Directors need to show they are managing their corporate social responsibility

Directors need to show they are managing their corporate social responsibility risks says Alan Banks

The first rule in attempting to get compensation for damages has always been 'follow the money'. You sue those who can afford to pay, whether they are directly or legally responsible or not. In practice, these are usually corporations, their bankers, insurers and the reinsurance or risk transfer market. However, increasing litigation coupled with expanding definitions of risk, mean that the level of insurance cover available is decreasing. Corporations are more than ever having to carry some risks on the balance sheet. Central to this increased liability are so-called 'CSR risks'.

CSR risks arise in many areas: environmental damage, product liabilities, employee dissatisfaction and abusive labour practices, human rights and security abuses, health and safety, and the broader issues of reputational and brand damage. This list is by no means exhaustive, and the range of potential risk issues is rising weekly.

NGOs and the media are changing employee and customer attitudes; advances in scientific knowledge are enabling courts to assess cause and effect (and blame) more accurately, and governments are jumping on the bandwagon with policies designed to protect the public interest. This is a consumer-led phenomenon, fuelled by the fact that so many people have almost instantaneous access to information through the internet.

Many companies are running a whole series of risks which they are either not aware of, or which they are unable to quantify. Investors, lenders, insurers and directors need to understand properly the nature of these new categories of risk, and to implement risk management strategies to eliminate or contain them.

In principle, though, there are only a limited number of ways in which companies can manage the financial effects of risks.

Risk transfer
You can only transfer a risk if the insurance industry is prepared to take it from you. So what makes a risk insurable? These are the main criteria that insurance companies use to identify whether a risk is insurable:

  • The frequency and severity of losses can be determined with a high degree of reliability and are stable over time.
  • Risks can be spread within a large portfolio of similar or well-correlated good and bad risks.
  • Losses cannot be influenced by the policyholders.
  • The maximum possible loss is limited.
  • Events triggering a loss can be clearly identified.
  • Coverage is consistent with public policy and legal frameworks.

    If you start to think about the nature of CSR risks, you quickly come to the conclusion that almost none of them meet the usual criteria of insurability. The table above gives a limited list of CSR issues mapped back to their value effects, and shows just how few are insurable.

    Risk retention
    Since most CSR risks cannot be transferred, companies are carrying the potential financial liabilities themselves. The central problems are how they can estimate the size of their liability and whether they can finance any claims that may be made on them in the future. CSR issues become financial risks in three main ways

  • the cost of settling legal claims for damages
  • gradual decline in profitability as consumers shun products, or as new regulatory costs are absorbed
  • decline in share or bond prices as investors change their view on risk versus reward.

    It has become clear, through tobacco and asbestos litigations, and the possible future direction of litigation in the fast food, chemical and consumer electronics industries, that the likely size and geographic distribution of claims mean that companies will need to access new capital to be able to afford to settle them.

    In the present markets, a change in sentiment by investors will effectively close the capital markets to a company. Any slip in profitability or underperformance against market expectations is being severely punished by dramatic one day falls in security prices. As to raising loan capital, with companies running historically high debt levels and a nervous banking market, access to new funding has effectively dried up for many. If substantial claims for CSR risks materialise, companies may have to file for bankruptcy. If they survive they will not have sufficient capital left to take advantage of market opportunities and will simply slip further behind their peer group.

    Risk mitigation
    Since most CSR risks are uninsurable, and the potential financial liabilities arising from CSR risks have the ability to bankrupt many companies, the only prudent approach for boards of directors is to set about active risk mitigation. Not only is this almost bound to save the company money, it may also keep the directors out of gaol.

    The regulatory background
    There have been a number of recent regulatory changes, which have placed responsibility for the control of material business risks firmly in the hands of the CEO and CFO, and have made them criminally liable if they do not act correctly. Principal among these is the recently introduced Sarbanes-Oxley Act, which requires the directors of companies listed in the US to develop controls and processes that enable the board to report on material business and financial risks. The CEO and CFO have to sign a statement to this effect. If they get it wrong, they can be sent to gaol for 20 years.

    Unfortunately, Sarbanes-Oxley does not define the scope of risks to be reported on, nor what is material. The only definition we have has arisen through the testing of securities law through the US courts, and the news is not good. The courts seem to have defined materiality to mean those things that would be 'material to shareholder/investor interests'. Therefore anything that could, if known, lead to a material decline in a company's share price has to be controlled and reported on. This would include all of the 'uninsurable' CSR risks.

