and sometime executioner, the corporation wielded wide ranging powers of self regulation, though mostly unexercised until the unearthing of high profile malfeasance in the 1970's and beyond.

For those that recall, the annual visit to a Broker or Insurer by the Lloyd's review team presented us all with a rather unfamiliar dilemma. Should we call the nearest day care center of escort these well intentioned 'just about graduates' to the CEO's office? Then what should we teach them?

Of course, much has changed since then. Regulatory review teams may not have all the tools that we might expect of seasoned market practitioners, but they are a far cry from the formulative years.

Step forward now to June of 2010.

The point is that whatever happens (and there are several potential outcomes), businesses have to take a pragmatic approach to Governance Risk and Compliance and determine what their own standards, how to deliver transparency and be defensible to any enquiring party; whether regulators, shareholders, customers, or employees.

That means companies need data and information (lots of it) packaged in a way that is intelligible from CEO all the way down to newly minted graduate regulator. This is where technology comes in. Spreadsheets alone will not manage processes or audit trails. Processes driven by manual reminders will eventually be missed or fail, and meaningful data can only have meaning to a targeted audience.

Addressing this problem is precisely why SCORE, our proprietary web based software, was conceived. The reason we are in business is to keep you and your clients that way too, irrespective of the regulatory environment.

Top 10 Must Dos for Risk Management in 2010

You would be hard pressed to find someone who does not believe that 2009 was a landmark year for risk management and compliance professionals.

As we began the year looking at a continuing economic crisis, it became increasingly clear that the lack of proper risk assessment and management played a leading role in the crisis. While this was especially true for Wall St. and financial services firms, no companies were immune.

With financial regulatory reform almost certainly headed to President Obama's desk for approval in the first quarter of 2010, I'd like to offer my list of top 10 must do's for effective risk management in 2010... and beyond.

Remember, each organization is different and has special considerations; however, these steps can be effective for just about any company.

1. Define and formulate your company's appetite and approach to risk: What are the company guidelines on risk tolerance? What is considered material? What are criteria to be used? Also, be sure to balance them with the company's goals. Get approval and buy-in from the top down.
2. Determine where your company stands on the enterprise risk management maturity continuum: Where do you stand? Understand the attributes and how they characterize your organization. Determine what your next steps are and how to get from one level to the next. Most importantly, assess how far you can go with the resources available.
3. Create a long term plan: Set and quantify your objectives. Involve others in your company. Form a cross-functional risk management committee representing all disciplines/departments with a strong senior leader.
4. Drive change, educate and communicate across the entire organization-regularly: Speak the same language, encourage collaboration, drive culture change. This is not a one-time event- it's an on-going business process. Risk is as much about opportunity as it is about negative impact. Communicate this message clearly and to those parts of the organization responsible for financial performance.
5. Perform a risk (and opportunity) audit/ assessment of the whole business: Go beyond traditional hazard risks. Measure risks against opportunities throughout your business to define and drive initiatives that will lower the total cost of risk and capitalize on opportunities.
6. Prioritize your exposures and measure the interdependencies of identified risks: One department's risk- or risk mitigation plan, for that matter - can have repercussions on other areas of the business. Be sure that the impact of the risk is understood and quantified for the best decision-making.
7. Use one or more techniques for treating identified risks: Avoidance, mitigation, transfer, financial instruments, etc.- do not be confined to insurance as your primary treatment of risk (see AIG). A combination of techniques is often the best approach. Be creative and encourage innovative plans and approaches.
8. Leverage technology from the start: Use technology to implement risk management measures quickly and demonstrate the benefits sooner rather than later. Simplify a perceived onerous process; automate repetitive manual processes; drive accountability with reminders, alerts, and escalation. Allow systems to track, aggregate, and integrate your processes. (I've talked in the past about how spreadsheets are not enough.) 
9. Make everyone a risk manager: At its most basic accountability and attention to detail in daily activities translates to good risk management. Sometimes it is one person's perceived "small" error that can cause a negative chain of events. If people properly understand the role they play and the impact they can have, they will embrace the process.
10. Demonstrate the value of risk management (and the risk manager): Whether creating an ROI model or using simple graphics to prove the effects of risk management, it is essential to be able to show the value clearly and concisely to senior management, stakeholders, and regulator alike. Speak in business terms and you will succeed.

Again, there are nuances for each company in their risk management, but I promise you, the 10 items above are a great way to start for a less risky 2010!

Escheatment laws remain a hot topic at state and Federal levels

We've been discussing a couple of recent news items related to escheat laws that really drive home the risk management issues associated with unclaimed, abandoned or escheated property.

The first story is from The Times Picayune in New Orleans, LA. Benny Spann, director of the Unclaimed Property Division of the state's  Treasury Department details Louisiana's escheatment audit and unclaimed property efforts.

I've talked in the past about escheat laws, audit risk, the increased scrutiny companies are facing, and the rising state interest in unclaimed property. The bottom line is that unclaimed and abandoned property contributes a lot to the states' top line revenue.

From the story:

"Collections are coming in at a record clip because of the state's stepped-up efforts to audit companies that might have been withholding payments and not turning them over as state law requires. Companies talk, even competitors talk...that the state is auditing more."

If you ever doubted that unclaimed property and reporting issues posed a risk to your company, ask any companies headquartered or doing business in Louisiana right now.

The other story is regarding the Fed's planned overhaul of the rules governing gift card escheatment. Essentially the Fed is proposing that, "consumers must have at least five years to use the gift cards before they expire," and that, "service or inactivity can be imposed only under certain conditions." A number of outlets covered the news, including the Wall Street Journal.

In our internal discussions our consultants all agreed that this was a step in the right direction! The patchwork of state restrictions on gift card/certificate fees and expirations, which appear in both consumer protection and unclaimed property laws, make compliance with the escheat laws very difficult for our clients and businesses in general.

We've talked about this before because the fact is some states have very strict rules on charges and expirations, while others have none. A standard set of rules across the states would be a welcome and logical change!