Risk Management

Coming Distractions

If these eight risks are not on your radar screen, they will be soon.
John GoffApril 1, 2006

Like most CFOs, Paul Reilly is not prone to exaggeration. The finance chief at Melville, New York–based Arrow Electronics Inc., Reilly is by nature a pragmatist — a level-headed, by-the-numbers pragmatist. So when he tells you flat out that, “It’s a growing problem; people are not focused on it,” you take note.

What people are not focused on, according to Reilly, is the massive heap of old computers and motherboards piling up in landfills across the planet — the toxic detritus of the Digital Age. It’s a mounting problem — literally — and one that’s only now being addressed by government regulators and corporate officers.

But as big a concern as E-waste is, it is still only a small byte in the larger risk grid confronting business managers these days. Indeed, Reilly’s statement about the looming green peril could just as easily be applied to a host of regulatory red flags and business black holes roiling corporations. And while companies have always faced risks, many finance managers say they can’t remember dealing with so many.

Research seems to back this up. In a recent survey of executives (mostly CFOs) conducted by consultancy Protiviti, half of the respondents reported that the overall risk level for their employers has gone up substantially in the past two years. What’s more, 57 percent of those executives said their employers are not particularly good at identifying risks.

That’s a high percentage, and one that suggests that risk managers are routinely engaged in a corporate version of Wac-A-Mole. Just as one danger is smacked down, another one pops up. And while no single magazine article could ever chart all the hazards facing corporate managers, the eight risks detailed in the following pages cover a wide range of concerns. As such, they involve a number of key company functions, including accounting, finance, and insurance. Finance chiefs may be aware of a couple of the risks, but it’s doubtful any CFO is prepared for all of them.

That’s why we did this story — as a heads-up. Our matrix was simple. The impact of these risks must be felt within the next 12 months, and the risks themselves must be relatively unknown. Of course, relative is a relative term. We’ve omitted obvious big-picture concerns like the aging workforce and global competition.

Instead, we sought out more-tangible, more-discrete risks: from looming regulatory actions to litigation threats to insurance woes. Generally speaking, it’s those sorts of defined dangers that end up bedeviling companies — and agitating even the most even-tempered of CFOs.

Green Laws: No Hazmats Beyond This Point

On July 1, a new law takes effect in the European Union. The directive prohibits the sale of electronic products that contain high levels of six industrial toxins, most notably lead and mercury. The Restriction of Hazardous Substances (RoHS) mandate is intended to keep discarded devices from leaching hazardous materials into soil or groundwater.

The amount of such E-waste is growing at an alarming rate on the Continent — three times the rate of other waste material. The restricted items (especially lead) can be found in a wide range of products, from toasters to computers. That’s what makes RoHS such a bear. “This is a Y2K-type issue [for us],” says Jason Yoder, senior manager of regulatory affairs at network- equipment maker Cisco Systems Inc. “[RoHS] basically changes the way we do business.”

In fact, RoHS changes the way all electronics manufacturers, suppliers, and distributors do business — regardless of whether they sell in Europe. RoHS is the blueprint for other green laws expected to be adopted in China, Japan, and the United States. California, for one, has already passed a similar E-disposal measure.

Assessing RoHS’s financial impact isn’t easy. But considering that U.S. high-tech companies export about $42 billon worth of products to Europe each year, the hit to earnings could be noticeable. Mostly, that bite will come from the retooling and testing of products, as well as inventory write-offs and warehouse snafus. An example: a manufacturer that currently orders by part numbers needs a whole new system to differentiate between leaded and nonleaded products.

Not surprisingly, large U.S. manufacturers are already retooling factories ahead of RoHS. But problems with outsourcers and sub-assemblers could prove to be the big hurdle, particularly for companies with complex supply-lines. Asks Arrow Electronics’s Reilly: “What happens on July 2 if you have to shut down production because you don’t have the right parts?”

Worse, problems arising from noncompliant products could trigger ugly disputes between suppliers and manufacturers. As Ken Rivlin, an environmental-law expert and partner at Allen & Overy LLP, asks: “Who will pay for the fines? Who will pay for product returns? Who will pay for product replacement?”

