Pillarstone is a KKR portfolio company that helps banks across Europe manage their exposure to non-core and underperforming assets on their balance sheets. Ethisphere’s Craig Moss sat down with Pillarstone General Counsel and Chief Compliance Officer Silvio Cavallo—recently named to Legal Community magazine’s list of top Italian general counsels under the age of 40—to discuss how Ethisphere and Pillarstone have worked together to advance the compliance programs at Pillarstone and two Italian companies in which Pillarstone has equity partnerships: telecom and energy infrastructure builder Sirti, and global shipping company Premuda.
Craig Moss: Silvio, tell us a little bit about Pillarstone’s business and your role as general counsel there.
Silvio Cavallo: Pillarstone is an investment platform that was established in 2015 as a partnership between certain European banks and KKR, to manage non-core and underperforming assets of European banks and reignite their positive performance.
Since 2015, Pillarstone has grown quite steadily. We now have close to $3 billion under management across a broad variety of companies and industries, including telecommunications, shipping, leisure, consumer goods and industrial manufacturing.
My role as the general counsel is to advise on all of the various restructuring transactions that we carry out, across the entire cycle of our investment strategy–inception, onboarding the initial asset onto our platform, managing of the underlying exposure that we acquire, potentially becoming an equity holder in the company, effectively advising the board of directors across a broad array of matters, including as regards portfolio investments, and exiting the investment—as well as on all of the compliance ramifications of our transactions.
As the General Counsel, what risks are you most concerned about with Pillarstone and your portfolio companies?
The Ethisphere maturity assessment that we carried out was very quick to pick up the magnitude of bribery and corruption risk that our portfolio companies see as a result of their business model. We have a limited number of counterparties at Pillarstone—typically large financial institutions and prominent legal and financial advisors—so we don’t see that much of an inherent bribery or corruption risk at that level, since our interactions with government officials are fairly limited. But the situation is completely different at the level of our portfolio companies. And that brings to mind a couple of things.
First, there is no one single industry that we invest in; we tend to invest in companies irrespective of their industrial segment so a portfolio company could be shipping or telecommunication or pharmaceuticals. And each company has its own peculiar risks to be assessed and managed.
Second, we on-board debt receivables vis-a-vis a relatively small number of medium/large corporate borrowers. We might simply manage the debt that we have on-boarded, but in some cases, we swap that debt position into equity and effectively have become the owners of businesses. There’s a varying degree of risk, depending upon whether we are a mere creditor or whether we also are an equity holder in the company, and each risk has its own ramifications in terms of the amount of due diligence that we can carry out, the governance levers that we can activate to minimize compliance risks, the degree of control that we can accelerate with the company, and the deepness of our understanding of the business. I think that is the key inherent risk of our platform: managing a broad number of performing companies across a broad variety of industries, sometimes operating in very different countries all across Europe or potentially even globally.
When we first started working with you, KKR introduced us to you as one of their portfolio companies and you went through what we call our Measure and Improve program, where you started with the maturity assessment, then did the roadmap and the rapid improvement workshop. Tell us a little bit about your experience going through that process.
It was very helpful. And quite frankly, it also was thoroughly enjoyable. One of the best parts was there was a degree of competition to it. We know that KKR are the gold standard in terms of compliance. They were really supportive of Pillarstone and stood with us at each step of this process. That they thought Pillarstone might be a good candidate to go through the assessment was certainly something that we valued. We wanted to demonstrate to KKR that we understood those expectations and that we also strive to achieve the same gold standard that they employ.
The assessment was very practical, which is what we liked about it. It forced us to ask ourselves very tough questions, and to look at our policies and procedures through the eyes of the people who need to operate them on a daily basis. One of the first things we were told when we were having our first discussion around the assessment was that we could have the best policies and procedures and an incredibly detailed set of rules, but if the people that need to adopt them and employ them on a daily basis do not understand their value, how they apply, or how they might impact the way that they carry out their day-to-day job, then whatever we have is worthless.
So, we sent out a clear message in terms of why our policies and procedures are important by boiling down 100-200 pages of policies and procedures to crisp, short, and actionable points for our people and the third parties they interact with. I think that was that was the real value that we saw in the assessment exercise and generally in your approach.
We also identified concrete steps to take to strengthen the robustness of our compliance program. This is another feature that we particularly appreciated. You insisted that our goals have to be specific and not just inspirational or motivational statements which cannot be acted upon or measured over a specific period of time.
We also agreed upon which were the priorities for our business together, so it was a two-way process. It was not just you recommending us to do something. Together, we drafted our statement of purpose: what we wanted to do over a certain period of time—priorities that we identified as part of our self-assessment.
What kind of feedback did you get from your executive leadership team?
