Ethical Boardroom Spring 2016 by Ethical Boardroom

Published by Ethical Board Group Limited | www.ethicalboardroom.com

Spring 2016

Keeping it above board

Preparing for cyberattacks

Motivating compliance with anti-corruption rules

A proactive approach to closing the pay gap

Enhancing audit committee oversight Five top tips to strengthen its effectiveness

ZENITH BANK’S GLOBAL MISSION CEO Peter Amangbo on his company’s commitment to innovation and sustainability

Build a better boardroom Securing the right personalities for the right job

UK £9.95 USA $14.99 CAN $16.99 EUR €11.99

9 9772058 772058611002 611002

The power of positive deviance

Silicon Valley’s gender problem

0606

Ways to identify and mitigate worst-case scenarios

ISSN 205 8- 61 1 6

YOUR INVESTMENT MANAGER YOUR TRUSTED PARTNER

€ 985 Bn

of Assets Under Management

No.1

Top

Present in

worldwide

countries

in Europe

amundi.com No. 1 European asset manager based on global assets under management (AUM) and the main headquarters being based in Europe - Source IPE “Top 400 asset managers” nor does it constitute public advertising for any product, financial service or investment advice. The value of an investment and any income from it can go down as well as up and capital of €596,262,615 - Portfolio Manager regulated by AMF under number GP 04000036 - Registered office: 90 boulevard Pasteur, 75015 Paris, France - 437 574 452 RCS Paris

YOUR INVESTMENT MANAGER YOUR TRUSTED PARTNER

€ 985 Bn

of Assets Under Management

No.1

Top

Present in

worldwide

countries

in Europe

Ethical Boardroom | Contents

Commentary

Gender diversity in the Gulf Initiatives to increase the number of women in boardrooms are on the rise in the GCC

Solving the email management crisis What the US government is doing right on governing its email records

14 16

Effective management A cohesive board is pivotal to long-term success and sustainability

The new new era of shareholder activism It’s time to deliver long-term value with activism coming off a peak

Global News Watch EB’s round-up of global corporate governance news

COVER STORY: Zenith Bank Nigeria’s largest lender outlines its commitment to innovation and sustainable business practices

eUroPe

Iberdrola’s proactive approach to shareholder engagement Looking to build relationships with its investors through pioneering initiatives

Spain: Proxy season 2016 With standards ever higher, Spanish companies will face fresh challenges this proxy season

Board LeaderSHIP

30 34

Building a better boardroom Now more than ever you need to know ‘who’ not just ‘what’ works the best SOS: Preparing for a new CEO Is your board prepared for an emergency CEO succession? Lessons from recent high-profile cases

Women on French boards: An evolution Observations from a seven-year study of more than 900 women on boards of 403 Euronext Paris companies

4 Ethical Boardroom | Spring 2016

Contents | Ethical Boardroom

LGBT in the boardroom Broadening the diversity debate to advance lesbian, gay, bisexual and transgender policies

Tone at the top Why people rightly point to boards to answer for an unhealthy corporate culture

Effective board contributions in social enterprises Active and ongoing involvement in an organisation’s strategic thinking can lead to better focus on the road ahead

SoUtH amerICa

Latin America 2016 Emerging trends in corporate boards Boards are more determined than ever to show a commitment to transparency

Board GoVernanCe

Improving audit committee effectiveness Top tips to consider when developing, evaluating and refining oversight processes and practices

CONTENTS 58

The great communicator Taking inspiration from Ronald Reagan and his galvanising speeches can help audit managers communicate effectively in the field of governance

Germany’s liberal approach to corporate governance Excessive regulatory developments in corporate governance can lead to negative consequences

US compensation trends in 2016 Companies need to take time out to set agendas to ensure accuracy in proxy disclosures of executive compensation

teCHnoLoGy

IG trends to look out for in 2016–2017 In a world of ever-growing unstructured content, companies are increasingly investing in information governance

Board communication and digitisation Executive communication in the age of digital disruption brings a time of change that shouldn’t be ignored

Spring 2016 | Ethical Boardroom 5

Ethical Boardroom | Contents

Technology for an effective boardroom Improving productivity and enhancing your reputation using creative technology in the boardroom

mIddLe eaSt

Getting it right in times of conflict Resilient governance helps companies weather unrest – and re-emerge stronger

tHe eB 2016 CorPorate GoVernanCe awardS

Introduction & Winners list We reveal our Middle East Award winners

RAK Insurance steps up to the challenge The UAE-based insurance firm on developing effective communication with its stakeholders

Omantel dials into corporate governance The Oman-based telecoms company on commitment and sustainable practices

Setting new heights for corporate governance Dubai Parks and Resorts PJSC on its mission to deliver long-term value to shareholders and stakeholders

aCtIVISm & enGaGement

2:20 The formula for dealing with activist hedge funds The best defence against an activist is a robust and improving stock price

92 96

Preparing for activists Seven sure ways to keep all your investors happy – and onside Shareholders make their voices heard Institutional shareholders’ voices are more than just a whisper

Silicon Valley’s gender problem Closing the pay gap: why a proactive approach is simply good business

6 Ethical Boardroom | Spring 2016

114

126

Contents | Ethical Boardroom

102

The â&#x20AC;&#x2DC;Mâ&#x20AC;&#x2122; word: No, not materiality Mandatory reporting of sustainability information is on the rise

AFRICA

106

Effective corporate governance in Africa Country governance environment is influencing roll-out of corporate governance at company level

RISK MANAGEMENT

110

What constitutes a risk-based approach? Lessons in third-party compliance to meet bribery and corruption clampdowns

114

Creating a culture of compliance Carrying out a united third-party risk strategy is essential for avoiding financial and reputational damage

118

Building a cyber resilient organisation Preparing and identifying worst-case scenarios for a cyberattack

122

IoT and the boardroom In an Internet of Things world, it is critical to implement effective enterprise cyber risk management

126

Bulletproof your defence The role of the board in delivering a robust corporate defence programme

REGULATORY & COMPLIANCE

130

Automating due diligence Enhance due diligence by analysing unstructured online customer data

132

Collective action to tackle corruption Building a strong coalition with civil society puts business on the front foot

136

The power of positive deviance in compliance Incentives when compliance rules seem to eliminate our purpose in working for the company

Spring 2016 | Ethical Boardroom 7

Ethical Boardroom | Foreword

Welcome to the Spring 2016 edition of Ethical Boardroom magazine

Panama Papers puts spotlight on risk practices The unprecedented leak of 11.5 million files from the database of the world’s fourth biggest offshore law firm Mossack Fonseca has exposed the plethora of ways in which the rich and powerful can exploit secretive offshore tax regimes. Dubbed the Panama Papers, the files – leaked to a German newspaper and shared via the International Consortium of Investigative Journalists – have revealed how the law firm’s clients were able to launder money, dodge sanctions, avoid tax and facilitate bribery, arms deals and drug trafficking. Documents reference current or former world leaders, as well as hundreds of other politicians and public officials; they link some large banks to questionable financial dealings and have pulled the new Fifa president Gianni Infantino into a fresh corruption scandal to hit football’s governing body. The leaked files could not have arrived at a trickier time for the corporate and financial world – following on from the financial crisis and high-profile corporate scandals, such as

8 Ethical Boardroom | Spring 2016

Volkswagen emissions – and are likely to have further entrenched existing negative attitudes towards businesses. Although there are legitimate ways of using tax havens, most of what has been going on is about hiding the true owners of money, the origin of the money and avoiding paying tax on the money – leaving any company connected to the law firm facing a huge reputational challenge. Whether implicated or not, the leak demonstrates the need for all organisations to implement a thorough risk assessment at all levels, ensuring that systems and controls are in place to mitigate the risk that they might be used to commit financial crime. In this Spring 2016 edition of Ethical Boardroom, we hear from William Nero at the Basel Institute on Governance about how civil society and stakeholders can play an integral part in helping businesses meet their anti-corruption goals through collective action (page 130). On page 110, Dennis Haist, general counsel and compliance advisor at global advisory and risk management company STEELE CIS, addresses the rise of new anti-bribery and anti-corruption laws and offers advice on building a credible and practical risk model. We also address key topics for the year ahead, including improving audit committee effectiveness, CEO succession, compliance incentives and gender pay gaps.

Contributors List | Ethical Boardroom

Our thanks to this issue’s contributing writers SANAA ABOUZAID

IFC Corporate Governance Lead, MENA

TAPAN AGARWAL

SVP and Head of the Commercial Risk Product Pillar, iGTB, Intellect Design Arena

PETER AMANGBO

Group Managing Director & Chief Executive Officer at Zenith Bank Plc

JASON R. BARON

Of Counsel at Drinker, Biddle & Reath LLP and Co-chair of the Information Governance Initiative

BARCLAY T. BLAIR

Founder and Executive Director, Information Governance Initiative

TIMOTHY COPNELL

Chairman of KPMG’s UK Audit Committee Institute

PETER CROW

JOANNE HENSTOCK

Executive Director (Governance and Integrated Reporting), EY South Africa

JAN HOFFMEISTER

Managing Director, Drooms

BRUCE HOROWITZ

JO IWASAKI

Bazler Designated Professor in Business Law & Executive Director at the Ohio State University’s Moritz College of Law

Head of Corporate Governance at ACCA

NATASHA LAMB

Director of Equity Research and Shareholder Engagement and a portfolio manager, Arjuna Capital

PATRICIA LENKOV

Founder & President, Agility Executive Search

SEAN LYONS

ALFREDO ENRIONE

Director of Content, Equilar Inc.

Chairman & Chief Executive Officer of Iberdrola

DAN MARCEC

STEPHANIE SNYDER TOMLINSON

National Cyber Sales Leader at Aon Risk Solutions

JANE EDISON STEVENSON

SAUD MAZROOEI

TOM McLEOD

Chief Executive Officer at Georgeson Corporate Advisory

Managing Consultant, McLeod Governance

WILLIAM NERO

Partner at Pay Governance in New York

Programme Officer, Basel Institute on Governance, International Centre for Collective Action

DENNIS HAIST

EMILIAN PAPADOPOULOS & EVAN SILLS

General Counsel and Compliance Advisor for Steele CIS

ANDREW SMITH

Chief Executive Officer, RAK Insurance

Director, Governance, Risk & Compliance Dubai Parks and Resorts PJSC

DR MANFRED GENTZ

PATRICK HAGGERTY

JASON SCHLOETZER

The William Charles Sonneborn Associate Professor of Accounting at the McDonough School of Business, Georgetown University

BRIAN C. MATT

Director and Global Head of Strategy and Innovation with Ipreo

DR ASHRAF GAMAL EL DIN

Chairman of the German Corporate Governance Code Commission

PAUL ROSE

Global leader for CEO Succession and Vice Chairman, Board & CEO Services at Korn Ferry

Company Secretary, Omantel Group and Company Secretary of the international Subsidiary

Chief Executive Officer of Hawkamah

TRACEY REMBERT

Ceres’ Investor Initiative for Sustainable Exchanges

Principal at R.I.S.C. International, Ireland

IGNACIO GALÁN

GUY LE PÉCHON

CEO Partner at Gouvernance and Structures

Partner, Paz Horowitz, Abogados and President, The Center for the Study of Bribery and Extortion Situations

Independent Advisor on Corporate Governance and Strategy; Chartered Company Director PwC Professor of Corporate Governance, ESE Business School, Universidad de los Andes

OLIVER PARRY

Senior Advisor on Corporate Governance at the Institute of Directors

Emilian is President and Evan is an Associate, Good Harbor Security Risk Management

MUHAMMAD SHOAIB SULEMAN

CAS SYDOROWITZ

PAOLA GUTIERREZ VELANDIA

Regional Head of Board Services for Iberia & Latin America at Pedersen & Partners

JAMES WARD

Managing Director at Electric String

ALEXANDRA WRAGE

Founder & President at TRACE International Inc

EDITOR Claire Woffenden DEPUTY EDITOR Spencer Cameron EXECUTIVE EDITOR Miles Hamilton-Scott ART DIRECTOR Chris Swales CHIEF SUB Sue Scott ONLINE EDITORS Allegra Cartwright, Hermione Bell PRODUCTION MANAGER Jeremy Daniels SUBSCRIPTIONS MANAGER Lucinda Green HEAD OF ONLINE DEVELOPMENT Solomon Vaughan ONLINE DEVELOPMENT Georgina King, Rosemary Anderson MARKETING MANAGER Vivian Sinclair CIRCULATION MANAGER Benjamin Murray HEAD OF SALES Guy Miller SALES EXECUTIVE Michael Brown PRODUCTION EDITORS Tobias Blake, Dominic White VIDEO EDITOR Frederick Carver VIDEO PRODUCTION Tom Barkley BUSINESS DEVELOPMENT Dammian Botello, Giles Abbott, Gerald Fox, Steven Buckley ASSOCIATE PRODUCER Suzy Taylor ADMINISTRATIVE ASSISTANT Abigail Fitzwilliam HEAD OF ACCOUNTS Penelope Shaw PUBLISHER Loreto Carcamo Ethical Board Group Ltd | Ethical Boardroom Magazine | 1st Floor, 34 South Molton Street, Mayfair | London W1K 5RG Ethical Boardroom | twitter.com/ethicalboard S/B: +44 (0)207 183 6735 | ISSN 2058-6116 | www.ethicalboardroom.com | All information contained in this publication has been obtained from sources the proprietors believe to be correct, however no legal liability can be accepted for any errors. No part of this publication can be reproduced without prior consent from the publisher. Designed by Yorkshire Creative Media | www.yorkshirecreativemedia.co.uk. Images by www.thinkstockphotos.co.uk, www.shutterstock.com & www.canstockphoto.com. Printed in the UK by Polestar Group Ltd | www.polestar-group.com.

Spring 2016 | Ethical Boardroom 9

Commentary | Gender Diversity

Gender diversity in the Gulf Initiatives to increase the number of women in boardrooms are on the rise in the GCC Corporate governance was first introduced in the Middle East and North Africa by Oman, when it introduced a code of corporate governance in 2002, followed by Egypt, which developed a national governance code in 2005.

These codes were based on the OECD Principles of Corporate Governance. Since then, national regulations have introduced 11 corporate governance codes from 2005 to 2009. Some states formalised them, while other states integrated corporate governance articles into their company law. Most codes provide best-practice recommendations based on international standards. Hence, almost all jurisdictions in the Gulf Cooperation Council (GCC) have corporate governance codes. Nevertheless, corporate governance in the region is considered to be in the development phase. Various gaps are visible in the implementation. One of the areas that requires more attention is boardroom diversity.

Board size and composition

Companies in the GCC adopt the single board structure following the Anglo-Saxon model. On average, boards have seven members or less. There are some exceptional cases where boards may have 12 or more members. Boards of the region usually have executive, non-executive and independent directors. Corporate governance codes by GCC capital market regulators addressed the board composition by laying out a definition of independent directors and prescribing that there should be at least one-third of independent directors on each board. Hawkamah recently highlighted in one of its reports that there are only 11 women directors in the UAE serving on boards of publicly listed companies. Only one listed company has two women directors serving on its board.

10 Ethical Boardroom | Spring 2016

Dr Ashraf Gamal El Din

Chief Executive Officer of Hawkamah

Hawkamah also found out that the average percentage of women on boards of the GCC listed companies is 1.5 per cent. Thus, still today it is not uncommon to come across GCC boards that do not have a single female director. According to EY’s report Women On US Boards: What Are We Seeing? the percentage of women on boards increased to about 15 per cent of S&P 1500. However, 51 per cent of these companies increased the percentage of women on boards not by changing the board members but by increasing the board size. Women’s representation on the boards of US Fortune 500 companies, meanwhile, had already reached 16.9 per cent. Given that in Fortune 500 companies, 45 per cent of board seats are held for 10 years or more*, this could be a faster and easier way to increase the quota of women on boards. In Europe, on the other hand, the representation of women on boards has reached an average of 17 per cent. Unfortunately, the improvement is not always attributed to voluntary changes, but rather to government-mandated quotas, as stated in the annual study of 2014 by the Corporate Women Directors International. Countries, such as Spain, Italy and the Netherlands, implemented a mandatory gender quota for woman on boards which is effective. Other countries, such as Australia, Germany, Sweden and UK, implemented the principle of ‘comply or explain’. Many practitioners at the GCC attribute the low gender diversity to the culture – women are perceived to be family caretakers rather than career women. That said, the McKinsey & Company research Women in the Workplace 2015 found that 15 per cent of mothers are more interested in being a top executive than women without children.

Importance of gender diversity in the boardroom

Is gender diversity just a social cause or a call for equality? Did governments mandate quotas just for the sake of a social cause? The answer is no. Empirical research shows that a diverse board leads to an effective board as manifested both in board dynamics and discipline as well as in company performance. A report by Credit Suisse’s Research Institute highlighted that boards with gender diversity outperformed those with no women on the board in terms of share price performance. This can be based on the different perspectives women add to solving problems as well as on the different concepts of board meetings, as these seem to be more formal in gender diversity boards. Given the fact, that the main aim for boards is to reach their goals by utilising all sources of expertise and insights, the disparity of women and men on boards seems contradictory. The McKinsey Women Matter 2014 report also highlighted the fact that a diverse board will lead to a higher

Gender Diversity | Commentary

DivERsity split The GCC region has been slow to adopt women onto boards

organisational effectiveness. It’s Report of Organisational Health Index database showed that companies with just three or more women in senior management functions outperform significantly on all nine dimensions of organisational effectiveness. The nine dimensions of organisational effectiveness included direction, leadership, culture and climate, accountability, coordination and control, capability, motivation, external orientation as well as innovation and learning. The idea of appointing more women to boards is not a new one in the GCC, but given

its importance and the outcomes that can be achieved, progress is slow. The McKinsey Women Matter 2014 report found 65 per cent of organisations have board gender diversity on their strategic agenda - up from 24 per cent 10 years ago. So, the question should not be if or why we need women on boards, but how can we speed up the process? Gender diversity was picked up by the UAE very quickly. As a result, The Dubai Women Establishment was formed in 2006 under law number 24 by His Highness Sheikh Mohammed Bin Rashid Al Maktoum, Ruler of Dubai, Vice President and Prime Minister of the UAE. As a statutory body of Dubai

Government, and as per its founding decree, the Establishment aims to encourage and facilitate the participation of Emirati women in the workforce and society. As a main topic this decree shall mandate initiatives towards women’s further development opportunities. Moreover, in 2012, a cabinet decree at the UAE mandated all government boards and state-owned organisations to have at least one woman director. This was the first mandate in direct relation to women on boards, not only in the GCC but in the Arab world. In May 2015, His Excellency the Minister of Economy issued a new listing requirement that every company must have at least one female candidate for board membership. The resolution is comply or explain based, companies need to explain why they had no women candidates for board seats. Moreover, companies must disclose annually the number of women they have on their boards. As a governance institute, Hawkamah, the Institute of Corporate Governance in the UAE, welcomes the UAE government’s initiatives to boost gender diversity in the boardroom, and hopes that other countries in the region will follow. The question remains though: do we have enough qualified women in the pipeline? And the answer is not really. Despite women in the region being highly educated, most of them lack the level of experience, exposure and training needed to serve effectively in the board room. Therefore, and in response to UAE women-empowerment resolutions, Hawkamah launched a Women Directors’ Programme in 2015. The programme is designed to give already well-educated women the kind of training, experience and exposure they may need to become good directors. So the programme includes training by current directors and governance experts, followed by a study tour to meet with male and female directors as well as regulators from well-developed markets. The programme then ends with a project in which participants demonstrate their good understanding of the principles of corporate governance and their ability to implement them as well. We are also one of the key supporters of the GCC chapter of the UK-based 30% Club, aiming to make sure that 30 per cent of boards and top executive positions are held by women. The GCC chapter was launched in November 2015. I hope that there will be more of such initiatives in the region to support gender diversity in boardrooms and top executive positions as well as to create the pipeline of women directors and leaders who can serve as ambassadors and mentors for more women to follow. *Committee for Economic Development: Every Other One: More Women On Corporate Boards

Spring 2016 | Ethical Boardroom 11

Commentary | Information Governance

Jason R. Baron

Of Counsel at Drinker, Biddle & Reath LLP and Co-chair of the Information Governance Initiative

Solving the email management crisis

What the US government is doing right on the subject of governing its billions of email records Ralph Losey threw down the gauntlet to the US government in his Ethical Boardroom commentary in 2015.1

He said that the email system the US government provides its employees is “archaic”, that it is a “national disgrace” and that it is an “insecure, outdated piece of junk”. He went on to make a broader policy point that, in his view, “the reality is that Hillary Clinton has simply done what every other CEO and employee in the US does on a daily basis” by “ignoring the arcane records rules that supposedly govern email use”. As someone who spent 33 years as a lawyer in the US government – a good portion of which were spent defending the White House and the archivist of the United States in waves of litigation involving email records and in developing electronic recordkeeping policies – I feel compelled to comment on Ralph’s negative perspective on the state of the US government’s email recordkeeping. In light of the excellent initiatives that are going on in public sector space, the glass really should be seen as at least half-full. And there is an important takeaway for the corporate C-suite. Lest the reader be confused, I am certainly not an apologist for any individual’s or agency’s practices with regard to email. In the very first New York Times story on 3 March 2015 that broke the news on Mrs Clinton’s use of a private email server, I was quoted as saying: “It is very difficult to conceive of a scenario – short of nuclear winter – where an agency would be justified in allowing its cabinet-level head officer to solely use a private email communications channel for the conduct of government business.” Unlike in the private sector, the US government does have numerous legal requirements that employees need to adhere to, including not only with respect to the Federal Records Act, but also due to the need for strict adherence to the rules for handling classified records on

12 Ethical Boardroom | Spring 2016

secure communications networks. And the fact that every network in the world faces the danger of being breached does not itself provide a sufficient justification for ignoring special rules in place for government communications. However, it is also certainly the case that many employees at all levels of organisations increasingly find themselves empowered to ‘shadow IT’ applications – commercial email, storage platforms for documents, and the like, that are not controlled by a traditional IT department.2 Although it is exceedingly rare for a government employee to install a private email network in their home to set up a unique email address, it is indeed commonplace for all of us to treat every internet-enabled device in our possession (be it a smartphone, laptop, or a traditional PC at the office) as capable of sending and receiving both personal and official communications.

Recognising shadow IT

The Congress of the United States recognised the problem of shadow IT (at least in part) by amending the Federal Records Act in 2014 to require that where officials or employees employed by a federal agency send electronic

The US government deserves some measure of respect that it is finally charting a smart information governance path forward messages about official business on a private commercial network, they must copy the messages to a government (.gov) account, or transfer the messages to such an account within 20 days (Title 44, U.S. Code, Section 2911). As for the official email systems used by federal agencies, the IT infrastructure is not generally archaic, as such – the US government uses such proprietary services as Microsoft

Exchange, Outlook and Sharepoint and Gmail for business. Rather, the problem at hand has been legacy policies that up until recently have allowed for email records appropriate for longer term preservation being preserved in hard copy form, essentially in traditional file cabinets. This is all now changing rapidly. In November 2011, President Obama issued a memorandum to all executive branch agencies, which compelled the government to move towards automated solutions in the recordkeeping space, including in the cloud. Email was specially mentioned as problematic. Following on, the archivist of the US David Ferriero issued a memorandum in August 2012 known as the Managing Government Records Directive, containing a comprehensive set of policy initiatives aimed at advancing the cause of federal sector e-recordkeeping. In particular, the directive requires that by 31 December 2016, federal agencies will manage all of their email records in an accessible format. In other words, email records will be required to be retained in an appropriate electronic system that supports records management. The archivist of the US has further developed a new ‘Capstone policy’ for email, which agencies are free to adopt, that will ensure that all email from designated senior Capstone officials will be preserved in email archives as permanent records of the United States. All other employees at a Capstonecompliant agency will have their substantive emails saved for at least seven years. If successfully implemented, hundreds of federal agencies will be capturing email in an electronic format (rather than relying on ad

Information Governance | Commentary hoc print to paper regimes) and those emails will be available to the American public through the US Freedom of Information Act.