Who indeed? Managers at many smaller U.S. manufacturers and suppliers appear to be hoping that the EU extends the deadline — a dim prospect. In fact, Bijan Dastmalchi, president of advisory firm Symphony Consulting, predicts that, while most companies claim they will be in full compliance by July 1, only a few have done the due diligence necessary to ensure that their merchandise meets the requirements. That’s worrisome, given the leanness of some supply chains. “European companies feel that 75 to 80 percent are ready now,” notes Reilly. “But when it comes down to execution, the percentages will come down.” — Elaine Appleton Grant

Terrorism Insurance: Duck and Cover

Over the past few years, several high-ranking government officials, including Vice President Dick Cheney, have warned that a future terrorist attack on U.S. soil is inevitable. What’s less certain is whether you can buy insurance to cover an attack.

In December, Congress and President Bush begrudgingly okayed the Terrorist Risk Insurance Extension Act (TRIEA), the continuation of a program that covers insurers against sizable losses stemming from acts of terrorism. The bill was not expected to make it out of committee, let alone pass. As Jeff Burchill, CFO at Rhode Island–based business-property insurer FM Global, notes, “The government is reluctant to get into the insurance business.”

But nearly five months after the extension was submitted to Congress, terrorists set off bombs in a London subway. The blasts in the UK apparently convinced lawmakers in the United States to continue the government coverage a mere nine days before the original act was set to expire.

Even so, TRIEA leaves insurers on the hook for larger payouts. What’s more, it raises the triggering event to $50 million in 2006 and $100 million in 2007, way up from the original $5 million. “Washington is sending private insurance markets a clear signal,” says James Valverde, director of economics and risk management for the Insurance Information Institute. “It wants them to handle this risk.”

It’s not entirely clear that they can. After 9/11, premiums for terror coverage (generally, all-risk commercial policies that do not exclude terrorist acts) skyrocketed. Reportedly, Chicago O’Hare International Airport carried $750 million of terrorism insurance — with an annual premium of $125,000 — before the events of September 11. After, insurers are said to have offered the airport just $150 million in coverage. The annual premium? Almost $7 million.

With the government cushion, the price of terrorism coverage has dropped substantially of late. That, in turn, has triggered something of a buying spree among corporate customers. Insurance broker Marsh Inc. found that close to 50 percent of the commercial and government entities it surveyed had some type of terrorism insurance in the fourth quarter of 2004 — twice as many as 18 months earlier.

But the percentage will plummet if the federal program is not renewed again. The mere prospect of the government backstop expiring could put pressure on premiums by mid-2007. If the act isn’t extended, the cost of terrorism coverage will skyrocket — when it’s available at all. One industry expert says some insurers would likely have cut terrorism coverage capacity “dramatically” if the original legislation had not been in place.

Such a pullback could prove to be a double whammy for finance executives at companies with a high exposure to terrorist attacks. CFOs at real-estate companies, for example, may find it difficult to line up funding for commercial-property developments without terrorism insurance. And as Burchill points out, reinsurers have little interest in backing policies that cover U.S. businesses against terrorist attacks.

That’s bad news for risk managers, since terrorists seem to have plenty of interest in attacking U.S. businesses. Even before September 11, American companies were a major terrorist target, accounting for 178 of 206 global attacks in 2000. Peter Ulrich, senior vice president of model management for Newark, California-based insurance industry advisory firm RMS, theorizes that the war in Iraq has diverted many of the attackers. But he warns that the cradle of civilization is now serving as an incubator for a new wave of terrorists. Ulrich expects that when the fighting subsides, those terrorists will migrate west, first to Europe, then to the United States. And as Valverde points out, the critical infrastructure in America is “vast, and more than 80 percent privately owned.”

Another major strike on U.S. soil would sorely test the ability of some insurers to make good on policies. The 9/11 bombings are thought to have cost carriers $32 billion — twice the payout of Hurricane Andrew. Experts estimate total claims of $60 billion to $100 billion could lead to widespread industry insolvencies.

TRIEA might help avert that scenario. But insurers that received the federal funds would have to pay the money back to the government over time. Toward that end, the act empowers carriers to immediately raise property-and-casualty premiums by up to 3 percent, even for companies that carry no terrorism insurance. TRIEA’s $100 billion ceiling would easily be surpassed in the case of a catastrophic event — such as a chemical, biological, or nuclear attack.

