A Reuters story making the rounds on Monday assessed the various outcomes of the fraud charges filed this past Friday against Goldman Sachs.
The article states "On Friday, the U.S. Securities and Exchange Commission charged Goldman with hiding from investors the involvement of a prominent hedge fund manager in helping it structure a subprime mortgage debt product that he was betting against."
According to the complaint, investors lost more than $1billion, and "Goldman vowed to vigorously defend itself against the charges and denied that it had structured a portfolio that was designed to lose money, claiming that the firm itself invested in the equity portion of the deal.
So...this makes me wonder why we have yet to see the expected (stringent) regulatory response to last years economic crisis (which according to the cover of this week's Newsweek, is over), and what else needs to happen before the Captains of Industry that created this mess are held accountable. There is a lot of talk about transparency and accountability in the IT security industry, but the problem is that the people that warrant the most watching are the ones who dictate what gets watched, yet it seems that the rules don;t apply to them. Why is that?
And why aren't people more pissed off?
Personally, I'm a bit leery of the success of our economic recovery - I just don't believe it. And while it may not be too wise for me to bite the hand that indirectly feeds me (financial services companies buy LOTS of security products), I find it somewhat frightening that no one is putting the screws to financial services CEOs. Restricting the stock portions of their pay and bonuses so that they vest their millions over a few years instead of immediately just doesn't seem...restrictive enough.
I remember a few years back at RSA I attended a session on GRC (Governance, Risk and Compliance) where the presenter - a smart, articulate guy who worked at one of the Final Four consulting firms - outlined the role IT plays in creating and enforcing controls. When I asked a question about ethics, I was told in very a polite but condescending way that ethics was not a factor in automating governance.
I was shocked to hear him say that but that's a whole other post. Putting the fact that I completely disagree with him aside for a moment....let's suppose he was right (maybe I missed his context), given the ongoing scandal parade that has plagued the financial services industry from the meltdown to Madoff a on, what else needs to happen before it becomes one?
Governance, by definition (according to dictionary.com) means "(1) government; exercise of authority; control. (2) a method or system of government or management."
Risk is defined as" exposure to the chance of injury or loss; a hazard or dangerous chance"
Compliance is the act of conforming, acquiescing, or yielding.
So, in the case of the economic crisis, one could argue that the high level execs presented the greatest risk. While their job, by nature, requires them to govern - -- it is unclear what form of governance, if any, they were subjected to.
Even worse, they seem to not have suffered consequences of any real significance. No wonder why nothing's changing!
Let's use John Thain as an example, as he makes a great poster boy for corporate excess (the following comes from his Wikipedia entry):
- Thain suggested to directors that he receive a bonus in 2008 of as much as $10 million, because he "saved Merrill" by selling it off to Bank of America. After the compensation committee at Merrill resisted the request, Thain reportedly dropped his request on December 8, 2008.[10][11]
- On January 22, 2009, it was revealed that, in early 2008, Thain spent $1.22 million in corporate funds to renovate two conference rooms, a reception area, and his office, including $131,000 for area rugs, a $68,000 antique credenza, guest chairs costing $87,000, a $35,000 commode, and a $1,400 wastebasket. Thain subsequently apologized for his lapse in judgment, and reimbursed the company in full for the costs of the renovation.[12][13][14][15]
- Thain accelerated approximately $4 billion in bonus payments to employees at Merrill just prior to the close of the deal with Bank of America. Bank of America was aware of the decision, as the payout was reportedly one of the conditions under the merger agreement. Speculation mounted that TARP funds were used for the bonus payments, but the TARP recipients are yet to disclose how TARP funds were segregated, or what they were used for.
SO..let's make sure I got this straight:
- His stewardship of Merrill leads to its end.
- He "agrees to resign" from B of A for awarding bonuses in light of item# 1 and some admitted lapses in judgment prior to it.
- NY Attorney General Andrew Cuomo subpoenas him in a probe into the bonuses he paid and received just days before the Bank of America takeover. You woudl think this guy would be dead in the water after all this but as punishment for behaving badly....
- CIT Group hires him in Feb 2010?!?????
So - they get all the perks and bear none of the consequences - I ask again...why should they change?
You might not be able to regulate how ridiculously rich and entitled CEO's think, but you can regulate how they act. Take the Sarbanes-Oxley Act of 2002 (aka SOX) which forced CEO's to be personally accountable for the integrity of their financial statements.
And frankly, the buck may have stopped with them but it didn't necessarily start with them - meaning other executives can step up. Blogger Steven Minksy wrote a good post in eBizq.com on how a more holistic approach, which he says is ERM for Enterprise Risk Management - would have identified the conflict of interest with the vendor partner because it would have added reputational risk as a vector for analysis.
Well...maybe. Given the level of greed that (still) seems to predomiate the top ranks of Wall Street, I find that to be a stretch, but he raises a good point. I think it's time for some fresh blood to step in to navigate a course correction and make sure some real checks and balances are in place.
SOX was in response to the business practices that brought down Enron, and the potential consequences of non-compliance, which included jail time (for non-compliant CEOs). Note to that RSA GRC presenter...um...what was that about G-R-C for COMPLIANCE having no ethical bearing? Okay, there was a lot of law breaking going on at Enron, so you could frame it as a legal issue, but come on...they are often deeply intertwined, right?
While SOX had its shortcomings, it sent a message, and things began to change. It's not a matter of the government knowing best, but in this case it makes a lot of sense to step in, as a shareholder, and as the law Let's hope they don't roll over.
It's also worth noting that SOX was major shot in the arm of the IT security industry and we've been hooked on compliance ever since. Clearly, an argument can be made that laws with ethical teeth are good for the IT security industry.
So how about a few more aimed at Wall Street?
Comments