Governance & Restructuring

Closing Gaps in JV Risk Management Practices

Opportunities abound for companies to elevate their risk management game in joint ventures by improving practices and raising expectations.

Authored By

James Bamford

Joshua Kwicinski

Jason Reid

Closing Gaps in JV Risk Management Practices

Part two in a two-part series

February 2020 GIVEN THE POTENTIAL risk exposure from joint ventures and the increasing pressure on non-operators to get a grip on it from key stakeholders, it’s not surprising that the typical JV operator can feel buffeted by an avalanche of intrusive and overlapping partner assurance efforts. And while we applaud non-operators waking up to their risk exposure, we also echo the Institute of Internal Auditors’ challenge for risk management professionals:

It’s not enough that the various risk and control functions exist – the challenge is to assign specific roles and to coordinate effectively and efficiently among these groups so that there are neither “gaps” in controls nor unnecessary duplications of coverage.[1]See “The Three Lines of Defense in Effective Risk Management and Control,” The Institute of Internal Auditors, January 2013

In Part 1, we explored the current state of play in joint venture risk management and made the case that non-operators and operators alike need to coordinate their individual lines of defense and develop a joint risk management framework tuned to the unique circumstances of their JV.

The purpose of this article is to discuss a broader set of opportunities for companies to elevate their risk management game in joint ventures. Specifically, based on our recent client work and comments from participants in our joint venture roundtables in the upstream oil and gas, downstream and chemicals, and mining sectors, we see opportunities for companies to close gaps in risk-related operator screening and due diligence, in contract drafting for risk management terms, and in expectations internally – and externally – for ongoing governance of risk. Closing these gaps will better position non-operators and operators as they develop effective and efficient joint risk management frameworks with their partners.

Elevating the Risk Management Game

1) Operator Screening and Due Diligence. Financial institutions have long been required by regulators to engage in “know your customer” diligence before taking on a new client – a process that entails verifying the potential client’s identity and evaluating the potential risk exposure from that client (i.e., the probability of the client engaging in illegal conduct). So too should JV non-operators strive to “know your operator” before signing a JOA or JVA – that is, understand the culture (identity) of the operator and the potential risk exposure from the operator (i.e., the probability of the operator failing to properly manage operational, financial, HSE, or other matters). As we’ve written elsewhere, due diligence is the first and best opportunity to understand whether a potential operating partner has a risk management philosophy that is fit-for-purpose in the JV and aligned with the company’s own risk management philosophy.[2]See James Bamford and Piers Fennell, “Giving JV Diligence its Due,” The Joint Venture Deal Exchange, April 2015.

When a company is considering forming or farming into a joint venture as a non-operating partner, its required due diligence should always include an independent baseline assessment of the venture’s risks, with a focus on high-impact HSE risks related to process safety, asset integrity, and environmental risks. But the due diligence should also include an assessment of the Operator’s HSE and risk management policies, systems, and capabilities, as well as its financial controls and business ethics policies, and include a gap analysis to those of the company (Exhibit 1).

Ideally, this due diligence would confirm that the Operator’s risk management systems and capabilities are at least as good as those of the company in practice, even if the specific details vary. And to the extent that the Operator is found to have a risk management approach less mature than that of the non-Operator, the company must take a purposeful decision to proceed, based on its own risk appetite and a reasonable view of its ability to move the Operator up the maturity curve over time. No amount of influencing will turn a wildcat independent driller into a mature risk management organization overnight (though perhaps it might over a decade).

Exhibit 1: Operator Risk-Related Due Diligence Topics

FunctionPotential Due Diligence Activities
Risk Management
  • Evaluate Operator’s risk management policy, framework, and capabilities
  • Verify that Operator holds required regulatory approvals for operating activities
Health, Safety, and Environment (HSE)
  • Conduct initial assessment of Operator’s HSE System and Critical Controls health (and compare to Company approach to understand potential gaps)
  • Conduct independent “baseline” risk assessment with focus on process safety / asset integrity, environmental, and other potentially high-impact HSE risk events
  • Review Operator’s Environmental Agreements – its key clauses and definitions – with external regulatory bodies
Financial Controls
  • Conduct initial assessment of Operator’s accounting policy, accounting standards (e.g., treatment of opex vs. capex, useful life of fields, depreciation), financial compliance policy, budget approval process, and AFE approval process
  • Determine external obligations of the Operator related to the asset (e.g., rehabilitation, Sarbanes-Oxley)
  • Review Operator’s external auditor selection, engagement, and reporting process
Business Ethics and Conduct
  • Conduct initial assessment of the Operator’s policies and directives (e.g., ABC/AML, human rights, competition and consumer protection, conflicts of interest)
  • Conduct independent risk assessment on conflicts of interest, bribery and corruption, human rights, and anti-competition using internal tools (e.g., Due Diligence Checklist, Know Your Customer Form, etc.)