Transformative policies

The archivist’s directive even more ambitiously states that federal agencies are required by 31 December 2019 to preserve all records – not just email – appraised as ‘permanent’ and created after that date in a digital format, for eventual accessioning in the US National Archives. These are transformative policies for public sector recordkeeping. Especially with respect to email, these policies will dramatically reduce the burden on individual employees to meet their compliance obligations with the records laws – which is at the very heart of Mr Losey’s complaint that the rules governing compliance are still hopelessly archaic. Indeed, the US federal government has recognised in policy a key insight that points to a flaw in many types of private sector

governance schemes, namely that spending time on policies and technology that rely on individual employees to be trained in performing manual operations to comply with recordkeeping requirements is increasingly a recipe for disaster. Corporate leaders in the C-suite owe it to their organisations to seriously confront the fact that their institutions face massive risk in continuing to adhere to increasingly antiquated recordkeeping and compliance policies that place the burden on individual employees ‘to do the right thing’. Thought leadership in this area demands that institutions in both the private and public sectors make the prospect of compliance easier by employing automated solutions to manage, preserve and classify information. The US

government deserves some measure of respect that it is finally charting a smart information governance path forward for hundreds of thousands of employees. While not as headline grabbing as the Hillary Clinton controversy, it is an important development nonetheless with lessons for all. 1 The Hillary Clinton email scandal: An eDiscovery lawyer’s perspective, Ethical Boardroom Summer 2015 2J.R. Baron & A. Marcos, Beyond BYOD: What Lies in the IT Shadows, Ethical Boardroom, Summer 2015

ALL-SEEING EYE Capstone is to function akin to the pyramid on a US dollar bill in preserving the top-most officials’ email as permanent records for the public to see

Spring 2016 | Ethical Boardroom 13

Commentary | Board Strategy cOllective visiOn Board members must talk to each other to ensure success

Effective management A cohesive board is pivotal to a company’s long-term success and sustainability The UK Corporate Governance Code, first published in 1992, makes clear that an effective board is one that provides entrepreneurial leadership within a framework of prudent and effective controls. The board must also promote its collective vision of the company’s purpose, its culture, its values and the behaviours it wants to see from the firm’s executive team.

These ideas are now the mainstay of corporate governance in the UK and are crucial if the modern board is to adapt to the increasingly complex challenges they face. Put simply, the importance of board effectiveness is rising at the exact same time as the pressure placed upon them is on the rise. While many boards are alive to these challenges, and undertake boardroom evaluations in order to assess their effectiveness, many have fallen short of what we have come to define as the

14 Ethical Boardroom | Spring 2016

Oliver Parry

Senior Advisor on Corporate Governance at the Institute of Directors standard for an effective board. In a report published in April 2015, EY and The Investment Association argued that two key areas were crucial for a board to be effective. First, boards must keep up to speed with a rapidly changing business landscape and understand changes in best practice. Second, as simple as it may sound, board members must talk to each other, share ideas, experience, successes and failures. This argument, hardly revolutionary, has been around for some time, but its importance is as high as ever – especially when it comes to succession planning. Ask any chairman, non-executive director or governance professional and they will usually tell you it takes time for a new board director to adjust to the company culture, the ways of the board and their specific role around the table. Some argue that it can take up to year and, as companies grow increasingly complex, sprawling across sectors and time zones, this

is certainly the case in the FTSE 100. Putting the time aside to not only pick the right candidate, but also prepare the rest of the board for their arrival and make sure they hit the ground running is a role for the most senior figures.

Handling uncertain futures

The future is, of course, inherently unpredictable and sometimes new board directors don’t have the time to adjust. Take, for instance, the appointment of Carl-Henric Svanberg, current chairman of BP. Carl-Henric joined shortly after the Deepwater Horizon disaster. Within a few days or weeks, he was compelled to meet the President of the United States to explain BP’s response to the crisis. That the future is unpredictable and the fact that businesses are more complex than ever before means that an effective board is pivotal to a company’s long-term success and sustainability. There remains extensive discussion among boards, investors and regulators about the issues that contribute to board effectiveness and, more crucially, how boards can evaluate their progress.

Board Strategy | Commentary

In order for a board to be truly effective, the chairman needs to nurture conditions that allow non-executive directors and board committees to function in a way that promotes the long-term interests of a company. This requires inclusive leadership, contributing to the selection of board members, structuring and leading discussions and managing his or her time and their ‘bandwidth’ across multiple roles – in other words, how thinly are they spreading themselves across multiple directorships and positions that put a demand on their time? This is important, especially as so many chairs hold a number of board mandates in various companies, in differing sectors and jurisdictions. As such, a chairman needs to continually assess their own availability in light of the likely needs of the companies they serve. But ensuring board effectiveness is not just a role for the chair. Non-executive directors should constructively challenge the overarching strategy of the business. As such, non-executives themselves play an absolutely crucial role in both sustaining and improving board effectiveness. Directors can not only challenge executives and hold them to account but also use their own experience to influence strategy. The pressures on non-executives, as well as chairs, is also on the up, as they are expected to take a lot more responsibility for their actions, both from shareholders and regulators. This means they have to think carefully about how much work they take on and what

type of training and development they need. It’s important to remember that a notional 40-day-a-year board commitment could easily take twice as long. One need only look at recent corporate governance scandals to see how busy even the non-executives are. This begs the question, however, of what makes an effective non-executive director. One theory is that inexperienced NEDs can become effective under a good chairman; however, boards can be a strange and intimidating place for a novice. You often find that the most outspoken and opinionated former chief executive, carrying out their first board mandate, suddenly loses their voice. As such, non-executive directors need a combination of training, mentoring and exposure to the board. This should take place continually throughout a non-executive’s career, not just for a few months at the beginning.

Tackling diversity

We have heard much in recent years about the importance of gender diversity on boards. It is both right and a great achievement that in little over four years female representation on FTSE 100 boards has doubled to more than 25 per cent. Diversity contributes to the effectiveness of a board, especially in terms of its impact on the atmosphere at the top table of our largest organisations. According to EY, “many chairmen initially appointed female NEDs to the board in order to comply with the Davies Review, but the

appointments have brought significant benefits”. In particular it cited the quality of discussions on specific issues, an enhanced ability to consider issues from different perspectives, and more openness to asking probing or searching questions. Increased boardroom diversity is having a great impact on more accurately reflecting their organisation, customers and wider society. Management consultants will tell you the ultimate measure of board effectiveness is company performance. However, as recent scandals have shown, such as the one at Volkswagen, results over the short and even medium-term can be an illusion of how well a board is performing its duties. It is important that board evaluations, therefore, are not unduly influenced by a good – or bad – set of quarterly results. The UK Corporate Governance Code specifically details that boards must undertake a formal and rigorous annual evaluation of their own performance, their committees and individual directors. Every three years FTSE 350 companies are required to undertake an “externally facilitated board evaluation at least every three years”. This practice is also widespread in Canada, France, the United States, Spain and Italy. It is also gaining support in the Asian markets. When done well, board evaluations provide a forum for directors to review and reinforce appropriate board and management roles and ensure that issues that may lie below the surface are identified and addressed promptly.

In order for a board to be truly effective, the chairman needs to nurture conditions that allow non-executive directors and board committees to function in a way that promotes the long -term interests of a company Ultimately, evaluations give the board an opportunity to identify and remove obstacles to better performance and, importantly, highlight best practices. Companies and the boards that govern them are facing increasingly complex challenges. Running a bank today is completely different to running one in 2007: regulation has increased and media and shareholder scrutiny is sharper than ever. Technological innovation is also rapidly changing and this is having an impact on how companies operate and how they are managed. One need only look at the recent spate of cyberattacks in the UK and US as an example of this rapid change. To deal with these challenges – and whatever the next ones on the horizon may be – it has never been more important to have a cohesive, prudent and effective board.

Spring 2016 | Ethical Boardroom 15

Commentary | Hedge Funds

The new new era of shareholder activism With activism coming off a peak, it’s time to focus on delivering long-term value Paul Rose

Bazler Designated Professor in Business Law & Executive Director at the Ohio State University’s Moritz College of Law

tug of waR Is it time to make allies of activist investors? 16 Ethical Boardroom | Spring 2016

Activist investing by hedge funds hit new highs in 2015, but activism now seems to be resettling into a new era as investors are increasingly questioning the value of hedge fund interventions.

The stakes are high, as the number and size of hedge funds have grown considerably in recent years. Fifteen years ago a handful of activist hedge funds managed a combined total of less than $20bn in assets. As of June 2015, the financial research firm Preqin reports that 519 activist hedge funds were in operation, with assets under management of $140bn. What have activist hedge funds done with all that cash? A positive view of shareholder activism holds that activists serve as a check on opportunistic or obstinate managers, while a negative view sees activists, and especially activist hedge funds, as short-term investors that jeopardise long-term corporate growth. And, of course, both views can be true, as in some cases activists may provide a necessary correction to managerial inertia, while in other cases activists may pressure

well-governed companies to make unnecessary and unwise changes in capital structure or corporate investments. The playbook for activist funds has been relatively simple, with only a few strategies necessary to generate alpha for investors desperate for returns in a low interest rate environment. Activist funds often try to squeeze cash from a company through dividends or share buybacks. In other cases, activists push for changes in business strategy designed to unlock value in the firm, encourage firms to spin off divisions, or engage in (or resist) certain mergers, acquisitions and asset sales. Many activist campaigns seek to obtain seats on the board, which serves to increase the influence of the fund on corporate strategy and make the financial or strategic goals of the fund easier to achieve. These strategies have worked well for several years, buoyed by cheap leverage and a rising stock market. However, by late 2015 returns have been harder to come by and many activist hedge funds have posted large losses. While some investors will undoubtedly abandon activist funds – typically investors are locked in just for a year, and in some cases investors can request and receive a redemption in a matter of weeks – other investors will continue to be drawn to the enticing potential of strong returns.

Hedge Funds | Commentary

Takeover activity set to slow

Such investors will likely be disappointed in 2016. Aside from the damage that a down market will do to these funds, as ‘The Deal Professor’ Steven Davidoff Solomon recently noted, the performance of activist funds is jeopardised by a systemic supply and demand problem that arises irrespective of market conditions: quite simply, returns will decrease if there is too much money pursuing too few opportunities. There is now evidence that some of the past strong performance by activist funds may be explained by funds selecting the low-hanging fruit of poorly performing firms. Finance professors Martijn Cremers, Erasmo Giambona, Simone Sepe and Ye Wang recently investigated activist hedge fund performance and found not only that activists (unsurprisingly) targeted poorly performing firms, but that after controlling for selection bias, firms targeted by activist funds also actually performed worse than those not targeted. They also found evidence that such poor performance is most pronounced in firms that tend to be engaged in innovative businesses and in firms where relationships with stakeholders are key to long-term performance. Some activist hedge funds, at least, have been earning their returns not only by picking the low-hanging fruit, but also by picking the fruit before it is ripe. Despite the large number of activist hedge funds in operation, most companies will not find themselves targeted by activist funds in a given year. However, hedge fund activism has important ripple effects in the economy, as companies seek to make themselves less attractive targets for hedge funds activism. This, along with the fact that many companies have already made changes to accommodate the demands of activists, should make it more difficult for hedge funds to find

attractive targets in 2016 and beyond. But if most of the low-hanging fruit is gone, how will activists respond? One can imagine desperate funds pursuing more challenging opportunities, including larger companies and better-governed companies. They will also be under continued pressure from their investors, who may withdraw capital fairly quickly if the activist fund is not performing well (one of the ironies of shareholder activism is that many of the investors in activist funds clamouring for higher returns in the short term are those with the longest investment time horizons, including public and private pension funds). If the poor returns from 2015 are any indication, activist hedge funds are likely to be less powerful and perhaps fewer in number in 2016 and beyond.

Opportunities to engage

For companies and boards, the reshaping of the activist investment industry presents a great opportunity. Critically, in this new new era of activist investing, companies can change the way that they engage with their shareholders. Some of the engagement between companies and shareholders in recent years has taken the form of reactive shareholder appeasement after activists

Real engagement should not be a reaction to a perceived governance threat, but an opportunity for the company to inform long-term investors of its plan for the company

threaten a proxy fight. This ‘engagement’ provides an opportunity for activist investors and activist hedge funds in particular, to provide an alternative vision for how the company should be managed. In some cases, these discussions present the company and the board with value-creating plans that serve to enhance long-term value. In other cases, however, the activists are merely interested in negotiating the terms of the board’s surrender to a short-term action. But what has often been missing from engagements is a serious, proactive plan from the company on how it will create long-term value. As BlackRock CEO Larry Fink recently wrote in his 2016 corporate governance letter to CEOs, “some short-term investors (and analysts) offer more compelling visions for companies than the companies themselves, allowing these perspectives to fill the void and build support for potentially destabilising actions”. Real engagement should not be a reaction to a perceived governance threat, but an opportunity for the company to inform long-term investors of its plan for the company. Boards and managers also benefit from increasing scepticism of the value of hedge fund activism by these long-term investors, particularly as the low-hanging fruit – simple changes at poorly governed companies – become scarcer. For companies and boards concerned about continued battles with activist hedge funds, the old adage holds true: the best defence is a good offense.

Spring 2016 | Ethical Boardroom 17

Ethical Boardroom | News Watch

NORTH AmERiCA

Corporate secretaries play ‘definitive role’ Two-thirds of corporate secretaries at 276 North American companies play a major or important role in interacting with investment professionals on corporate governance, a survey has found. Survey respondents revealed their three most important engagement roles as ongoing dialogue with the board (60 per cent), presenting to the board (58 per cent) and serving as investor liaison for directors (58 per cent).

US Justice Department sues Valueact over oilfield holdings The US Justice Department has filed a lawsuit against investment firm ValueAct, alleging it violated anti-competition rules connected to the merger of Halliburton and Baker Hughes. The DoJ, which said ValueAct had not fully disclosed its stake in the companies and the influence it had in their business dealings, is seeking at least $19million of civil penalties.

Global NEWSWaTCH A F R i C A

CENTRAL AND SOUTH AmERiCA Women lack leadership roles Latin America lags behind Europe, the US and Canada in the percentage of women sitting as board directors, according to a new report. Egon Zehnder’s 2016 Latin American Board Diversity Analysis examined gender diversity at the boards of leading publicly traded companies in Argentina, Brazil, Chile, Colombia and Mexico. Colombia has relatively high levels of gender diversity in its boardrooms – 67 per cent have at least one female director. Fifa lawyer linked to Panama scandal A huge leak of documents from Panamanian law firm Mossack Fonseca has led to the resignation of Uruguayan lawyer Juan Pedro Damiani, a key member of Fifa’s ethics committee. The Panama Papers showed his law firm acted as an intermediary for Eugenio Figueredo – the former head of the South American football confederation who is now facing corruption charges in the US.

18 Ethical Boardroom | Spring 2016

Corruption indices questioned African countries should strengthen transparency and ensure accountability to spur on structural transformation, according to a report by the Economic Commission for Africa. The Africa Governance Report also questions the credibility and reliability of corruption indices that focus on country ranking or naming and shaming, but offer “minimal policy insights and recommendations to inform policy reforms”. Kenya’s national bank institutes internal audit The board of the National Bank of Kenya has suspended its managing director Munir Ahmed and five managers, pending an internal audit. The Bank said in a statement that the move by its board is an “unequivocal demonstration of our commitment to strict adherence to corporate governance tenets and the various Central Bank of Kenya guidelines”.

News Watch | Ethical Boardroom

E U R O P E Family firms lag behind in governance Publicly-traded family firms are falling behind in a global push to boost corporate governance standards at listed companies, according to a report by Spain’s IE Business School and Banca March. Analysing governance benchmarks at 265 family firms and 861 non-family firms in Europe and the US showed the former were on aggregate more poorly governed than the latter. New governance chief at Deutsche bank Deutsche Bank has appointed a new head of corporate governance and has significantly expanded the role. Daniela Weber Ray, the current head of corporate governance at Deutsche Bank, ais leaving after three years at the Germany lender and will be replaced by Florian Drinhausen. The new role will bring together global and regional governance departments, the corporate secretariat and the office of the supervisory board.

loeb challenges Seven & I board Activist investor Daniel Loeb has called on the board of Japan’s Seven & i Holdings to select its new chief executive based on competency rather than nepotism. Third Point — the hedge fund run by Mr Loeb – has praised Seven-Eleven Japan chief Ryuichi Isaka’s management of the parent’s core business. SingPost starts governance review Singapore Post has appointed independent consulting firm Heidrick & Struggles to undertake the postal company’s corporate governance review. Chairman Lim Ho Kee, who has helmed the company since its 2003 initial public offering, will step down from the company – currently embroiled in concerns about its corporate governance standards – on 10 May.

AU ST RA L AS i A

miDDLE EAST Top executives gather in Dubai CEOs and vice presidents from organisations across the UAE gathered at the Top CEO Conference in April in Dubai, a platform for the most pressing issues in the financial, economic and business sectors to be openly discussed. Economic diversification and technology were highlighted as the major factors influencing business in the GCC region in the last 12 months.

air New Zealand flying high Air New Zealand has topped the NZ Corporate Reputation Index, which measures how New Zealanders view the nation’s top 25 companies across seven reputation drivers and then ranks them according to overall emotional reaction. Toyota, ranked number one in 2015, came second. Women’s Network gets down to business Australia’s leading women executives, business leaders and entrepreneurs attended the Australian Women’s Network’s first business summit in Melbourne at the start of April. The Network was founded by CEO Francesca Thorne with the mission of helping women harness and develop their leadership qualities to accelerate the empowerment of women.

anti-money laundering seminar to be held in Riyadh Thomson Reuters will host the 8th Annual Compliance and Anti-Money Laundering Seminar in Saudi Arabia in May. Supported by major banks and financial institutions, including Banque Saudi Fransi, Samba, Saudi British Bank, Al Ahli and Saudi Hollandi Bank, the seminar held on 9-10 May at Al-Faisaliah Hotel in Riyadh, will focus on the importance of upholding sound compliance, responsible leadership and anti-financial crime regulations, as well as growing ethical businesses.

Spring 2016 | Ethical Boardroom 19

Cover Story | Zenith Bank

INtervIew wIth

Peter Amangbo

Group Managing Director & CEO at Zenith Bank Plc

Zenith Bank: A fortress of global best practices Nigeria’s largest lender outlines its commitment to innovation and sustainable business practices Zenith Bank has in 26 years grown to become one of the biggest and most profitable banks in Nigeria. Established in May 1990, the bank became a public limited company and was listed on the Nigeria Stock Exchange in 2004 following a highly successful initial public offering. In a strategic expansionary move, the bank was licensed by the Financial Services Authority (FSA) of the United Kingdom to establish Zenith Bank (UK) Limited as the UK subsidiary bank. The bank’s shares are freely traded on the London Stock Exchange (LSE) following a listing of $850million worth of its shares at $6.80 each in a major step at improving liquidity in the stock through global depository receipts. The bank also has a presence in Ghana, Sierra Leone and the Gambia with representative offices in South Africa and The People’s Republic of China. In another strategic move that is targeted at the Asian and Middle-Eastern markets, Zenith Bank UK opened a subsidiary in Dubai on 30 January 2016. Zenith Bank, the biggest Tier-1 bank in Nigeria, has greatly impacted banking there, lifting the sector from the era of over-conservatism to one of dynamism, characterised by a culture of excellence and global best practices. The bank

20 Ethical Boardroom | Spring 2016

achieved this through the power of vision, skilful union of banking expertise and cutting-edge technology with which it met and anticipated the varied and changing appetites of its existing and potential customers. The bank is a clear leader in the digital space with several firsts in the deployment of innovative products, solutions and an assortment of alternative channels that ensure convenience, speed and safety of transactions. The bank has shaped and continues to influence certain critical aspects of development in Nigeria and has a knack for setting the pace and raising benchmarks.

Zenith Bank management

Zenith Bank’s management team is made up of seasoned professionals led by Peter Amangbo, the group managing director and CEO, who has been on the board for more than a decade. He took over the reins in July 2014 from Godwin Emefiele, who was appointed the governor of the Central Bank of Nigeria. Having been honed by its founder Jim Ovia, successive leaderships of the bank drew upon its superior people, excellent service culture and continuous deployment of state-of-the-art technology to keep the institution at the forefront of Nigeria’s banking industry. Like Ovia, the strategy, strict adherence to policies/procedures and rare determination to break and surpass records were the impetus for the successes

achieved by Emefiele and now, Amangbo. The seamless transition at the bank is clear evidence of a well-planned institution and is consistent with the bank’s tradition and succession strategy of grooming leaders from within. While Amangbo’s leadership skills and cognate experience are a significant advantage, in line with the bank’s tradition, he continues to rely on the strength of the board, management and staff to sustain stellar performance. In just a quarter of a century, the bank has grown in virtually all parameters. The collaborative management approach adopted by the bank in its decision-making processes has created one of Nigeria’s strongest management teams, with an average of 18 years’ experience at the highest level of the bank’s administration. This implies that the turnover rate at the bank is very low and allows for continuity, consistency, mentorship and focus. Working with the trendsetting chairman, Jim Ovia for more than two decades within a framework that synthesises opportunities and mitigates challenges has positioned Amangbo in good stead to continue to deliver on the bank’s promises.

Zenith Bank’s management team is made up of seasoned professionals led by Peter Amangbo, the group managing director and CEO, who has been on the board for over a decade

Zenith Bank | Cover Story

MOVING FORWARD Zenith Bank CEO Peter Amangbo

Spring 2016 | Ethical Boardroom 21

Cover Story | Zenith Bank

People and talent

People and talent are two equalisers in the bank’s value chain and the institution has leveraged these to create innovative solutions that often exceed customers’ expectations. Continuity of direction and consistency in the value delivery model of the bank are anchored on its precept of building a community of stars, rather than individual excellence, with an aligned mindset towards its vision, culture and brand equity. Ultimately, the bank has succeeded in building a high-performance, people-centred organisation that is greater than the sum of its parts. The bank’s management assets are manifested in the ability of its staff to combine knowledge to create value for the customers. They combine vision with precision, using creativity, skills and ideas to expand the bank’s reach into the lives of the customers by helping them fulfil their needs in a timely and desired manner. The bank’s commitment to create, build and nurture value among its stakeholders is further enhanced by its sound credit risk model and operational risk management system.

ZENITH HEIGHTS Headquartered in Lagos, Zenith has more than 500 branches across Nigeria

Strategic focus

Zenith Bank has clearly distinguished itself in the industry through superior service quality, unique customer experience and sound financial indices. These have become part of its corporate culture to the extent that the bank is easily associated with attributes, such as: best-in-class customer experience, creativity, excellent financial performance, good asset quality, stable management, dedicated and highly skilled work-force, The bank has cutting-edge information and communication technology, and efficient zero tolerance and effective distribution channels.

for compromises

■ The vision: to become the leading and huge respect Nigerian, technology-driven, for integrity, global financial institution, providing a distinctively unique consistency and range of financial services commitment ■ The mission: to build the Zenith remarkable success brand into a reputable international on the sustainability financial institution recognised for agenda, which is at the heart of its strategic innovation, superior performance and and business models. creating premium value for all stakeholders Endorsements and recognitions ■ Core values: integrity, professionalism, Zenith Bank’s impressive growth pattern excellence, best corporate governance, and performance over the years have earned commitment, transparency and service it excellent ratings, recognitions and endorsements from local and international The bank’s strategy of assessing and agencies and institutions. The Banker managing its impact on the industry forms Magazine, a publication of the Financial Times an integral part of its strategic objective. The of London in a 2013 survey, rated Zenith as bank’s liquidity profile remains very strong the Biggest Bank in Nigeria by Tier-1 capital. and its risk management practices give Forbes & CNBC Africa ranks Zenith bank as assurance that the profile will be sustained on the third biggest company in West Africa. the short-run and improved upon over time. In 2015 the bank was awarded three The bank’s growth momentum has certifications by the British Standards increased over time and impacted positively Institution (BSI) for Information Security on its standing as a market leader. In Management System ISO/IEC 27001:2013, essence, Zenith Bank continues to record 22 Ethical Boardroom | Spring 2016

IT Service Management System ISO/IEC 20000-1:2011 and Business Continuity Management System, ISO 22301:2012. This is a vivid attestation of the bank’s continual commitment to offer its customers and stakeholders enhanced satisfaction in a creative and secure environment. Zenith Bank is renowned for a first-in-class service across businesses and consumer appetites. The bank’s philosophy infers that businesses should consider their customers a great business asset. Even more, the bank’s sustainability enthusiasm is clear evidence of a visionary organisation that has zero tolerance for compromises and huge respect for valuable assets of integrity, consistency and commitment. This subtle but compelling disposition on the part of the bank drives its innovative philosophy and approach to its entire operations.

