Frank Curtiss, head of corporate governance at RPMI Railpen Investments
Investor primacy and a clear narrative in the voice of management are key elements in risk reporting.
What I want to see is an honest explanation in the context of the business strategy and the business model and how that risk is managed. While I recognise that other stakeholders will want to look at corporate reports and there is a wider public interest, the purpose of reporting is about stewardship and accountability to those who provide the risk capital.
Boilerplate reports are of little use, as are reports which drag investors into the micromanagement of the business.
A boilerplate approach may be what your lawyers think is a good idea and you may think you can’t be faulted but you can. Even worse is just an exhaustive list of risks, some of which are so obvious. What we need to know are the key risks, why management thinks they are critical and what they are going to do about it.
As a member of the IIRC working group I am naturally a keen proponent of integrated reporting, and keeping risk reporting connected to the broader risk management approach of the company.
It’s also about integrated thinking and working across the company. We see enthusiastic companies taking part in the IIRC pilot programme where finance and corporate social responsibility and investor relations are working together, not in silos.
The less enthusiastic finance departments tend to throw out excuses about sensitive information and increasing the reporting burden. In many cases they should be reporting on these things anyway if only for management information. There’s clearly a balance between informing the markets and giving the game away, but the more transparent companies don’t seem to have a problem. If people tell me ‘it can’t be done, it can’t be done’ I just tell them that some people are already doing it.
Some of the companies I think demonstrate good risk reporting include:
- Admiral – highlighted the risk relating to their change of strategy in the CEO’s statement – which is where it should be
- Aggreko – written in a personal voice, refreshingly honest and doesn’t shrink from telling us the potential risks to revenue
- BT - very good description of the business model and very good up-to-date risk section – we don’t want to read the same thing year after year
- Great Portland Estates – they explain the strategy pretty clearly, each risk is identified and discussed with helpful cross references to other parts of the report
- Provident Financial – lending to subprime customers is a very risky business and terribly topical: the risk section is very good and tells what their risk committee agenda is. But it’s a hugely controversial sector and they know they need to explain it—we don’t need that level of detail from every company.
Often higher levels of transparency can be found in those areas, such as gambling and tobacco, where the ‘licence to operate’ is in question. They are all too aware that the spotlight is on them and they’ve got to justify themselves.
But some industries are in general better than others – the extractive industries are generally ahead of many financial services organisations, for example.
An important factor is the general level of information that is around. There’s the risk of assuming prior knowledge. For a mid-tier company there’ll be nothing like the level of analysis that there is on say, the big telecoms providers and their peers. And even the most clued-up investors don’t know everything – they’re not present at board meetings or risk committee meetings or audit committee meetings so the more that a company explains the better.
In recent years RPMI has shifted its asset allocation considerably away from UK equities and is now a truly global investor across a number of countries. I would like to see a more closely aligned international standard of reporting. However with even English-speaking countries with common traditions having wide variations, it is difficult for companies simply to import a better reporting regime into a different jurisdiction.
There’s got to be a race to the top, that’s why I support the IIRC attempt to promote best practice internationally. There’s definitely a willingness by governments and regulators to embrace this, but investor and privately led initiatives tend to be more successful, as by definition regulation has to be more detailed. We don’t hope to change it tomorrow but we might see a significant step-change between now and 2020.
By this time I hope that more and more reporting will have moved online, hopefully in standardised formats that make it easier for investors to mine and work with the data.
An annual report is useful as a snapshot for stewardship purposes—but as technology improves you will see dynamic integrated reporting as reporters and users become more confident, and that will eventually replace the massive end-of-year annual report.
I have seen a lot of progress in risk reporting since the financial crisis. Risk has now become something that can be discussed when previously it was a four-letter word. The better reporters are telling us something useful about risk—the levels of disclosure used to be terrible across the board, now there are plenty that are not.
Successive generations of management will wonder what all the fuss was about. The benefits of better quality information and greater transparency must outweigh the risks of an enhanced disclosure regime, and any unhelpful side effects will be more than balanced by the positives.
The big challenge now is the mass of companies whose risk reporting is inadequate at best:
There are some shining examples, good reports that tell the story honestly and in the voice of the company. The trick is to get the others up to speed.
High quality risk reporting increases investor confidence, not just in terms of the risks being discussed, but also in the overall quality of management:
It provides reassurance in terms of stewardship and responsibility that the management are taking on all this and that they are looking at the right risks.
Ultimately it’s all about what management think and what they are doing. And if a company can’t explain its own strategy and its business model itself, then who can?