© Ankura. All Rights Reserved.

Of course, any decision to proceed if the Operator has a less mature risk approach can and should come with certain caveats – namely, the additional JV contractual terms related to risk management rights and protections that the company ought to seek before putting its signature on the legal agreement.

2) JV Contractual Terms. Depending on due diligence findings and its negotiating leverage, a non-operating partner may have the desire and the opportunity to negotiate contractual terms that provide additional rights and protections on HSE risk management and reduce HSE risks overall. Natural resource companies seeking to raise their risk management game in non-operated JVs might consider expansive answers to a set of questions across key deal terms related to risk (Exhibit 2). For example, non-operators might want to make clear that in addition to receiving the ongoing operational and performance data described in the typical industry model form agreement, they also want access to a broad swath of HSE risk-related information – like risk registers and controls, and risk mitigation plans filed with regulators.

Exhibit 2: Key Questions for Drafting Risk-Related Deal Terms

TopicKey Questions to Address in Terms:
Operator Standards
  • What minimum requirements should the Operator’s HSE, risk management, and financial standards and systems applied to the venture meet – e.g., regional practice, industry best practice, regulatory requirements, international standards (like ISO 31000 for risk management), etc.?
Information Access
  • What operational and financial data should the Operator regularly furnish as part of standard reporting (e.g., operational and production data, regulatory filings, risk reviews, financial books and records, etc.)? Should any information be accessible on a real-time basis?
  • Should the Operator be required to share relevant external (e.g., regulatory or third party) audit findings, or internal self-assessment data related to the integrity and performance of operational, risk, and financial management systems utilized by the Operator within the venture?
Additional Information Requests
  • Is there additional data that ought to be available upon request? If so, what limitations (if any) are acceptable relative to the time, costs, and burdens of making such data available?
Site Visit Rights
  • Should non-operators have site visit rights? If so, what limitations (if any) are acceptable on the exercise of those rights (e.g., timing of visit, avoidance of operational impact, etc.)?
Risk Audit and Assurance
  • What risk-related audit rights should non-operators be entitled to exercise? Who bears the costs for their exercise?
  • Will non-operators be able to participate in other risk-related audits (whether internal, regulatory, third-party, or by other non-operators) to limit overlap?
Financial Audit and Assurance
  • What financial audit rights should non-operators be entitled to exercise? Who bears the costs for their exercise? How will confidential or proprietary information (e.g., contractor pricing) be handled?
  • Will non-operators be able to participate in other financial audits (whether internal, regulatory, third-party, or by other non-operators) to limit overlap?

© Ankura. All Rights Reserved.

Our review of industry model-form joint operating agreements and various legal agreements suggests that most non-operators have not yet invested in a holistic approach to risk management deal requirements – and as a result, have the chance to take a more aggressive posture on almost all contractual provisions relevant to HSE risk management, including those pertaining to Operating Standards, HSE Plans, HSE Assessments, Information and Reporting, Audits and Assurance, and Operator Removal. To illustrate the difference between “typical” and “strong” practice, consider terms pertaining to Operating Standards, HSE Plans, and HSE Assessments (Exhibit 3).

For example, on Operating Standards, typical industry contractual terms feature vaguely-defined calls for the Operator to conduct joint operations consistent with “good industry practice”, without defining what good industry practice is, whether that industry practice is defined at a domestic or international level, and how it relates to domestic laws.

Exhibit 3: Depth of HSE Risk Management Protections in JOA

OPERATING STANDARDS xhibit 3: Depth of HSE Risk Management Protections in JOA

In contrast, strong contractual language would define what international standard(s) the Operator would operate the assets in a manner consistent with (e.g., those established by the International Organization for Standardization (ISO) or American Petroleum Institute (API)), as well as whether the Operator is expected to comply with international environmental conventions and treaties or meet defined environmental and safety targets established by the co-venturers.

Or consider HSE Assessments, where typical agreements are silent on the concept of having any formal review of the Operator’s HSE risk management systems and procedures, even if only a self-assessment by the Operator. At least some model forms in recent years have moved towards requiring that the Operator periodically review and report on its HSE systems, though strong contractual language would shift towards requiring an independent audit that the Operator’s HSE approach is defined, carried out as defined, and effective.