Indeed, ask Valverde about such scenarios and he starts referring to the government’s $100 billion TRIEA “ceiling” as a “floor.” Of course, at that point, insurance would probably be way down on the list of concerns. As Ulrich points out, “If a nuclear bomb goes off, there are a lot bigger things to worry about than whether your company is still in business.” — Tim Reason

Foreign Corrupt Practices Act: Dungeons and the Dragon

So you think it’s easy to stay out of jail? John MacLellan doesn’t. The regional finance director of Microsoft Corp. in Asia, MacLellan is responsible for ensuring compliance with the U.S. Foreign Corrupt Practices Act (FCPA), a law that exacts strict penalties for giving or taking bribes at overseas operations. While the software giant boasts a robust internal-compliance program, recent FCPA enforcements (including actions against Titan Corp. and InVision Technologies) suggest a new urgency in the U.S. government’s enforcement of the law.

Complicating MacLellan’s job: in the People’s Republic, it’s not always clear who you’re dealing with. A U.S. executive might treat a customer to a business dinner without ever knowing that one of the guests is a low-level ministry official. “We face a large number of very complex deals in China,” MacLellan says. “Because of the size and influence of the government, we’re exposed [to the FCPA] from the start.”

While more attention has been paid to intellectual-property theft and trade issues, the FCPA may prove to be equally vexing to business managers in China. Since the law was enacted in 1977, it has yielded just four convictions. But Owen Pell, partner at law firm White & Case LLP, says the dearth of FCPA convictions can be misleading. Most cases, he notes, are resolved through plea agreements and settlements. The total number of investigations into possible FCPA violations in all countries has increased since 2002, with 22 new inquiries (both in-house and governmental) launched between 2004 and 2005. That’s considerably more than the number of inquiries triggered by the Organization for Economic Cooperation and Development’s (OECD) Convention on Bribery, a law signed by 36 countries that ties into each nation’s own antibribery statutes.

China has yet to sign the OECD convention, and observers say the country’s tough antibribery laws are underenforced. That’s a volatile combination. While the FCPA has uncovered violations in scores of other countries — notably, Indonesia and Nigeria — the size of the China market may provide the greatest temptation of all. BearingPoint Inc., for example, recently disclosed that the company faces “potential exposure to liability” under the FCPA because of payments and gifts to current and former officials at state-owned companies in China. In 2004, an internal audit at Lucent Technologies smoked out a possible kickback scheme in the company’s China operation. Following a company inquiry, four high-level executives, including a finance manager, were dismissed.

Expect more of these Shanghai surprises coming from U.S. businesses — many triggered by the internal-controls provisions of Sarbanes-Oxley. Chinese companies listed in the United States also feel pressure to comply. “I’ve had at least three separate sessions with lawyers explaining the rules,” says Mark Keithley, senior vice president at Nasdaq-listed PCCW Global, a unit of Hong Kong’s phone company. “They emphasize a change in the way the law is being enforced.” One change involves tighter control over marketing costs. Notes Keithley: “The costs can now be looked at as a potential inducement or bribe.”

That’s one of the thrills of the FCPA: it can be interpreted in many ways. Moreover, it permits some actions that might actually be perceived as questionable. For example, gratuities given to government officials for performing essentially clerical duties (known as facilitation payments) are generally allowable. A company’s CFO must decide which payments are appropriate and which may be an attempt to influence an official. Negotiating such a gray area is never easy. Says Peter Humphrey, managing director at Shanghai-based investigative firm ChinaWhys: “It’s a very human exercise, not just a balance-sheet exercise.”

Traditional Chinese accounting practices — such as the use of fa piao, or a generic receipt — only add to the uncertainty. So, too, does a reliance on chops, or stamped signatures. Microsoft’s MacLellan is well aware of the perilous landscape. “Business practices conducted in China are tailored deal by deal,” he says. “It’s up to you to determine what’s right or wrong.”

That’s what worries CFOs. — Tom Leander

Contingent Liability Accounting: Exposing Exposures

At last count, the won-lost record of Merck & Co. for Vioxx-related lawsuits is 2-1. The company scored a big win in federal court in February when a jury in New Orleans found that the pain medication had not caused a man’s heart attack and death, as had been alleged. Says Standard & Poor’s director Arthur Wong: “The first set of cases is critical in terms of gauging what the damage awards are going to be.”

Despite the verdict, Wall Street puts Merck’s total Vioxx liability somewhere between $5 billion and $50 billion. The yawning difference in estimates is understandable: currently, there are more than 9,600 Vioxx cases pending. And yet in its latest filing, management at the $22 billion (in revenues) Merck indicated that the drugmaker has not set aside any reserves for potential liability relating to the Vioxx litigation.