Zenith Bank | Cover Story EB: What progressive steps have you taken to enhance the bank’s ethical practices? Having been on the board for more than a decade, I understand that to achieve the standard ethical practice we seek, there is need for clear and consistent communication across the board. Our current strategy is to build on the successes of my predecessors, ensuring that the bank does not go against ethical standards and regulatory requirements. We have therefore developed a standard code of conduct and set up a team to monitor and implement a strict adherence to this code. In addition, we have also institutionalised corporate governance, setting an industry-wide example of best practices in that field.

Ethical Boardroom meets Peter Amangbo, group managing director and CeO at Zenith Bank

EB: Corporate governance codes are going through a transition period in Nigeria, how difficult has it been to adapt to international best practice standards? The dynamics of financial business operations in Nigeria are quite peculiar, but looked at thoroughly, it enables the requisite mix for the practice of corporate governance at the highest level. The conferment of the Ethical Boardroom Best Corporate Governance Award on the bank is a clear testament to our adherence to global standards. This, no doubt, is borne out of our commitment to quality in all our dealings with various stakeholders.

EB: What does it mean for Zenith Bank to be recognised as a regional leader in corporate governance? It certainly means a lot for our brand, not only in the African continent but also globally. It is a testimony of how far we have come and how well we have been able to ensure accountability, fairness and transparency in our dealings with our various stakeholders. This recognition affirms our commitment to professionalism, ethical conduct and sustenance of global best practices, which is attributable to the joint collaboration of the management and staff.

EB: Conflict of interests and remuneration policies of directors have been a cause for concern in the past for Nigerian banks; how independent is Zenith’s board? Zenith Bank prides itself as one of the banks in the country with a truly independent board. Again, the remuneration policy of the board of directors is in line with laid-down principles and policies. These have ensured that issues of conflict of interests hardly had a place on our board and have led to increased value creation for all stakeholders.

EB: Zenith scored exceptionally high marks for risk management in our nominee questionnaire, can you explain why having a best-in-class enterprise risk management strategy is vital to the bank’s growth? The benefits of having a potent enterprise risk management strategy, particularly in the financial services industry that is built solely on trust, cannot be overemphasised. As such, we place a high premium on developing top-of-the-range risk management policies and strategies that are capable of not only promoting the sound health of the bank and protecting its assets, but also ensuring its growth and survival. In essence, having a best-inclass enterprise risk management strategy is crucial for ensuring the sustainability and survival of the bank as an institution.

EB: Diversity is one of the pillars of good corporate governance and long-term value creation, would you say that is the case at Zenith? Zenith Bank is noted for its commitment to promoting diversity. This is evidenced by our promotion of diversity in our recruitment processes and board appointments. These no doubt have contributed to the bank having one of the lowest staff turnover in the industry. As an institution, we delight in our differences and draw strength from the diverse contributions therefrom; knowing that to achieve the goals we have set, the aggregate experiences of members of staff is necessary and non-negotiable. EB: The global banking regulatory landscape is changing; what strides

have Zenith taken to stay ahead of the compliance curve? We have stayed ahead by constantly innovating our processes and developing a bond with our stakeholders and the environments where we operate. For us, banking is about our customers and their varied appetites in a constantly changing world. We have built a rare ability to adapt in a manner that makes everyone a winner.

general meetings, publications, emails and information available on the bank’s website; we also communicate to customers through emails, social media, and through our staff. For our staff, policies are communicated through the intranet, nuggets, pop ups, regular trainings and workshops. EB: Jim Ovia laid the foundations for Zenith Bank to become an African banking powerhouse; what is your vision over the next five years? Without sounding immodest, the history of the Nigerian banking industry will not be complete without a mention of the role played by Jim Ovia, the Founder and Chairman of Zenith Bank Plc, especially his contributions as a trailblazer in technological innovations in the banking industry. Indeed, working with him for over two decades has placed me and the rest of my team in good stead to continue to deliver on the bank’s promises and further enhance the bank’s growth trajectory. Our vision as a bank, therefore, for the next five years is to become a global powerhouse in the facilitation of businesses across the various continents of the world, while also being recognised as a household name on the African continent.

GROWING GLOBAL FORCE SWFs control nearly $7 trillion in assets

EB: Good governance requires a constant and consistent effort to communicate corporate policies to all stakeholders. What mechanisms does Zenith have in place? Talking about mechanisms, you will agree with me that each stakeholder requires a particular channel. For instance, we communicate to our investors through our annual Spring 2016 | Ethical Boardroom 23

Europe | Iberdrola

Iberdrola’s proactive approach to shareholder engagement Iberdrola has a long tradition of keeping in contact with its 600,000-plus shareholders holding hundreds of meetings with them – many face-to-face – every year offering shareholders ample choice to provide feedback beyond the AGM.

And, in 2015, it became the first Spanish company, and one of the world’s first organisations, to formalise and publish a shareholder engagement policy, with the aim of ensuring constructive, ongoing and efficient dialogue between the company and its investors, which are made up of both institutional and minority shareholders. The policy contains the principles and rules covering engagement, as well as a statement of the channels and media through which it will be implemented. A year on since the initiative’s introduction, Ethical Boardroom caught up with Ignacio Galán, chairman and CEO at Iberdrola, to discuss the policy’s progress and the company’s increased focus on positive interaction with shareholders. According to Galán, it is important to open channels so shareholders can exercise their right to information and participate in the company’s corporate life by putting forward their suggestions. This policy covers particularly well the needs of retail shareholders which control 25 per cent of total stock. “At Iberdrola, shareholders are an essential part of the company and constitute one of the main foundations upon which we engage in the day-to-day process of building a strong, 24 Ethical Boardroom | Spring 2016

INNOVATIVE PROJECTS The offshore substation for Wikinger wind farm being built by Iberdrola in the Baltic Sea

Energy giant looks to build healthy relationships with its investors through pioneering initiatives Ignacio Galán

Chairman & Chief Executive Officer of Iberdrola profitable, sustainable, and long-term enterprise,” Galán says. “The shareholder engagement policy is one of the fundamental pillars of Iberdrola’s corporate governance strategy and was introduced to reflect our vision of creating long-term shareholder value, taking into account the interests of other groups involved in our business activity and institutional role, including employees and communities where our company operates.”

Shareholder Week

Following on from the policy’s introduction in February 2015, Iberdrola introduced an annual Shareholder Day, with the first held on 27 March 2015 at the Euskalduna Conference Centre and Concert Hall in Bilbao, Spain, which was also the venue for this year’s Shareholder Day on 8 April. During Shareholder Day, various presentations and activities aim to familiarise shareholders with the business, corporate and institutional reality of Iberdrola, while musical performances and interviews with major figures in the scientific, social, and artistic areas representing the geographic environment in which Iberdrola does business.

OPERATIONS WORLDWIDE Black Law wind farm in Lanarkshire, Scotland

In 2016 the initiative was extended with the launch of the Shareholder Week (4-8 April) and a wide array of informative activities. At the 2016 Shareholder Day, an Iberdrola Business Forum included presentations on some of Iberdrola’s most impressive projects throughout the world, such as the Wikinger offshore wind farm, the Maine transmission line (connecting Canada and the United States of America) and the Western Link sub-sea interconnection between Scotland and Wales, Iberdrola’s wager on Mexico, and the Avangrid transaction. An Iberdrola Future Forum helped attendees experience an offshore wind farm via virtual reality technology. But the main event of Shareholder Day is the General Shareholders’ Meeting (GSM), the principal channel for participation of the shareholders within Iberdrola.

Iberdrola | Europe

LOOKING TO THE FUTURE Ignacio Galán on the rooftop of Iberdrola tower in Bilbao

identification passwords in order to grant a proxy or exercise the right to vote through the corporate website, while during the last GSM, a total of 4,859 shareholders exercised their voting rights through the system. “The board of directors is strongly committed to actively promoting attendance and the informed participation of the shareholders at the general meeting,” says Galán. “The new system entails a tremendous advance in the exercise of one of the main rights of the shareholders, resulting in a substantial increase in the number of shareholders exercising their right to vote through the corporate website.” To demonstrate maximum transparency to the markets, Iberdrola also introduced its Shareholders’ Club, which offers exclusive rewards to all shareholders, such as a direct and personalised hotline, invitations to corporate, cultural, leisure and exclusive events, promotional items and gifts, and the option to take part in surveys to share opinion. Iberdrola says the main goal of the club is to promote the engagement of shareholders by improving their understanding of Iberdrola through expanded financial information and quarterly results bulletins. The shareholders and investor section on the Iberdrola website offers regularly updated information on the company’s strategy and governance model and includes the On-Line Shareholders system (OLS).

Communicating online

An essential tool in relation to its commitment to transparency and best practices, the OLS enables shareholders to ask questions and obtain a response within 48 hours, observe other shareholders’ questions and answers, and communicate with each other. The OLS had 6,662 registered shareholders at year-end 2015, with almost 45,000 visits and more than 200 questions received last year.

“Shareholder Day allows us to enhance our general meeting while fostering shareholder engagement in a natural, unceremonious way,” says Galán. “By offering our shareholders a setting where they can receive information and raise questions beyond the meeting’s agenda, it helps them to easily convey to us their thoughts and opinions regarding the present and future of the company.”

Encouraging GSM attendance Iberdrola’s desire to encourage and facilitate involvement with the GSM has led to a number of measures, such as ensuring those with reduced mobility or with auditory or visual limitations are supported, and providing childcare and a playground to shareholders with children under seven years old.

The company also pays an attendance bonus to all shareholders participating in the GSM, regardless of whether they attend in person or by proxy through any other person. The company has developed a system for individual shareholders to be able to grant a proxy or exercise voting rights through the corporate website using personal log-in credentials, with documentation for the GSM published in both Spanish and English on the main Iberdrola website. It publishes its results on a quarterly basis via the National Securities Market Commission, which are followed by presentations through webcast and audio-conference that shareholders and investors can receive free of charge via RSS. At year-end 2015, a total of 5,130 shareholders had requested their personal

At Iberdrola, shareholders are an essential part of the company and constitute one of the main foundations upon which we engage in the day-to-day process of building a strong, profitable, sustainable, and long-term enterprise Iberdrola’s website also contains a mix of digital tools to help shareholders, especially retail investors, monitor their holdings and keep up to date with corporate developments, such as calculators to help site visitors work out the value of their dividends or shareholdings, plus audio and video content. “As a company, we can only move forward with the trust and support of our 600,000 shareholders and we believe in taking care of our shareholders and want to make their relationship with us easier,” says Galán. Spring 2016 | Ethical Boardroom 25

Europe | Proxy Season in Spain

Spain: Proxy season 2016 With standards ever higher, Spanish companies will face fresh challenges this proxy season Spanish companies will face several challenges during the proxy season of 2016. Listed companies are no strangers to uncertain political scenarios, with Spain currently debating the government’s ideological route in an unprecedented situation where the parliament is appallingly factioned, but there are other issues beside the political environment that will impact companies this year. One of the key issues for this proxy season is the impact on governance in companies where SEPI (the Spanish legal body responsible for protecting public investments in state-owned companies controlled by the Spanish Treasury and Public Administration Ministry) holds a significant stake and has a seat on the board.1 Aside from the kind of outcome the European zone would hope for Spain, governance of companies that have the state’s participation may be affected. These companies are heavily regulated; in others, SEPI acts like a regular shareholder. SEPI holds a minority stake in Enagas (five per cent); Indra (20.14 per cent); IAG (2.46 per cent) and Red Eléctrica Corporación (20 per cent). The legal framework around companies underwent several changes in 2015, with one of the main source of changes in corporate governance being the amendment of the Spanish Corporate Act on December 2014 through Law 31/2014.2 This law took several provisions of the previous country corporate governance code and elevated them from soft-law to hard-law mandatory standards. Though this has been discussed in previous editions of this magazine, it’s worth recalling that the law came in to force once enacted, but some transitory provisions gave time for companies to comply with new challenges in important areas, such as board of directors and remuneration.

26 Ethical Boardroom | Spring 2016

Paola Gutierrez Velandia

Regional Head of Board Services for Iberia & Latin America at Pedersen & Partners

In terms of remuneration, the law has already embraced the say-on-pay vote. 3 With the reform, a binding vote on remuneration policy for directors was included, which will be revised every three years. The transition regime allows companies to include a brief summary of the policy in the annual remuneration report subjected to say-on-pay. Among Ibex 35 4, only nine companies (25.7 per cent of the index) presented their remuneration policy5 as a separate item on the agenda, subject to a binding vote. 1 Banco Popular received a considerable level of support with 98.43 per cent of the quorum 2 Banco Santander with 91.65 per cent 3 BBVA with 95 per cent 4 Caixabank with 99 per cent 5 Gas Natural with 80.53 per cent 6 IAG with 74.13 per cent 7 Indra with 69.5 per cent 8 REC with 64.09 per cent 9 Repsol with 93.945 per cent It is worth mentioning that SEPI holds a 20 per cent stake in both REC and Indra and that the current policy of the government is to abstain from any items related to remuneration that occurred in 2015. The market doesn’t expect many new remuneration policies for this proxy season – most of the companies will wait three years, in congruence with the transition regime, to deal with this matter. However, some shareholder meetings, that at this time have already been announced, contain in their proxy statements the remuneration policy, such as Bankinter, Enagas, Sabadell and Mapfre. The level of disclosure in terms of remuneration has been improving in the last two years, especially in financial institutions, however we can expect

Given the fact that governance trends are leading investors to seek annual elections in order to evaluate directors’ performance on a regular basis, we can expect that, as in the past, foreign shareholders will ask Spain for some self-regulation in this aspect

Proxy Season in Spain | Europe challenging votes for some companies that are still reluctant to share targets and weights – at least retroactively or to their peer group. One key challenge for listed companies will be to convince investors that they do have a real long-term incentive plan. Vesting periods in a relevant number of companies are shorter than expected in investor voting guidelines and, for now, we haven’t seen policies that embrace the five-year vesting period. According to the annual study conducted by Georgeson on Proxy Season 2015, 44 per cent of proposals submitted to a consultative vote on say-on-pay received an against recommendation from at least one proxy advisor in contrast with 33 per cent the previous year. However, we should take into account that companies in Ibex 35 have changed over the course of the year. The average against votes for companies that received a negative recommendation from a proxy advisor was 15.15 per cent, which is a slight increase from 2014, so we can expect investors to vote in the same line. In terms of directors’ remuneration, Spain’s financial regulatory body, the Comisión Nacional del Mercado de Valores (CNMV), amended regulation Circular 7 of 2015 – one enacted back in 2013 that establishes the remuneration annual report.6 The format of this report though allows investors to have a comparative view of different compensation schemes and seems to be brief in giving a long-term view. Companies will feel compelled to include additional information documents, explaining to foreign investors things such as the level of achievement in relation to targets and goals, and severance or termination agreements with key decision-takers other than directors. In terms of the board of directors, the reform adopted a new cap on directors’ tenure – four years instead of six. Given the fact that governance trends are leading investors to seek annual elections in order to evaluate directors performance on a regular basis, we can expect, as in the past, that foreign shareholders will ask from Spain for some self-regulation in this aspect. It’s hard to foresee a scenario in the near future where most Spanish-listed companies adopt annual elections, however the market has to meet in between. Some companies, for example, adopted a three-year tenure even before the reform, as in the case of BBVA and Indra. Notably, IAG has a one-year director’s tenure and Amadeus has a mixed system where the first appointment is for three years, but reelections are for one year only. We have seen investors, according to public records, voting against reelection or appointment of directors due to the fact that they consider the tenure too long, such as Aviva and Calsters. It’s expected that those companies will receive against votes if they retain the four-year tenure, even when proxy group ISS has not changed the policy in this particular matter for the market.

Spring 2016 | Ethical Boardroom 27

Europe | Proxy Season in Spain As for the impact of this reform in 2015 on Ibex 35 companies: In companies that operated four-years tenure for directors before the reform: ■ Directors’ tenure was six years and was reduce to four at Telefónica, OHL, Caixabank and ACS ■ Directors’ tenure was five years and was reduce to four4 at Abertis, Aceronix, Banco Sabadell, Grifols, Inditex, Mediaset, Sacyr and Ténicas Reunidas In companies that operated four-years tenure for directors before the reform: ■ Nothing changed at AENA, Banco Popular, Bankia, Bankinter, Enagas, Endesa, Gamesa, Iberdrola, Mapfre, REC and Repsol In companies that operated three-years tenure for directors before the reform: ■ The three-year tenure was kept at Acciona, Banco Santander, BBVA, DIA: Ferrovial, Gas Natural and Indra: All these companies kept the three-year tenure after the reform ■ FCC: Directors’ tenure was three years at FCC before the reform, but in 2015 they amended the by-laws and extended the tenure up to four years In companies that operated a tenure of three years or fewer for directors before the reform: ■ Amadeus operated a three-year tenure, but in 2014 introduced an amendment on provision 35 that establishes shareholders will appoint for the first time directors for a three-year period, but when reelected candidates will be submitted to an annual vote ■ At IAG, the directors’ tenure is one year according to by-laws ■ At Merlin Properties, the directors’ tenure is two years according to by-laws According to research conducted by Georgeson and Cuatrecasas, the level of against recommendations from ISS by the different types of directors were the following: 60 per cent of nominee directors (proprietary directors), 39.13 per cent of executive directors, 18.8 per cent of other external directors and 2.6 per cent of independent directors got an against recommendation. Challenges for this proxy season will certainly be to do with the extent of the directors, the presence of independence in the board and the split of the chairman & CEO roles. The new law establishes the mandatory rotation of independent directors every 12 years, which is something that many companies introduced through by-laws. However, it seems that a relevant number of investors, especially from France and the UK, are willing to demand a nine and 10-year rotation. It should be highlighted that some companies have opted to split the roles of 28 Ethical Boardroom | Spring 2016

Board refreSh Spain will address the needs for board reform

chairman and CEO, such as Repsol and Red Eléctrica. In the latest extraordinary meeting for this purpose, with a historical quorum and a level of support on all items an average of 98 per cent, José Folgado kept his role as chairman at Red Eléctrica and his name will be submitted for reelection at the next general shareholders meeting, while Juan Lasala Bernad former CFO, was appointed as new CEO of the company. Another important reform in the Spanish context was the release of a new country code. The Spanish Corporate Governance Code for listed companies enacted by the CNMV that worked along with an advisory commission had few improvements as most of the key issues were included in the legal reform. One of the most important aspects that was included in this document, however, was the international standard related to the issuing of share capital limiting the capacity of waiving preemptive rights. Most companies that adopted international standards had followed ISS guidelines, which limits the capacity to 20 per cent, and that’s what the Code embraced. However, it is not uncommon for investors to ask to limit the waiving of preemptive rights down to 10 per cent or even five per cent, especially French investors and some US asset owners. It can be an issue for Spanish companies that seem to be in need for capital to not hear about these new limits the markets are setting. In terms of control environment, we will see changes when related to external audit.

The markeT Share of The BiG foUr on aUdiT SerViceS amonG iBeX 35 ■ Deloitte

■ KPMG

■ PwC

■ EY

Law 22 was enacted in 2015 and will be in force in July 2016. While the average time of an auditor among listed companies is around 12 years, the law introduces a new rotation limit – a maximum period of 10 years that may be extended for another four years if the firm acts jointly with another auditor. As for the rotation of the partner the firm shall rotate the person every five years, including a cooling off period of three years. The law also caps the non-audit fees. If these fees reach more than 15 per cent of the auditor’s total yearly income for each of the last three consecutive years, the auditor will not be able to audit the following year. This most certainly will be a challenge. We believe those companies with relationships with their external auditor for more than 15 years should expect investors to demand a change of firm. From the current Ibex 35 companies, six have been with the same firm for more than 20 years, 13 companies between 11 and 15 years, five companies between six and 10 years and then 10 companies between one and five years. Some companies, such as Enagas and Bankinter, that have already convened their shareholder meeting, have submitted for approval the appointment of a new external auditor. In general, the challenges are mainly the same but standards are higher than previous years. Compliance has set ground rules that will oblige companies to selfregulate in order to give foreign investors more. Spanish companies are putting in great effort to promote shareholder engagement – they still have barriers to identifying foreign investors – but are willing to invest in dialogue. Sociedad Estatal de Participaciones Industriales Ley de Sociedades de Capital ‘LSC’ 3As in other jurisdictions, it’s a consultative vote 4Components of Ibex 35 as of February of 2016 5We exclude ARCELORMITTAL for holding the Shareholders Meeting in Luxemburg 6 Comisión Nacional de Mercado de Valores – Spanish Supervisor 7In 2012 the company reduced the tenure to three from five years 8Directors ‘tenure was three years before the reform according to by-laws, that establishes that reelections will be conducted by third parties on annual basis without further explanation 1

23% 44% 15% 18%

“Are CEO’s Fired for Bad Luck?”

Annual Lecture | Friday 22 April 2016 | Time: 11:00–12:30 Open to the public with no entrance charge Register online at www.ecgiagm.org or by email to elaine.mcpartlan@ecgi.org Prof. Francesca Cornelli Professor of Finance Director of Private Equity, London Business School Editor, Review of financial studies Research Fellow, CEPR

The ECGI annual lecture is a event where each year an accomplished speaker and academic delivers an insightful and informative lecture on current corporate governance issues. This year, the ECGI has the honour of welcoming Professor Francesca Cornelli to deliver the annual lecture. The lecture is also open to the public so early registration is advised. London School of Economics (Tower 1) Houghton Street London WC2A 2AE

Board Leadership | Succession Planning

Building a better boardroom More than ever you need to know ‘who’ not just ‘what’ makes the best director If you watch boards as closely as we do, you will note a couple of current trends that are reshaping boards and the way they work: a significant need for boards to acquire new skills that enable them to meet the challenges of a dramatically shifting marketplace while they also replace the core skills that are transitioning out due to age or tenure.

The fact that director changes happen infrequently makes board succession planning an imperative, requiring proactive planning that is difficult to achieve without holistic thought and creative discipline. It also means thinking about director selection with more depth and analysis. Based on our ongoing work with board clients, this article offers a perspective on ways you might add non-traditional director candidates to your board, including how to go beyond surface experience to reveal and assess the traits and drivers that will be required to contribute maximum value to boards as they evolve. That is what we mean by shifting from ‘what’ to ‘who’ as you add new directors to your board.