Stepping back, companies should create major clauses guidance that includes strong contractual terms on HSE and risk management as a non-operator, seek to negotiate these terms into venture agreements, and report where they have and have not succeeded in negotiating these terms.[3]For additional details, please see James Bamford and Tracy Branding, “No Clause for Concern: Developing a Major Clauses Guide for JV Agreements,” The Joint Venture Exchange, April 2019.

3) Ongoing Governance. We have long advocated for, and written extensively about, the importance of standards for ongoing governance of JVs, which many companies are now moving to adopt – for example, setting single-point internal accountability for the performance and risks of each JV, defining the role and expectations for company JV Directors, and requiring the use of influencing plans.[4]See James Bamford et al, “Joint Venture Governance Index: Calibrating the Strength of Governance in Joint Ventures,” Harvard Law School Forum on Corporate Governance, March 2020.

Similarly, we’ve advocated for joint venture partners to collectively adhere to standards of excellence for how the governance system itself functions (i.e., the activities and relationships between the Board, Committees, Management, and partners). Our research shows that JVs with good governance are strongly correlated with good performance. And we believe that companies pursuing excellence in HSE risk management should separately define a set of standards related to risk management across the lifecycle of the JV (Exhibit 4).

These standards would cover (1) how the company’s asset teams would internally approach HSE risk management, and (2) company expectations for how a JV governance system and Board should approach HSE risk management – ideally influencing how the JOA is written as well as ongoing governance practices and serving as a clear “end state” for the company’s asset teams to pursue by influencing the operator.[5]We recognize that any standards related to the Board and governance system are aspirational to the extent that they cover expectations not in the JOA – acting instead as a roadmap of outcomes the … Continue reading

Exhibit 4: Sample Standards – HSE Risk Management

Exhibit 4: Sample Standards – HSE Risk Management

© Ankura. All Rights Reserved.

Many companies have adopted one or two of the sample standards described in Exhibit 4, but few (if any) have adopted a broadly holistic approach to risk management. For example, only 11% of oil and gas JVs in our database currently have a Risk Committee, suggesting broad room for adoption. Or consider the question of joint audits, where the Dow Corporation was an early mover in setting expectations for the use of joint audits and developed a set of joint audit protocols for use in all its JVs – but few have followed the same path.[6]See James Bamford, “Are Your JVs a Ticking Time Bomb?”, The Joint Venture Exchange, June 2009.

Risk exposure is inherent in any business, especially in businesses operating on geographic and technological frontiers. But inherent exposure does not have to mean inevitable occurrence. With countless lives and dollars potentially at stake, what company can afford not to invest in keeping risk at bay in its joint ventures.

References[+]

How We Help: Governance & Restructuring

We understand that succeeding in joint ventures and partnerships requires a blend of hard facts and analysis, with an ability to align partners around a common vision and practical solutions that reflect their different interests and constraints. Our team is composed of strategy consultants, transaction attorneys, and investment bankers with significant experience on joint ventures and partnerships – reflecting the unique skillset required to design and evolve these ventures. We also bring an unrivaled database of deal terms and governance practices in joint ventures and partnerships, as well as proprietary standards, which allow us to benchmark transaction structures and existing ventures, and thus better identify and build alignment around gaps and potential solutions. Contact us to learn more about how we can help you.

About the Authors

James Bamford

James Bamford is a Senior Advisor at Ankura based in Washington, DC. He joined Ankura with the firm’s 2020 acquisition of Water Street Partners, which he co-founded in 2008. Water Street Partners has been independently ranked as the number one global advisor on joint ventures since 2017. Prior to Water Street, he was global co-lead of the Joint Venture & Alliance Practice at McKinsey & Company.

Joshua Kwicinski

Joshua Kwicinski is a Managing Director based in Washington, DC. He has more than a decade of experience in advising on all aspects of the partnership lifecycle, including deal strategy, transaction structuring, ongoing governance, and restructuring/exit. He has advised senior executives and dealmakers at both a corporate and individual JV level across a range of industries, including oil and gas, metals and mining, aerospace and defense, financial services, biotechnology, and others.

Jason Reid

Comments

Leave a comment

Your email address will not be published. Required fields are marked *

Subscribe to the

Joint Venture Alchemist Newsletter

Sign up below to receive the latest joint venture updates from Ankura.

"*" indicates required fields