Itaewon International Festival

Do not follow the crowd...Though more and more companies are showing an interest in risk management, it is intereting to note that most still manage risk on an ad hoc basis.  Yes, some companies look at risk management from an ERM approach- or Enterprise Risk Managment approach.  Or, as I have in the past discussed,  a coordinated Legal Risk Management approach.  (more…)

Compliance- A Shining City by the Sea

Recently, Yonhap News of Korean announced that South Korea will conduct fuel efficiency tests on Volkswagen models that have been imported into Korea after the news that Volkswagen admitted to falsifying fuel emission tests results. It did this  by using software that activates emission controls only when the car is being tested.  How serious is this?  It’s a PR nightmare!

In fact, the fuel emission scandal is so serious that the CEO of Volkswagen stepped down though he claims he was not aware of any wrongdoing.  The US EPA has announced that pollution level of the diesel engine used in Volkswagen models could be 40 times higher than previously thought.  Shortly after the scandal broke, Volkswagen’s shares tumbled by more than 30 percent.  South Korea will now initiate an investigation into the fuel emission issue on Volkswagen and Audi models as is other countries such as the US, China and the UK.  There are reports of class action lawsuits as well as criminal investigations by the DOJ and other regulators including those from Germany.  All told, Volkswagen could face legal fines in the US of up to $18 Billion US besides fines in Germany and elsehwere.

What happened?  How could this of happened if strong compliance controls and risk management processes and procedures were in place to prevent such a catastrophe?  The answer is that in Volkswagen there was a lack of strong compliance controls and risk management processes.  Though in this age and time, it is incredible that a company the size of Volkswagen could let a scandal like this happen is amazing.  The fact that the software was put in place meant more than one engineer was involved.  Volkswagen now admits that at least 11 million cars were equipped with the software devices that cheated on fuel emissions.  Something this massive can only result when there is a complete breakdown of ethics and corporate social responsibility in all levels of management.  It is most likely that Volkswagen Upper Management knew about the software devices and probably someone at the Board level was aware of it too.  Therefore, the compliance culture at VW broke down over the years.

When President Ronald Regan ran for the US Presidency, he often talked on how the US was “the shining city upon the hill.”  This was when the cold war was still rampant and that the West viewed the US as the last bastion of hope.  Today, with the cold war allegedly behind us, much of the world is engaged in blaming companies for all of the evils that have befallen the world.  In response, most Western companies as well as companies in Asia and elsewhere have enacted compliance processes, corporate social responsibility programs and corporate ethical codes of conduct in an attempt to show how responsible they are as good corporate citizens. Most agree they must foster a culture of compliance within the organization if anything meaningful is to happen.

Today’s compliance tools and risk management processes are quite sophisticated.  Regulators are aggressively punishing those that violate laws and of course corporate compliance mandates.  The FCPA and other anti-bribery laws are being enforced around the world. The US Department of Justice has aggressively expanded its reach around the world.  Why?  Companies are held to a much high standard of conduct by society than before.  In a sense, the rules of business has changed.  It’s no longer just about profit and satisfying shareholders but it is also about responsibility to society.  In essence it is about becoming that “shining city on the hill” or as I would like to put it, as reflected by the picture to the right of Gwangali Beach, Busan, becoming “that shining city by the sea”!

What does the latest corporate scandal from Germany (remember Siemens?) remind us of?  It reminds us that compliance is not a minor issue to be handled at the lower levels of management.  It reminds us that risk management processes and tools such as compliance, ethics training and management buy in are necessary and should be implemented on a daily basis.  Though the vast majority of companies follow the law and abide by the corporate codes of conduct they have implemented, some companies clearly have not. It also teaches us that one can never be too diligent when dealing with an ethical culture- that compliance and ethics must be taught and reinforced everyday.

This is a wake up call on the part of companies throughout the world.  Disregard compliance at your peril. Treat compliance as the shining city by the sea.  Something to strive and hope for.

Successful Risk Management Requires A View From The Top Not A View From The Trenches

Today I was fortunate to visit a large electronics company in Seoul.  In fact, I was on the 39^th floor of the company located in southern Seoul and had an amazing view of Seoul- as evidenced by the picture to the left. (more…)

After The Dolgorae- The Sewol Ferry Disaster Revisited, A Risk Management Nightmare

How a lapse in enforcing risk management processes once again resulted in a disaster....

The latest maritime disaster  in Korea once again not only raises the spectre of the Sewol disaster but once again reinforces the fact that risk management processes including compliance training  must be vigorously implemented and reinforced on a daily basis.

Recently, a fishing boat  ( Dolgorae) off the coast of Jeju Island in Korea capsized resulting in the deaths of at least 18 people.  It was  caused by a culmination of events leading up to the disaster similar to the Sewol Ferry.  The facts appear to be as follows:  On September 5 a fishing boat carrying at least 22 people capsized off  of Chuja Island.  Apparently more people were on the boat than should have been allowed.  The boat allegedly capsized because of  high waves.  The captain either failed to radio for help or the radio on the boat did not work. When the Chuja Safety Center received a distress call from another boat which indicated the Dolgorae had not responded to its call, the Chuja Safety Center began calling passengers based on the passenger list.  By then it was already too late, as the majority of passengers that died were not wearing life jackets when the boat capsized, according to the few passengers that were ultimately rescued. Because more people were on the boat than indicated by the passenger list, because the captain’s radio did not work after the boat capsized, because the captain went out in questionable weather, because the majority of passengers were not wearing life jackets when the boat capsized and because other safety regulations were not met-not only did the boat capsize but many died that may have lived had adequate risk management processes been followed.  This raises the shadow of to the Sewol Ferry disaster..

