Companies caught up in the fallout from the sub-prime mortgage crisis are scrambling these days to cope with two principal risks: a liquidity crunch—which can range from a higher cost of capital to a lockout from capital markets entirely—and increased exposure to lawsuits.
The credit crunch is already forcing companies to be more conservative about their liquidity positions. The lawsuits are also well under way. Individual investors have started filing securities- and investment-related claims, either in the form of a traditional lawsuit or as an arbitration claim, says Peggy O’Neil, a partner at the law firm King and Spalding. Class-action suits are coming fast and furious as well.
“Any time there is a stress in the financial markets, particularly where valuations are being driven down because of specific types of securities such as sub-prime mortgage investments, participants will be motivated to pursue their remedies,” O’Neil says.
Once a company has assured its operational liquidity, management needs to focus attention on the proper disclosure of information related to the business’s liquidity and investments. Companies should expect regulators to increase scrutiny of investments listed on their books, and whether those investments have been appropriately valued, O’Neil says. Financial processes and procedures will also be subjected to closer review to make sure that the business is properly managing those financial risks.
That issue of disclosure is where things might get tricky for the senior management at some companies, mostly because they may not know the true extent of their company’s exposure.
Dan Reiman, a partner at the consulting firm Newbold Advisers, says the very definition of “sub-prime” can have profound consequences for a company. “Under the definition in 2005 or the definition the rest of the world is using in 2008, if it’s the old definition, then you may be making the board or CEO personally liable under the Securities Act of 1934 for making false and misleading statements,” he says.
Take so-called Alt-A, or low-documentation, loans made to borrowers with good credit. A few years ago, these loans were frequently used to help with the purchase of investment properties, particularly by self-employed individuals. The documentation and verification of information was limited—and in retrospect, substandard.
Those individuals who used Alt-A loans to buy investment property and saw the value of the property drop in the current housing market, now have scarce (or no) equity in the property and few prospects to sell. The likelihood of them making payments is slim, if at all.
These loans are now “less sub-prime than the sub-prime,” Reiman says. “The problem was that we did not inherently understand the risks associated with these products, yet we went out and sold them as if we knew them as well as a 30-year fixed mortgage. If you have Alt-A loans on the books and your treatment of them is not as rigorous as your sub-prime portfolio, the potential for a lawsuit is great.”
Unless a company considers a new definition of Alt-A loans based on current conditions, they could be mis-stating their risks, he contends.
“There’s a broad expectation and a greater focus on risk management as a result of the crisis.”
— Sam Harris,
To avoid that unpleasant outcome, companies must conduct an objective, independent review of their exposure. “A lot of times, what’s happening is that the people who are assessing the risks are the same people who existed when the risks were being created,” Reiman says, “so there’s a natural tendency to understate them.”
Companies should consider appointing a chief risk officer and make available to that person a staff that can help execute independent reviews of key performance indicators, as well as key risk indicators. The CRO should report directly to the board so that his loyalty is to the board—and, ultimately, to the shareholders of the business, Reiman says.
The Legal Exposure
With shareholder lawsuits on the rise, board members and executive officers also have to consider how a company’s legal exposure might hit their director and officer insurance policies. Insurers are starting to raise more questions in the underwriting process, amid rising concern about the strength of the cash positions presented on balance sheets, says Lauri Floresca, senior managing director of Carpenter Moore, a Nasdaq-owned brokerage firm that specializes in D&O insurance.
In the months leading up to the renewal of a D&O policy, companies should meet with their underwriters and communicate what they are doing to address corporate governance issues and the controls they have put in place, she says.
Below is an excerpt of the SEC’s expectations for disclosure of risk to sub-prime mortgage securities.
SEC (December 2007).
“We want companies to be able to articulate examples of how governance has worked for them and to explain a situation where one of their practices prevented a risky situation from happening,” Floresca says. “Those examples can go a long way to helping underwriters move beyond their stereotypes of different industry segments, and give them more justification to offer better coverage at a better price.”
A review of existing, and available, technology is also in order. The current liquidity crisis is forcing companies to find ways to become more efficient and reduce costs. They also need to manage content more effectively and tighten business intelligence and security procedures to control risk, says Sam Harris, a risk-management specialist with Microsoft Corp.
“We’ve seen this same phenomenon in similar crises, whether for natural disasters, terrorist events, or other economic crises,” Harris says. “The way to move forward is to find greater efficiencies, because you can’t just roll over and die. This is an opportunity to increase the velocity of the reporting of information that can be used for data-driven decision making.”
In the case of content management, businesses should consider more collaborative approaches to overseeing documents and their many versions instead of an e-mail- or document-centric approach, Harris says. A collaborative method makes it easier to manage the security of the IT infrastructure, since access to different documents can be limited only to those people who need it.
When evaluating the security of technology systems, companies need to ensure that they have the ability to monitor their servers, as well as their desktops. Systems that support governance, risk, and compliance processes have “compliant configurations” that must be maintained. Automated monitoring tools can be used to confirm the configurations have not drifted out of compliance.
“There’s a broad expectation and a greater focus on risk management as a result of the crisis,” Harris says. “One way to attack it is to throw more people on it. That’s expensive. If there’s an opportunity to increase the efficiency of governance through technology, you can support a higher level of risk oversight without a higher level of cost.”