Every corporate director knows the importance of M&A in the grand scheme of enterprise. With some 40,000 significant transactions announced annually, M&A is hard to ignore. Yet there are persistent risks that directors need to understand and mitigate through insightful questions and the dialogue that ensues.
Risk: Not all bets will pay off—at least not right away. Buying a company means placing a bet on the future. Given the level of unpredictability involved, there is some chance that the merger will fail to achieve its goals and/or fail to return incremental value to shareholders. It is commonly cited that “80 percent of all mergers fail” to add value; however, this percentage is an exaggeration. Event studies that compare transactions over time present a more realistic picture by showing that incremental financial value is not assured. For example, a study conducted by Kingston Duffie, publisher of the digital magazine Braid, indicates that companies actually lost 4.8 percent of their value when they spent at least five percent of their market capitalization on M&A during the 18-month period between October 2014 and March 2016. The interactive graphic included in the study shows differentiated performance during the period—high for Stamps.com Inc., medium for Starwood Hotels & Resorts Worldwide Inc., and low for EV Energy Partners. Your company could experience returns like any one of these.
Question for Directors:If this merger ends up havinga slightly negative result for our shareholders, what are the compelling strategic reasons to do this deal? When do we believe that deal synergies will materialize?
Risk: As a director, you could be named in a lawsuit—especially if you are voting on the sale of a company. In 2015, lawsuits were brought in 87.7 percent of completed takeovers. Although most cases settle, some do go to trial. In a trial setting there are four main standards for judging director conduct in the sale of the company, ranging from lenient to stringent:
The business judgment rule (trusting the decision as long as directors have no conflicts of interest and are reasonably well informed).
The Unocal standard (protecting anti-takeover moves only if a threat is real).
The Revlon standard (requiring an auction process once a company is in play).
Entire fairness (requiring both a fair price and a fair process).
In addition, when a company has promised its shareholders the right to have the company appraised, the court itself can impose its own valuation. In the original Dell go-private transaction, the court retroactively forced the company to pay aggrieved stockholders what the court deemed to be a missing increment to their premium.
Question for Directors:How can we find assurance that sale is in the best interest of the company and its owners, and that we have chosen an optimal price? How can we ensure that there is a litigation-ready record of our deliberations in this regard?
Risk: You could lose your board seat. According to a study by Kevin W. McLaughlin and Chinmoy Ghosh of the University of Connecticut, there is a higher rate of retention for directors from the acquiring firm (83 percent) following a merger, with the most likely survivors being individuals who serve on more than one outside board. Only about one-third of directors from the target board (34 percent of the inside directors and 29 percent of the outside directors) continue to serve after the merger.
This October, when Dell Inc. and EMC Corp. officially merge (assuming full regulatory clearance following their recent shareholder approval), many who serve on the EMC board may not be on the post-merger Dell board, including retiring EMC Chair-CEO Joe Tucci. When the merger was first announced last October, a spokesman for Elliott Management Corp. stated in a press release, “Elliott strongly supports this deal. As large stockholders, we have enjoyed a productive and collaborative dialogue with Joe Tucci and EMC’s Board and management. We are confident that this Board has worked tirelessly to evaluate all paths for the company and that today’s transaction represents the best outcome for stockholders.”
Saying goodbye to some or all of these incumbents this fall will seem to be an ironic outcome for creating value. And yet that is how it must be. Fiduciaries are not self-serving, but rather they serve on behalf of shareholders to promote the best interests of the company. As such, they need to be ready to move on when that is the best outcome for the corporation. Still, it is disruptive (and not always creatively so) to be a trusted voice of wisdom for the future one day, and mere history the next.
Question for Directors: If we sell this company and our board must merge or disband, who among us will be most useful in steering the combined company in the next chapter?
These are not easy questions. But by asking them, directors can help their companies beat the tough M&A odds.
Speaking at NACD was a highlight of my year, as the audience was forward-thinking, eager to learn, and willing to grapple with tough questions in order to reach good answers. The discussions after my talk were almost as much fun as the talk itself, and there was significant appetite for a reference sheet to some of the bigger ideas I’d outlined. I hope that the summary pulled together here will prove helpful, and I welcome remarks, insights, or questions about any of it!
Disruptive trends in technology, culture, and business are converging. That convergence is an opportunity for businesses that recognize how to proceed.
Code: Technology is cheaper, faster, and better than ever before.
From software toolkits to education outlets, cloud computing to open-source big-data structures, there have never been so many ways for a motivated player to exert so much leverage so rapidly. Competitive advantages and resources that once belonged exclusively to large companies are increasingly not just accessible but freely available. In many cases, these platforms even invert such advantages—meaning that individuals who are part of porous, open groups are able to deploy better solutions faster than corporate counterparts by leveraging their communities. And all at low to no cost.
President Obama’s first campaign for the White House is a prime example of this phenomenon: he hired data specialists who used a simple method to computationally test different versions of his website in order to see which ones were generating more donations. Using this approach, he exceeded his projections by an additional 4 million e-mail addresses, a click-through rate of 140 percent, and $75 million more than was expected.
Culture: Transparency, meritocracy, and a willingness to disrupt anything characterize the new technology (and business) marketplace.
