Remarks by Governor Susan S. Bies
Before the Institute of International Bankers, New York, New York
June 10, 2002
Lessons to be Re-Learned from Recent Breakdowns in Corporate Accounting
Good afternoon. Thank you for the invitation to speak today with members of the Institute of International Bankers. My remarks will not be in the traditional "what have we learned from..." format, but rather the more realistic what we should re-learn from Enron and other recent, well-publicized breakdowns in accounting, auditing, and corporate governance. As a regulator dealing with these types of issues, I find I draw on my experience in bank financial management and accounting. I also want to continue to meet groups like yours so that I can stay aware of current issues facing bank managers.
I am going to touch on three broad areas in addressing issues arising from recent breakdowns in corporate accounting: the current state of accounting and auditing in the United States, the role that bankers should play as users of financial information, and good corporate governance practices that bankers should apply within their own organizations.
Let me be clear about my premise. The root causes of the breakdowns in corporate financial reporting that have been widely disclosed in the past few months are ineffective corporate governance, financial reporting, and risk management practices. The lessons we can re-learn from recent events should not be news to anyone. Rather, recent events should serve as a wake up call to corporate boards, management, and auditors to follow through on their fundamental and traditional professional and ethical standards of conduct and control processes. The issues are not new, but the scope and frequency of breakdowns are of concern. As news reports and congressional testimony on various aspects of these breakdowns occur, corporations and auditors should address the issues raised so that they do not compromise the reputation of their organizations.
Accounting Practices in Complex Organizations
Mergers and business innovations have increased the scale and scope of large organizations. Further, significant developments in financial theory and technology have led to the development of financial instruments that facilitate the separation and reallocation of risks to parties more willing and able to bear them. A byproduct of these developments is that it has become ever more difficult for outsiders to understand the financial positions of complex organizations.
The current framework of financial reporting in the United States effectively represents the performance of most corporations most of the time. Indeed the high quality of accounting standards in this country is one critical reason why capital markets are so efficient. But the lessons of the past few months remind us that accounting rules can be bent. For six years I was a member of the Emerging Issues Task Force of the Financial Accounting Standards Board. This is the rulemaking body that deals with divergence in practice. The EITF's role is to provide timely financial reporting guidance where divergence in practice is developing.
In the time I served on the EITF I came to understand that professionals could and did disagree on the best accounting standard to apply to a new type of transaction. That is at the very heart of the struggle to keep accounting standards current. The rapid pace of innovations that I just mentioned makes it impractical to have a rule in place to anticipate every business transaction. Rather, the more complex and dynamic the world of business becomes, the more important it is that accounting be based on strong principles that are sufficiently robust to provide the framework for proper accounting of new types of transactions.
In the course of their work, financial officers and auditors face conflicts between the needs of the client, which is the management and board of the corporation that engages them, and the professional ethical standards that outside parties--investors, customers, and creditors--expect from them. While auditors are engaged by boards of directors, the users of the auditors' opinions are these third parties. If outsiders did not need independent assessments of standardized financial information, companies could design their accounting systems in any way they desired to support their business objectives.
But the effective functioning of U.S. capital markets requires that basic information on the financial condition and performance of the organization be prepared and presented in a consistent way so that outsiders using the information can compare different companies. Thus, we need to insist on higher professional standards and not permit financial officers and auditors to benefit from "gaming" the rules-based accounting standards that are increasing in complexity, particularly in the United States.
The core of these basic accounting principles should be professional standards followed by every corporate accountant and every outside auditor that would insist that they can answer "yes" to these questions: "Does the accounting method selected faithfully represent the economics of the transaction? Does the recognition, measurement and disclosure provide the user of financial reports with sufficient information to discern the nature of the significant transactions and risks of the organization?"
But rules alone do not guarantee good financial reporting. For Enron and other recent examples, weak corporate governance practices apparently permitted sham transactions and misleading financial reporting to occur. Outside auditors erred in trying too much to please a paying client. They forgot that their professional role is to provide assurance to users of financial reports that the quality of financial reporting meets the expectations of the marketplace.
Some observers have asserted that new accounting standards are needed. I do not know the specifics of many of the irregularities that have recently come to light. But judging from the publicly available information, I believe that what we need most is to restore the integrity of corporate accountants and the quality of the audit process rather than extensive new accounting standards.
One reason that accounting in the United States has become so rule-based is that we tend to add new accounting standards when abuses occur even when the abuses resulted from accounting and audit failures. An example of this that bankers can relate to is FAS 115--accounting for investment securities.