One of the things that I am most proud of, as part of the exercise, was that they realized how much clarity there was at the level of the junior team in terms of our risk and our compliance approach. When you led us through the exercise, we created four separate groups—the members of the board of directors; the senior investment team; the junior investment team; and legal, finance, and compliance. We encouraged them to prepare lists of the key bribery and corruption risk areas that we face. We started from the junior team, because we didn’t want them to be influenced by what other people would say. And the key risk areas that they identified for Pillarstone aligned fully with those identified by more senior individuals. That was something that the executive leadership team was very happy to see. We are a sophisticated platform, so you might potentially expect a more junior individual not to be fully cognizant of the key risk areas for us, but we were proven wrong there. That was certainly was one of the best parts, seeing how effectively the thinking of junior and senior people aligned.
We started by assessing Pillarstone’s compliance program maturity. Then as we worked with you to improve your maturity and reduce your risk the attention turned to your portfolio companies and the risk they bring to you. As we’ve done more work with your portfolio companies, has that helped you to better understand the risks that they face?
Absolutely. I think the real value we saw in the work that you did with our portfolio companies was to reassure us that there is a clear understanding, at the portfolio company level, of the emphasis and importance that we place on antibribery and anticorruption compliance. It was reassuring to be safe in the knowledge that the individuals who work with us at Sirti and Premuda understood that it is fundamental for us to ensure they operate in a fully compliant environment. Ultimately, compliance is our license to operate, and the reason why we continue to carry our business with KKR and with all the other investors and Italian banks is that because they know that we have a zero-tolerance approach to compliance. That was that was one side of the exercise that we particularly appreciated.
I think the exercise also helped us understand more deeply where risks sit at the level of our portfolio companies. Our individuals sit on the boards of both Sirti and Premuda so it was good to carry out an in-depth assessment of what key risks the management teams of those companies face. We wanted to get the perspective of the people who live in the trenches, face the various types of situations that a company might potentially encounter, and where they see risk.
The one thing that we were particularly pleased about was that from our perspective, the risks that the management team of Sirti and Premuda identified were pretty much what we had in mind in terms of what the key risks were for those two companies. This means that they had a fairly comprehensive understanding of the business that they carry out and what key risks they face.
Italy has very specific government guidelines about what your program should look like. How did what you did with Ethisphere complement what you had already done through Italian law 231?
I’m a member of the Italian Supervisory Board established at the level of Pillarstone, so one of the things that was very helpful for us to appreciate in a very tangible manner how much of an iterative process risk assessment is. That was one of the things that emerged from the exercise that we did together. We had done a risk assessment a couple of years back and the Ethisphere exercise helped us identify the key areas that ought to be refreshed or reconsidered because of changing business models, growth in our portfolio, growth in our team, and various structural changes regarding how the platform will interact our investors. So that was one thing why we believe the exercise was very helpful.
The second one was that the Ethisphere program and exercise forced us, as Members of the Italian Supervisory Board, to consider our own set of policies and procedures through the eyes of those who need to apply them daily. Sometimes there can be a gap between those who obviously are compliance professionals who read and review policies and procedures through the lenses of an expert opinion, and those who must apply policies and procedures on a daily basis. Working with the investment team in our specific case, the program encouraged us to adopt a slightly different perspective in terms of how we would assess the advocacy and the effectiveness of our policies and procedures. It also provided us with very clear feedback in terms of which key areas of our program work and which need strengthening.
Ethisphere has introduced a new holistic compliance program assessment that looks at nine risk topics, from data privacy and cyber to environmental compliance and trade sanctions. In terms of portfolio company risk, how useful is this kind of tool for you?
Every portfolio company has its own specific set of risks. One holistic assessment that looks out for trade sanctions would be particularly useful for portfolio companies such as Premuda. Or one holistic assessment with an environmental angle, or a cyber data protection angle might be of particular interest for telecommunication companies such as Sirti.
I believe that a broader set of risk areas that must be considered from a compliance perspective is particularly useful for an asset manager. An asset manager might potentially encounter a variety of portfolio companies with a different map of risks, and having one holistic tool to map them all, bring them together, and identify key risk areas the asset manager needs to focus on, is definitely marketable.
Your holistic assessment also covers ESG. I cannot emphasize more how crucial that is for any type of financial institution. For an asset manager, that is becoming another element of our license to operate vis-a-vis our entire catalog of stakeholders. Having someone help us identify which ESG areas we should focus on will be extremely helpful.
ABOUT THE EXPERTS
Silvio Cavallo is General Counsel and Chief Compliance Officer at Pillarstone. He is based in Milan, Italy, and was recently recognized by Legal Community magazine as one of Italy’s pre-eminent lawyers under the age of 40.
Craig Moss is the Executive Vice President of Measurement at Ethisphere and a leading expert on using management systems to improve compliance and risk management performance within companies and across supply chains. Craig is also Director-Content at the Cyber Readiness Institute, and a Director at the Digital Supply Chain Institute.