The age of playing by the rules—any rules—has largely gone by the wayside. When it’s possible to conduct corporate inversion online in under 20 minutes using a digital toolkit provided by a foreign nation state, it’s clear the playing field has changed. This is exactly what Estonia’s new “E-Estonia” initiative—which grants corporations a type of citizenship supported by cryptographically backed authentication—has been accused of enabling.
The people developing new solutions and creating new technologies take for granted an entirely different set of social (and moral) norms, which have no respect for the way your business is currently structured.
Competition: An exploding black market and a global tipping point that will occur when the remaining two-thirds of the planet come online over the next five years herald an incipient tidal wave of strange new competitors.
If you think the Internet has been disruptive during the past 20 years, you haven’t seen anything yet. The motivations and expectations of people completely new to technology differ from those of people who have already internalized it. Much like the toddler who doesn’t know what to do with a computer mouse and thinks a computer screen is broken when he can’t swipe it, new users of innovative technologies will have different expectations for what your company should provide. When you mix in a booming black market and a surging cascade of disruptive technologies—everything from drones to 3-D printing to dial-your-own genomics—you have a strange new world indeed…and one coming at you very, very quickly.
ACTION ITEMS: There’s good news in all this. You can compete just as well—if not better—by recognizing that the game has changed and adapting to the new rules.
1) Experiment, experiment, experiment.
It’s faster, cheaper, and easier than ever before to invent, test, and iterate. It’s what your competitors (and they are legion) are doing—especially the outlier startups that you so fear will flip your market as Uber did the medallion cab industry’s. The good news? You can do exactly the same thing. Even better, once you do, you already have a supply chain, established market, and deep resources to drive these new industries ahead of smaller first-time players.
What to ask your senior management: How are you implementing more agile and iterative development methodologies, and why?
2) Systematize culture change.
Empower your employees to act on your behalf. Legitimize risk. Reward insight. While this strategy looks good on paper, it is nearly impossible to execute, especially in highly efficient, competitive, and well-established organizations. Do it anyway, and you will find yourself at the helm of one of the most powerful entities in today’s market: A company that effectively innovates as a matter of course and knows how to build businesses and deploy products accordingly.
What to ask your senior management: How are we empowering our employees, at every level, to change the way our company operates? What evidence are we measuring that indicates this strategy is working?
3) Risk everything.
All business is about risk. But many companies have lost sight of the fact that this means not just mitigating risk but also embracing it. The emergence of new technology is confronting every industry with massive shifts that entail plenty of risk in the most negative sense. But the opposite is equally true, and it’s only by seizing the opportunities this time of change represents that you’ll emerge victorious. And who knows…you might even make the world a better place while you’re doing it.
What to ask your senior management: If you had to increase revenue by 25 percent this quarter, what would you try? Why aren’t we trying that?
I live every day in the future, metabolizing the new technologies that are slipping over our event horizon and into daily life. It’s a scary place to be, but it’s also one that offers boundless hope. Times of change are enormous opportunities for advancement. Those of us who experiment voraciously, learn quickly, and adapt effectively will chart the course for how human commerce unfolds over the next two decades. Our way will become the “new normal” and possibly set standards that will shape lives for generations to come. It’s not a time without risk, but it’s also a chance to change the world. What more could you want?
Josh Klein advises, writes, and hacks systems. He wants to know what you think.
Risk governance varies radically across industries and organizations because a one-size-fits-all approach simply does not exist. There are, however, five interrelated principles that underlie effective risk management within all organizations in both good times and bad: integrity in the discipline of risk management, constructive board engagement, effective risk positioning, strong risk culture, and appropriate incentives.
Integrity in the Discipline of Risk Management
Integrity in the discipline of risk management means having a firm grasp of business realities and disruptive market forces. It also means engaging in straight talk with the board and within executive management about the related risks in achieving the organization’s objectives and the capabilities needed to reduce those risks to an acceptable level.
Integrity in the discipline is tied to strong tone at the top. If tone at the top is lacking, the executive team is not likely paying attention to the warning signs.
Consider the following common examples of integrity failures:
Not clearly grasping business realities. The 2008 global financial crisis is a good example of what can happen when the inherent risks associated with aggressive, growth-oriented market strategies are discounted, ignored, or never considered. Breakdowns in time-tested underwriting standards, failures to consider concentration risks, and excessive reliance on third-party assessments of structured products were among the root causes of the crisis.
Not integrating risk with strategy-setting. When risk is an afterthought to strategy, risk management fails to reach its full potential. The critical assumptions underlying the corporate strategy must be understood at the highest levels of the institution, and the external environment must be monitored to ensure that these assumptions remain valid over time.
Not tying risk tolerance to performance. Risk is often treated as an appendage to performance management. But how does management or the board know if risk is being efficiently managed if risk appetites and tolerances have not been delineated? Performance and risk must be integrated, and to that end, defining thresholds is essential.
Limiting risk management to a compliance activity. Integrity in the discipline means knowing that undertaking initiatives to manage risk in the pursuit of business objectives is not strictly a regulatory compliance measure. Viewing risk management as a “regulatory” check-the-box matter restrains its value proposition.