PERSONALITY MATTERS Unconstructive traits soon emerge in a crisis, once the boardroom door is closed

30 Ethical Boardroom | Spring 2016

Jane Edison Stevenson

Global leader for CEO Succession and Vice Chairman, Board & CEO Services at Korn Ferry

A sea change

Viewed as increasingly distinctive and active resources to CEOs and their teams, today’s best directors not only provide guardrails for management reporting, they enhance the capabilities of the executive team by providing deep insights on a range of topics that can either enhance or derail a company’s future. This can vary from asking the right questions on the needs of a broad range of stakeholders (including activists) to the risk quotient around expanding into new products and markets, to protecting the enterprise from new and emerging threats, such as ISIS or cyber breaches, or a host of other considerations. In the exclusive ‘old boys club’ of the not-too-distant past, boards sought a limited profile of directors: CEOs (virtually all white males) who could lend valuable operating knowledge, as well as marquee names from other sectors that added a luster to the board’s roster. While the invaluable operating experience of CEOs is still indispensable, boards increasingly recognise the need to add more targeted expertise that is often not typical in the heritage of a successful CEO.

That might include, for example, cybersecurity, digital commerce, or social media – as well as other areas that specifically link to a company’s business strategy. At the same time, boards have aged and as veteran directors retire, age is becoming an area of diversity that is every bit as important as gender diversity or ethnic diversity. Identifying and integrating nontraditional directors into the board team can be a challenge, but also a significant opportunity to add much younger directors to address some of these more targeted areas of expertise that often don’t fit the traditional director profile of CEO. A snapshot from our 2015 Korn Ferry Market Cap100 (KFMC100) board survey captures some of the fundamental changes we are seeing in board recruitment. Data includes the following: 17 per cent of new directors are 65 and older, while 16 per cent are 49 or younger; on boards as a whole, including both new and incumbent directors, 51 per cent of directors are 65 and older, while four per cent are 49 or younger. Our conclusion: the largest companies in the US are making significant efforts to add next-generation directors who bring the fresh ideas and insights that are crucial in a rapidly changing business environment.

Seeking different? Look differently Age is merely one dimension of the new

Succession Planning | Board Leadership

Assessment science enters the boardroom

In seeking to add new directors, there is a great deal boards can learn from the assessment process that leading companies have been using – with a history of success, including the scientific validation to back it up – for a number of years. Whether a board is seeking to hire a new CEO or to add a new director to its ranks, the challenge is the same: how to gain a view of the whole person. While some competencies and experiences may represent must-haves, they only constitute half the equation. Boards should strive for what we call a four-dimensional view that integrates competencies and experiences, or what an executive has done, with traits and drivers, or who an executive is (see graphic, top right). It’s the board’s duty to assemble as complete a picture as possible so that it can select a board member with the relevant skills, background

KORN FERRY FOuR DIMENSIONAL DIRECTOR ASSESSMENT Competencies

Skills and behaviours utilised to create results. These are capabilities that can be observed

Traits

Inclinations, aptitudes and natural tendencies a person leans towards, including personality traits, learning agility, and decision-making style that could affect performance as a director

Experiences

Track record in positions that provide the background and context for effectively serving as a director

Drivers

Drivers and interests that influence a person’s desire and capability to serve as a director

Source: Korn Ferry

Here is the epiphany we have had at Korn Ferry: if it’s important to know who an individual is when considering him or her for a CEO or major operating role, it’s doubly important for a governance role. While an operating executive can sometimes ‘get by’ on his or her ability to execute effectively, a director only brings who they are to the table. There is no executing trade-off. If you don’t believe me, ask directors who have been through a high-stakes situation and they will tell you about the unpleasant and unconstructive personality traits that emerge in fellow board members once the pressure is on and the boardroom door closed.

WhO YOu ARE WhAT YOu DO

director profile. Boards are not just seeking younger directors, but diversity of all sorts to broaden their skill base and to assist in creating innovative strategies and problem-solving. To achieve that goal, boards will have to start thinking differently about board recruiting criteria, focussing far less singularly on the experience represented in a resume and far more on a deep understanding of who the candidate is to help predict how they will operate in the boardroom. Focussing on CEOs of stature with publicly understood track records, created a form of screening that does not necessarily translate to the focussed depth of capabilities a candidate who has not been a CEO will bring. That said, their experience in key areas of the marketplace, if married with exceptional judgement and a level of insight gained from a P&L track record, can be advantageous if the complement of other board members rounds out the equation. As with most things in life, there are trade-offs to consider. That is where the degree of challenge increases, because the track record on the resume is relatively easy to capture. The personal judgement and characteristics – so crucial to identify in a prospective director – are more elusive. But they are also more significant, as they ultimately are the keys to the right fit. There is no need to reinvent the wheel, however. Boards can borrow from what has become standard operating procedure in hiring operating executives when it is necessary to go beyond the individual’s track record and illuminate the personal characteristics and motivation that determine the likelihood of success for the future.

and personal traits, including ethical dimensions. Yes, they, too, can and should be measured, because it’s not just the bottom line that’s important to investors and to consumers of goods and services. Companies that do ‘good’ as corporate citizens are increasingly likely to do well, too. Moreover, boards must take great care to avoid both the appearance and the reality of any ethical scandals, which can quickly derail the company and sink its value.

Getting beneath the surface

When constructing an ideal profile for a new director, boards should take a number of criteria into account. Start with a view of the entire ‘chessboard’, that is take stock of the

It’s the board’s duty to assemble as complete a picture as possible so that it can select a board member with the relevant skills, background and personal traits

Spring 2016 | Ethical Boardroom 31

Board Leadership | Succession Planning skills and experience currently represented on the board against the backdrop of what the strategy calls for and determine where the gaps are. That represents the relatively straightforward part of the process, the essential but surface easier-to-identify attributes a new director should possess – the upper half of our four-dimensional graphic, or the ‘competencies’ and ‘experiences’. Following are six questions to contemplate as you interview board candidates. The answers won’t show up on a resume and they go to the heart of personality and potential to be an effective director: Why does this individual want to be on your board? Conversations with a director candidate can be geared to identifying the person’s primary motivation for serving on a board. The desire merely to add board experience to the resume is not only a poor reason, it is totally useless when one is in the boardroom and expected to work with other directors. Those who are motivated by getting another ‘notch in their belt’ usually come across as self-promoting networkers and are less effective in contributing as team members and immersing themselves in tasks at hand. Highly successful operating executives can make lousy directors – or not. It’s all about what motivates them and their ability to shift gears to a different role that must be equally fulfilling for them. Can this person step out of the accustomed role as an operating leader and work effectively as a peer on a team of leaders? Many CEOs make great directors, others are unable to step outside their operating role as the one in charge to being on a team of CEOs and other senior executives where peer-to-peer collaboration is required, not a hierarchical decision-making structure. No one ascends to the CEO spot without a healthy measure of ego, but director candidates must be secure enough in their own skin to take on different roles where they will not be calling the shots. Verbosity can be an annoying trait in a CEO, in a director it can be a disaster, serving as a roadblock to needed discussion. Is the director candidate able to see new situations and challenges through a variety of lenses, not just through the lens of his or her own experience? One’s background and experience should inform but not dictate discussions and decision-making on the board. We know of very capable, successful executives whose view is limited only to their own operating experience. Some even resort to disparaging other directors in boardroom discussion when they express different views. Effective directors are able to start with a blank sheet of paper, considering various options with an open mind as they hear others’ views, recognising that, while much can be learned from others, each company’s culture, stakeholder mix and experience are unique 32 Ethical Boardroom | Spring 2016

and the best decisions emerge from spirited discussion where everyone contributes. What is this person’s comfort level with ambiguity, when decisions are not cut-and-dried? When the buck stops with the CEO, as operating leader, decisions have to be made – often quickly – even amid imperfect data, but the governance arena is very different because you are not executing against specific goals. There is far less that is obviously black and white and far more grey with ambiguity that has to be viewed in terms of ratios – and that is not a bad thing. Decisions must be made in the boardroom, nonetheless, so it is important that directors are able to capably

Certain types of people make strong board members, while others do not and success derives from their essence — the personality traits and characteristics that make them who they are

assess risk and move forward, ever conscious of their fiduciary duty to protect the interests of shareholders. That is why learning agility is such a crucial competency in all leaders, but especially in the boardroom. Does this person derive significant satisfaction from being a co-creator? Not everyone does. Some people are motivated by putting in the hard work and gaining individual recognition and rewards for their efforts. Great directors enjoy the interpersonal relationships developed as a board member as well as the experience of being part of a unique senior team of peers where there is not always a clear leader and everyone may be equally accomplished. The reward is more internal satisfaction for a job well done, rather than public accolades, so, again, attempts to reveal those quadrants of ‘hard-wired dispositions’ and ‘motivators and interests’ will provide strong clues to someone’s suitability to contribute on a board. How high is this individual’s service quotient? Contrary to conventional wisdom, most directors don’t serve for the glory or the compensation. Directorship today is a far

more time-consuming, riskier proposition than in years past. So why do people commit to serving on boards? Many of the best directors derive the greatest ‘compensation’ from the success and accomplishments of others. In the capacity of board member that may translate into serving as a coach and advisor to the CEO – or even to others on the senior team or to novice directors, ensuring that they build capacity to up their game.

Assessing the whole person

As we suggest with the above questions, certain types of people make strong board members, while others do not and success derives from their essence – the personality traits and characteristics that make them who they are. Fortunately for nominating and governance committees, addressing those questions with prospective directors that are designed to illuminate the traits that correlate with success in the boardroom can help predict with a significant degree of accuracy what sort of director someone will make. That should be welcome news since removing an underperforming director is notoriously difficult and something many boards avoid. But even a mediocre director, one that may take a spot that could have gone to a more targeted choice, represents a lost opportunity and can be a drag on the board’s ability to fulfill its strategic objectives. These suggestions should help boards jump-start the process of identifying and attracting directors with the personality attributes they require, not solely the resume attributes. They should also enable boards to assess candidates who represent diversity – in skills, gender, ethnicity and age – and whose resumes may not represent as lengthy a track record as the traditional CEO candidate. Having served for 20 years as a CEO may not be a key requirement, whereas a particular skill that millennials are more likely to possess, for example, that is not yet represented on the board may be. Sometimes described in the shorthand ‘EQ’, this constellation of traits that effective board members possess includes a personal pay-off from being part of a team, not the star of the show – listening to others, asking important questions and helping to create insights and bring out the best in others. The pace and depth of change that characterise today’s and tomorrow’s business environment make these considerations more important than ever in the director selection process as boards increasingly feel the urgency to create the diverse teams they require to serve as real strategic assets to the companies. That will entail an assessment of the whole person, not only the labels that signify business success, but who they are – defined by the crucial personal qualities that lie beneath the surface.

DISRUPTIVE TRENDS CONVERGE WITH BOARD MATTERS

BEYOND BORDERS 2016 GLOBAL BOARD LEADERS’ SUMMIT The largest director forum in the world, where the greatest minds in governance convene to take on the largest issues facing today’s board leadership.

SEPTEMBER 17-20, 2016 WASHINGTON, DC REGISTER ONLINE NACDonline.org/Summit

Board Leadership | Succession Planning

Jason Schloetzer

The William Charles Sonneborn Associate Professor of Accounting at the McDonough School of Business, Georgetown University

SOS:

Preparing for a new CEO Is your board prepared for an emergency CEO succession? Lessons from recent high-profile cases Succession planning is one of a board’s most important oversight responsibilities. Accordingly, a majority of corporate boards review the CEO succession planning process annually. However, emergency succession events, such as the unexpected departure or sudden death of a CEO, act as a ‘stress test’ of companies’ succession process and place considerable pressure on boards to act swiftly and decisively. A quick response can be problematic if the process lacks an emergency component or a succession-ready candidate is unavailable. Yet, waiting too long to name a permanent successor is often viewed as a lack of director preparedness to handle such a significant issue. Companies often struggle in their response to emergency successions. For instance, a recent survey conducted by Pearl Meyer & Partners reported that 32 per cent of director and executive respondents believed that their companies had not identified an emergency CEO who could serve on an interim basis.1 In terms of public disclosure of emergency plans, 34 Ethical Boardroom | Spring 2016

at a time when investor groups have been lobbying extensively for more information regarding the succession planning process,2 a total of only 17 per cent of the 100 largest US companies specified in their proxy and governance statements that they had a plan or person at the ready in the event of a sudden CEO departure; four per cent reported a stated plan for an interim CEO; six per cent reported having written procedures in place; and seven per cent reported that a list of potential successors existed. 3 Research suggests that emergency CEO successions have a substantial impact on post-succession company performance. For example, consider the rare but important succession event of the sudden death of a CEO. Studies have found that such events are associated with an 18 per cent decline in operating profitability, along with declines in asset growth and sales growth, in the year following the emergency succession event.4 This evidence suggests that the disruption associated with a sudden CEO departure has meaningful economic consequences for the firm and its stakeholders. Studies have found that this decline in performance might be associated

with how long it takes the board to appoint a permanent CEO, highlighting that the longer the gap, the worse the performance.5 At a minimum, this evidence suggests that a board’s response to an emergency CEO succession can substantially affect company performance. How can directors successfully navigate an emergency succession? Let’s take a closer look at three succession emergencies that occurred at S&P 500 companies in 2015 and consider the key takeaways for directors from these high-profile events.

Fastenal Company: Three CEO successions within one year leaves Wall Street confused

On 7 November 2014, the board of Fastenal announced the sudden resignation of Willard Oberton as CEO, effective 31 December. In connection with this action, the board elected current COO Leland Hein Jr as the company’s new CEO, effective 1 January 2015. The circumstances of Oberton’s departure were unclear, as the company stated that he would “continue to be actively involved in strategic planning and performance measurements for the company and will continue to serve as a

Succession Planning | Board Leadership

mentor to Mr Hein” – suggesting Oberton would remain active in the company, despite relinquishing the CEO duties.6 In July 2015, after serving less than seven months as CEO, Hein Jr resigned his role as CEO and resumed his role as COO, effective immediately. The board announced that Oberton would again serve as CEO and continue in his role as chairman. No reason was given for the change, leaving Wall Street analysts puzzled at the unexpected announcement. Some analysts noted that the company’s stock price had declined 11 per cent since Hein Jr became CEO. One analyst stated: “It’s not very clear what is going on. But the change is definitely strange.”7 This wasn’t the end. In October 2015, for the third time in less than one year, the board

The unexpected departure or sudden death of a CEO, act as a ‘stress test’ of companies’ succession process and place considerable pressure on boards to act swiftly and decisively

named a new CEO, selecting Daniel Florness as its new CEO, effective 1 January 2016. Again, no reason was given for the shuffling of leadership positions and the appointment created a vacancy at the CFO position which the board will fill “on either a permanent or interim basis, as soon as reasonably practicable”. 8 No permanent CFO had been named as of March 2016.9

United Continental Holdings, Inc: Sudden termination amid a federal investigation and subsequent unexpected health concerns

On 8 September 2015, United Continental announced that its CEO Jeff Smisek was leaving amid a federal investigation into the airline’s questionable ties to David Samson, the former chairman of the Port Authority of New York & New Jersey. An investigation revealed that Samson had asked United Continental to resume an unprofitable flight between Newark, New Jersey and Columbia, South Carolina, which is located near Samson’s weekend home. After United Continental agreed to resume this flight, the

Port Authority approved substantial upgrades to the Newark airport, an important hub for United Continental. The flight was quickly discontinued after Samson stepped down. In conjunction with this investigation, the United Continental board dismissed Smisek, confirming that the departure was connected to the company’s on-going internal investigation related to the federal government probe. On the same day, the board appointed Oscar Munoz, a board member of Continental since 2004 and a board member of the combined company and chairman of the Audit Committee since 2010, as the company’s president and CEO. On 15 October, after serving as CEO for only six weeks, Munoz suffered a heart attack. A few days later, Brett J. Hart, the company’s general counsel, was named an acting CEO during Munoz’s medical leave. United’s shares closed down three per cent on the news of Munoz’s hospitalisation and various commentators debated whether United’s board should provide more disclosure about Munoz’s health.10 One columnist wrote: “Oscar Munoz’s recent heart attack reminds us that corporate boards have no script to follow in such situations.”11 Spring 2016 | Ethical Boardroom 35

Board Leadership | Succession Planning Munoz underwent a successful heart transplant on 6 January 2016 and is expected to make a full recovery. The board of United Continental stated that Munoz will likely return by the end of March 2016 or early in the second quarter.12 This will hopefully end the roughly six-month period of uncertainty within the company’s CEO suite.

UNDER SCRUTINY Stakeholders will want to know more details on succession processes

F5 Networks, Inc: Sudden termination amid issues of personal conduct

On 22 April 2015, the board of F5 Networks announced that Manny Rivelo was elected to the CEO position, effective 1 July. He succeeded longtime CEO John McAdam, who agreed to remain on the board as chairman upon his retirement on 1 July. Rivelo had been with F5 since 2011, serving as the company’s executive vice president of strategic solutions. The board’s lead independent director, Al Higginson, stated: “On behalf of the board, I am excited about the future of F5 under Manny’s leadership and I look forward to working with him to build on the company’s success.”13 Within six months, however, Rivelo had gone. On 14 December 2015, the board announced that John McAdam would retake the CEO reigns, as Rivelo resigned from his newly-gained CEO position. The company stated: “Mr McAdam succeeds Manuel Rivelo, who has resigned from his position of president and chief executive officer and as a member of the F5 board of directors, for matters regarding personal conduct unrelated to the operations or financials of the company.”14 The company press release provided investors with a degree of insight into the situation. Higginson stated: “I want to emphasise that these actions are in no way related to the company’s operating performance or financial condition. This change in management, while unexpected, is strictly related to personal conduct matters.” Moreover, the company’s press release reaffirmed that the board and executive leadership team remained fully committed to the strategy and financial targets previously released and that McAdam would immediately re-engage on a day-to-day basis with F5’s management team. The board also announced that it would begin a formal search process to identify a permanent successor.

Key takeaways for directors

One takeaway from these cases is that boards should have a vetted successor ready to be named (interim) CEO in the event of an emergency. Emergency CEO successions disrupt the planned process. Unless the emergency occurs relatively close in time to a planned transition, candidates are likely to be in process (‘CEO potential’) rather than in queue (‘ready now’). In this situation, the board will have to conduct a risk assessment for appointing an emergency CEO successor, who is not ‘ready 36 Ethical Boardroom | Spring 2016

now’. A key question will be: “Is our candidate ready enough to justify a permanent appointment?” An important part of the board’s calculus must be whether the emergency successor would engender confidence in the quality of leadership continuity. Successors who are known and well-regarded by stakeholders are likely to be better received than unknowns. Hence, it is not surprising that United Continental selected a longtime director as a suitable successor during its emergency situation. Similarly, Fastenal and F5 Networks turned to their former CEOs and current board chairmen as emergency successors. A second takeaway is that directors must have a communication strategy that balances the need for business conduct privacy and stakeholder involvement. Astute directors recognise that preparing for an emergency CEO succession does not end when the board identifies a candidate. It is the manner in

Seven out of 10 large companies provide investors with advanced notice of a change in CEO, so any succession event that is effective immediately, such as an emergency succession, might trigger heightened scrutiny which directors communicate the details of the emergency succession to stakeholders that will shape observers’ perceptions of the board’s preparedness for the event. The contrast between the boards of Fastenal (providing no information about why the company was changing leadership) and F5 Networks and United Continental (explaining that the emergency successions were related to issues of personal conduct and not to underlying concerns that were operational or financial in nature) highlights the case-by-case approach boards take when providing stakeholders with succession-related information. Seven out of 10 large companies provide investors with advanced notice of a change in CEO, so any succession event that is effective immediately, such as an emergency succession, might trigger heightened scrutiny.

And when scrutiny is combined with scant details about the succession event, it would not be surprising if your stakeholders decide that your board’s succession process is ‘strange’. 1 Cited in Susan Battley, “How Citigroup Handled the Vikram Pandit Ouster and What It Says About Succession Planning,” Forbes, October 19, 2012 (www.forbes.com/ sites/forbesleadershipforum/2012/10/19/how-citigrouphandled-the-vikram-pandit-ouster-and-what-it-saysabout-succession-planning), accessed November 8, 2012. 2Edward Ferris and Justus O’Brien, “Examining the Impact of SEC Guidance Changes on CEO Succession Planning,” Director Notes, The Conference Board, April 2010. 3Smooth CEO successions: Lessons in passing the baton, Korn/Ferry International, October 11, 2012 (www. kornferryinstitute.com/reports-insights/kornferry-marketcap-100-smooth-ceo-successions), accessed December 8, 2012. 4Morten Bennedsen, Francisco Perez-Gonzalez and Daniel Wolfenzon, “Do CEOs Matter?,” NYU Working Paper No. FIN-06-032, October 2006, available at http:// ssrn.com/abstract=1293659. 5Bruce Behn et al., “Deaths of CEOs: Are Delays in Naming Successors and Insider/ Outsider Succession Associated with Subsequent Firm Performance?” Journal of Managerial Issues, Vol. 18, No. 1, Spring 2006, pp. 32–46. 6See “Fastenal Company Announces Resignation of Chief Executive Officer,” Fastenal Company press release, November 7, 2014 (http://investor. fastenal.com/releasedetail.cfm?ReleaseID=881441). 7 See Dee DePass, “Fastenal CEO Leland Hein steps down, replaced by former CEO Willard Oberton,” Star Tribune, July 20, 2015 (http://www.startribune.com/ fastenal-ceo-leland-hein-steps-down-replaced-by-formerceo-willard-oberton/317613471/). 8“Fastenal Names New CEO,” Industrial Supply, October 13, 2015, (http:// industrialsupplymagazine.com/pages/News-101315-Fastenalnames-new-CEO.php). 9See http://investor.fastenal.com/ management.cfm, last accessed March 1, 2016. 10See, for instance, Joe Cahill, “United Airlines Needs Guidelines on CEO Health Matters,” Crain’s Chicago Business, October 24, 2015 (http://www.chicagobusiness.com/article/20151024/ ISSUE10/310249998/united-airlines-and-other-companiesneed-guidelines-on-ceo-health) and Joann Lublin and Doug Cameron, “What Should Firms Say When CEO is Sick,” The Wall Street Journal, October 18, 2015 (http:// www.wsj.com/articles/what-should-firms-say-when-theceo-is-sick-1445212669). 11Joe Cahill, “United Airlines Needs Guidelines on CEO Health Matters,” Crain’s Chicago Business, October 24, 2015 (http://www.chicagobusiness. com/article/20151024/ISSUE10/310249998/united-airlinesand-other-companies-need-guidelines-on-ceo-health). 12 See John Russell and Becky Yerak, “United CEO’s Recovery From Heart Transplant Likely to Take Months,” Chicago Tribune, January 7, 2016 (http://www.chicagotribune. com/business/ct-united-munoz-heart-transplant-0108biz-20160107-story.html) and Becky Yerak, “United CEO Has Heart Transplant,” Chicago Tribune, January 6, 2016 (http://www.chicagotribune.com/business/ct-united-munozheart-0107-biz-20160106-story.html). 13See “Manuel Rivelo Appointed as the New CEO of F5 Networks,” F5 Networks press release, April 22, 2015, (https://f5.com/about-us/ news/press-releases/manuel-rivelo-13 14 See “F5 Networks Announces Appointment of Long-Time F5 Executive John McAdam as President and CEO,” F5 Networks press release, December 14, 2015, (https://f5.com/about-us/news/pressreleases/f5-networks-announces-appointment-of-long-timef5-executive-john-mcadam-as-president-and-ceo).

SOPHISTICATED APPROACH. PRACTICAL SOLUTIONS. Sidley’s corporate governance practice helps companies navigate through the challenges of the ever-evolving responsibilities of directors and senior management. TALENT. TEAMWORK. RESULTS.