When this standard was developed, the perceived abuse was a handful of banks selling securities from their investment portfolios to take gains into income, while leaving underwater securities in the portfolio. Such "cherry picking" was an abuse even under the old standards, which said investment portfolios were not to used as trading accounts. Discipline against the few offending banks and their outside auditors would have provided a warning to other organizations.
Problems cannot be solved without addressing their root causes. At times new rules just create more work. It may appear the problem is solved because "something" was done. But unless the root cause is addressed, the problem will recur at a cost to the private sector of additional regulatory burden. And let me remind you again that one of the root causes of recent events is the outside auditor failing to serve both the board of directors and interested third parties.
Discipline against auditors should occur when accounting standards have been manipulated. The present industry-driven process clearly has not worked and a new oversight process is needed to ensure audit quality.
Achieving Sound Accounting and Disclosure Practices in Complex Banking Organizations
Banks are becoming complex organizations themselves. Investors are finding it harder to understand the quality of financial performance and risk exposures at banks. Thus, bankers should be leading the development of more transparent financial reporting and disclosures. Generally Accepted Accounting Standards tend to be focus on point-in-time information. The movement to more fair-value accounting can mislead users of information when gains and losses are not realized. These point-in-time snapshots fail to convey information to readers of financial statements that helps them understand the quality of earnings.
The surprises that typically occur at banks are due to the nature of risk exposures and the quality of risk management practices, including use of off-balance sheet vehicles. To keep both boards of directors and investors aware of these unseen risks, bankers should turn to their internal control and reporting systems. Banks are taking a leading role in the evolution of risk management, and this discipline can provide a framework for better disclosure.
In addition to applying sound accounting treatments, managers must ensure that public disclosures clearly identify all significant risk exposures--whether on or off the balance sheet--and their effect on the firm's financial condition and performance, cash flow and earnings potential, and capital adequacy. Equally important are disclosures about how risks are being managed and the underlying basis for values and other estimates included in financial reports. A sound risk management system should continually monitor risks in a changing business climate--including credit, market, liquidity, and operational risks.
Disclosures consistent with the information used internally by risk managers could be very useful to market participants, as would information on the sensitivity to changes in underlying assumptions. Companies should do more than meet the letter of the standards that exist; they should be sure that their financial reports and other disclosures focus on what is really essential to help investors and other market participants understand their businesses and risk profiles.
I particularly want to emphasize that disclosure need not be in a standard accounting framework or exactly the same for all--otherwise we would be certain to create statistical artifacts and implications of safe harbors. Rather, we should all insist that each entity disclose what it believes its stakeholders need to evaluate its risk profile. The uniqueness of risks and business lines in complex organizations means that disclosures--to be effective--should be different for each bank. That is the approach being taken in developing the Basel II Capital Accord. Disclosure rules that are built too rigidly while risk management processes continue to evolve may make them less effective in describing the risk profile of a specific organization. But if bankers do not voluntarily improve disclosures, rules will be written.
Financial institutions should continue improving their risk management and reporting. When they are comfortable with the reliability and consistency of the information in these reports, they should begin disclosing this information to the market, perhaps in summary form. Not only would this disclosure provide more qualitative and quantitative information to the market, but also the resulting discussion about risk management practices would help the market assess the quality of the risk oversight and risk appetite of the organization.
Banks also should consider the way they communicate information about their financial health to their customers. Bankers know that if their reputations are placed at risk it can lead to significant loss of business and even liquidity runs. While customers continue to shop at K-Mart despite its bankruptcy, some bank customers leave when the hint of impropriety or losses occurs. At the same time, few bank customers can interpret financial reports of corporations, especially banks with complex operations. This is the dichotomy faced in always looking for more disclosures. Information overload can overwhelm some readers of financial reports. As with any form of corporate communication, bankers may want to tailor various disclosures to different audiences.
Banking Supervision and Accounting and Disclosure
The goal in the Basel process is to develop a risk-sensitive framework that provides appropriate incentives to banking organizations to maintain strong capital positions and sound risk management systems. The history of the 1990s, which includes episodes of global financial instability spreading from small countries through international capital markets and banks, underscores the need to maintain adequate capital in internationally active banks.
