Regulation can’t wipe out the risk of another Enron

MOST of us don’t need reminding about the 2001 accounting fraud that became known as the Enron scandal – $11bn of value wiped out in what was at the time the largest Chapter 11 bankruptcy ever – and which also brought down Arthur Andersen. On 17 December last year, Enron’s chief financial officer Andrew Fastow reached the official end of a six-year sentence for his role in the affair which shook the world’s financial markets to their core.

In the wake of the scandal, governments took measures to ensure that such a collapse would not be repeated. In the US the scandal helped spawn the Sarbanes-Oxley Act, the key bill enacted in response to this and other similar events of corporate wrongdoing. But more regulation isn’t necessarily the best way to prevent another Enron.

One effect of knee-jerk regulatory change is certain: it increases costs and the burden of work for corporations. The benefits in curtailing bad behaviour among employees are less clear. The only certainty is the price: both Basel II rules for banking and Solvency II rules for the insurance sector have and will continue to demand significant investment by affected companies.

Yet despite the cost it remains true that if someone deliberately wishes to act in a criminal way, there is little that rules can do to stop them. Consider the examples of Nick Leeson, Bernard Madoff and Jerome Kerviel, who alone managed $4.9bn versus Enron’s collective $11bn.

Worse still, regulation can actually increase risk, when a culture of compliance creates a false sense of confidence. Such frameworks encourage firms to manage risk unconsciously – sets of rules provide an automated, tick-box framework. But the best way for firms to manage risk is by conscious risk-taking through informed and responsible employee behaviour. It’s about taking the right types of risk that support the right types of income – not attempting to drive risk out of the firm.

There is limited value in continuing to reform in the traditional outside-in way that has been dominant post-Enron. A better way forward now would be to focus instead on driving employee integrity, through new codes of conduct that help people understand their wider responsibilities.

Good risk management and employee behaviour doesn’t have to be complicated: it remains a blend of knowing right from wrong and common sense. But we all know that common sense is not so common, and there is still benefit in helping employees gain a better understanding of the legal, ethical and risk issues associated with their jobs and actions, potentially more than by compliance regimes.

Regulation has not put paid to bad corporate behaviour. On its own, it can’t. Instead, companies need to bring together a set of clear, non-negotiable employee behaviour standards with robust risk management frameworks and control systems, along with solid insurance protection. That will provide better payback than rounds and rounds of new regulation.

John Davies is a managing director within the Risk Management Practice at Marsh, the insurance broker and risk adviser. To contact John please email: john.h.davies@marsh.com