Board Management Financial Reporting and Compliance Risk Management and Crisis Preparedness Takeover Defenses Proxy Contests Shareholder Relations Executive Compensation

Contacts Thomas A. Cole +1 312 853 7473 tcole@sidley.com Holly J. Gregory +1 212 839 5853 holly.gregory@sidley.com John P. Kelsh +1 312 853 7097 jkelsh@sidley.com

sidley.com

AMERICA • ASIA PACIFIC • EUROPE Attorney Advertising - For purposes of compliance with New York State Bar rules, our headquarters are Sidley Austin LLP, 787 Seventh Avenue, New York, NY 10019, 212 839 5300; One South Dearborn, Chicago, IL 60603, 312 853 7000; and 1501 K Street, N.W., Washington, D.C. 20005, 202 736 8000. Sidley and Sidley Austin refer to Sidley Austin LLP and affiliated partnerships as explained at www.sidley.com/disclaimer. Prior results do not guarantee a similar outcome. MN-2873

Board Leadership | Gender Diversity in tHe minority But the law is changing in favour of female board members

Women on French boards: An evolution Due to the general French approach to the role of the board, company executives (by they men or women) are rarely members of the board at the same time – unless the chair is the CEO.

Some of my recommendations which may be useful for improving board composition, appear in italics.

Number of women on boards

Women chairing boards, or being a CEO, make up less than seven per cent of boards in a study of 403 Euronext Paris companies. Women chairing supervisory boards are around 16 per cent. That’s no real improvement in six years. Other studies find similar stagnation at a low level for women on executives committees. The author’s view is that the qualification to become a CEO or member of an executive committee is very different from the one of a board member only. For boards, quite often, one seeks outside-of-the-company experience. For CEO and executive committee members, most of the candidates (men or women) come from the company. The number of women already holding a position just below the executive committee level with a qualification outside human resources and communications is too small. A long-term view and a voluntary approach within the whole company management is needed to progress. Using the ‘joystick average’, the law is a success for quoted companies. On average, 38 Ethical Boardroom | Spring 2016

Observations from a seven-year study of more than 900 women on boards of 403 Euronext Paris companies

40 per cent in 2017, consequently they may have been less concerned up to now. Validated historical statistics on significant samples for these non-quoted companies are still scarce. But beware of the averages; the law applies for EACH company not to averages. The space on such an article does not permit to present curves of the distribution of the percentage among the companies. They are available and show that many companies are still below the target. From June 2015 to June 2017, the estimated number of Euronext Paris companies’ board positions which have to be filled by women is around 500. There is a lot of work is to be performed by the chair.

Guy Le Péchon

CEO Partner at Gouvernance and Structures they have reached the 2014 target of 20 per cent for women on boards and are moving towards the 40 per cent figure (see graph, below). For non-quoted companies, there was no 2014 target but only a big jump to reach

AverAGe number oF boArd Positions occuPied by Women As A PercentAGe oF totAL number oF boArd Positions 40

Target

35 30 25 % 20 15 ■ ■ ■ ■

10 5 0

2007

2008

2009

2010

2011

2012

2013

CAC 40 Big Caps non CAC 40 Mid Caps Small Caps 2014

2015

2016

Board Leadership | Gender Diversity

Profiles of women on boards (at the end of June 2015)

The ages of recruited women are lower than those of women already on boards, which is quite natural. The diversity of women profiles is still low and changes are incremental. A large number of women recruited to boards have been CEOs or responsible for large accounts. The number of women with finance or high level consulting experience grew due to designation of women representing a board member company. At a much lower level are women with legal, scientific/production/technical, commercial and communication, social environment and HR experience.

Public organisation experience Large companies have recruited (25 per cent of them within CAC40) women who have held high level positions within public organisations (ministers, EU Bruxells, ONU).

Nationalities

Within the large companies, around half of the women recruited are non-French with a number of them from Europe outside UK and just after the Anglo-Saxon group (North America, Canada and UK). For small company boards, although many have international activities, recruitment of non-French women is scarce. For them, one should look at women living in France /Europe who have accumulated a strong experience of foreign countries. By the way, it should be noticed that a large number of French women are qualified for UK, US and Canadian company board positions. There is a large increase in independent women directors. The smaller the company, the more likely there is to be a woman linked to family ownership. To improve this type of profiles study, one should elaborate similar statistics on the men and then compare. But the quantity of data to collected and incorporate within such study is much larger.

Qualitative facts and comments

The law should not be seen as a constraint but as a strong opportunity to push boards to think about their own composition. Today, even those who still do not like the quotas

MAIN CORPORATE GOVERNANCE COURSES

IFA Institut Français des Administrateurs (Paris) Specific courses & board member certification Institute Of Directors (London) Specific courses & board member certification ESSEC (Paris) Women Be European Board Ready For women only INSEAD (Fontainebleau France) International Directors Program 40 Ethical Boardroom | Spring 2016

FLyING ThE FLAG FOR wOMEN

approach see the positive evolution and are now working on how to fulfil the obligations rather than discussing them. Mainly for small caps, women seem to come from the close circle of the chair and boards members. It is highly recommended to the boards to rationally elaborate the profiles needed and enlarge their searches outside their close relationships circle. Mathematics lead me to consider that addition of women to some boards will not be enough to reach the 2017 target. Boards will have to elegantly dismiss men. Training courses on corporate governance have been set up, some on specialist subjects others globally, with certification for both genders and one for women only (see below). But for very special profiles no problems have been reported in finding qualified women and integrating them on boards. The discussion of qualification of women candidates has led to studies of male candidates, or even of men already on boards. One indirect impact of the law is a general improvement of the qualification of the members of boards. Improvement of the ‘ambiance’ and work quality of the boards with more women has also been reported.

Main conclusion

France is moving ahead on the very large base of the boards of 500 quoted companies and starting the process on a similar number of Sociétés Anonymes (SA) non-quoted companies. Results are very encouraging, but at least 500 board positions still have to be filled by women before the end of 2017 to reach the quoted companies target. Efforts, especially for small companies’ boards, are still important. Quantitative, but also qualitative success will occur if, and only if, chairs move outside of their own circle of recruitment.

MAIN RULES ExTRACTED FROM FRENCh LAwS ON GENDER DIVERSITy AMONG bOARDS Laws use the word ‘gender’ to mean man or woman, but since today the underrepresented gender among boards is clearly woman, the following text uses ‘women’. January 2011 Zimmermann Cope Law Applies to all French companies after the first 2017 general shareholders meeting nominating board members, if they are: ■ Quoted on Euronext Paris ■ SA non-quoted companies with a minimum of 500 employees and a minimum of ¤50million annual turnover or total balance sheet For boards with more than eight members, the minimum ratio of women to men should be 40% For boards with eight or fewer members, the gap between the number of men versus the number of women on the board cannot be more than two August 2014 complementary law For non-quoted SA French companies with a minimum of 250 employees and a minimum of ¤50 million annual turnover or total balance sheet, the above rules will apply in 2020. Penalties After the above mentioned dates and until the company follows the rules ■ Renewing a man on the board or nominating one is invalid ■ All the board members fees are blocked into an account and not distributed

The author thinks that above these legal penalties, the main motivation to follow the rules, is to avoid a company image risk.

Board Leadership | LGBT Diversity

LGBT in the boardroom Broadening the diversity debate to advance lesbian, gay, bisexual and transgender policies Patricia Lenkov

Founder & President, Agility Executive Search

42 Ethical Boardroom | Spring 2016

LGBT Diversity | Board Leadership

The case for diversity in corporate boardrooms has been made. Businesses actually benefit when they embrace diversity. Not because it is socially acceptable or the politically correct thing to do, but because it generates positive financial results.

BOARDROOM PARTICIPATION More than half of LGBT employees in the US are closeted at work

a board’s work and if its members are too similar this may not take place. And perhaps most importantly, clients, employees and shareholders of all companies are diverse and boards should be reflective of this. Additionally, in case there is an argument brewing about the above paragraph, no one is suggesting that boards sub-optimise on skills, professional qualifications and experiences of board members. These should never be compromised on. Rather, the diversity logic contends that your board can have all of what you require in terms of qualifications AND someone who brings an element of heterogeneity as well.

In January 2015, in its Diversity Matters report, McKinsey disclosed that “companies in the top quartile for racial and ethnic diversity are 35 per cent more likely to have financial returns above their respective national industry medians”. Research in France at Authentic boards the Université Savoie Mont Blanc looked at In spite of the regularity of the diversity performance of French CAC40-listed discussion, to date the deliberation has not companies between 2008 and 2012. It was included the LGBT community. In fact, for concluded that “companies whose many, this element of an individual’s life boards are more diverse in terms of has no relevance to their professional career gender achieve higher performance and as such has no place in the diversity indicators, all else being equal”. conversation. However, change is underway. The very idea of diversity is Before examining this change, let us look evolving and, in fact, it is at why one’s LGBT status is even pertinent and expanding as well. Not too long why companies do themselves a disservice by ago, diversity in business circles pretending otherwise. referred primarily to ethnicity. According to a 2015 Harvard Business While this is still a fundamental review article, “authenticity has become starting point, more recently the the gold standard for leadership”. Harvard diversity debate in business as well Business School professor and former as governance circles has focussed Medtronic CEO Bill George has written several in large part on gender diversity. But books on the topic of authentic leadership other types of diversity and their value in and has conducted the largest leadership business settings are gaining momentum. development study ever undertaken. He Age diversity is something that corporate argues that “achieving business results over a boards of the past didn’t pay much attention sustained period of time is the ultimate mark to. In fact, the common rule of thumb used to of authentic leadership. It may be possible to be that unless you were grey-haired and over drive short-term outcomes without being 50 you didn’t really have the seasoning and authentic, but authentic leadership is the only tenure required for boardroom participation. way to create long-term results” (Harvard Starbucks dislodged this tendency when it Business Review, February 2007). nominated 29-year-old Clara Shih to its board Authenticity goes hand in hand with integrity in 2011. Fitbit, the fitness tracking device and according to Warren Bennis, considered company, has had 38-year-old Eric Friedman the “dean of leadership guruism” by Forbes on its board since 2007. And there are others. Magazine, integrity is one of the six important Executive coach and trainer Guy Farmer, leadership qualities. Bennis describes integrity in his self-awareness workshops, actually as “alignment of words and actions with identifies and enumerates 25 types of inner values. It means sticking to these values workplace diversity. Included in his list are even when an alternative path may be easier income, communication ability, language, or more advantageous”. conflict resolution ability Given the above, it seems and level of self-awareness. Diversity reflects quite problematic for Before continuing, let’s the real world and business that according to reiterate why diversity is a 2014 study by the Human important to the composition diverse teams Rights Campaign Foundation, and configuration of have been shown 53 per cent of LGBT corporate boards. Diversity employees in the US are reflects the real world and to make better closeted at work. And if they diverse teams have been decisions. They are closeted in the workplace, shown to make better reduce risk when they are also closeted in decisions. They reduce risk the boardroom. This means when making decisions making decisions that the work of many because diversity curtails because diversity boards is being impaired groupthink. The ability to constructively disagree and curtails groupthink by harbouring executives who cannot be authentic. deliberate is a core element of Spring 2016 | Ethical Boardroom 43

Board Leadership | LGBT Diversity For any of a multitude of reasons, these individuals are unable to bring their true and entire selves to their role as board director. They cannot dig in and truly concentrate and use all of their energy and creativity. They must balance their focus on the tasks and challenges at hand with the need to maintain a façade. One can only speculate on how this disadvantages a business. This is true for the boardroom and at all levels within the organisation. The repercussions on productivity of the mere pressure to hide is certainly a very important reason why we cannot continue to believe that being LGBT has no relevance in the workplace. Another important reason why one’s LGBT status is pertinent in the workplace is because being LGBT is not simply about who you are attracted to but rather it is about who you are. Just as we in the so-called straight community feel defined by our family and significant others in a way that is far more than simple sexual orientation so too do members of the LGBT community. To distil this community down to sexuality is to overly simplify something that is far more complicated and nuanced. According to Claudia Brind-Woody, vice president and managing director for Global Intellectual Property Licensing at IBM and co-chair of the firm’s Global LGBT Executive Taskforce, members of the LGBT community want to engage authentically at work like everyone else. We all bring to our jobs the sum total of our life experiences and if we are admired and successful how can anyone assume that being LGBT has not contributed to this. Bottom line, the LGBT community are on our teams at work, they are in the boardroom and in the next cubicle, whether we know it or not. We can choose to ignore this or we can embrace the differences and benefit from them.

New initiatives

In the vein of benefiting – and specifically as this pertains to the boardroom – there are several developments worth mentioning. Most exciting perhaps is an initiative called Quorum established by Out Leadership, an organisation focussed on the business case for LGBT inclusion. Quorum is the first initiative to identify and place senior LGBT executives on corporate boards. On its website it provides the following quote from Trevor Burgess, president and CEO of C1 Financial, a Florida-based bank with 31 offices: “We need women on the board, we need LGBT people, and we need people of colour. I need my board to look like my clients, because if my board looks like my clients, I can better serve them. The challenge is that not 100 per cent of the US is straight, white and male and yet so many corporate boards still have mostly those characteristics.” Quorum is not suggesting that any LGBT person be considered for board service, rather it is developing a list of only the most experienced and talented. In case there is any 44 Ethical Boardroom | Spring 2016

doubt about the seriousness of this cuttingedge initiative, earlier this month it was announced that KPMG is a founding sponsor. In January of this year, Mary Jo White, who is the Securities and Exchange Commission (SEC) chairman announced that she would increase the focus on boardroom diversity in the final year of her tenure in this role. Her intention is to define diversity and perhaps require companies to provide specifics about the diversity of their directors. This builds on a 2009 rule whereby the SEC required issuers to disclose whether and how a board and/or nominating committee considers diversity in identifying directors nominees. The problem was that this rule permitted each company to define diversity as it considered appropriate. For some, a director from a new industry or with a unique educational background could be considered diverse. Clearly there are limitations with this original rule that are now being addressed and the diversity disclosure rule is being calibrated. Although the inclusion of LGBT status may not currently be under discussion, this increased attention could lay the groundwork for future consideration. No one is assuming that the subject matter of this article is not controversial and dare we say even revolutionary. As such what can boards who are interested in advancing the conversation do?

A different perspective

The LGBT diversity issue should initially be framed within larger conversation about board diversity in general. What is the current composition of the board and does it embody any type of diversity? If it does not, why not? What is the thinking on diversity and

The repercussions on productivity of the mere pressure to hide is certainly a very important reason why we cannot continue to believe that being LGBT has no relevance in the workplace

importantly, what is the resistance? In most cases, there is a long-standing belief that in order to incorporate diversity in the boardroom, the board will have to compromise on qualifications, experience, seniority, etc. In most cases this is simply not true. If the board that is interested in advancing the LGBT inclusion question does already have some diversity on it, what has been the experience and benefits? It would be important to appreciate and measure the changes and improvement brought about by a diverse board. Another important consideration is the various stakeholders of the organisation. Some customers and market segments may lend themselves more than others and benefit accordingly by having the LGBT perspective on the board. Organisations have advanced differently in their internal diversity and inclusion programmes and as such the importance of LGBT representation on the board is unique to each company. The other side of the equation, of course, is understanding whether there will be intolerance and resistance from stakeholders. Timing is everything and, unfortunately, sometimes waiting for a new idea to become popular is the best approach. To conclude, it cannot be over emphasised how important it is to realise that the suggestion of LGBT diversity or really any diversity in the boardroom is not in lieu of skills and qualifications, but in addition to them. Furthermore, in the case of the LGBT community, it is absolutely not about who they are married to or partnered with that provides dimension to the boardroom. Rather it is about the uniqueness of their perspective and the way they may attack problems and make decisions by virtue of their life that needs to be considered. This is indeed the suggestion of major culture shift but to borrow a quote from Charles Darwin: “It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.” BROADENING DIVERSITY Hiding one’s identity can have repercussions on productivity

Board Leadership | Corporate Culture

Tone at the top Why people rightly point to boards to answer for an unhealthy corporate culture Corporate culture continues to be the subject of much debate, not just in the media but in boardrooms and the corridors of power. The UK Financial Reporting Council, for example, launched an initiative in September 2015 to gather insight into how boards can shape, embed and assess culture.

Why should the board be held accountable for corporate culture? The UK Corporate Governance Code, one of the foundations of modern corporate governance, says that “the values and standards of behaviour set by the board are an important influence on culture and there are strong links between governance and establishing a culture that supports long-term success”. A recent report from ACCA, arising from a survey of nearly 2,000 finance professionals across the world, examined the link between governance and culture and how corporate culture interacts with individual behaviour.1 The report found that governance and culture are inseparable: it is not that one is more important than the other.

Tone at the top is important

More than 60 per cent of respondents thought that tone at the top was the vital driver of behaviour at work. This was consistent across all age groups, geographic locations and industry sectors. The concept of tone at the top describes the attitude of corporate leaders’ guiding values and an ethical culture within the company. Moreover, nearly half of respondents felt their organisation was hierarchical and communication was top-down, compared to only 19 per cent who felt communication was a two-way process. This should alert leaders to be aware of how their conduct is seen by others. Where people meet face to face regularly, the impact of leaders’ behaviours would seem obvious. There were, however, no apparent differences between the views held by those who worked in multinational organisations and those who did not. Nor were there differences between those located at a company’s headquarters and those at a 46 Ethical Boardroom | Spring 2016

Jo Iwasaki

Head of Corporate Governance at ACCA subsidiary or local centre. Both saw tone at the top as being important. Despite this perception of influence, leaders need to be aware that their direct impact over individual office culture in large, complex organisations decreases the further the office is from the HQ. In an earlier roundtable event in New York, some argued that the impact of tone at the top would decrease as organisations become more complex. This may pose a challenge to corporate leaders – while they can influence the organisational culture less, others still consider their impact paramount.

Where organisational values fail to lead

Respondents to the survey had a good grasp of their organisation’s values for which corporate leaders are responsible. More than 60 per cent agreed that they are aware of the organisational culture. More than 80 per cent said it was important to understand the purpose and objectives of their organisation. What is more, nearly 80 per cent said that they supported their organisation’s values. The survey did show an apparent disconnect between the perceived organisational value and how it works in practice. Only half of respondents agreed the organisational value works well in reality and 60 per cent said there were multiple subcultures within their organisation. Perhaps we need to look at how people replicate values within organisations. As one respondent pointed out: “The values and behaviours demonstrated by all levels of management have a huge influence. I have seen examples of very different cultures in teams within the same organisation due to the leadership of that team or division”.

Why destructive sub-cultures emerge

Sub cultures can become destructive where ideas and practices conflicting with the organisational value seem tolerated or even encouraged. Otherwise they can coexist mostly without harm in many complex or large organisations. This is because, like a

LEADING THE WAY Corporate leaders are expected to guide values and culture

participant said at an earlier roundtable event, “each one of us is a tone from the top of where we are”. So what if there are practices that make us wonder how they could live alongside the values of the organisation? Responses to our questions on incentives tell us something on this. When presented with a list of typical incentives at a workplace, a larger proportion of people positively responded to getting better recognition for one’s work, than to having more challenging work. Perhaps surprisingly, both these factors were cited as more important than earning more money. This is not to say that earning more money does not matter. Receiving better recognition for one’s work often comes with financial reward and might lead to promotion. But we should not confuse the recognition and the

Corporate Culture | Board Leadership

outcomes of recognition. People get recognised for their work because what they have done contributes to the organisation’s values and objectives. Giving financial rewards is a way of saying ‘thank you’ for doing so well and promotion is a show of trust in the person’s capability to drive the organisation further towards the shared organisational values.

The corporate balancing act

So how about aligning number-based targets with the organisational values? Although half of our respondents agreed that performance-related pay schemes help foster best performance, nearly two-thirds (65 per cent) suggested that such schemes may lead people to exaggerate or otherwise falsify their performance measures. Furthermore, just over a half of respondents said that in their

The concept of ‘tone at the top’ describes the attitude of corporate leaders’ guiding values and an ethical culture within the company organisation, targets that were easy to quantify take priority over more important but hard-to-quantify targets, such as quality. This goes against a caution from a respondent, on which we all should agree, that “performance measurements and targets should be set and agreed by both the employee and the appraiser. Further, individual targets should be in line with the overall organisational targets”.

Know what is happening within But what can board members do to address the complex issue of culture? Besides their tone-setting, it should involve understanding what is happening within the organisation.

It is not very encouraging that less than half of respondents thought that senior management know enough about what is going on lower down in the organisation. Furthermore, just below half of the respondents questioned if senior management was accurately reporting information to the board in their organisations. Perception plays a major role in corporate culture and ethical behaviour. If people don’t believe that corporate leaders know what is going on lower down in their organisation and are failing to receive accurate information, why should they follow the tone set at the top? www.accaglobal.com/culture

Spring 2016 | Ethical Boardroom 47

Board Leadership | Board Effectiveness

Effective board contributions in social enterprises Active and ongoing involvement in an organisation’s strategic thinking can lead to better focus on the road ahead

Boards and directors have become the subjects of much public interest in recent decades, especially following the succession of high profile company failures over the last 15 years. Ongoing reports of moral failures, hubris, incompetence, judicial investigations and sanctions published in the popular press have heightened awareness of boards and board performance amongst a broader constituency – much of which has cast boards and the important role they can play in organisations in a poor light in the minds of some. Despite the negative headlines that a few boards and directors have attracted, most boards are well-intentioned and most directors are committed to pursuing the best interests of the organisation. However, 48 Ethical Boardroom | Spring 2016

Peter Crow

Independent Advisor on Corporate Governance and Strategy; Chartered Company Director some directors reportedly struggle to perform their job as well as they would like, often because the appropriate role and functions of the board is unclear. Some boards, for example, take the role of the policemen, their primary task being to look after the interests of shareholders by ‘keeping the executive honest’. Other perhaps more altruistically inclined boards, think of themselves as stewards – a resource to be used to support the chief executive in the achievement of goals. Yet others think in terms of the board and management as a team (albeit with defined responsibilities), whereby ultimate accountability for determining the overall purpose, the direction of the organisation

and the overall achievement of agreed performance goals lies with the board and management is responsible for operating the organisation to achieve agreed goals and priorities. Furthermore, the now-popular term ‘governance’ (and many variants, including IT governance, organisational governance and clinical governance, among others) is seen in some quarters as being a panacea for all manner of organisational ills. Consequently, the landscape has become complicated! It’s little wonder that many different understandings of the function of the board and of board management interaction have emerged and, therefore, that some boards and directors are not nearly as clear about their role and contribution as perhaps they should be.

