March 01, 2010


How to Conduct an Incentive Compensation Risk Assessment




Kelly Malafis
Founding Partner [email protected] 212-921-9357
Rose Marie Orens
Partner Emeritus [email protected] 212-921-9352


“Excessive risk taking” and “incentive compensation” entered day-to-day parlance with the onset of the financial crisis in 2008. “Excessive executive compensation” had been grabbing headlines since the mid ‘90s, but there was little focus on how a company’s incentive compensation programs might influence enterprise risk taking. Few made the connection that an organization’s appetite for risk could have a dramatic (and potentially adverse) impact on how that organization structured its incentive programs.

Following the collapse of Enron and WorldCom, compensation committees became aware of the dangers of loading up executives with outsized stock option grants which might tempt them to “inflate” short-term earnings and stock price. Companies and their compensation committees did one or more of the following: they reduced the size of option grants, introduced stock ownership guidelines and share retention programs, and diversified the portfolio of incentive vehicles by adding restricted stock and performance plans. These long-term incentives contain less leverage than options, reducing the temptation to swing for the fences.

Incentive compensation, whether for executives or the broader employee population, has been identified as a significant contributor to the financial crisis. To protect the “safety and soundness” of our financial system and provide remediation, the Federal Reserve and the Securities and Exchange Commission have proposed guidance and disclosure requirements which require companies to conduct a thorough review of the relationship between pay and risk taking. The objective of a “risk assessment” is to identify plans or practices that may encourage employees to take unnecessary or excessive risk which could threaten the company or, in the case of financial firms, the safety of the broader financial system.

Conducting a Risk Review

There are four steps in conducting a risk review:

  • Create the process
  • Develop a framework to examine incentive plans and practices
  • Assess current plans
  • Communicate results and identify refinements

Creating the Process

A comprehensive risk review requires a multi-disciplinary team composed of human resources, risk management, legal, finance, and corporate and business unit leaders. In the initial phase human resources professionals (including compensation) compile comprehensive information about the company’s incentive plans. This includes identifying all incentive plans, revisiting the organization’s compensation philosophy (including the appropriateness of the comparators used for benchmarking), summarizing key incentive plan design features, and reviewing historic pool levels and pay mix to determine if a “risk adjustment” is needed. Concurrently, risk and finance professionals compile a risk profile by bringing together their individual assessments of where risk exists or is likely to originate.

Developing a Framework for Examining Incentive Plans and Practices

The next step is to develop a framework for determining to what extent risk impacts incentive plans and practices. The team identifies the types of risk — operational, credit, market, and reputational — that exist in the company and the behaviors and actions that need examination and monitoring. Although all incentive plans should be reviewed, the focus initially will be on the lines of business and the individual contributors with higher risk profiles. The framework includes a series of questions relating to how the incentive plans operate. The following address the key areas of concern:

  • How are incentive pools developed?
  • Are the incentive pools capped or uncapped?
  • Are the metrics appropriate given the type of business?
  • Are operational controls in place to prevent participants from manipulating results?
  • Is the plan unduly focused on short-term results?
  • Do incentive timeframes match income recognition?

It is also important to examine incentive plan governance:

  • Who designs the plans?
  • Who approves the plans and how are they tracked?
  • Who validates the performance and payments?
  • What is the level of oversight by finance, risk management, human resources, senior management?

The framework can also identify design features that help to mitigate risk, e.g., a combination of performance metrics (ideally including multi-year results), a pay mix that balances short-term and long-term compensation, and incentive leverage scales that encourage performance improvement without requiring home runs.

SEC Disclosure Rules (approved December 16, 2009)

  • The SEC requires a narrative disclosure about the company’s compensation policies and practices for all employees, not just executive officers, if the compensation policies and practices create risks that are reasonably likely to have a material adverse effect on the company
    • This disclosure threshold is similar to the one used for the Management Discussion and Analysis
  • Disclosure would be included in a separate section of the proxy, not in the Compensation Discussion and Analysis
  • The SEC provides a non-exclusive list of situations that potentially could trigger disclosure:
    • At a business unit of the company that carries a significant portion of the company’s risk profile;
    • At a business unit with compensation structured significantly differently than other units within the company;
    • At a business unit where the compensation expense is a significant percentage of the unit’s revenues; and
    • At a business where bonuses are awarded upon accomplishment of a task, while the income and risk to the company from the task extend over a significantly longer period
  • Smaller reporting companies are excluded
  • Companies are not required to make an affirmative statement that compensation plans are not risky

Note: While the SEC does not require disclosure if a company determines that its incentive plans are not reasonably likely to create risks with material adverse consequences, we expect companies to describe the risk assessment process in their proxy statements, highlighting features of their programs that mitigate risk and changes they have made to improve risk and incentive alignment.