Remember- On April 16, the Sewol Ferry left Incheon heading to Cheju Island.  Most of the 476 passengers were high school students going on a school trip.  At 8:52 am , a high school student on board the Sewol issued a distress call.  At 8:58 am the Sewol Ferry finally issued a distress call ( though not though the normal distress channel) on its own.  At 9:00 am  to 9:30 am the Crew issues announcements to the passengers to stay put.  The Jindo VTS informs the Captain that he needs to make a decision to evacuate the vessel or not.  At 9:32 am the first Coast Guard vessel arrives at the scene.  By 10:39, the Sewol Ferry sinks leaving more than 300 people trapped inside the vessel.

When looking at incidents involving disasters such as the Sewol Ferry, it becomes apparent that most disasters are a result of a risk management mistakes, such as not following safety procedures or not repairing critical equipment on time, etc.

Here are some of the risk management mistakes of the Sewol Ferry disaster that stand out:

1. The ship had been modified to hold more passengers.  The modifications led to a change in the ship’s center of gravity and created a structural imbalance.
2. The Ferry had been overloaded with cargo. The ship was authorized to carry 987 metric tons of cargo.  On the day of the accident, it was carrying over 3,608 metric tons of cargo.
3.  Apparently, the cargo was not properly secured. Once the ship   began listing, the containers and vehicles began to fall off the  ship.
4. The third mate indicated the ship had a steering mechanism problem that was reported several weeks prior to the disaster. It had not been repaired at the time of the accident.
5. The Third Mate was steering the vessel at the time of the accident though it was her first time to steer the Ferry.  She was steering the vessel through a narrow and dangerous channel when she hit rocks. The Captain was not on the bridge.
6. The Captain was not on the bridge though the Third Mate was steering the vessel for the first time. The Captain was required by regulations to be on the bridge but he chose not to remain on the bridge but went off to his cabin.
7. When the ship hit rocks and began to tilt, the Captain ordered the passengers to stay put, which most did. One of the reasons was that only two out of twenty four life rafts were functional.
8. It is clear the emergency response was not well coordinated and the tepid result  was not adequate. Only after the vessel sank ( drowning the 300 passengers who did not abandon the ship) did an adequate size  flotilla show up to handle the evacuation of passengers.  But it was too late.

It is obvious, that the Sewol Ferry  or the Dolgorae  are  extreme  examples of a risk management failure.  But it is a reminder that companies as well as individuals that decide to skirt burdensome risk related processes designed to minimize the exposure of risk may be flirting with disaster. This is reminder to all companies and individuals involved in safety related occupations as well as companies in heavily regulated industries that not only should risk management processes be implemented but that such processes need to be  reinforced on a daily basis.   The world may not be kind. Mother Nature may be capricous.  Control and manage the risks that you can.  There is no room for failure.

I visited Gyeongbokgung Palace in Seoul the other day with a friend who is quite knowledgeable not only about the Joseon Dynasty in general but about the palace in particular. What he pointed out was that the palace is built to certain specifications with the palace layout and structures reflecting the importance of symbols, rituals and geomantic beliefs, etc. (more…)

In the late 1300s, once the Chosun Dynasty was founded, work began in the new captial of Korea ( Seoul) which inlcuded the building of the inner and outer walls.  The inner walls were built through the 4 major mountians surrounding Seoul, inlcuding Mt. Inwang.  Because the wall foundations were very well built and because most of the wall was built through the mountains, much of it ( as evidenced by the picture of the wall on Mt. Inwang) still remains.  In fact, the Seoul City inner wall, is the longest survivng wall of any major city in the world- relativley untouched by invasions and war.  Whether a wall survives the test of time, depends on several factors.  The same can be said for corporations.  Corporations survive for the long term if the company is properly managed, if the business plan is updated with the times, if the product or service keeps up with demand and of course, if the risk management processes are robust enough to handle the numnerous areas of risk that the company will, most often than not, encounter.

Have you looked at your risk management processes lately?  How robust are they?  How strong are they?  Have they stood the test of time like the wall on Mt. Inhwang, or are they outdated like some of the processes used by investment banks in 2008?

When considering which processes to use or update, remember to conduct periodic risk assessments that monitor the effectiveness of the risk management processes.  Only through a process of continuous risk assessments can a company effectively manage risk by identifying weaknesses in the system, which helps it to effectively maintain a robust risk management program.

What steps has your organization taken recently to conduct a comprehensive risk management program?  Has it reviewed all critical corporate processes and procedures?  When evaluating risk assessments in order to minimize risk, especially legal risk, specific goals or objectives should be established in which to judge the risk assessments that have been completed.  What are the goals or objectives, if any, that have been established?  When determining the objectives to evaluate risks, what specific processes  or tools are in place to obtain those objectives?  All of these questions must be answered.

Remember, legal risk management processes must be properly applied in order to provide risk management expertise and to prevent losses due to claims, litigation, investigations and fines.  Such processes should include:

1. A periodic risk assessment of the company's operating divisions and departments,

2. The development of solutions to risk management issues,

3. Oversight of the company's outstanding claims and litigation,

4. Compliance review,

5. Training programs, and

6. Monitoring of compliance issues

Only with a proper implementation of a robust risk managment process can a company expect, with all things considered, to last like the Seoul City Wall on Mt. Inwang.  Without it, the company like a wall , may come tumbling down.