The One-Tier Board (IVOR nr. 85) 2012/4.5.18:4.5.18 Risk management

The One-Tier Board (IVOR nr. 85) 2012/4.5.18

4.5.18 Risk management

Deze functie is alleen te gebruiken als je bent ingelogd.Deze functie is alleen te gebruiken als je bent ingelogd.Deze functie is alleen te gebruiken als je bent ingelogd.

Risk management is treated as important in the Netherlands. Article 2.141/251 DCC puts it on the same level as strategy. That article mentions that the management board must report at least once a year to the supervisory board on strategy and risk management. The Frijns Code includes provisions for risk analysis based on operational and financial objectives, guides for the layout of a financial report and a system of monitoring and reporting,1 including the highlighting of the main risks and a description of major failings detected in risk management.

The Frijns Code puts the responsibility for strategy and risk on the management board.2 Risk management was also discussed extensively by the Association for Commercial Law on 8 December 2009. The association was advised by Professor Bastiaan Assink and Dr Daniëlla Strik, who is litigation partner at Linklaters and defended a thesis on director liability in 2010.3 Generally, the view is taken that in banks the CEO should be responsible: he sets "the tone from the top".4 There should also be a Chief Risk Officer (CRO), who should be a member of either the management board or the management team.5 There should be a risk committee of supervisory board members.6 The Maas Committee, mentioned below at 4.5.19, also recommends that banks should have a risk committee.7 The supervisory board members are to supervise the management board in the performance of its risk management activities. Here there is a parallel with the supervisory board's monitoring of strategy.8 All these measures are to be combined for better risk management.

Examples of important risk management or supervision cases:

Laurus (2005)9 was the product of a merger of food shop chains. It developed an aggressive plan — the "Konmar Plan" — to integrate the chains. The Enterprise Chamber did not condemn this ambitious strategy. The point at issue was whether there had been sufficient follow-up by the management and supervisory boards in their monitoring of the plan once it started to fail. The Enterprise Chamber ruled that there had been mismanagement by the management and supervisory boards on the follow-up aspect. It also confirmed that mismanagement does not automatically imply liability. The issue of liability is dealt with by the District Courts (arrondissementsrechtbanken). The Supreme Court upheld this decision, but declared that the plaintiff's allegation of mismanagement by the supervisory board members should be dismissed because the arguments put forward by the plaintiff were insufficient to enable the supervisory board to defend itself. This was a case of insufficient follow-up and is difficult to prove in court.

Ceteco (2007)10 was a trading company that had a very ambitious plan for expansion. The management and supervisory boards continued to approve further acquisitions, although they should have realized that the administrative systems would be unable to cope with the expansion. This was a typical example of "overstretching". There were red flags. Both boards should have investigated whether the plans for expansion should be continued. In due course Ceteco went bankrupt and the liquidator started liability proceedings against the management board, the supervisory board and one large shareholder. They were all held to be liable by the District Court. The case was settled by payments by the defendants. This case has caused concern among supervisory board members of other companies.

Henkel (1997) had JMG Promotion organize a promotional campaign with toy panda bears as presents for its customers. JMG went bankrupt with only 200,000 panda bears, available for 280,000 enthusiastic customers. Henkel asked the court to hold the sole director of JMG liable for miscalculating the volume and not taking out insurance for the risk. The Court of Appeal and the Supreme Court confirmed that the director of JMG had made an incorrect commercial decision, but deemed it a normal risk and did not hold the director liable. (HR 14/11/1997, NJ 1998, 270)

Beklamel (1990) bought feed products from Stimulan and resold them to a buyer who did not pay, stating it had a counterclaim. Beklamel went bankrupt and could not pay Stimulan the purchase price. Stimulan claimed this amount from Beklamel's managing director because he should have realized, when entering into the purchase contract, that Beklamel could not pay if things went wrong and should therefore have taken out insurance for this matter. The courts held that the director was not liable. (The insurance issue would be decided differently if there is an explicit undertaking to insure.11)

Tax Collector v. Roelofsen (2006).12 The tax collector claimed that Roelofsen, CEO and 100% shareholder of two companies, both of which had gone bankrupt and could not pay their tax debts, was liable because he had systematically filed incorrect tax returns and ran up a large debt. The Court of Appeal and later the Supreme Court did not hold him liable.

OGEM (1990).13 OGEM was a conglomerate of construction companies that went bankrupt. The Enterprise Chamber concluded there had been mismanagement on many counts, and the management and supervisory board members had to pay relatively small sums out of their own pocket, because they were not insured. The Enterprise Chamber discussed the risk management of this fast growing conglomerate. It was the duty of the management and supervisory boards to obtain sufficient information from the various departments to fulfil their management and supervisory tasks. When this turned out to be impossible the management board should have taken action. The supervisory board too had failed to take action or show any initiative, despite all the red flags. Members of both boards did not even read essential documents. The Enterprise Chamber held that this constituted mismanagement, and its decision was upheld by the Supreme Court. The Supreme Court ruled that even one act or omission can be mismanagement if it causes substantial damage. The case revealed that many of the company's executive directors had strong egos and had acted on their own and in utter disregard of one another. They had been united only in their joint disrespect for the supervisory board. The chairman of the supervisory board saw it as his task to blindly support the CEO. Two memoranda from supervisory board members who objected to the course of events were "swept under the carpet".