    This is a very much wider interpretation of risks than those usually reported on by companies in their annual accounts. Let us illustrate this with a well-known CSR case – that of Nike and the labour practices of its suppliers in Pakistan and Vietnam. Nike's local suppliers were found to be using unregulated child labour in the manufacture of Nike sports goods. From a financial accounts perspective, these were not material risks or issues. However, once the news came out, Nike's shares dived as a result of the ensuing consumer backlash. That decline in the share price was definitely 'material to shareholders' interests'.

    Had the Sarbanes-Oxley Act been law at the time, shareholders could have sued the directors for not disclosing the labour practices of their suppliers, and for not having policies and controls in place to manage the reputational and financial risks.

    Understanding your risks
    Given that the G8 countries are reviewing the whole topic of CSR risks in in June 2003, the main conclusion is that directors need to think long and hard about the nature of risks in their business, and develop control processes to manage those risks.

    They need to disclose fairly and in a timely fashion what the risks are and what they are doing about them. Further, it is likely that investors, lenders and insurers will demand an independent review. These reviews will not manage the risks, but will provide directors with a route map through the maze, and investors with some level of confidence that directors are on top of the issues.

    Company law reviews in the UK and France are likely to include a requirement to report on some CSR risks, and therefore these will have to be covered during the annual audit process. It is increasingly common also for auditors to review and report on the system of controls in a company, and this review should properly cover the process for the management of CSR risks.

    In addition, investors are now demanding that companies sign up for the newly created 'corporate governance' and 'corporate responsibility' ratings provided by the leading credit rating agencies. The great benefit the rating agencies bring to the market is their ability to get inside a company, look in great detail at risks and response, and present the results in simple ratings scales. Both Standard & Poor's and CoreRatings (a sister company to Fitch Ratings) provide corporate governance ratings. In addition, CoreRatings provides corporate responsibility ratings, which look in detail at CSR risks specific to the sectors in which a company operates.

    As credit ratings have become the market's proxy for how likely it is a company will repay its debts, so governance and responsibility ratings will become a proxy for how well companies are controlling the financial impact of key risks. As credit ratings have created a scale for how the market prices credit risk, so governance and responsibility ratings will create a scale the market can rely on in pricing operational risks, particularly CSR risks. Since most of these risks can be mapped back to their effect on financial valuations, credit, governance and responsibility ratings together will set the benchmark for companies' cost of capital and the framework against which directors' performance will be measured.

    Alan Banks is group chief executive of CoreRatings, E-mail:

    Illegal logging is rampant and is destroying forests and forest communities around the world according to a new report, which claims that Europe's vast imports of illegally-sourced timber - worth E1.2bn a year1) - are tacitly supporting this trade. The report, 'Controlling imports of illegal timber: Options for Europe'2), published by FERN3) and The Royal Institute of International Affairs4) in December, provides governments and the European Commission, as well as banks and industry, with detailed measures to halt the import of illegal timber into the European Union. "Illegal logging is happening on a vast scale but everyone has turned a blind eye to how demand is created," says Saskia Ozinga of FERN and co-author of the report. "Now the mood is changing. Controlling imports of illegal logs into Europe will stop us colluding in a trade that is decimating the world's forests."

    The report proposes a raft of measures that span legal and voluntary initiatives, including:

  • new EU legislation to halt the entry of illegally-produced timber into the EU
  • bilateral agreements between producer countries and the EU to encourage trade in legal timber
  • support for producer countries in developing licensing systems as proof of legality
  • improved regulation of forestry industry finances to steer investment away from illegal activities
  • wider application of money-laundering legislation to cover forest crime and alert banks and insurers to suspicious timber companies.

    The report cites the positive example of the UK government's 'Memorandum of Understanding' with Indonesia, which the authors say could act as a template for new EU bilateral agreements. The authors say there are also lessons to be learned from:

  • the Kimberley Process that is tackling the trade in conflict diamonds
  • the US Lacey Act that makes it illegal to trade in fish and wildlife obtained illegally in foreign countries
  • the CITES convention that controls the trade in threatened species.Levels of illegally-produced timber are hard to track, but the Indonesian government estimates that over 70% of logging there is illegal. In Burma, illegal logging accounted for $86m in lost export revenues in a single year. And in Cambodia, illegal logging in 1997 was estimated at over 4 million cubic metres, ten times the size of legal extraction.

    1) The European League Table of Imports of Illegal Tropical Timber, Friends of the Earth EWNI, 2000

    2) 'Controlling imports of illegal timber: Options for Europe' is jointly published by FERN and The Royal Institute of International Affairs.

    3)FERN (Forests and the European Union Resource Network), Tel: +32 2 742 2436

    4)The Royal Institute of International Affairs Tel: +44 (0)207 957 5700

    The full report and summary are available from FERN - - and the Royal Institute of International Affairs -