Enterprise Risk Management in Wells Fargo During the Pandemic Essay

Enterprise Risk Management in Wells Fargo during the Pandemic

Introduction

As Beasley (2020) points out, enterprise risk management (ERM) is especially needed during the COVID 19 pandemic because of the “number of different, but interrelated risks spread all across most organization” (p. 2). COVID 19 is not just a factor that has impacted one business or industry. It has impacted all businesses and all industries in different ways. Grocery chains like Kroger, for instance, have seen increased demand. Restaurants on the other hand have seen business dry up due to mandated quarantine orders. Small business owners and large corporations have filed for bankruptcy. All of this impacts the banking sector and Wells Fargo specifically because of its role in managing loan products, using interest rates to attract savers, and offering investment advice. “No single risk associated with the COVID-19 pandemic crisis can be managed in isolation,” as Beasley (2020) points out (p.2). This means that from an ERM perspective the problem has to be approached comprehensively with risk understood at the macro level. This paper will provide 1) a critical analysis, including a comparison and contrast of Enterprise Risk Management (ERM) vs. traditional risk management; 2) a discussion of hazard, financial, operational and strategic risks; 3) a SWOT analysis of Wells Fargo; 4) an examination of the relationship between organizational culture and ERM; 5) a discussion of risk in terms of current and potential profit opportunities; 6) two specific ways in which auditors can incorporate ERM into the company’s audits; 7) a discussion of the role of financial derivatives as both risk management and a speculative tool; and 8) a discussion of the ways three leading companies (one domestic and two international) implement Enterprise Risk Management.

Critical Analysis and Comparison of ERM with Traditional Risk Management

ERM is simply a plan-based business strategy, the purpose of which is to identify, evaluate, and reduce the impact of potential dangers, threats, and challenges that could be catastrophic or damaging for the organization. ERM allows the firm to reduce exposure to these risks by preparing for them through safety mechanisms, altering strategy so as to avoid them, or developing a plan to meet these challenges head-on. The aim of ERM is to address the issue of risk holistically, comprehensively and from the macro perspective so as to enable the firm to pursue without constraint its goals and objectives (Sweeting, 2017). Managing risk effectively depends upon an organization’s ability to identify and deal with relevant risks while simultaneously understanding and preparing for accepted risks that cannot be avoided if the organization is going to implement its business plan. From this perspective, strategy risk is accepted risk that comes with the opportunity to do business (Kaplan & Mikes, 2012).

ERM is essentially an extension of traditional risk management in that in traditional risk management, risk is analyzed and monitored departmentally within an organization, and with ERM risk is analyzed and monitored from an organizational standpoint; all the risk factors that an organization faces are interpreted from this comprehensive macro viewpoint. In traditional risk management, the focus is on pure risk and every risk is viewed as its own separate and distinct problem; with ERM, risk is more comprehensively addressed as part of an overall strategy (Ogutu, Bennett & Olawoyin, 2018).

Traditional risk management looks at the micro; ERM looks at the macro. Traditional risk management issues might be missed opportunities with service partners, lack of innovation, and so on. ERM issues focus more on linking operational risk with strategic risk management. ERM must emphasize transparency, communication among departmental heads, and collaboration. This is one reason why silos are so damaging for organizations from an ERM perspective: they create walls and barriers, foster distinct cultures, and create a spirit of contention and distrust where there should be collaboration and communication (Lundqvist, 2014).

As Kaplan and Mikes (2012) point out, ERM looks at the mission, the values and the boundaries of the organization in order to assess and manage risk. It is not just a matter of the shipping department looking at suppliers or the accounting department looking at the audit review board. It is a matter of the various departments working together to discuss their plans and to assist the organizational leaders in identifying the company’s strengths and weaknesses and how best to utilize resources without inviting a scenario of disaster upon itself. For instance, in the case of Wells Fargo there have been many occasions in which the company has or should have taken a macro view of risk before initiating a strategy. Its attempt to collect commission fees from customers without customers knowing it was a quick way to enhance the firm’s revenue stream, but an ERM manager would have quickly seen this as a short-sighted, unethical and highly-risky way to increase revenue; for once customers realized how they were being taken advantage of they would sue and the company would face a severe liability. Its brand appeal would be lost and the company’s future guidance, share price, and reputation would decline. ERM looks beyond the risks that a single department faces and considers the whole. The exploration of macro-risks is what a firm like Wells Fargo should engage in so as to tailor its strategy one way or the other.