Comparison of these Dutch supervision cases with the Delaware supervision cases (Caremark, AIG and Citigroup) reveals similarities, but differences as well.

As to the standard of care in the Delaware cases, there is a distinction between care in transactional decisions such as Van Gorkom, Disney and Lyondell on the one hand,14 where the test is whether the board tried to consider all aspects in making its decisions, and general supervision over a longer period on the other, in cases such as Caremark, AIG and Citigroup.15 As to the question of the individual liability of each director, the Delaware Courts look at the different facts for each director and his specific involvement. This implies that outside directors are less likely to be held liable than inside directors.

Let us now consider how the Delaware Court might have dealt with each of the Dutch cases described above.

In the Laurus case, the Delaware Court would also not have condemned an ambitious plan (see its ruling in the Citigroup case). As regards the "insufficient follow-up response to the failure of the strategy plan", it would have considered the specific facts relevant to each individual director, but would not have held the director liable provided he had "tried" to monitor, was not in bad faith and had no other conflicting loyalties (see the Caremark judgment), even without an exculpatory clause in the articles of association.

In Ceteco, the Delaware Court would have looked at the part played by each individual director in the "overstretching". Had they tried, were they in good faith, did they not have any other conflicting interest? If there had been no clear red flags, the director would probably not have been held liable (see the Caremark judgment), even without an exculpatory clause.

In OGEM, the Delaware Court would probably have held the insider directors liable for not even trying to read essential documents, for disloyalty, for misinforming other directors and shareholders and for blatantly ignoring warnings (red flags). The supervisory board members, who had heeded the warnings, would not have been held liable.

Comparison with UK judgments shows that the courts there attach less importance to the duty of supervision and judge a director more on how he performs his duty of care, which is a more objective criterion (as in the Barings case).16 They are called "care" cases and not "oversight" cases, and there has been a move away from a mere subjective test to an objective test as in Barings. In the UK there is a tendency, both in liability and disqualification cases, to allow for the fact that NEDs spend less time at the company and have less information than executive directors. UK law therefore distinguishes between NEDs and executive directors.17 In the US there is a tendency to focus liability on the officers and possibly the chair of the audit committee. As the board is basically unitary, this is an individual test for each director. Where management board members are held liable in the Netherlands, the supervisory board members too are usually liable, but this is always measured against their own standard of conduct (entrenched attitude and no care in the OGEM case, not doing their own home work in the Tilburgsche Hypotheek Bank case and failure to take action in the Bodam case18). Whether this distinction would be possible in the Netherlands between the individual directors is discussed in 4.7 below.

Convergence

The Dutch apply a risk management system similar to the "Enterprise Risk Management Integrated Framework" of the US Committee of Sponsoring Organisations of the Tradeway Commission (COSO), and UK companies use the Turnbull Guidance.19

One-tier board — non-executive directors in the Netherlands

The Advisory Committee for the Future of Banks in the Netherlands (the Maas Committee)20 makes no mention of the role of non-executive directors on a one-tier board. As the non-executive directors of a one-tier board would be involved in decision making and therefore also responsible for decisions about risk management and as they would also be quite well-informed in advance about risks and could ask questions in advance, it seems reasonable to assume that they would have an influential role and would therefore have much the same chance of being held liable as the executive directors.21 What does this mean? Are executives and non-executives supposed to understand all control systems and new products that are developed in the bank? The Frijns Code has introduced, for public companies, the concept of the "in control statement" of the management board.22 Article 4.5 of the Code for Banks of the Maas Committee (see below at 4.5.19) confirrns that there must be a product consent procedure. The Chief Risk Officer (CRO) and the Risk Committee, a committee of board members introduced by the Maas Committee, should be involved in these matters. They should receive reports about the bank's products from an interaal auditor. They should also understand the risks mentioned in the annual report. The same applies to large industrial companies. It follows that not each non-executive director is supposed to understand all the bank's systems and products, but they must know of the existence of the systems and reports about products.

Many corporations in the US have come to realize that the largest risks are caused internally and that risks in all aspects of the business, such as nomination, compensation and finance, can be evaded to some extent by the tone from the top. This can be a good example for Dutch companies. The UK Walker Review correctly identified that the wrong type of behaviour was at the root of governance failure in many banks, which is much the same thing.23 The Walker Review also emphasized that the Risk Committee should perform due diligence before acquisitions. Such a practice would also, of course, be beneficial for Dutch and US companies.

Deze functie is alleen te gebruiken als je bent ingelogd.