Not long ago the CEO of a major U.S. multinational corporation asked his risk manager to provide a recommendation about whether the company should invest $78 million in wind farm in a country in Central America. The risk manager asked the underwriting team to analyze the risks and revert with a recommendation. The underwriting team asked the company’s country risk manager for his view, which was that since the country in question was unstable, left leaning, due for an election in several months, and weak financially, he recommended against making the investment.
However, the underwriting team wanted to proceed with the investment, since they would hit their sales target in doing so and receive a year-end bonus. So they removed the comments of the country risk manager from their report to the risk manager and recommended proceeding with the investment. The risk manager then recommended proceeding with the investment to the CEO, who then made the same recommendation to the company’s Board, who approved the investment. A few months later, a coup occurred in the country, the president was removed and replaced by the military, the country erupted into turmoil for more than a year, business virtually shut down, and the investment transaction collapsed.
The company had the proper risk management procedures in place to prevent this from happening, but there was no mechanism to ensure that everyone’s voice involved in the underwriting process was heard by decision makers. The underwriting team was able to essentially bypass the country risk manager, who had no way of knowing whether his comments reached the risk manager and CEO because of the absence of checks and balances. The risk manager and CEO had no way of knowing that the underwriting team had bypassed the country risk manager. And the Board had no way of knowing that they were being given a recommendation based on faulty information.
Companies often rely on risk management processes that they believe are bulletproof, but are in fact riddled with holes, inconsistencies and contradictions. Without data or insight of its own, the Board was too reliant on the company’s assessment to make an effective decision and fulfill its duty to protect the interests of the company and its shareholders. If the Board had been better educated about the economic, social, political and media situation in that country, it may have been able to identify the errors in the assessment they received. They may have forced the company to conduct more thorough due diligence before taking a vote, rejected the request outright or made the approval conditional on receipt of the company’s plans to mitigate and address the potential risks.
As company operations and holdings expand to all corners of the globe, decision makers often pay too little attention to specific country risks and other matters of crucial importance. Too often, Board members are selected from a small group of high-profile, well-connected, prestigious individuals who may not have relevant experience in foreign investments or operations and who may want to avoid appearing ignorant about a subject of discussion. Company management should emphasize experience and knowledge when selecting board members. That said, it is difficult, if not impossible, to find individuals who have direct and timely experience in every country that may be an investment target for a large corporation.
Another solution is for boards to press companies to regularly update their own risk management procedures and insist on implementing appropriate checks and balances. Given the competing interests that may influence an internal risk management team, a better solution is to look outside of the company’s country risk management function (if it has one) and insist that either the company hire an independent third party assessor or, ideally, do so themselves. A qualified outsider can conduct regular risk management audits that test the system, provide insights into the target country that incorporate political, economic and social risk, and provide board members with unbiased information, empowering them to ask the right questions.
The moral of this story is that C-suite managers and board members have an obligation not only to themselves, but to their company, to ensure that the right questions are asked and risk management procedures are followed. Unfortunately, even when a problem is identified, boards are sometimes reluctant to confront management. Candor often gets lost in the politeness of board proceedings, and boards are too often focused on building consensus, which inhibits due diligence and proper risk management. By remaining polite and silent, boards can do more than contribute to monetary losses; they may unwittingly cause reputational risk, often with long-lasting and severe consequences.