That sort of guarded approach has regulators wondering if companies are giving investors enough information about their legal exposures. Under Financial Accounting Standard No. 5, public issuers must disclose the existence of any lawsuit that’s likely to cause a loss — but they don’t have to include legal liabilities on the balance sheet until a payout is “probable” and the amount can be “reasonably estimated.” At a recent conference, Financial Accounting Standards Board chief Robert Herz expressed concern about FAS 5, noting that companies often don’t disclose legal liabilities “until the doo-doo hits the fan.”

A Securities and Exchange Commission report seems to echo this worry. In it, the Commission estimated that just 5 percent of corporations include any sort of legal liability on their balance sheets. That’s troubling, considering 46 percent of public companies report being sued. Most public issuers, the SEC noted, “recognize no liability and disclose no maximum loss or range of loss.” Businesses that did take a balance-sheet hit reported only $12 billion total in liabilities. By the SEC’s lights, their potential losses could top $52 billion.

It’s unclear if the agency will put pressure on FASB to force companies to reveal more, but in this era of extra disclosure, it’s a possibility. While Herz states FASB does not have a project under way to alter FAS 5, he says his personal preference would be for “companies to recognize and quantify such liabilities at an earlier stage, and provide more fulsome disclosure.”

The lack of fulsome disclosure could turn out to be something of a prison for public issuers. Absent corporate guidance, analysts at investment houses and credit-rating agencies are beginning to plow ahead on their own, factoring in contingent liability when assessing a company’s financial health. In a sign of things to come, S&P recently issued several papers explaining how litigation uncertainty affects corporate ratings. “At the end of the day,” admits Wong, “it’s almost anyone’s guess how lawsuits will affect a company.”

Maybe so, but S&P is giving it a shot anyway. Wong notes that the looming legal liability at Merck accounted for a full notch in the company’s credit-rating drop from AAA to AA-. Businesses facing lots of court time can expect similar treatment. — T.R.

Electronic Records Retention: Known When to Hold ‘Em

Last May, Wall Street was stunned when a jury ordered white-shoe firm Morgan Stanley to pay financier Ron Perelman $1.58 billion for the bank’s role in a botched deal. Almost as stunning as the award: the high-profile case turned on Morgan Stanley’s failure to turn over requested electronic documents.

The staggering jury award not only lined Perelman’s pockets, it also underscored the rising importance of E-discovery. The average U.S. corporation is currently contending with 37 lawsuits — and, increasingly, litigants are demanding to see defendants’ digital documents. So, too, are regulators: in February, the Securities and Exchange Commission hit Morgan Stanley with a $15 million fine to settle a probe of the bank’s E-document retention policies.

The requests for data can prove daunting, even for the 57 percent of U.S. businesses that have records-retention policies. Cell-phone distributor Brightpoint Inc. is typical. Executive vice president, general counsel, and secretary Steven E. Fivel has set up procedures that trigger a “records hold” once a suit is filed. The problem? Many businesses like Brightpoint craft retention policies that cover memos, Word files, and the like, but not E-mail, instant messages, or other “unstructured” data.

That’s an enormous blind spot. Without a robust archiving and retrieval system, digging up critical E-mails can be an exercise in frustration. Eric Schwarz, the Americas leader-legal technology for Ernst & Young’s fraud-investigation and -dispute services practice, is currently working with a global corporation to find data relevant to issues related to the sale of one of its subsidiaries. “It’s taken 5 [of our] guys plus 30 of their guys the better part of nine months to locate every tape in 80 countries.”

That’s hardly surprising. The amount of data produced by businesses is prodigious. One digital-archiving vendor claims it has already upped its storage capability to two petabytes, which is roughly 1,600 times the amount of information in the 17 million books in the Library of Congress.

The convergence of mobile phones with computers will cause even more problems. Says Schwarz: “This unified messaging — where your voice mail comes across your E-mail — is a records-management and litigation nightmare.”

Nightmare is right. As John Mancini, president of the Association for Information and Image Management International, points out, businesses had hundreds of years to figure out how to manage paper records, and many still didn’t get it right. “We are in the very early stages of a revolution [from paper to digital],” he warns. “Businesses are going to be wrestling with this question for quite some time.” — E.A.G.

Analyst Freeze-Outs: Everyone’s a Critic

In September, when the SEC asked Altera Corp. for information about the company’s dealings with equity analysts, the request was barely noticed. But privately, some insiders saw the question as the opening salvo in a coming SEC campaign to curb a growing problem: corporate retaliation against negative analysts.