Basel II would also improve risk disclosure by many banks worldwide. The proposal recommends specific disclosures to better convey an institution's capital adequacy and risk profile. The incentives in Basel II should greatly diminish the opacity that cloaks many international financial institutions and help bring about a convergence of international norms on banking disclosure. I believe that counterparties will expect, indeed force, greater disclosure. But Basel II will not be effective until the end of 2006. Recent history certainly teaches us that understanding what drives a counterparty's financial performance and its risk appetite is necessary now for accurately pricing any transaction or even for deciding whether to engage in a transaction. Improve your organization's disclosure with every financial report--and begin now.
Not only are the activities of banks central to credit intermediation, in this country banks fund those activities in part with federally insured deposits. These deposits are the lowest cost source of funds for bankers because of the government's guarantee.
Bank directors are not expected to understand every nuance of banking or to oversee each transaction. They can look to management for that. They do, however, have the responsibility to set the tone regarding their institutions' risk-taking and to implement sufficient controls so that they can reasonably expect that their directives will be followed. They also have the responsibility to hire individuals who they believe have integrity and can exercise a high level of judgment and competence.
All the banking agencies have issued guidance describing the proper roles of bank officers and directors regarding policies, procedures, information systems, and controls. For example, the banking agencies hold boards of directors responsible for ensuring that their organizations have an effective audit process and internal controls adequate for the nature and scope of their business. The reporting lines of the internal audit function should be such that the information provided to directors is impartial and not unduly influenced by management.
Internal controls are the responsibility of line management. Line management must determine the level of risks they need to accept to run their business, and assure themselves that the combination of earnings, capital and internal controls is sufficient to compensate for the risk exposures. Staff areas such as accounting, internal audit, risk management, credit review, compliance, and legal, independently review, test, and monitor the control processes to ensure that they are effective and that risks are measured appropriately. The results of these independent reviews should be routinely reported to executive management and the board of directors. Both executive management and the board should be engaged enough in the process to determine if these reviews are in fact independent of the operating areas they are designed to review, and that the senior officers in those roles can speak freely on issues that need to be addressed.
Audit committee members should have regular time in meetings to talk with the outside auditors without managers present. Best practices for audit committee processes have been laid out many times, including in the 1980s by the Treadway Commission and in 2000 by the Blue Ribbon Committee. Beyond that, boards of directors and managers should periodically test where they stand on ethical business practices. For example, they should ask, "Are we squeaking by on technicalities, adhering to the letter but not the spirit of the law? Are we compensating others and ourselves based on our contributions to the organization, or are we taking advantage of opportunities and abusing our positions?"
The Arthur Andersen matters and other corporate events currently being addressed also provide lessons for bankers as they try to increase earnings by cross selling more products. When line officers are compensated on sales and cross selling, a strong, independent quality-assurance or risk review function becomes even more essential. For public accounting firms, strong quality assurance functions are needed to protect the core business integrity of attestation services when the firm is trying to win consulting contracts. In banks, where credit is still the dominant risk exposure, the chief credit officer should make sure unacceptable credit risks are not taken to win fee income business whose net revenue may not cover credit exposures.
If the financial and reputation integrity of the corporation are to be protected, decentralized processes demand a system of strong, independent internal controls. When revenue and risk come into conflict, the board of directors and executive management must decide where to draw the line. They should be able to rely on the independent control processes to alert them when exceptions to accepted standards occur.
My intent today is to remind everyone of the importance of maintaining sound ethical practices to help protect the reputation of your bank. As recent events have demonstrated, if we fail to do so, the market will eventually enforce the discipline. And that discipline can be harsh and sometimes indiscriminate. Investors and customers act decisively, once confidence is lost.
We also need to have realistic expectations. Financial reporting and corporate governance are still effective at most corporations. Given human nature, we must expect that rules will sometime be broken. But we can expect oversight boards to enforce penalties appropriate to the situation that will discourage others from breaking the rules in the future.
The complex nature of organizations--and constantly changing services, customers, and business conditions--suggests that market participants need additional types of information. Leading firms have been developing comprehensive risk management processes for internal decisionmaking that can provide the framework for more meaningful disclosures. Regulators should encourage financial firms to develop these new approaches and, in these early stages, give them the flexibility to choose the most appropriate format for disclosure. In doing so, they will enhance the quality of information available for effective market discipline and banking supervision in ways that strengthen the financial system.
Though the quality of bank accounting and control systems is strong, bankers should heed lessons to be re-learned from Enron and other recent events. They should strengthen corporate governance to prevent such abusive practices from occurring at their institutions.