The Modern Risk Review

Executive compensation can be a sensitive issue at the best of times, but particularly when governance failures allow executives to realize substantial rewards in cases of gross misconduct or shortsighted decision-making.

From headlines of Enron executives siphoning away millions of dollars ahead of the company’s collapse to outcry over major financial institutions paying massive bonuses for behavior that was seen as the cause of the 2007-2008 financial crisis, the consequences (and media coverage) can be extensive, often attracting the attention of regulators. In response to public outcry after 2007-2008, the SEC introduced a new rule in 2010 requiring companies to review their incentive policies for material adverse risks.

Today, the “risk review” is standard practice across all major public companies in the United States. Still, we continue to see disruptive corporate scandals that are perceived to be, at least in part, due to behavior incentivized or enabled by pay program design. These events highlight that not all risk review processes are effective and underscore the importance of having a risk process that is effective. We reviewed 10 recent high-profile scandals to understand the role compensation programs played in creating or exacerbating them. We identified lapses in at least one of the following three areas across all our case studies.

• Program structure, including performance metrics, goal-setting practices, risk/reward profiles and other elements of pay design
• Governance practices, including payout certification practices, depth of involvement by board or management oversight bodies, and recoupment policies
• Company culture, including perceived responsiveness to whistleblowers, behavioral norms, and emphasis on what values and priorities are held by the company

To further illustrate the role these themes can play, we have highlighted two notable case studies from our research:

Incentive-Driven Cash Flow Manipulation Leads to 35% Stock Plunge at Chemicals Company

Several executives at a diversified chemicals company had delayed payments to certain vendors while expediting the collection of receivables, in part to meet cash flow targets set for the annual incentive plan. When made public, several executives departed the company, audited financial filings were delayed amid ongoing investigations and the company’s stock price fell by more than 35%. Our review suggests that contributing factors may have included:

• An overly focused incentive program based entirely on Adjusted EBITDA and free cash flow, creating a strong focus on these two metrics while allowing for non-GAAP adjustments that some critics found susceptible to manipulation.
• A perceived lack of communication and transparency between the board and management.
• Senior management initially overlooking an anonymous complaint.

Entertainment Company Faces Workplace Discrimination Lawsuit Amid Weak Governance and Poor Incentive Goal-Setting

An entertainment company faced material reputational risks and legal action following allegations of systemic sexual harassment and workplace misconduct, including discriminatory pay practices. Ultimately, the company faced substantial external backlash and was forced to pay over $50 million to settle a related lawsuit. Of note, the company had included diversity and representation goals in its annual incentive plans, which had been achieved at target levels for the period in which the allegations occurred. In this example, our review suggested that:

• The governance processes related to identifying and acting on significant cultural issues were unable to sufficiently identify and address systemic challenges and did not enforce the forfeiture of compensation under “bad actor” terminations.
• The diversity and inclusion goals used in incentive plans ultimately were ineffective in driving desired behaviors and cultural change through design, goal-setting, or performance evaluation.

Enhancing the Risk Review Process

The most effective risk reviews don’t just focus on compensation programs alone. They also help to pinpoint areas where compensation could worsen business risks. Therefore, effective processes go beyond just examining compensation structures. They also assess operational risks, critical business areas and organizational governance mechanisms. To achieve this, consider adding the following practices to your risk review:

• A comprehensive inventory of incentive programs. Document all incentive programs, detailing the number of participants, design features that could pose risks and any built-in risk mitigants.An overview of program administration. Summarize how goals are set, performance is measured, payouts are approved, while also verifying the existence and application of clawback mechanisms.
• A governance and oversight review. Evaluate the processes for reviewing incentives for risk outcomes, identify responsible parties and understand how risk-related events are escalated. Understand what data is collected, who has access to it and how it is utilized.
• Historical event analysis. Track and analyze events that prompted further review, including responses and long-term trends in the number and nature of these cases.
• Cultural indicators. Assess key cultural markers, such as trends in engagement survey scores, whistleblower hotline reports and exit interview patterns.

Directors will want to understand existing processes and ensure sound risk management practices, even though not all the elements above need to be addressed at the board level. Although these measures may require additional effort, compensation committees that treat risk management as a strategic priority rather than merely a regulatory requirement will be better positioned to safeguard employees and stakeholders, avoid reputational harm and achieve long-term success.