Social enterprise challenges While the introductory comments describe some of the challenges faced

Board Effectiveness | Board Leadership

Despite the negative headlines that a few boards and directors have attracted, most boards are wellintentioned and most directors are committed to pursue the best interests of the organisation. However, some directors reportedly struggle to perform their job as well as they would like

by profit-seeking companies and their boards of directors, the boards of social enterprises face similar challenges. The overall goal (social outcomes v. profit or shareholder wealth) and legal frameworks may be different, but the role of the board is essentially the same. Yet, when one looks at how the boards of social enterprises tend to operate, some interesting differences emerge. Over the last 24 months or so, I have worked with several hundred board members, trustees and senior leaders across the education, community and social service sectors in the UK, Ireland, Canada, Australia, New Zealand and Singapore, to understand how boards and board members actually work, and to make recommendations to improve board and organisational effectiveness. That most board members of social enterprises are volunteers who are deeply

and passionately committed to supporting their organisations serve their local communities is well known. Many also serve in the community as well. Consequently, board members are often highly knowledgeable of how things work and what it takes to get things done at an operational level. That many board members possess only a superficial level of knowledge about boards, governance and appropriate board interactions is perhaps less well understood. Board members typically don’t know what they don’t know in this regard, leaving them ill-equipped to contribute effectively. Unless effective training and development is provided, individual board members and, sometimes, whole boards respond by adopting ‘default settings’ based on what they do know. However, these default settings – summarised next – can impair the board’s ability to make effective contributions beyond operational tasks and decisions

(which should be the domain of management). As a result, the board’s ability to make an effective contribution in an effort to influence the overall performance of the organisation is compromised. Propensity to detail Many board members of social enterprises have a natural affinity for ‘detail’. Whether it is listening to detailed reports about specific situations or working through financial statements line-by-line, board members’ behaviour can be typecast as ‘liking to know what is going on’. In one discussion with more than 40 education sector governors, two contributors spoke passionately about the importance of board members conducting hands-on classroom inspections. The governors wanted to see what was happening in classrooms for themselves. “How else can we know that the children are safe and that the headmaster is reporting accurately?” they asked. Spring 2016 | Ethical Boardroom 49

Board Leadership | Board Effectiveness Narrow view Board members of social enterprises are often recruited from within the sector or the organisation’s membership, and they may potentially remain active contributors at an operational level as well. Board member candidates make themselves available to contribute around the board table because they are interested, knowledgeable, or, more simply, because they want a hand in decision making. To utilise relevant sector experience at the board table is good, but only to an extent. A homogenous group with similar backgrounds and thought processes is more likely to make similar assumptions because they look at problems from a similar perspective. They will probably also hold similar biases and have similar blind spots. As a result, viable and strategically important options may not be identified, simply because alternative viewpoints are not explored. Activity without a clear purpose Many board members come from a background of ‘doing’, as highlighted above. Consequently, satisfaction is achieved from seeing visible progress and from making hands-on contributions. Activity-based reporting is common (performance is measured in terms of KPI achievement) and decisions are made on the basis of budgets and merit alone. Over time, the clarity of purpose that was so lucid when the organisation was first formed fades away. The organisation is left to wallow, following processes, performing tasks or perhaps, unknowingly moving towards a whole new raison d’etre. While many social enterprises can continue to survive like this (some for extended periods), these ‘default settings’ can result in organisational stagnation, frustration among some board members (especially new members), poor organisational performance and, potentially in more extreme instances, disenfranchisement and collapse. Whereas board members generally arrive as enthusiastic contributors who are committed to making a difference, time and activity can see them worn down. What can be done?

Effectiveness lies in looking ahead

If the boards of social enterprises are to make effective contributions, the challenges and risks represented by these default settings need to be addressed. Boards need to lift their collective eyes from detailed operational matters and what has happened in the past, to focus their attention on strategic considerations and the road ahead. A useful starting point for this transition is the very word that has contributed much of the confusion – governance. The English word governance is derived from the Greek kybernetes (to steer, to guide, to pilot, typically, a ship). Thus, governance is an action word – one associated with setting direction and with navigating or guiding something towards 50 Ethical Boardroom | Spring 2016

a longer-term or major goal, with a purpose in mind. With this understanding to the fore, the role of the board then is to determine the overall goal and direction, and to actively oversee management to ensure the organisation implements the plan to head in the right direction and effectively so. Boards that wish to make effective contributions can do this by focussing their attention on the purpose of the organisation and several practices of strategic management.

If the boards of social enterprises are to make effective contributions, the challenges and risks represented by these default settings need to be addressed. Boards need to lift their collective eyes Purpose Purpose answers the ‘why’ question. The reason the social enterprise exists – its purpose – needs to be both determined and agreed. Best expressed as a statement of belief, clarity of purpose provides the motivation for all organisational activity. It becomes the North Star against which all major options tested and decisions made. Great purpose statements are those that, when pursued, result in effort being aligned and a significant impact being made. However, purpose ‘leaks’. Therefore, board members and the chief executive need to return to it – often – to remind themselves why the organisation exists. The message should also be repeated amongst staff periodically and whenever a new board member is appointed. Strategic management The practices of strategic management are well known in management research and in practice. Whereas strategic management has historically been seen to be a task of management (excepting approving strategy), emerging research conducted in the UK, Europe and New Zealand suggests that better outcomes might be possible if the board is actively involved in the practices of developing strategy (together with management); making strategic decisions in the context of approved strategy; and, both monitoring and verifying strategy implementation and the subsequent performance of the organisation.

Necessarily, ongoing involvement requires board members to be strategically competent and actively engaged in the work of the board and for the board to both support and constructively control management in their implementation of agreed strategic priorities. Here, strategic competence includes the capability and cognition of board members to ask appropriate questions, make adjustments and apply requisite skills with a strategic mindset. Good strategic competencies have been associated with good organisational performance.

Other factors worth considering

Group dynamics The boards of social enterprises tend to be large. Many have more than 10 members – some as high as 18! Larger board membership is often justified on the basis of ‘sharing the load’ and ‘not placing too much power with a small group’. Yet academic studies have shown that the optimum size of a high performing team is between five and nine members, with six being the ideal number. Beyond six, cliques start to emerge and the likelihood of free riding (also called ‘social loafing’) increases. Boards are no exception. Diversity Mixed boards have been heavily promoted amongst the board and governance community in recent years, especially in the Western world, as a means of broadening the discussion at the board table. Diversity can be great for ideation and for debating strategic options. However, it can also be bad for cohesion. That’s because the board needs to operate as a team. Academic research suggests that some similarity between board members is good (i.e. shared understandings, of purpose especially, but not the same physical attributes) because it enhances effectiveness in performing complex and unpredictable tasks, such as board decisions! The point here is that sameness is good in some ways (operating basis and purpose) and diversity is better in others (ideation and debate). Striking the balance takes maturity.

Summary

While not a silver bullet, this brief commentary suggests that board effectiveness is largely dependent on the expertise of board members and what they do when together in the boardroom – the board’s active and ongoing involvement in the organisation’s strategic thinking and strategic management practices – through the consideration of strategic options, strategy development, the making of strategic decisions in the context of approved strategy and the monitoring and verification of strategy implementation – appears to be significant. If strategically competent board members work together in this way, within the context of an agreed purpose, improved board effectiveness is not only possible, it is also potentially sustainable.

Direct to your Door! Email our team now at subscriptions@ethicalboard.com

South America | Trends

Latin America 2016 Emerging trends in corporate boards The last two years have been particularly challenging for corporate directors in Latin America. Winds of change are blowing strong and they are coming from different directions at the same time.

Tightening the belt

The end of the ‘commodities supercycle’ hit Latin American economies hard. Less demand and lower prices of oil, minerals or wood pulp translated into slower economic growth, inflation and currency devaluations. In the last 12 months alone local currencies have dropped from 10 per cent to 45 per cent of their value against the US dollar. Cheaper commodities also increased public budget deficits. The need for more resources is on the agenda of nearly every Latin American government and a wave of tax reforms, corporate rate hikes, loss exemptions and new collecting mechanisms have spread across the region. Economic pressures are forcing boards and management to adjust quickly. Just two years ago, projections forecast billions of dollars would be invested into green fields and capacity expansion. Now the priorities are much more tactical and short term: to cut costs dramatically, improve efficiency, adjust organisations and develop new customers outside of their traditional markets.

Transparency, reputation and compliance

It is no mystery that, in the age of internet and social media, business practices are becoming more transparent. Customers are more informed and empowered than ever to challenge corporate giants. Latin America is no exception but the local practices of government or family-controlled corporations are having a hard time adjusting to this paradigm shift. Recent scandals regarding competition and politics are a good example. As the role of state intervention in the economy decreased from the 1990s, competition law became more stringent in Latin America. Most governments have either strengthened the regulation itself or the 52 Ethical Boardroom | Spring 2016

Boards all over the region are more determined than ever to show a commitment to transparency Alfredo Enrione

PwC Professor of Corporate Governance, ESE Business School, Universidad de los Andes supervision and enforcing capabilities. Last year was particularly active, and a number of corporations in the paper, poultry and retail sectors were fined for anti-competitive practices. Many others are still under investigation. Their boards and CEOs are facing the challenge of significant drops in market value, economic penalties and severely damaged reputation. Another particularly affected area has been the interface of corporations and politics. This situation is true in most countries in the region but the most spectacular reactions are coming from Brazil. Just recently, the former president of Brazil, Luiz Inácio ‘Lula’ Da Silva was held by the police and his home was raided. Two days later and related to the same case, the CEO of Odebrecht, the largest construction company in Latin America, was convicted and sentenced to 19 years in prison. In the meantime, hundreds of thousands were protesting in the streets asking for new regulation and harsh penalties for the corrupt politicians and bribe givers. Accordingly, boards all over the region are more determined than ever to show to regulators, investors and the public their commitment to transparency, enforcing stricter codes of conduct and making sure that the proper compliance processes and structures are in place. It is symptomatic that most boards are now working to strengthen their risk and audit committees. Many, too, are setting up specialised committees on corporate governance or stakeholders/corporate affairs, even when the regulation does not force them to. At the same time, management structures

are also being reinforced in ethics, internal audit and compliance functions. It is also interesting to see that local directors are seeking training and education. Demand exploded and in most countries there are several director’s programmes to choose from. However, no country is ready yet to discuss a mandatory director’s certificate.

Learning to deal with more active institutional investors

In Latin America, the most important institutional investors are private pension fund managers (called AFPs).1 They manage the savings of almost on 100 million individuals and account for almost half a trillion US dollars. Despite the relative size of the assets under management, these investors were inclined to stay passive regarding boards and corporate governance. Regulation restricted their investments in a very limited pool of assets: mostly government bonds or local ‘blue chips’ controlled by either government or local business groups. Investment strategies dictated by regulation and the lack of deep financial markets left very little room for investors to ‘vote with their feet’. However, that is changing. Led originally by Chile and gradually followed by Peru, Colombia and Mexico, regulators now allow pension funds to diversify their investments into other kinds of assets and markets. As a consequence, powers are shifting and local corporations now need to work harder to win the favours of pension funds. AFPs are also challenging board decisions more often and in stronger ways. For instance, after eight out of nine board members approved a series of M&A operations, the largest electric holding corporation in the region had to face the resistance of AFPs. Technically, the company could have moved forward but the prospect of a long fight in courts and the media convinced them to step back. It took months and a couple of extra billion dollars to make the deal happen. Board members are also more sensitive to these new circumstances and even those firmly appointed by the controlling shareholders will think twice before engaging into a mud fight with local institutional investors.

Trends | South America

Delivering on diversity

Recent scandals also raised questions about the quality of board composition. In fact, Latin American boards are extremely non-diverse. For example, in the largest 100 firms in Latin America only 6.4 per cent of the seats are taken by women (it was 5.1 per cent in 2005). The quotient is improving but still lags behind other regions of the world, such as Europe (20 per cent), the U.S. (19.2 per cent) and Asia-Pacific (9.4 per cent).2 Nearly half of the largest 100 companies have no women board members. Ambev, Itau Unibanco, America Movil, Televisa, Cemex, Vale and Banco Chile are among the largest companies with all-male boards. Only eight have two women and more than one third of the women in corporate boards are members of the controlling family group.

This homogeneous landscape is getting challenged. Several women activist groups are succeeding in getting their message across â&#x20AC;&#x201C; sometimes with the help of mass media, think tanks and institutional investors. In summary, Latin American board seats are not as comfortable as they used to be. Some pressures are very context specific and others are just the product of global convergence, but legal and reputational risks feel more real than ever. Boards are working hard to improve their processes and to publicly declare their progress. The jury is still out. Administradoras de Fondos de Pensiones (literally Pension Fund Managers) 22015 Report by the CWDI â&#x20AC;&#x201C; http://www.globewomen.org/

It is no mystery that in the age of internet and social media, business practices are becoming more transparent. Customers are more informed and empowered than ever to challenge corporate giants

CHANGING TIMES Latin America boards are working hard at putting proper processes in place Spring 2016 | Ethical Boardroom 53

Board Governance | Audit Committee

Timothy Copnell

Chairman of KPMG’s UK Audit Committee Institute

Improving audit committee effectiveness The audit reforms sweeping across EU Member States (and beyond), the complexity of financial reporting, the broader and more complex risk environment and the unprecedented expectations of shareholders and regulators, require audit committees to be more focussed than ever on enhancing their efficiency and effectiveness.

When looking to enhance audit committee oversight, it is all too easy to focus on ‘leading’ or ‘best’ practices – and with good reason: these are processes, policies, or approaches that ‘work’. Yet, practices that work best for one organisation may not be ideal for another – especially in a challenging and complex 54 Ethical Boardroom | Spring 2016

Top tips to consider when developing, evaluating and refining oversight processes and practices corporate governance environment where corporate culture, financial reporting and other risks and governance needs can vary dramatically from entity to entity. However, I believe that certain guiding principles underlie the effectiveness of every audit committee. Even as specific oversight practices evolve to address changing risks, regulatory requirements and corporate governance needs, the right principles can help ensure that practices are applied effectively – that is, by the right people with the right information, processes and perspectives. To this end, I offer five guiding principles for audit

committees and boards to consider when developing, evaluating and refining the audit committee’s oversight processes and practices.

Five guiding principles for audit committees

These principles are essential to audit committee effectiveness and are vital to the independence, objectivity and integrity of the financial reporting, risk management and internal control processes. a strong audit 1 Have committee chair the right people on 2 Get the committee committee members ‘up to speed’ 3 Get though an induction process control of the audit 4 Maintain committee agenda access to the 5 Ensure ‘right’ information

Audit Committee | Board Governance GETTING IT RIGHT There are guiding principles that underlie the effectiveness of an audit commitee

need to keep in touch with key audit committee stakeholders, such as the board chairman, CEO, CFO, CRO, the external audit partner, the head of internal audit and others within the organisation. In many organisations, the audit committee chair meets regularly with each of these individuals as part of the process of developing the meeting agenda and preparing for each meeting. A successful audit committee chair should not only understand the importance of the audit committee’s relationship with these individuals but also have the interpersonal skills to build and maintain an effective working environment. The characteristics of an effective audit committee chair might include being: ■ An independent, proactive leader with confidence and integrity ■ A highly respected and experienced board member, who possesses strong financial literacy skills and time available to develop and closely monitor the committee agenda ■ A person with an excellent working knowledge of audit committee practices and internal control functions and risk management frameworks ■ A good listener and communicator, who can facilitate successfully ■ Able to champion open and frank discussion with discipline ■ Tenacious and prepared to ask tough questions

The right committee members

Members of the audit committee should be independent of mind and have sufficient skills, experience, Audit committee personal characteristics and diversity of thinking members must necessary for the role. be adept at Independence is a communicating cornerstone of the committee’s particularly with management effectiveness, when overseeing significant A strong audit and the auditors judgements and estimates. committee chair Audit committee members and be ready to Effectiveness often hinges must be adept at challenge and ask communicating with on the chair’s effectiveness. The essential characteristics probing questions management and the auditors of a strong audit committee and be ready to challenge and about the chair are often personal ask probing questions about the company’s risk attributes. They should company’s risk management be recognised for their and control systems, management leadership and vision and accounting and corporate be perceived by other reporting. Members must be committee members and management as able able, both in theory and in practice, to to set and manage the audit committee’s express views to the board that are different agenda. The chair should be acknowledged as to those of the CEO or CFO and be confident having the personal courage to raise and deal that they will not suffer. with tough issues and support other members It is up to the board to assess the integrity and to do the same. independence of an audit committee candidate, Formal meetings of the audit committee are so every member’s appointment is an occasion at the heart of its work. However, they are not for careful deliberation. The board should have its only point of contact with the organisation. a strong understanding of any regulatory The audit committee chair and, to a lesser definitions of independence and how a lack extent, the other audit committee members, of independence occurs and is interpreted in

practice; but it should also be mindful of situations where the definition of independence is met, yet practice determines otherwise. At least one member of the audit committee should have competence in accounting and/or auditing. What constitutes such experience will, of course, vary from organisation to organisation and each board should determine its own criteria having regard to appropriate regulation. In many cases ‘competence’ must go well beyond basic familiarity with financial statements. Members must be able to understand the rules and, more importantly, the principles underpinning the preparation of the financial statements and the auditor’s judgements. They must be prepared to invest the time necessary to understand why critical accounting policies are chosen and how they are applied and satisfy themselves that the end result fairly reflects their understanding. As such, past employment experience in a significant financial role or one that included oversight responsibilities for financial reporting, or a qualification in finance or accounting might be appropriate. Members should also have competence relevant to the sector in which the organisation operates and personal characteristics, such as integrity, strong interpersonal skills, sound judgement and the ability and willingness to challenge and probe. There is also value in having committee members from diverse backgrounds – people who are not afraid to ask simple questions, such as “Why is that the case?”, “What would one expect to see?” and “Tell me again because I still don’t understand”. These are good, simple questions that due to human nature can easily be overlooked by (say) the member considered to be the ‘financial expert’.

Getting committee members up to speed

For any new director, but particularly those joining the audit committee, a learning curve comes with the territory. Just how steep that learning curve is and how quickly a new director is able to contribute meaningfully to the work of the board and the audit committee, can hinge directly on the quality of the induction programme. Understanding the business – its operations, strategies, risks and management team – as well as the responsibilities and culture of the board and its committees takes time. But a structured induction programme – including essential information and briefing materials, quality discussions with key people and a ‘roadmap’ for getting up to speed – can greatly accelerate a new director’s integration and contribution to the board’s work. For new audit committee members, induction presents an added layer of complexity, given the intricacy and scope of the corporate reporting, risk management and compliance issues on the audit committee’s plate – not to mention the expectations of regulators, particularly in the financial services sector. Spring 2016 | Ethical Boardroom 55

Board Governance | Audit Committee A suitable framework for new audit committee members – and management and audit professionals supporting them – to consider as they develop an induction programme, might include: ■ Suggested reading for the new audit committee member, such as corporate documents and other briefing materials ■ An initial orientation session ■ Follow-up, one-on-one meetings with key people in the company to develop a deeper understanding of the business, its key governance and control processes and its leaders ■ Site visits Formal induction programmes for new members help ensure the individuals understand their responsibilities, the current issues and the specific circumstances of the organisation. However, the on-boarding needs for new members will vary from individual to individual, depending on a number of factors, including the director’s background and experience and the role the director is expected to play on the board and audit committee. As a result, all new audit committee members should be prepared to take responsibility for their own induction programme – working with management and others to determine how best to get up to speed and build a strong foundation for informed oversight.

Maintaining control of the audit committee agenda

Traditionally, audit committees were without prejudice to the legal responsibilities of the board – responsible for the oversight of financial reporting, audit quality and internal financial controls. However, in the wake of a series of corporate failures in the last 15 years, oversight of various new (often non-financial) risks has been added to the agenda of many audit committees. And these new risks – cybersecurity and IT risk, supply chain and other operational risks, legal and regulatory compliance

– become more complex each year (as do the audit committee’s core responsibilities). Keeping the committee’s agenda focussed is therefore crucial. This requires an agenda that is manageable (what risk oversight responsibilities are realistic?); a sharp focus on what’s most important (starting with financial reporting and audit quality); and allocating time for robust discussion while taking care of ‘must do’ compliance activities. At all times the responsibilities of the audit committee should be clearly documented and communicated – not only for the benefit of audit committee members, but also for the board, management and auditors.

Audit committees should regularly assess their processes, practices and the value they add to the organisation The audit committee’s terms of reference should also be co-ordinated with the responsibilities of other committees in the organisation – finance committee, remuneration committee, governance committee, risk management committee and other committees focussed on a particular risk (e.g. investment committee or environment, health and safety committee). These committees may be required to consider similar issues from different perspectives so care should be taken to define clearly the roles and responsibilities of each, when collaboration is required, whether cross-membership is allowed and whether the audit committee chair or members might attend other committee meetings as an observer (and vice versa).

Access to the ‘right’ information Audit committee oversight is only as good as the information available to the audit committee. Getting the basics in place is important – ensuring committee papers are timely, not overly long or complex (if possible),

prioritisation of the key issues that are well-signposted and clarity as to whether each issue is for discussion, information or decision. Equally, if not more important, is the committee’s access to and relationship with, management and others within the organisation. Paradoxically, the balance between strong relationships and robust oversight is at the heart of the audit committee role. A committee that fails to understand the line between oversight and management can easily find itself in a poor relationship with management; and effective oversight is difficult to achieve where management sees the audit committee as nothing more than a necessary corporate governance burden. Equally, an overly cosy relationship is unlikely to lead to effective oversight as challenging questions are all too easily avoided in such circumstances. The ideal place to be is where those working with the audit committee (whether it be the CFO, CRO or auditors) look to the committee as a useful partner or sounding board. The exchange of information flourishes in such circumstances and this naturally leads to better oversight. Finally, as most of the information at the audit committee’s disposal comes from management, audit committees should also consider what actions they could take to guard against asymmetric information risk. This might include engaging specialists to update the committee in certain areas or to simply provide a different perspective to management. Social media is also an important source of ‘unfiltered’ information. In practice audit committee effectiveness will hinge on many individual practices – but the above five guiding principles represent the essential building blocks. Having put the foundation in place, audit committees should regularly assess their processes, practices and the value they add to the organisation with a view to enhancing their effectiveness. Always remember, audit committee effectiveness is a journey – a constantly evolving goal. A committee that isn’t open to improvement is a dangerous thing! INFORMATION EXCHANGE The committee often provides better oversight if it’s used as a sounding board by senior management

56 Ethical Boardroom | Spring 2016

Board Governance | Communication

58 Ethical Boardroom | Spring 2016

Illustration by Brendon Ward www.inkermancreative.com

Ronald Reagan was dubbed ‘The Great Communicator’ 6 February 1911 to 5 June 2004

Communication | Board Governance

The great communicator Taking inspiration from Ronald Reagan and his galvanising speeches can help audit managers communicate effectively in the field of governance On the occasion of his 34th and last speech to the US on 11 January 1989, President Reagan reminisced about his years in the most powerful office in the world. In the catalogue of his observations on the economy, Gorbachev and returning to his beloved California, he commented on how he was seen. “And in all of that time,” President Reagan said, “I won a nickname: ‘The Great Communicator’. But I never thought it was my style or the words I used that made a difference: it was the content. I wasn’t a great communicator, but I communicated great things.” One of the most gifted and impactful communicators of the 20th Century – perhaps unnecessarily humbly – was seeking to focus on the importance of the message; on the importance of content. I was reminded of Reagan’s self assessment many years later when I was, of all places, standing before a group of graduates recently inducted into the kaleidoscope world of a professional accounting firm. From the back of the room, one of the freshly minted future partners 15 years hence raised her hand and asked a question that in all my years of presenting I had never been asked before. “Mr McLeod,” she said, giving me a status and seniority that I didn’t deserve, “what is the single most important thing in a company?” For a question so simple I found myself confounded. Was I to speak on behalf of all companies dating back to the invention of the word in 1150 – interestingly my research tells me that it comes from the old French military term compaignie meaning a ‘body of soldiers’ via the Latin word companion ‘one who eats bread with you’ – or should I narrow my scope of reference? Was I being asked to opine on a prioritisation of all issues that a company may face? Practicality – and the limits of my imagination – dictated that I respond with a reference point of the (then) previous 20 years. “Communication,” I said. “Communication,” I said again as if to make the first time saying it more impactful. “The single most important thing in a company is communication.” Just at that moment, when I was about to proceed to the next question, I heard the same questioning voice ask that most dreaded of

Tom McLeod

Managing Consultant, McLeod Governance follow up questions: “So, Mr McLeod, what does that mean?” I then took the audience, now aching for something akin to a presentation scuffle between the presenter and the questioner, away from their smartphones and talked to them about my violin theorem. My violin, theorem is this: every great song that I like has a violin. The genre makes no difference; the era makes no difference. If it has a violin I am going to like it. I struggle now – as I did that day with my governance inquisitor – to think of any catalogue of music that I hold dear that has not been graced by the orchestral descendants of Stradivari. And it is the same with an organisation. In my many years of reviewing what makes a strong company, the only constant determinant of strength is that it is an organisation that communicates well. I have never seen a strong company that has poor communication. As I retook the momentum in the speech from my governance inquisitor – in the manner of a general defending his flank

In my many years of reviewing what makes a good company, the only constant determinant of strength is that it is an organisation that communicates well. I have never seen a strong company that has poor communication – I remained perplexed by what it was that I exactly meant when I said communication. The professional risk or audit manager needs to be a good communicator. It is no longer possible – if indeed it ever was – to be a technical brilliant observer whose communication efforts were at the other end of the stakeholder engagement skills seesaw. So what is it that makes a good communicator in the field of governance, risk and audit? Not surprisingly, coming from an auditor, it is the view that for one to be able to determine what makes a good communicator you need

a dispassionate framework against which to measure your judgment. The framework that we have chosen is objectives; audiences; messages and medium. Taking each one individually:

Objective

Governance, risk and audit professionals often get this wrong and their failings undermine all their future efforts. As obvious as it is to say it, the objective is the essential ingredient in your communication strategy. Too often we see this step being overly complicated or nuanced. We have seen communication strategies based on fear (‘you have to do this or you will get into trouble’) or arrogance (‘you have to do this because we said so’). For us – the communication objective for a governance, risk and audit professional should be the betterment of how the organisation that you are working with manages risks and opportunities. There is no other raison d’être. Why does your function exist if it is not for the tipping of the risk/reward scale in your organisation’s favour? You need to be viciously clear about the objective as it will inform everything that you do in terms of engagement, influence and assurance. Equally, you need to be sure at this early stage that you have taken your stakeholders along on the proverbial ride with you – a misalignment between their expectations (‘we thought you are only the policeman’) and your expectations is fatal. Don’t underestimate how valuable a well- articulated objective is in reinforcing your importance and providing the basis for a proper resourcing of your strategy and function within an organisation. It is important to remember the setting of objectives is not the end in itself – now the real fun (and challenges) start.