Hoping that risks are managed sufficiently while knowing that business realities are not actively monitored, risk is not really understood, tolerance levels are not set, and risk management is addressed solely to meet regulatory guidelines is a clear indicator that integrity in the discipline is lacking.
Constructive Board Engagement
Effective risk oversight by the board begins with defining the role of the full board and its standing committees with regard to the oversight process and working with management to understand and agree on the types of risk information the board requires. Directors need to understand the company’s key drivers of success, assess the risks in the strategy, and encourage a dynamic dialogue with management regarding strategic assumptions and critical risks.
The scope of the board’s risk oversight should consider whether the company’s risk management system—the people and processes—is appropriate and has sufficient resources. The board should pay attention to the potential risks in the company’s culture and monitor critical alignments in the organization: strategy, risk, controls, compliance, incentives, and people. Finally, the board should consider emerging and interrelated risks.
Effective Risk Positioning
The expectations of the board and executive management for the chief risk officer (CRO) and the risk management function must be carefully considered and, given those expectations, the function positioned for success. To this end, six key success factors constitute a significant step toward a successful and effective risk management function.
The CRO (or equivalent executive) is viewed as a peer with business-line leaders in virtually all respects (e.g., compensation, authority, and direct access and reporting to the CEO) and likewise down through the business hierarchy and across the organization.
The CRO has a dotted reporting line to the board or a committee of the board and faces no constraints of any kind in reporting to the board.
The board, senior management, and operating personnel believe that managing risk is an organizational imperative and everyone’s job.
Management values risk management as a discipline equal to opportunity pursuit.
The organization clearly views the CRO as undertaking a broader risk focus than compliance.
The CRO’s position, and how it interfaces with senior line and functional management, is clearly defined.
Taking one or more of these elements away should send up a red flag indicating that the risk management function may be unable to fulfill its expected role and lacks real authority or influence. Depending on the expectations, the function may be set up to fail.
Strong Risk Culture
An actionable risk culture helps to balance the inevitable tension between creating enterprise value through the strategy and driving performance on the one hand, and protecting enterprise value through risk appetite and managing risk on the other hand. While risk culture has gained traction in terms of relevancy in financial services institutions in the post-global financial crisis era, the decision-making preceding the occurrence of reputation-damaging risk events and lack of response readiness when those events occur have made risk culture a topic of interest in other industries as well.
Culture is influenced by many factors. In addition to tone at the top and the quality of the board’s risk discussions, other factors include:
Accountability. Successful risk management requires employees at all levels to understand the core values of the institution and its approach to risk, be capable of performing their prescribed roles, and be aware that they are held accountable for their actions in relation to expected risk-taking behaviors.
Effective challenge. A sound risk culture encourages an environment in which decision-making processes allow expression of a range of views, manage the effect of bias and facilitate reality testing of the status quo.
Collaboration and open communications. A positive, freely open and collaborative environment engages the most knowledgeable people and leads to the best decisions.
Incentives that encourage risk awareness help shape risk culture, as discussed below.
Performance and talent management should encourage and reinforce maintenance of the organization’s desired risk behavior. The old saying “What gets rewarded, gets done” is as true with risk management as it is with any other business process. Disconnects in the organization’s compensation structure and an excessive near-term focus can lead to the wrong behaviors, neutralizing otherwise effective oversight by the board, CRO and other executives.
For example, if lending officers are compensated based on loan volumes and speed of lending without regard for asset quality, reasonable underwriting standards and process excellence, the financial institution may be encouraging the officers to game the system to drive up their compensation, exposing the company to unacceptable credit risk.
This principle requires more than focusing on C-suite executive compensation and upper management. Equally important is an understanding of the incentive plans driving behavior in the sales force and on the “factory floor” where production takes place, as this is where the individual “moments of truth” occur that add, subtract or neutralize the buildup of risk within the organization’s processes, each and every day.
Questions for Boards
The following are some suggested questions that boards of directors may consider, based on the risks inherent in the entity’s operations:
Has the board articulated its risk oversight objectives and evaluated the effectiveness of its processes in achieving those objectives? If there are any gaps that may impede risk oversight effectiveness, is the board taking steps to address them?
Are there any elements of ineffective positioning of the risk management function present in the organization? Is the CRO (or equivalent executive) viewed as a peer with business-line leaders? Does the board leverage the CRO in obtaining relevant and insightful risk reports? Does the CRO have a direct reporting line to the board?
Does executive management openly support each line of defense (e.g., the primary risk owners [business-line leaders and process owners whose activities create risk], independent risk and compliance management functions, and internal audit) to ensure it functions effectively and that there is timely consideration of escalated matters by executive management and the board?
Do primary risk owners identify and understand their respective risks and risk appetites? Do they escalate issues to executive management in a timely manner? Is the board of directors engaged in a timely manner on significant risk issues?
Is risk management a factor in the organization’s incentives and rewards system? Is risk/reward an important factor in key decision-making processes? Do information systems provide sufficient transparency into the entity’s risks?
Jim DeLoach is a managing director with Protiviti (www. protiviti.com), a global consulting firm.