Assessing Current Plans

The first plan to review is the executive incentive plan. It is important to validate both the plan and the compensation philosophy against the company’s risk profile as other plans will be aligned with these principles. In fact, many of the issues addressed with respect to senior executives will apply to other employees.

The compensation committee and the chief risk officer (and often the risk committee or audit committee of the board of directors) participate in this process. An analysis of the metrics used to fund the corporate pool is particularly important. For example, financial firms need to address whether incentive plan metrics include capital adjusted results. Companies also need to demonstrate that incentive plan payments reflect a broad view of performance that extends beyond short-term earnings. The balance in the senior executive pay package between short-term, intermediate, and long-term results, and between cash and equity compensation are important to consider.

Many plans have features which can mitigate risk, such as multi-year performance periods, stock ownership guidelines and stock retention requirements, bonus and equity claw backs if results are later found to be inaccurate, and mandatory bonus deferrals. While these practices do not guarantee that unnecessary risk taking is being averted, they do encourage the desired alignment between senior executive pay and long-term performance.

Next, the multi-disciplinary team conducts a similar analysis of other incentive plans. This usually begins by analyzing how the bonus or incentive pools are funded, i.e., whether they use corporate, business unit, or individual results, and whether the pools are based solely on formulas or include an element of management judgment. It is important to examine how the metrics used align with corporate plan metrics and business goals. One important practice to mitigate risk includes incorporating time horizons in the incentive plan that reflects the company’s time horizon for recognizing income or losses. When products or transactions contain a long tail that can only be assessed over time, multi-year performance should impact incentive payouts. A major mismatch can occur when large upfront bonuses are awarded before the company is able to recognize profitability from a product or transaction. Other questions to be addressed are similar to those already covered in the assessment of the executive incentive plan:

  • Does fixed compensation represent an appropriate percentage of the total pay package?
  • Are safeguards (such as caps, discretionary components, deferrals and controls over how products are priced) in place for revenue-based plans?
  • Does the mix of cash and equity reflect the preferred alignment between the business unit or individual participant and the company?
  • What is the process for goal setting and approving payouts? Is the Audit Committee involved in the performance measurement approval for the executive plans?
  • Are claw backs and mandatory deferrals in place? If not, should they be adopted?

Finance, risk management, and human resources should have an ongoing role in developing and reviewing business unit compensation plans. They need to have the authority to make recommendations for change. They also need to be compensated in a manner that ensures that their independent oversight of the process is not compromised.

Communicating Results

Led by the chief risk officer, the team presents its assessment to management and the compensation committee. This consists of an evaluation of executive and other employee incentive plans that have the potential to create unnecessary or excessive risk (the threshold for financial institutions) or that are reasonably likely to create a material adverse effect on the company (see SEC Disclosure Rules).

The presentation highlights businesses with higher (and lower) risk profiles, the criteria used to assess the risk, and an analysis of the corresponding incentive plans and how they are structured to mitigate these risks. In organizations with multiple incentive plans, it is common to sort the plans by level of risk, (from high to low) and by the level of pay (from high to low) for purposes of prioritizing the review process, examining individual plan features, and presenting findings and recommendations (see Risk to Pay Relationship chart on page 4). The team offers an opinion on whether any of the incentive plans are likely to constitute a material adverse risk, or in financial firms, whether the incentive plans align with the Federal Reserve’s guidance on “safety and soundness.” Finally, the team presents to the compensation committee recommendations on how the company’s incentive plans, policies, and practices should be structured or modified to address risk. These modifications may be company-wide (e.g., a shift in some portion of variable to fixed pay for all employees), or may be refinements affecting a smaller group of employees (e.g., a three-year deferral program with payment tied to future business unit results). In almost all cases, some changes are to be expected.

* Based on a financial services firm but the principle is applicable across industries

Given the increased focus on risk management and the responsibility of compensation committees and boards to supervise the potential for incentive plans to encourage excessive risk taking, we expect most companies will develop processes to identify and address these issues. Additionally, while the SEC does not require companies to make any affirmative disclosure if they do not believe that their incentive plans create risks with material adverse consequences, we expect many companies to describe the risk assessment process in their proxy statements.

A risk review is not a one-time event. In the future, incentive plans will be more regularly monitored and reviewed by a designated internal group with the authority and independence to raise issues and make recommendations. This kind of enhanced management oversight represents sound business practice. Companies that establish an accepted and understood pay to risk relationship will be better positioned to achieve strategic business goals while maintaining responsible and defensible incentive compensation programs.

Please contact us at (212) 921-9350 if you have any questions about the issues discussed above or would like to discuss your own executive compensation issues. You can access our website at for more information on executive compensation.