Audiences

Imagine for one moment standing on a stage before a gender, age and culturally diverse collection of people (not to mention some that are sitting there looking at their smartphones and playing Candy Crush) singing an Italian aria with the backing music of death metal. What would be the experience for those ‘lucky’ enough to be in your presence? What is it that they would remember from the experience? Spring 2016 | Ethical Boardroom 59

Board Governance | Communication It is reasonable to assume that the audience would walk away disappointed, confused as to what you were doing and highly unlikely to rush to social media to recommend your best efforts to others. Yet, yet, yet – this is exactly what many people do when it comes to promoting subject matter expertise or function to their respective audiences. For a governance, risk and audit professional there are many differing levels of audience and each has different needs. Starting at the top is the audit committee – as custodians of the interests of shareholders they should be the ultimate focus of your communication strategy. How are you letting this constituency know that management has in place the appropriate systems, procedures and controls? Secondly, is management – and this is where one needs to not treat all management as homogenous. How do you define your executive leadership team? Are they all of the same effective level of experience and seniority and if they are not, does that matter? Do you need to go through the executive leadership team to speak with their direct reports? Are there some teams that need to hear your message, irrespective of their seniority (hint – it is good for all finance professionals to understand the importance of good governance, strong risk management and effective internal auditing)? Choose your audience well. One thing that has yet to be invented is a day with more than 24 hours in it. Until such moment as the time space continuum is disrupted, you will need to prioritise your communication effort. There is nothing more debilitating than to have delivered the right message to the wrong audience – much like singing an Italian aria with the backing music of death metal, really!

Messages

President of the United States yet somehow below us in a corporate life? Tell them what you are going to tell them – I want you to understand this risk and how it impacts the business. Tell them – this risk impacts the business in this way. Tell them what you just told them – because the risk impacts on the business this way, this is what you/we need to do about it. Equally, we are story tellers and story listeners. Why is it that the moment we put on our security pass and log into our work computers we leave behind eons of evolution as to how messages are best remembered? What is the interesting narrative that you are trying to construct? What is the human interest angle in the story and what, if any, imagery can you use to better convey your message? In the world of governance, risk and audit there are few better narratives than a fraud. Once a fraud has happened within an organisation (and stopped) you might as well

Medium

Too often a function’s communication strategy is determined by which medium they will use rather than going through the process set out above. That should not however undermine the importance of choosing the correct medium. For as long as we can remember, the chosen medium of the governance, risk and audit professional has been the report. A report, well written, is a story to behold. Too often, however, they are not well written and fall into that most despised of categories – received but not read. So the challenge then to us all is to find more appropriate or complimentary media – visualisation; (the occasionally dreaded) PowerPoint; dramatisation; podcasting. We

CHOOSE YOUR AUDIENCE Plan what it is people need to hear and see

Some messages

You have taken the time to set need to be your objectives in a measured and properly socialised way communicated and segregated your audiences with a great sense based on a pre-set criteria only to then try and think on your of urgency and feet as to what is the message others are slow that you want to convey. As basic as it again sounds release. Don’t make good of a bad – know what you want to say confuse the two situation by deconstructing ahead of time. Plan out what the fraud and seeing where it is that you want and need the processes fell down. your audience to hear. It will create an interesting narrative (Enron, One of my all-time favourite books is from WorldCom or Madoff anyone?); there is a – here he is again – the speechwriter to human element to the story (what drove that President Reagan, Peggy Noonan. Noonan person(s) to take themselves over to the dark was the gifted speechwriter behind Reagan’s side of ethical behaviour;) and – at least in the most famous and poignant ‘face of God’ tome United States with their great love of public after the Challenger space shuttle disaster. humiliation at the time of arrest with the perp In her book What I Saw At The Revolution she walk– you may be lucky to have imagery. recalled what makes a good speech – tell them Imagery doesn’t need to be photos, though what you are going to tell them; tell them; tell – a graph can tell a story as effectively them what you have just told them! Why is as an essay (other than this one, of course!). it that this simple lesson is sufficient for the 60 Ethical Boardroom | Spring 2016

Remember also, the need to define the immediacy of your message – some messages need to be communicated with a great sense of urgency and others are slow release. Don’t confuse the two.

need to communicate in a manner that our audience wants to consume the information, not in the way we want to communicate it. There is a fundamental difference. Perhaps the last words are best left to President Reagan. As the curtain closed on one of the most important presidencies of the modern era, he made one final observation about his impact on the United States. “We did it.” he said. “We weren’t just marking time. We made a difference. We made the city stronger, we made the city freer, and we left her in good hands. All in all, not bad, not bad at all.” On a different scale and different stage, may you say the same of your journey.

w w w . z e n i t h b a n k . c o m

Board Governance | Germany

Germanyâ&#x20AC;&#x2122;s liberal approach to corporate governance Excessive regulatory developments in corporate governance can lead to negative consequences

In its fifteenth year, the German Corporate Governance Code (Deutscher Corporate Governance Kodex or DCGK) continues to be among the shortest, as well as the most liberal of its kind, both internationally and in Europe.

Following several corporate crises in Germany that were considered to be the consequence

62 Ethical Boardroom | Spring 2016

Dr Manfred Gentz

Chairman of the German Corporate Governance Code Commission of poor corporate management, the Code was developed by a purposefully established commission, the Regierungskommission Deutscher Corporate Governance Kodex, which is still responsible for the Code today. Moreover, increasing usage of international capital markets by German companies, as well as the resulting rising expectations

of foreign investors towards German companies, should have been taken into account. The mandate issued by the Federal Ministry of Justice on 6 September 2001 was concise and clear: on the basis of the currently valid company-law regulations, a commission that was independent of politics and working on a voluntary basis was to develop a Code summarising the principles of good and responsible corporate governance. The Code was intended to inform about the rather complicated, particularly for foreign

Germany | Board Governance

investors, German Corporate Charter. Based on a comprehensible and well-arranged description of its main features, the effectiveness and quality of the German system was to be clarified. This particularly comprises the description of the German dual system, the statutory employee representatives in the supervisory board. Thus, especially due to the separate functions of management board and supervisory board, i.e. the duality of operational competency and responsibility, on the one hand and supervision, counselling and agreement/ approval competency on the other, the German system differs from monistic systems prevailing mostly in the Anglo-American regions, but also in many other countries in Europe and partially in force on other continents. Another distinctive feature is the legal co-determination of employees, which exists both on the corporate level (works councils) and on the supervisory board level. Today, it is still required to create more understanding for these two distinctive features – particularly outside Germany – and to reduce misinterpretations and resulting reservations vis-à-vis German corporate governance. From the beginning, the expectations of politics and the economy towards the Code were not limited to its information function. In addition, corporate governance and control were to be improved by the fact that the Code gives recommendations addressed to the management and supervisory boards of companies listed at the stock exchange. Thus, it was intended to strengthen the self-organisation of the German economy – below a legal regulation – on a voluntary basis. The recommendations of the Code concretise and complement the mandatory provisions of the stock corporation law. A legal obligation of complying with the recommendations does not exist. The Code relies on voluntary acceptance. Nonetheless, the recommendations are not legally irrelevant. With the ‘compliance declaration’ in accordance with § 161AktG (German Stock Corporation Act), listed companies have to report whether they comply with the recommendations of the Code and if not, possibly give reasons for not complying with them. The comply or explain principle that has been introduced in many countries in Europe also characterises the Code and highlights the decisive difference between legally not-binding recommendations and the mandatory and enforceable legal regulations of stock corporation law. The German Code differs from many other codes that are limited strictly to recommendations and do not offer the service of giving a comprehensive overview of a country‘s corporate governance in one document.

Although this has been questioned particularly in Germany within the context of downsizing discussions time and again, the commission convened by the German Federal Minister of Justice stuck to giving a concise overview of all relevant legal provisions in the Code. Surveys, such as that of the Berlin Center of Corporate Governance (BCCG), have shown that the German Code lives up to its role as information instrument – particularly for foreign investors – and is appreciated for it. In contrast to many other codes, the German Code stands out due to the fact that, in terms of recommendations and the few proposals contained, it is limited to guidelines and does not want to regulate every detail. Since the beginning of the work on the Code, therefore, the principle prevails to regulate as little as possible and only as much as is actually necessary. In doing so, the Regierungskommission follows the fundamental idea that every regulation, particularly by the legislator, limits rights to freedom. Each not necessarily needed legal regulation simultaneously weakens the self-healing and self-regulating powers of society and economy, as the regulator takes responsibility off them.

Honourable businessman

Normally, people have a good feeling for what they are allowed to do and what not. The stricter the regulation, the less people have to

In contrast to many other codes, the German Code stands out due to the fact that, in terms of recommendations and the few proposals contained, it is limited to guidelines and does not want to regulate every detail consider what is right and what is wrong. There is high danger that they simply take a subordinate role and do not think in a responsible manner anymore. A simple ticking-the-box approach is to be prevented. This would constitute a dangerous trend: no law and no internal regulation covers everything, the reality of life is always more diverse. So, people always need an additional indicator for the legitimacy of their actions. For the economy, this is the role model of the honourable businessman (ehrbarer Kaufmann), which should always be the basis for one’s own behaviour and decisions in a supervisory or management board. Even without any legal constraints, a honourable businessman knows what is right. Whoever behaves like a honourable businessman will also regain broad social acceptance for his actions, something that is rather lacking

at the moment. And the guiding idea of the honourable businessman is also the basis for the recommendations and proposals of the Deutsche Corporate Governance Kodex. Therefore, the German Code consciously relies on a healthy culture of variation within the scope of the comply or explain principle. Already in the preamble, it is pointed out that a well-founded deviation from a recommendation of the Code can be in the interest of good corporate governance. A recommendation should only be applied if it really makes sense for the respective company it its specific situation. Tendencies of arranging things so that compliance can be demonstrated or precautionary declarations of non-compliance, which are given more and more frequently for fear of potential actions in rescission, are seen by the Commission with great scepticism. Ultimately, both undermine the sense of the Code and destroy the confidence in this instrument of self-regulation.

Legal intervention

The Commission is also concerned about a trend to the juridification of the Code. Justiciability would be a meander and is opposed to the basic idea of the Kodex at the time of its introduction. A legal review and evaluation of declarations within the scope of the comply or explain principle would de facto lead to a legal compulsion to comply with the – not actually bindingly drafted – recommendations of the Code. Here, the drivers are the increased liability risks for members of the management and supervisory boards as well as actions in rescission of decisions of the annual general meeting that are supported by allegedly faulty or insufficient declarations of compliance. In Germany, the declarations of compliance are analysed by a number of institutions, such as the Berlin Center of Corporate Governance or the Center for Corporate Governance of the Leipzig Graduate School for Management every year. With their comprehensive studies that are broadly taken up by the media they create the necessary differentiated scientific transparency and, in the end, also the pressure to make changes and corrections that are considered as necessary by the stakeholders without generating a legal compulsion to comply. The Commission disapproves of the EU principles for controlling compliance or deviation declarations. The current elements of voluntariness and flexibility, combined with and based on increased transparency, should be maintained by all means. They should not be factually transformed into compulsory compliance by externally established controlling bodies and their criticism on the basis of predefined characteristics and formalities for compliance declarations.

Spring 2016 | Ethical Boardroom 63

Board Governance | Compensation MONEY TALKS Aligning pay with performance starts with goal setting

US compensation trends in 2016 Companies need to take time out to set agendas to ensure accuracy in proxy disclosures of executive compensation For calendar year-end companies in the US, proxy statements are filed with the Securities and Exchange Commission (SEC) and 2015 is a distant memory. Similar to previous years, we expect that most companies will receive overwhelming support for their say-on-pay (SOP) vote.

Shareholders have shown strong support for compensation programmes at US companies. Now, for decisions to be made in 2016 that will impact 2017 executive compensation, we believe ensuring and reinforcing pay for performance alignment will need ample time on compensation committee agendas.

Goal setting

Aligning pay and performance starts with goal setting. For annual and performance-based long-term incentives, many companies simply

64 Ethical Boardroom | Spring 2016

Patrick Haggerty

Partner at Pay Governance in New York set incentive goals on their annual operating budgets and long-range plans. Setting incentive goals at the appropriate level of â&#x20AC;&#x2DC;challengeâ&#x20AC;&#x2122; is essential to the success of the pay-for-performance model and thus shareholder alignment and credibility. On the one hand, these goals need to be difficult enough to motivate superior performance and meet shareholder expectations. On the other hand, goals that are prima facie unachievable could be demotivating. This process has become even more important and complicated in the context of SOP votes and the scoring of the difficulty of goals by proxy advisors. With increasing frequency, we have observed a push from compensation committees to receive a more robust discussion and analysis of incentive goal setting. Our findings and experience suggest

that the best practice approach for goal setting generally includes the following four items. First, goals need to be linked to the business model and business strategy. Next, compensation committees should be provided with a robust internal and external analysis of goal difficulty. Then, goals can be set in the context of guidance, analyst expectations, peer comparables, correlation with stock price and other factors. If a goal is below guidance or expectations, that should be explained fully to the committee. And finally, a multi-year history of goals, payouts and stock price reaction should be reviewed.

Investor outreach

We expect to see continued dialogue about executive compensation between company representatives and major investors. Typically, the top human resources and investor relations executives will lead the discussion about executive compensation with investors. Depending on the situation, the lead director

Compensation | Board Governance

and chair of the compensation committee will also participate. A major part of these discussions is about incentive design/metric, goals and pay-for-performance alignment. Investors often have specific goals they want to see for incentive plans. However, if management has clear rationale for specific incentive goals, investors are generally supportive. Having a defined process for goal setting as summarised above is helpful when meeting with investors. Before initiating outreach with shareholders, we recommend that companies undertake the following steps to develop a SOP engagement strategy. First, assess which institutional shareholders the company will target as part of the outreach effort. This list should start with those institutions that have the largest levels of ownership, with a particular focus on active investors. The governance groups within institutional shareholders should generally serve as the primary point of contact, although contacting the investment side of the house should also be considered in certain situations. Next, assess the company’s executive compensation practices against each institutional investor’s proxy voting guidelines. It is best to know the policies of each institutional investor targeted for outreach in order to optimise the limited opportunity for investor dialogue. Then, prepare supplemental analyses in support of the company’s executive compensation narrative, such as those that focus on how compensation actually received by management relates to company results. This type of analysis can prove particularly beneficial to outreach efforts by effectively telling the pay-for-performance story. Consider developing a realisable pay-for-performance analysis that shows how compensation aligns with total shareholder return and other key company metrics on both an absolute basis and relative to peers. Finally, while many companies primarily engage with investors during proxy season, there are significant benefits to meeting with major shareholders at other times throughout the year. We note that institutional investors are often more willing to meet and engage with issuers during the ‘off-season’ when calendars are less constrained and there are fewer pressures on investors to reach an immediate decision.

Evaluating long-term incentive designs and eligibility To ensure pay-for-performance alignment, we anticipate that many companies will review long-term incentive designs and eligibility. Long-term incentives make-up the largest component of executive compensation value. This type of review covers long-term incentive mix, type of vehicles used and incentive

designs, including performance metrics. We expect many companies to take a hard look at use of stock options due to dilution concerns if participants hold onto shares well after vesting. This is especially true for companies with underwater stock options. Further, we expect that companies will take a fresh review of performance share unit (PSUs) designs and relative total shareholder return (TSR) plans in particular. Several compensation committee members I work with have expressed frustration about relative TSR designs due to payouts for relatively flat TSR, payouts despite poor overall financial results and feedback from investors. A likely outcome are PSU designs with lower relative TSR weight, use of relative TSR that modifies results based on financial targets, or elimination of relative TSR. When long-term incentive performance metrics are strongly correlated to stock price, use of relative TSR may not be necessary. For some companies, this review is being pushed by activist investors wanting lower share usage in long-term incentive plans. As a result, we have seen an increased focus on long-term incentive award eligibility and grant date award levels. Over the past several years, we have observed a trend to tighten eligibility levels. For example, limiting eligibility to receive long-term incentives only to those employees with a minimum salary of $150,000. In terms of long-term incentive award levels, companies are conducting benchmarking studies to ensure that award levels are

lists of governance practices and CEO pay versus performance analysis using realisable or realised pay. Executive summaries have expanded to include retrospectives on financial performance, summaries of compensation plan design, key compensation decisions and illustrations of pay-for-performance. For proxies filed in 2017 for 2016 performance, the pay-for-performance alignment issue will likely be at the forefront of activity in 2016 due to the SEC’s pending rule, which is expected to be required in proxies filed in 2017. We have analysed the proposed rules and the implications for our clients’ proxy disclosures and pay for performance explanations to investors. We are concerned about the validity of describing a company’s pay-for-performance alignment using the disclosure mandated under the SEC’s proposed rules and its implications for SOP votes. For background, the SEC’s proposed disclosure was intended to facilitate a pay-for-performance comparison by investors. However, its definition does not chronologically align executive stock grants to the performance period for the calculation of total shareholder returns. As a result, the SEC’s methodology does not facilitate an accurate assessment of pay-for-performance. We believe that supplemental disclosures and the use of realisable pay in particular, will be critical in communicating the alignment of executive pay programmes with the financial interests of shareholders.

Institutional investors are often more willing to meet and engage with issuers during the ‘off-season’ when calendars are less constrained and there are fewer pressures on investors to reach an immediate decision consistent with market practice and company’s pay philosophy. The call to reduce share usage is driving some companies to adopt cash-based long-term incentives. Unfortunately, cash-based long-term incentives have accounting treatment that is less favourable than equity-based long-term incentives. Generally, the expense associated with equity-based long-term incentives is fixed on the grant date and accrued over the vesting/performance period. The expense for cash-based long-term incentives is remeasured over the vesting/performance period, resulting in variable accounting.

Enhanced and new CD&A disclosure

In recent years, leading companies have revamped their Compensation Discussion & Analysis (CD&A) disclosures to communicate and illustrate pay-for-performance through executive summaries in the CD&A, detailed

In a related trend, we also expect to see continued disclosure of compensation actions and adjustments that have been taken by compensation committees in the first quarter of the new fiscal year. For example, certain companies with fiscal years ending on 31 December 2015 disclosed compensation actions that occurred in the first quarter of 2016, which will effect 2016 compensation levels in the forthcoming proxy CD&A. One of the primary reasons for the additional disclosure is the belief of some companies that prescribed proxy tables and schedules do not allow for a proper alignment between reported executive compensation and the organisation’s most recent financial performance and returns to shareholders. Another reason that companies are making such disclosures is that compensation committees want to report to shareholders that they have taken actions, which reflect disappointing company performance and low returns during the past year.

Spring 2016 | Ethical Boardroom 65

Ethical Boardroom Keeping it Above Board

â&#x20AC;&#x153;Essential reading for boards who want to stay ahead of the governance curveâ&#x20AC;?

Technology | Information Governance

Barclay T. Blair

Founder and Executive Director, Information Governance Initiative

IG trends to look out for in 2016–2017

In a world of ever-growing unstructured content, companies are increasinly investing in information governance Information governance (IG) has always been important, but major events in recent history have thrust it into the mainstream conversation and for good reason. There was the infamous Sony hack. A few months later, the story about Hillary Clinton and her personal email server came out. Shortly after that, details emerged indicating that, when it came to compliance, a Silicon Valley unicorn valued at $4.5billion was allegedly cutting corners left and right. In today’s age of big data, organisations have more information than they know what to do with. Time and again, we’ve seen what can happen when IG is considered an afterthought if not overlooked entirely. To fully unlock the power of the information they have while reducing its associated risks, organisations need to put IG front and centre – and that’s exactly what many of them are doing. 68 Ethical Boardroom | Spring 2016

According to our research at the Information Governance Initiative (IGI), a think tank dedicated to creating and advancing IG best practices, organisations are investing significantly in IG. On average, those organisations doing IG and with fewer than 1,000 employees are working on four IG projects simultaneously, with each costing about $186,000. Perhaps not surprisingly, large organisations doing IG are spending even more. Our research indicates companies that employ at least 10,000 workers are tackling an average of seven IG projects at once, at a cost of $777,000 each. Lots of organisations are already spending significant money on IG this year. According to our report, nearly 50 per cent of practitioners expect the IG market will grow even bigger in 2016. With that in mind, here

are IG trends we expect to emerge in 2016-2017 as organisations, on average, increase their IG spend.

Most organisations will take at least some action on IG To paraphrase philosopher George Santayana, those who ignore history are destined to repeat it. There’s been no shortage of major news stories over the

Information Governance | Technology PROTECTING DATA Virtually all organisations are taking some action on Information Governance

agree that 2 Practitioners IG efforts are most likely to

succeed with C-suite support It can be difficult to get IG initiatives off the ground without C-suite support. All employees are busy and may be hesitant to take on additional responsibilities or try something new unless they absolutely have to – which is where upper management can help out. According to our report, two-thirds of practitioners agree that a high-level IG-specific role is essential for the success of an overall IG programme. This is why the IGI and its community have been calling for the creation of a new C-suite position, the chief information governance officer (CIGO). Broadly speaking, this person would be responsible for interdepartmental coordination, information leadership and risk and value balancing. The CIGO concept is gaining traction. Not only are there already some CIGOs, there are also many leaders who are leading the IG charge at their respective organisations regardless of their actual titles. We expect more and more organisations will create CIGO roles in the coming years.

As more and more IG projects commence, organisations are appointing IG leaders to help coordinate them, ensuring their success. There’s also an IG software category taking shape, too. As more and more organisations funnel funds into their IG efforts, we expect the emerging IG market to become even more defined.