While Altera denies any wrongdoing, freeze-outs of negative analysts have long been an open secret. And despite efforts to keep investment bankers from influencing analysts, some public issuers continue to shun analysts who offer caustic comments. Says George Kramer, a lawyer with the Securities Industry Association: “It’s a continuing problem.”

This may be changing — and soon. SEC boss Christopher Cox has indicated that the agency’s staff is looking into the issue and fully intends to “tackle” the problem. Whether that tackling involves industry self-regulation or government sanctions remains to be seen. Neither would be good for public companies. Newspaper stories or SEC reports detailing how corporate managers ostracize honest analysts could prove to be a public-relations disaster — and could ensnare scores of businesses. As David Weild IV, a former official at Nasdaq, notes, analyst freeze-outs remain “the rule rather than the exception.” — Stephen Taub

Pricing Strategies: Predators’ Bill

This month, the Federal Trade Commission and the Department of Justice will commence a yearlong series of joint public hearings. The topic of the get-togethers? Section 2 of the Sherman Antitrust Act, which prohibits exclusionary single-company conduct — things like anticompetitive behavior and predatory pricing.

The question of how companies set prices for their products and services is getting plenty of regulatory attention these days. In January, executives at South Korean microchip maker Hynix Semiconductor Inc. pleaded guilty for their part in a scheme to fix the price of computer memory chips. In March, the DoJ confirmed that it is investigating possible price fixing among the major recording labels for online music. Microsoft, Netflix, Illinois Tool Works, and other companies have all come under scrutiny lately regarding their pricing tactics.

At issue for CFOs: will the courts begin to move away from the antipathy they’ve shown to predatory-pricing lawsuits over the past 30 years? For three decades, laissez-faire theories championed at the University of Chicago have held sway in federal courts. “The Supreme Court has been receptive to the argument that predatory pricing is so rare that it’s not worth worrying about,” notes Albert A. Foer, president of the American Antitrust Institute, a research and advocacy group. “But there is no empirical evidence that that’s true.”

Regardless, no plaintiff has prevailed in a final determination of predation suits in federal courts since 1993. As Aaron Edlin, a professor of law and economics at the University of California, Berkeley, notes, businesses that hope to win pricing cases would do well to omit mention of “predatory” in their suits, because that often sets a standard that’s been virtually impossible to meet.

That may change. Advances in game theory and behavioral economics are casting doubt on the Chicago School’s views. And a decision rendered by an appeals court in 2003 seemed to suggest that jurists themselves may be having second thoughts. In its decision, the 10th Circuit Court of Appeals indicated it would not approach predation cases with “the incredulity that once prevailed.”

This slight lowering of the bar could encourage the Davids of the business world to go after the Goliaths. And as Daniel A. Crane, assistant professor of law at the Benjamin N. Cardozo School of Law in New York, argues, they may not necessarily care about winning. Predatory-pricing lawsuits, he says, are often launched with other aims in mind, such as intimidating a rival or sending a strong signal that prices should be adjusted upward.

Pricing remains problematic. In February, for example, market-research giant VNU NV agreed to pay $55 million to settle a lawsuit alleging the company had, among other things, engaged in predatory pricing. While many observers saw that as further proof that plaintiffs in such suits stand little chance in court, the settlement could be another sign that managers need to think long and hard about pricing strategies in 2006. — Scott Leibs

Bond Covenants: The Unbearable Lateness of Filing

Once, when asked to sum up lessons learned from the infamous Donner Party, one survivor said: “Never dawdle.”

Public companies take note. Indeed, late SEC filers may soon be dealing with an unforeseen problem: lenders are beginning to use tardy filings as cover to call in loans. “Bondholders are becoming more aggressive and taking action,” says Kenneth Eckstein, partner at Kramer Levin Naftalis & Frankel LLP.

Take the ongoing court case involving BearingPoint. Two holders of the consultancy’s convertible securities claim the firm is in default because it has yet to file periodic reports from 2004 and 2005. BearingPoint has bashed the lenders’ assertion, dismissing the claim as “a cynical attempt to extract leverage….”

With interest rates rising, expect more cynicism. In a sign of things to come, Navistar International Corp. recently received a default notice from bondholders because of a late filing.

More than 100 companies were late with their filings in the third quarter of 2005. You can almost see the lawyers flying lazy circles in the sky. — S.T.