In an article in today’s Financial Times (FT), entitled “JP Morgan shows the futility of fighting complexity”, Sallie Frawcheck posited that the JP Morgan trading loss demonstrated that regulators are fighting the wrong battle regarding risk. She believes that the main reason for the problems engulfing JP Morgan was that the size and complexity of the company’s trading positions were so great that the company is still coming to terms with just how large the loss will be and how JP Morgan can unwind itself from those trading positions.
She believes that one of the solutions would be for regulators to “turn their attention to the issue of understanding how much risk the banks are taking in total, fixing measurements of risk that have fallen short and then making certain that banks have enough capital to support that risk.” However, she also warns that if a bank’s risk assessments are “unable to keep up with the complexity of certain types of trades [such as the ones at issue] or sub-businesses, then the activities should not be allowed in a regulated banking entity. Full stop.” [emphasis mine]
Her article brought up one of the ongoing battles that I continually fought as an in-house counsel, both in my transactional attorney role and compliance professional role and that battle was Mission Creep; leading to Mission Expansion; leading to Mission Explosion. In the transaction world, this would occur when parties contract for the provision of specific services or specific goods and then the contract is used as a basis for a completely different product or service. So if my client provides engineering services, there will be terms and conditions appropriate for a services contract. These terms could spread or assign risk to one party or the counter-party through such clauses as warranty, indemnity, limitation of liability, confidentiality and insurance. However, if the relevant business units of each party then decided to use the contract for the purchase of raw products the scope of the contract has changed or Mission Creep has begun. If the client then asks for the engineering services company to lead the fabrication of the raw materials we have sped up to Mission Expansion. If this Creep and Expansion continue for any length of time, we will move to Mission Explosion.
The risks which were agreed upon for services work are far different for the purchase and delivery of goods. The risks are even more divergent if fabrication of the products are required. These changes in risks can affect the risk management clauses detailed above. A services warranty is usually quite different from a product or even Original Equipment Manufacturers (OEM) warranty. If an indemnity is fault based, are products purchased under a contract which covers engineering services only? What about your limitation of liability – is it limited to the value of a contract, what if the contract for fabrication of the entire systems crashes burns, injures or kills someone? What about Intellectual Property (IP) indemnity for goods and products vs. services delivered? The list of questions is almost endless.
In the compliance world this Mission Creep, Mission Expansion, Mission Explosion trichotomy plays out when a company moves into a new geographic area or product line. Have the compliance risks been adequately evaluated? Have they been evaluated at all? Perhaps more importantly has the relevant business unit communicated to the Compliance Department these new initiatives so that the compliance risks can be assessed?
The failure by JP Morgan to properly assess its risk or use risk intelligence correctly may have indeed had its genesis in the complexity of the trading positions the company was taking. But Frawcheck’s article pointed out that it is not simply complexity which can lead to failure in the assessment and management of risk. In JP Morgan’s case, it may be that one step on the Mission Creep continuum led to more steps of Mission Explosion, which inevitably led to Mission Explosion. But, whatever the reason, I think one of the clear lessons from the JP Morgan debacle is if your risk assessment cannot determine what your risk is or your risk intelligence cannot evaluate your risk assessment in a meaningful way, you need to slow things down until you can do so. Or as Sallie Frawcheck said: Full Stop!
This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.
© Thomas R. Fox, 2012
FCPA Compliance and Ethics Blog 