Risk management vs. (group) profit optimization - what will prevail?
This quarter Sia Partners has investigated the risk management policies of several Dutch utilities. The key challenge we observed is that utilities want to increase financial group performance while exercising a professional risk management strategy. This article reflects on this tension area from an organizational, process and system perspective.
Sia Partners has researched the risk management policies within Dutch utilities when it comes to the area of Generation, Trading and Sales.
Enterprise Risk Management (ERM) is the process of planning, organizing, leading and controlling the activities of an organization in order to minimize the effects of risk on an organization's capital and earnings.
In the last couple years, the art of risk management has become more relevant for utilities as they are evolving in a more competitive energy economy, with their assets 'under water' and balance sheets that are becoming more sensitive to misjudgments, leading to potential losses.
Typically, ERM distinguishes between market risk, credit risk, and operational risk. These three areas of risk within ERM are related to customer payments once services are delivered (credit risk), risks in changes to market conditions (market risk) and also risks taken when operating the assets (operational risk) in order to perform the business. Generally speaking, Sales is mostly subject to credit risk and to a lesser extent market risk management, which mostly applies to Trading (with some credit risk) and even more so to Generation, where operational risk is of course key.
The generic advice regarding risk is that risk management should be done where it can be influenced most! When making the round across Dutch utilities, it can be concluded that they all have their risk management framework set up in a different way. The subject for this article is to find out how utilities position risk management in their policies in order to improve overall performance.
The area of tension lies mainly in the familiar risk-reward mechanism. On the one hand, more risk should deliver higher rewards, however on the other hand some risk mitigation is necessary in order to manage the company in a sound way, to leverage (debt) existing balance sheets and to comply with regulatory requirements. A company's risk appetite depends on its corporate structure (its shareholders) and its objectives and ambitions. For example, some companies perform hedging strategies in order to increase earnings, others do it to mitigate risk or so as not to be exposed on spot markets.
The organizational set-up of the value chain between Generation, Trading and Sales requires group level attention. The basic thought should be to reward the department(s) that has taken the risk. However, it doesn't seem easy to find a common approach on, for example, internal transfer pricing between Generation and Trading or on the division of risk premiums between Trading and Sales.
In order to architect the risk-reward scheme it should be mandatory to have a group level view on progress. This is not always required when it concerns a transaction with a single client, but a predetermined and standardized risk assessment could be made by the account manager or sales manager. For example, for product approvals where Sales wishes to introduce new products to the consumer, or for credit risk situation for business customers (involving credit research firms like D&B or Graydon). This could be integrated in the task descriptions and responsibilities for relevant employees. It is obviously different when more complex transactions and deals come into play (either on the Sales or on the Trading side), where cross BU risk should be assessed. Here the risk management department plays an important role to ensure group level view.
A second learning from the past three years is a shift in focus from the Generation side towards the Trading & Sales side. Generation related developments of overcapacity for one, its decentralization and focus on renewables, with as a result a complete change in the merit order for production, results in performing risk management with an increased focus on Sales and Trading.
It seems contradictory because Asset Management nowadays has become ever more difficult..
The million dollar question is: How can a utility on the one hand increase group performance while on the other hand exercise a professional risk management strategy?
To answer this question, we distinguish improvement measures on organizational level, on process and procedures level and lastly on the level of data/systems architecture.
Organization level: Ensure group level overview and in each company one focal point for risk. Typically any organization has a risk management committee in which people from the business, CFO and risk management participate and decide on risk related matters. The business in the end decides whether a risk should be taken or not. Typically any utility has its code of conduct related to risk for the more standard situations. Account managers, traders and even production personnel should follow those risk related codes of conduct. Think about product approvals as mentioned earlier and credit checks for client (exposure in Euro or Gwh), but also safety (EHS) instructions...
In the organizational risk, teams are typically positioned as an extra staff function under the CFO. In some companies some risk related personnel is also placed within the BU itself, in order to be closer to the business and monitor the more standardized risk items (code of conduct).
Looking at the organization of risk teams, their focus is to ensure that risks are transparent to decision makers and that they are being managed - for instance, the risk of an incident happening could be accepted because the cost of mitigation is too high. As such, their focus really is on the risk - reward balance. Once an incident occurs it is not up to the risk teams, but to the business itself to take corrective action. Obviously, the risk teams can always be consulted.
A Risk Management Committee (RMC) is often installed, in which on periodic basis risk cases are brought forward, varying from complex products Sales wishes to sell to a large client, to Trading or Generation related risks.
Process level: Develop the right Service Level Agreements between the business units in order to develop and facilitate a conceptual framework in which all companies within the Group and related business units monitor progress and performance from a shared Reporting line, which is fed by the right sources of information/data.
Any topics that are discussed in an RMC will be noted in minutes of meeting and archived in a way that risk related decisions taken can be traced. This is very important as well to ensure a employees in different BU's follow a workflow or execute the codes of risk conduct.
Systems level: All reporting required on performance should be seamlessly obtained from the IT application landscape implemented in the company, and with the right data sources. It is important that group risk is involved in the actual IT implementation for the BI/Reporting related to the risk activity.
Once again, traceability of the execution by personnel of the standardized risk procedures set out is important, as well as adequately archiving what will be agreed upon in the RMC.
In the end it can be concluded that the business (on group level) should decide on risk related matters and smartly define the related risk-reward structure between various BUs and companies in the Group. The more objectivity comes into the decision making process, the sounder an organization can navigate.
The art of a risk management team is to properly assess the company's risk appetite and make risks transparent in such a way that business executives can make clear decisions based on the right information. This enables business executives to smartly navigate 'through the storms' they encounter. However, risk teams do not have a crystal ball!
And to answer the title question, risk management and group profit optimization go hand in hand. It is, if performed well, an integrated process without tension between parties in which risk teams facilitate the corporate decision making process.