High-profile bankruptcies in the financial services sector in 2008 led to increased scrutiny on the risks built into incentive pay programs. The SEC responded in December of 2009 with a new disclosure requirement to alert investors to material adverse risks that may be created by a company’s pay programs. Companies adopted compensation risk assessment processes and began including disclosure in their proxies, frequently going beyond SEC requirements to include disclosure even when they did not find material adverse risks (the SEC only requires disclosure when such risk exists). Compensation experts recently reflected on where we are today with risk management of incentive compensation arrangements since the SEC disclosure rule took effect in 2010.
Members of the WorldatWork Executive Rewards Advisory Council* expressed mixed thoughts as to whether the SEC rules have had much effect. A few thought that outside the financial services industry, there has been little effect on behaviors and/or results and felt the results seen today would not have been very different had the rules not been adopted. And while financial services firms have made a number of changes to their incentive plan designs, these changes were mostly made in response to Federal Reserve guidance and not the SEC disclosure requirement. One member remarked they haven’t seen program design change as a result of the regulation and another questioned whether all this work has prevented excessive risk taking or simply exonerated the compensation programs. However, many others thought the regulations have led to some positive developments overall—some of which have been unexpected.
Where many of the council members did agree was in the belief that the regulation has led to positive developments overall by providing focus on an area that is sometimes partially overlooked. Perhaps somewhat unexpected, the new regulations enabled corporate human resources to gain entrée and oversight of all incentive plans, which is welcomed among compensation leaders.
Often in many large and/or decentralized companies, compensation programs are developed in various business units without the involvement of the enterprise’s compensation team. As a result of new risk assessment processes, corporate-level compensation teams have been given authority to monitor, and sometimes even discover, the incentive plans and other compensation commitments in place throughout the organization. They have gained entry into the design of these business unit-developed “legacy plans,” been successful in requiring implementation of best practices and have introduced governance where it wasn’t present in the past. This also includes being drawn into sales compensation from the perspective of risk—because these plans are very often designed and managed locally. Just the fact that incentive programs are reviewed by the board’s compensation committee lends a seriousness and legitimacy to the exercise, which is helpful to compensation management.
Additionally, the new regulation has assisted corporate compensation in conducting a more comprehensive review of the balance between risk and reward in compensation programs. It also has supported the effort to achieve that balance more consistently across all programs relevant to participants whose actions are more likely to expose the company to significant business risk. Compensation committees have also benefited from having a broader understanding of the full incentive landscape. Committees have been encouraged to get better acquainted with organization plans that extend beyond their immediate purview. At many companies, the analysis received more attention from the compensation committee the first time around than it has subsequently—except in cases in which HR brought a big change in plans or results to the committee.
This oversight and monitoring has led to improvements in controls in some cases, as well as better consideration of unintended consequences of incentive program design. This additional oversight is recognized as good and a positive development, but the amount of time and effort involved is substantial.
Some suggest that the risk assessment process is merely a “check-the-box” compliance exercise, and critics lament that disclosure in proxy statements appears to be standard boilerplate. Compensation experts directly involved agree that it can take the form of a check-the-box exercise, but that alone adds value as long as one is using a best practice checklist. Checklists that include design features that may impact (either positively or negatively) the risk profile of an incentive plan have evolved. Going beyond this, collaborating with the enterprise risk management function to address any significant risks unique to an industry or company ensures a comprehensive overall view is taken. That collaboration also can build in any additional mitigation factors that are not in the generic best practices playbook. Regardless of the rigor of the analysis, the disclosure of the results is generally about the same: a high-level summary. So, compensation experts agree there is probably some truth to the “standard boilerplate” description—companies don’t necessarily want to stand out as different, possibly resulting in extra scrutiny or questioning of results.
The advisory council members expressed concern that today’s risk reviews focus mostly on plan design itself rather than how incentive plans are used by managers and the ecosystems in which they operate. Attention is paid to the plan design as it exists on paper, reviewing plan design features or the compensation “hardware” (e.g., types of measures chosen, balance between short- and long-term measurement, caps on payouts). These design elements lend themselves to a check-the-box approach, and most industrial companies have not had trouble complying. However, when things go wrong from a risk perspective, it’s often the ecosystem or “software” surrounding the incentive plans—management style and decision making protocols, culture, administration—that lead to or exacerbate bad business outcomes. Controls also are an important element of the ecosystems; approval requirements for various kinds of commitments are absolutely critical to risk management and should be considered in the compensation risk review process. In addition to a bottom-up review of the hardware, companies can improve their risk review process by including a top-down review of the software, looking at whether the compensation plans might exacerbate any of the business risks (i.e., financial, operational, reputational, regulation/compliance). For example, when looking at financial risks, are there weak controls around financial statements that could affect incentive outcomes? Are there conflicting goals across the organization that could lead to inappropriate behaviors or inefficiencies? Are executives so focused on incentive plan goals that they ignore other core drivers of performance?
The requirement has demanded a significant amount of work, and has had some positive outcomes, both intended and unexpected. Incentive plan risk management will continue to evolve, and scrutiny and calls for further regulation will continue.
A key aim for well-designed pay programs is not to minimize absolute risk, but rather to understand both short- and long-term implications of program design. Built-in checks and balances, continuously monitored results and incremental adjustments are effective mitigators of the risks inherent in business and in variable compensation. Business is driven by sensible risk taking, when growth and profits are the reward. It should not be the intent to eliminate risk taking entirely. Looking ahead, caution is warranted to not go too far with further regulation, especially to avoid stifling necessary business risk taking as well as avoiding unnecessary overhead expense and loss of competitive advantage for U.S. companies in the global economy.m
Sue Holloway, CCP, CECP, is Senior Executive Compensation Practice Leader, WorldatWork. She can be reached at sue.holloway@worldatwork.org.
* The views expressed are the professional opinions of the members of the WorldatWork Executive Rewards Advisory Council. They do not reflect the opinions or positions of their employers.