With traditional risk management, risk management is not the driver of the decision-making process at the executive and strategic levels. Instead, other inputs are analyzed and used to create the strategy, then the strategy is passed down to lower level department heads who must tailor their approaches to operations by managing risk so that operations conform with the strategic objectives and plans implemented at the top. Risk management in this case is reactionary rather than proactive. In ERM, risk management is proactive and used to drive strategy development at the upper levels of organizational and strategic management.

Thus, ERM adopts a much more comprehensive view of risk. Instead of seeing each risk as separate and distinct, it looks at the interconnected nature of risk and how one response to risk impacts other parts of the organization and how strategy can be developed from a risk management perspective. Traditional risk management adapts risk mitigation plans to the strategy. ERM adapts the strategy to risk mitigation plans. The scope of ERM is larger and more holistic.

Various Risks

Hazard

The idea of moral hazard is that an action may be taken so long as the risk can be transferred to a third party. Hazard risk in the financial industry in the past has been associated with mortgage backed securities and collateralized debt obligations and credit default swaps. The risk of writing loans to high-risk home buyers was mitigated so long as the loans could be bundled and sold to investors: that was the idea that helped fuel the home buying spree leading up to the 2008 global economic crisis. The bubble burst when creditors began defaulting on loans and the price of credit default swaps skyrocketed. Moral hazard came back to bite a number of high-profile banks that were left with millions if not billions in mortgage-backed securities for which…

Some parts of this document are missing

Click here to view full document

…premium is determined by the market and is usually priced according to the volatility of the underlying. For very volatile stocks or financial instruments the premium can be quite high, making using the derivative for risk management purposes somewhat costly. As a speculative tool, however, derivatives can be quite effective, as Bill Ackman showed when his hedge fund netted billions by speculating with derivatives a stock market crash.

Wells Fargo could hedge risk by buying derivatives on its investments, using a call/put (i.e., long/short) strategy with options. The company could buy or sell long-dated puts or calls depending on the investment it has in the underlying. The point would be to protect against an opposite move in the price of the underlying. Thus, if Wells Fargo invests in GLD, it could purchase long-dated puts at an in-the-money strike price in order to hedge against downside risk in GLD. If the company shorts a stock like TSLA, it call options to hedge against upside risk. The company could also use derivatives as a speculative tool; instead of investing in GLD, the firm could purchase long-dated GLD options, puts or calls, to speculate on a directional move. Complex options strategies could be used, such as straddles, condors, or iron butterflies. Sometimes the more complex the strategy the more risk can be hedged. In any case, the company could easily use derivatives to hedge risk in FX, in MBS, in equities, bonds, or precious metals or REITs. There is no limit to hedging risk via derivatives, or in speculating with derivatives. A proper risk assessment should be done by calculating the cost of the premium against theta and the expected alpha should also be identified and factored into planned trading strategies. Wells Fargo currently uses derivatives effectively in hedging risk against portfolio investments in MBS. Derivatives do come with counterparty risk, and Wells Fargo is aware of this risk in its own risk management guidebook.

Ways Leading Companies Implement ERM

PNC is a direct domestic competitor of Wells Fargo that uses ERM to “consider both sides of the balance sheet” (Sartor & Dall, 2020). It looks at five components of enterprise risk: 1) unrestricted liquidity, 2) capital structure, 3) operations, 4) capital budgeting risks, and 5) defined benefit plans. Goldman Sachs is an international competitor of Wells Fargo and tends to succeed more than it its competitors because of a healthy risk culture. The bank does not seek to avoid risk but rather embraces and takes risks. It does so knowing that it has strong protections in place, including: an internal rule that poses that all capital at stake must be capital that the firm can stand to lose (i.e., no over-leveraging or playing with capital that would harm the company if lost); another protection is that managers discuss risk management models with staff and make sure lower level employees understand the risk posture that the upper level management is willing to permit (Riley, 2009). JP Morgan is another international competitor that engages in ERM by looking at systemic risk and seeing how a loss by one member or branch or department or division can affect the rest of the firm. It also looks at sovereign risk and credit risk as well as operational risk, reputation risk and fiduciary risk. It is these latter two that Wells Fargo tends to miss.

Conclusion

Wells Fargo’s approach to ERM could stand to improve. It lacks a proper assessment of reputation risk and fiduciary risk as it continues to face scandals like the 2016 fraud scandal and the current exploitative use of…