5 approach IG from a reactionary stance Organisations are most likely to

Even if they’re fully aware of the implications associated with a lack of focus on IG, many organisations simply don’t have the luxury to attack IG-related problems to proactively attack. Our research reveals that, for the most part, organisations move IG initiatives forward due to external regulatory, compliance, or legal obligations. If those things don’t push IG forward, an external triggering event – like a lawsuit or a data breach – might force organisations to act. In a perfect world, organisations would take a proactive approach to their IG problems, making sure their house is in order before any triggering event occurs. That way, organisations could rest Security is at the front comfortably, knowing that, for example, of everyone’s mind their e-discovery costs will be as low as In the wake of a never-ending list of data possible because they know where all their breaches at places, such as Anthem, Target data is and they’ve already cleaned it up. and Home Depot, organisations arguably But it can be a lot harder to sell someone care more about protecting their data than on hypotheticals that have yet to take place, ever before. Thanks to those much-publicised particularly when there are other priorities breaches, organisations can reasonably guess competing for finite funds. As much as an what would happen to them organisation might want to get if they similarly neglected their started on IG, they might have In a perfect IG responsibilities. to wait for an event to force their Still, organisations cannot hand. As Winston Churchill once world, protect their data if they don’t never let a good crisis go organisations said, know where it is, how much is to waste. If it takes an external would take out there and what should be event to get your organisation done with it. Perhaps this is why started on IG, so be it. a proactive our research indicates the top approach But some of them IG project currently undertaken are taking proactive by organisations is updating to their IG approaches to IG policies and procedures. As problems, Understanding that it’s better organisations shift more of their to be in the driver’s seat of their focus on security, they figure making sure own IG programmes, some out what data they have and their house organisations are moving forward where it’s stored. After those is in order with IG initiatives from a determinations are made, they proactive stance. Yes, many then need to figure out what before any organisations wait for an external rules their information will triggering triggering event to put their IG be governed by to reduce the likelihood their data will come event occurs projects in flight. But it’s not ideal to be forced to respond to incidents back to hurt them. when you can instead anticipate The IG market is becoming them and plan your response before they occur. increasingly defined By taking a proactive approach to IG, A majority of IG practitioners agree that the organisations have a much easier time IG market continues to come into focus, accomplishing their IG goals. They don’t have according to our research. Practitioners in to wait until something they have no control large part believe that the work they are doing over forces them to act. Instead, they can is IG-specific. Companies are buying and assess their IG priorities and tackle them at selling services that are explicitly called IG. their own pace.

last few years that show exactly what happens to organisations when IG is neglected. To this end, smart decision makers are learning from the misfortunes of others and taking steps to insure they don’t suffer similar fates. According to our report, virtually all organisations are at least taking some action on IG. For the most part, these programmes are relatively nascent, though some organisations report their programmes are at intermediate levels of maturity. We can reasonably expect to see IG programmes continue to mature in the immediate future as more projects move forward.

Spring 2016 | Ethical Boardroom 69

Technology | Information Governance programmes continue to 7 IG be works-in-progress

According to our annual report, very few organisations are confident enough in their IG programmes that they’re comfortable calling them ‘advanced’. Of the organisations that are taking action on IG, a vast majority of them indicate that their programmes are either ‘nascent’ or ‘intermediate.’ This makes sense, because just like the technologies that power our organisations, IG is always evolving. For the most part, organisations are focussed on managing the risks associated with their information. Once the risks are under control, however, they can begin to really leverage the full power of their data. Only then will practitioners perhaps be comfortable enough to call their IG programmes ‘advanced.’ is important to IG – but not 8 Money as important as you might expect

Organisations need money to stay in business. Any time a decision is made about allocating funds, managers will do their due diligence to make sure the investment makes sense. As discussed earlier in this article, organisations

will increasingly unlock 9 Organisations the value side of their information

What a difference a year makes. According to our report, organisations today are focussing much more of their energy on tapping into the value side of their information compared to previous years. This trend provides evidence that once an organisation has solved its foundation problems and built a mature IG programme, paths to value creation open up. According to our report, nearly 20 per cent of organisations said the ability to glean business insight from their information was an IG driver. As IG continues to move into the mainstream, more and more organisations are becoming aware of the lucrative possibilities buried in the value side of their information. As organisations continue to build solid IG foundations, we can expect even more of them will create value from their data by masterfully managing it. also trying to mitigate 10 They’re risks associated with data that

could have been defensibly deleted It’s simply impossible for organisations that haven’t gotten started on IG to have any way of

problem with that request: the company had apparently deleted those documents and emails in accordance with its records retention policy. The trial court ultimately ruled that the company was right to delete those emails; no violation of the law had occurred. Who knows if the company dodged a bullet? But the company didn’t have to produce relevant documents in court because it had its IG house in order before the lawsuit came to light. As more and more organisations learn about what strong IG policies look like in practice, we expect they will develop similar policies and procedures that will help them defensibly delete data that’s no longer needed.

Organisations are concerned about data storage costs Virtually all organisations are trying to streamline their approach to data storage. Whether there’s duplicate data or other files and documents organisations no longer need for one reason or another, there’s no sense in holding on to more information than is needed or useful. It’s true that data storage costs have fallen remarkably over the last few years – and they’ll

BIG DATA As companies produce more data, IG is useful for dealing with how it is shared

of all sizes are tackling multiple IG projects at the same time. Perhaps somewhat surprisingly, they don’t appear to be too hesitant about spending a lot of money on those projects, either. Of course, money matters. But according to our report, only one-third of practitioners used actual numbers to sell IG internally – despite the fact organisations required providers to use actual numbers during the sales process. Taken together, these anecdotes suggest run-of-the-mill organisational politics and variables affect IG programmes the same way they affect any other initiative. 70 Ethical Boardroom | Spring 2016

knowing how much data they’re holding onto for no reason. But for organisations that have gotten started, a desire to mitigate risks associated with hanging onto data that could have been defensibly deleted was the third highest driver for IG. This makes sense: you can’t breach what isn’t there. In a 2013 lawsuit, a group of plaintiffs took action against a pharmaceutical company related to its marketing of a blood thinning medication.1 The plaintiffs filed a motion to force the company to produce emails and documents associated with the company’s former vice president of marketing. There was a

continue to fall as computing costs come down even further. But while it might not have been an issue in the past, organisations certainly don’t want to store excess terabytes or even petabytes of data unnecessarily. As organisations continue to produce more and more data, they’ll turn their focus on storage costs sooner or later. And after they do, at least some of them will learn how IG not only helps reduce storage costs but also transforms the way information flows across an organisation. 1 http://www.scribd.com/doc/172101574/In-re-PradaxaDabigatran-Etexilate-Product-Liability-Litigation-pdf

Technology | Digitisation DIGITAL DISRUPTION Businesses need to focus on embracing changes in technology

Executive communication in the age of digital disruption brings a time of change that shouldnâ&#x20AC;&#x2122;t be ignored

Board communication and digitisation Jan Hoffmeister

Managing Director, Drooms

Digitisation cannot be put off any longer. Some still try to ignore this, but most have come to terms with the potential and challenges of digital transformation.

Today, business processes are not the same as before â&#x20AC;&#x201C; they have been disrupted. As companies introduce digitised innovation, existing structures are reinvented, processes become slimmer and 72 Ethical Boardroom | Spring 2016

forms of entitlement change. A classic example of this revolution is the digitisation of executive communication, which requires not only being able to reduce paper documents, but also to review the importance of documentation and their organisation. We all have folders and documents that havenâ&#x20AC;&#x2122;t been looked at for years; however, we just cannot bear to delete them as we think they might be useful one day. The decision-making

process itself has changed, as much of it has become automatised and new roles and leadership skills are required, like in newly created roles, such as chief digital officers and data scientists. Digital disruption has opened new horizons for the business world, which needs to be able to keep up with the change.

Migrating to the cloud

According to a recent study, cloud businesses can generate 25 per cent more

Digitisation | Technology is cost cutting. Some argue that the digitisation of labour-intensive processes can cut costs by up to 90 per cent. Managers who are still opposing resistance to digital transformation, who are primarily concerned about the costs involved in setting the process in motion, are increasingly becoming the minority. A survey by McKinsey of 850 business leaders found that one-third believed that 15 per cent of their growth in the following three years would result from digital initiatives.3 Improving connectivity is the second benefit spurred by this transformation. Today, people are flexible in their work practices and companies are becoming increasingly international.

In order to gain further portions of the global market, cloud providers need to ensure high security standards; this is at least required by companies entering digital transformation

revenue compared with cloudless companies.1 This trend does not only pertain to big firms and it doesnâ&#x20AC;&#x2122;t show signs of slowing. In the US, 51 per cent of medium-sized and small businesses claim to use cloud services. Experts expect an annual growth rate of 40 per cent in the sector as more of the nationâ&#x20AC;&#x2122;s 12 million small businesses start using the cloud for storing data and other professional services. The UK is only marginally second to the US, with 47 per cent of companies using cloud software and 27 per cent using at least three cloud applications. Managers employ cloud services to perform daily tasks, such as accounting, but also to optimise practices of internal data management and sharing. Also, instead of buying expensive software and keeping IT staff busy with it, a cloud provider allows accessibility to the same functionalities but at a much lower price. The cloud is managed by the provider and not internally, so the IT department can spend their time focussed on projects that are more meaningful for the company. Being able to do more with fewer

resources allows a business to invest more efforts in R&D. Before feeling overwhelmed by the number of cloud providers active in the market, it is important for businesses to assess their business needs. There are so many services out there, so it is most important to prioritise: it is better to scale than to purchase products managers are not ready to implement â&#x20AC;&#x201C; or that may be useless to the business. The next step is determining what is most critical for the business by comparing the different providers and narrowing them down. In order to gain further portions of the global market, cloud providers need to ensure high security standards; this is at least required by companies entering digital transformation. Global research firm MarketsandMarkets expects that the global cloud security market will grow to $8.71billion in 2019.2 This represents an estimated compound annual growth rate (CAGR) of 15.7 per cent from 2014 to 2019. This process has several benefits in store, the first of which

In order to bring teams sitting in different global locations closer together, businesses need to provide themselves with technological support allowing for connectivity. On the one hand, employees who are on the move need to have access to relevant information anytime, anywhere; on the other hand, managers need to be sure that relevant documentation is kept safe from potential threats. Connectivity is not only about sharing; it is also about protecting data that is relevant to the survival of a business. When considering the transformative power of collaboration practices and technology, it is crucial to consider the risks implied in the adoption of the cloud in comparison with the use of on-site software. Many already do, according to the Cloud Security Alliance, as 64.9 per cent of IT leaders say the cloud is as secure, or more secure, than locally hosted software. With each wave of innovation comes its specific challenges.4

Cybersecurity

A study on cybersecurity recently published by PwC sheds light on the fact that data breach incidents dramatically increased in 2015. 5 Data breach incidents increased by 38 per cent over 2014; theft of intellectual property increased by 56 per cent in 2015; data incidents attributed to business partners rose by 22 per cent. As a result, a positive transformation among leaders can be identified as companies are allocating more resources to protecting themselves from cyber threats and data breaches. One of the trends of security and risk prevention is the increasing investment in secure cloud solutions, utilised by 69 per cent of the organisations audited. The location of the servers is a further crucial aspect of keeping data safe, and European locations guarantee the highest security standards worldwide. Spring 2016 | Ethical Boardroom 73

Technology | Digitisation Nevertheless, misuse or carelessness by a company’s employees still represents the biggest risk for data loss. According to SailPoint’s Seventh Annual Market Pulse Survey, in which more than 1,000 employees at large organisations were interviewed, password security still appears to be more of a suggestion rather than a must.6 More than half of those surveyed (56 per cent) reused passwords for both personal and corporate applications, potentially putting corporate data at risk when personal apps are compromised. Roughly 20 per cent share their login data with team members and one in seven employees would even sell their password to a third party. Digital transformation cannot happen without the expertise of leaders who can guide the company to change. Experts believe that technological disruption is outpacing the job market.7 Over the last five years, cybersecurity job postings grew more than 90 per cent. Security professionals see before them a bright future of exciting and well-paid jobs versus generalist IT professionals. In other words, cybersecurity is the hot topic for 2016. Creating a security-sensitive workforce is a challenge that will pay off.

boardrooms benefit from streamlined processes, but they will also optimise time. Moreover, executives and board members can access cloud applications from their mobile devices, thereby eliminating the constraint of meeting on the premises.

Going paperless

Today, executives can fully benefit from paperless workflows by checking their virtual notes during the meetings and making new notes that will stay protected in the secure cloud. The entire history of decision-making is documented in the data room, allowing for better prioritising processes. Therefore, it is crucial that managers can easily find Smart executive communication documents in their most updated versions. To At the core of the digital enterprise is ensuring facilitate this process, tools can notify every that communication processes between board member when a document is uploaded. executives are current with the latest The whole team is then aware of changes technological developments, instead of falling into banal i.e. stored in a secure cloud, that Migrating to the misunderstandings enabling increased connectivity. commonly happen in regular cloud means Tools allowing for better board email exchanges. Omitting communication must enable someone in email copy, or revolutionising flexible and agile data sharing even sending a confidential the way people while ensuring compliance with document to the wrong the highest security standards. email address, can not manage As regulatory pressures towards only jeopardise security, information compliance increase, managing but also hinder internal documents requires more decision-making processes. and workflows. control and continued overview. Instead, keeping the It is not about Moreover, streamlining board documentation within running old communication requires having the data room allows the software accessible beyond entire team to prevent the processes with company firewalls. Stricter dispersion or spoliation new tools; it is compliance requirements, of relevant information. managing numerous about thinking Compliance confidential documents, the differently Executive communications seemingly endless preparation are required to comply with and follow-up to board increasingly stricter reporting requirements meetings, and preventing confidential and regulatory pressures. Managers need to documents from falling into the wrong keep the most relevant company documentation hands – whether at a small- or medium-sized ready at hand because the chances of having enterprise or big corporation, are some of an audit have increased in the past few years. the challenges corporate secretaries and According to a survey of the top risks for 2015, other executive staff are familiar with. companies fear that potential changes in trade Centralised communication restrictions or other government sanctions Centralised virtual communications may limit their ability to operate effectively and document storage platforms allow and efficiently in international markets.8 The ability to respond to macro-economic professionals to focus on making business changes in a timely manner will depend decisions instead of being concerned with a on the boardroom’s ability in increasingly pile of paperwork for the preparation and complex knowledge management. follow-up of board meetings. Not only will

74 Ethical Boardroom | Spring 2016

Safe clouds

As threats to cybersecurity increase, companies need to protect their data and keep confidential processes safe. A leak of management bonuses posted online by a malicious hacker can be highly damaging to a company’s reputation and have an impact exceeding reputation alone. It can turn prospects and potential customers away from the company. In addition, data privacy regulations are also becoming increasingly strict, in that the dispersal of personal information regarding employees of a company can have, for instance, severe legal repercussions. To this extent, making sure that data is stored in Europe and handled by a European provider can make a big difference in keeping this information safe, especially given the uncertainty around the Privacy Shield agreement. The encryption of data with a 256Kbps key is the core requirement for secure data rooms. In addition, managers should be able to administer permissions and monitor access to the data room. Functionalities, such as real-time reporting, allow for keeping track of who is looking at relevant documentation. Migrating to the cloud means revolutionising the way people manage information and workflows. It is not about running old processes with new tools; it is about thinking differently and adapting to an increasingly complex macroeconomic context. Companies that accept the challenge of digitisation have a chance to improve their processes by leveraging cutting-edge technology. Over time, the cloud will be able to process increasingly large amounts of data to deliver the most relevant information at a glance. The era of manual information digging that took hours and days has passed. Today’s executives need only to focus on making decisions that grow their business. 1 http://www.techrepublic.com/article/do-small-businessesmake-more-money-with-the-cloud-new-study-says-yes/ 2 http://www.marketsandmarkets.com/PressReleases/ cloud-security.asp 3http://www.mckinsey.com/businessfunctions/business-technology/our-insights/the-digitaltipping-point-mckinsey-global-survey-results 4https://blog. cloudsecurityalliance.org/2016/02/08/2605/ 5http://www. pwc.com/gx/en/issues/cyber-security/information-securitysurvey.html 6https://www.sailpoint.com/blog/2014/12/201 4marketpulsesurvey/ 7http://burning-glass.com/research/ cybersecurity/ 8http://www.protiviti.com/en-US/Documents/ Surveys/NC-State-Protiviti-Survey-Top-Risks-2015.pdf

Can one really separate governance from compensation? Compensation from governance? At HCM, we donâ&#x20AC;&#x2DC;t think so. HCM is a leading international independent advisory firm that support boards of directors, senior management, and control functions of companies of all industries to make their governance (including compliance) and compensation more effective. We understand the financial and behavioral bottom line.

www.hcm.com

Technology | Boardroom VISUALLY CONNECTED Modern meeting rooms often link up remote workers across the globe

Technology for an effective boardroom Harnessing creative technology solutions in the boardroom can improve productivity and enhance your reputation Company X has a meeting with one of its biggest clients to discuss investment for the following year. Everyone is seated around the table, anxious to see the all-important documents and financial figures that could sway how the partnership pans out. Company X has created a brilliant all-singing, all-dancing video presentation to clinch the deal. But there’s a problem.

Company X is primarily Mac-based, but its client has Windows machines and no one can find a HDMI or DisplayPort adapter. After several minutes of frantic running around and phone calls to the IT department, executives from both companies huddle round a 12-inch laptop instead, tilting the screen back and forth to stop the light reflecting from the bright sunshine beaming through the windows, and peering over each other to squint at the small screen’s display. This may sound far-fetched or a scenario from days of yore, but it’s a situation we witness in today’s meeting rooms on a regular basis. Despite the proliferation of devices, such as tablets and smartphones, and a shift from hardcopy to digital for nearly every type of media, too many business meeting rooms are 76 Ethical Boardroom | Spring 2016

James Ward

Managing director at Electric String ill-equipped to deal with the equipment staff use on a day-to-day basis, making meetings an often frustrating experience for everyone involved. Whether it’s the boardroom, conference rooms, meeting rooms or reception areas, an effective working space allows for better communication, brainstorming, idea creation and decision-making. Making an impression in the areas where external visitors and clients spend most of their time while in your premises, can also enhance the way you are presented to the outside world. Sumptuous leather chairs, solid cherry wood boardroom tables and dry-wipe whiteboards are no longer enough to furnish a boardroom; the latest technology is essential for the creation of a fully functional workplace.

Changing needs

Modern meetings connect increasingly global teams and remote workers from anywhere and everywhere, with a growing focus on videocentric collaboration. Reports suggest 25 per cent of meetings have at least one mobile video participant on the call, with 78 per cent of mobile video meetings taking place via Apple devices. The explosion of bring your own device (BYOD), where company employees work on the device and software of their choice, has

also changed how many businesses operate. Researchers at IT analyst firm Gartner estimate that four in 10 organisations will rely exclusively on BYOD by the end of this year, as employees increasingly use their favourite device to instantly access corporate portals and apps, calendars, productivity tools, and back-end systems, irrespective of whether it is Windows, Mac, iPhone or Android. Many companies are using board portals – collaborative software that allows the board of directors to securely access board documents and collaborate with other board members electronically – in meetings and often they will want to hook up to a large screen to share data visually. And, of course, with all this new technology, there’s also increasing demand for wireless connections to avoid both connector issues and unsightly cables.

What technology can do

In fast-moving global corporations, technology is an enabler. With an increase in board duties and growing regulatory scrutiny, a quickening in the pace can help organisations achieve their business objectives with minimum disruption, Technology available today allows virtually anything to be controlled, automated and integrated in sequence with everything else. Automating a meeting room also enables anyone to get the most out of technology without really needing to know how everything works.

Boardroom | Technology

CONNECTIVITY An automated boardroom allows any device to be easily controlled

AUDIO VISUAL The right equipment can help meetings run smoothly

C SPACE Modern companies can enjoy multiple technologies working in harmony

Typically, the average boardroom member is not a technology expert so it is essential to offer an intuitive experience. If it is done correctly then meetings can be more productive and allow the individual benefits associated with personal devices to be meshed together for a group. With devices connected, it is also essential to allow control of the audio, video and environment in a simple manner. Individual technologies should be transparent so that multiple technologies working together are in harmony. For example, a company could bring in moving walls and dividers; sensors on the moving panels to allow a system to know what the room configuration is and the option to reconfigure the audio, video, lighting and blinds â&#x20AC;&#x201C; all of which can be controlled by one device, such as a touchscreen tablet.

Productive meetings

Brainstorming sessions can be recorded and referred back to, people can collaborate on designs together and even collaboration outside of the meeting circle can be achieved via multiple meeting rooms or a remote worker connecting in from home. Automated boardroom control systems can use devices, such as an iPad, to control a screen, projector, hoist, sound, lights, curtains and switching equipment, ensuring a boardroom could be set up to watch video or screen a presentation in seconds, rather than minutes, with the touch of a button.

HD video conferencing and collaboration solutions specifically designed for any meeting space ensures board members can enjoy face-to-face interaction and share knowledge with others without wasting valuable time travelling. Take this featureâ&#x20AC;&#x2122;s opening scenario. Company X needed an automated system that delivered perfect sound and picture quality that would enable it to showcase its work at its best. And, because its boardroom is also a meeting room that is used by a multitude of company users, as well as guests, it needed flexibility in connectivity. The simple installation of a beautiful 84-inch LED screen into the main boardroom, alongside device-independent, wireless connectivity, would have saved Company X the embarrassment and frustrating meeting experience.

What you need to consider

Every company is different and each set of requirements is too. The main thing that needs to be kept in mind is what the company really needs. There is so much technology out there that it can become tempting to put as much tech into a boardroom as possible; however this is rarely needed, nor wanted, and the key is to understand how the space can be used optimally. Consider whether you need to communicate with other offices, external companies or

There is so much technology out there that it can become tempting to put as much tech into a boardroom as possible; however this is rarely needed, nor wanted, and the key is to understand how the space can be used home workers and how you need to communicate with them? Do you need visual collaboration? Do you need to share data or work on documents at the same time? In addition to AV equipment, a good boardroom automation system can include lighting, air-conditioning, blinds and curtains, video-conferencing, motorised screen mechanisms, the list goes on. At my company Electric String, we once installed a motorised lectern that could go up and down, depending on whether the speaker was on the tall or short side. The key is not how much technology is used but what is appropriate for the company and how it is integrated together.

Choosing the right provider

A good installation company is not necessarily one that has all the right badges and accreditations. While these are never a bad thing to have, it is much more useful to find an installation company that has experience in your sector, can demonstrate systems in recent installs and can supply good testimony from existing clients. The ability to remotely monitor installations is a good indicator that a company knows what they are doing as they will typically be able to spot issues as quickly as, if not quicker than, you. Providing the most dependable, streamlined and innovative systems can help your employees stay focussed on their work and ensures better collaboration. Spring 2016 | Ethical Boardroom 77

Middle East | Corporate Governance

Resilient governance helps companies weather unrest â&#x20AC;&#x201D; and re-emerge stronger

Getting it right in times of conflict Many countries around the world are in fragile circumstances, facing severe political instability and conflict or emerging from years of prior conflict.

Currently, 35 countries and states are identified as fragile or conflict-affected, according to the World Bankâ&#x20AC;&#x2122;s rubric. The 78 Ethical Boardroom | Spring 2016

data suggests that these same countries will be home to half of the worldâ&#x20AC;&#x2122;s poor by 2030, in part due to the economic fallout from instability: shattered markets, shuttered companies, lost jobs and declining incomes. Since the Arab Spring uprisings of 2011, more countries in the Middle East and North Africa have been added to that list, which now includes Afghanistan, Iraq,

Sanaa Abouzaid

IFC Corporate Governance Lead, MENA

Lebanon, Libya, Syria, the West Bank and Gaza and Yemen.1 Companies operating in such environments have a double helping of business challenges. In addition to typical issues, such as competitive positioning, growth management, budget constraints and shareholder relations, they face challenges associated with functioning in an unstable environment, such as limited

Corporate Governance | Middle East access to finance, disrupted supply chains, unreliable utilities and reduced productivity. Faced with these challenges, companies in conflict-affected markets need to work twice as hard as firms in stable markets, merely to survive. To mitigate the contextual risks, sound and robust corporate governance standards are an absolute must. While not an antidote for the unstable and fragile business environment, attention to key corporate governance fundamentals can help companies operating in such contexts weather the volatilities and, potentially, emerge stronger than before.

Establish a strong leadership team

The ability to manage through crisis and emerge intact starts at the top. While this applies to all companies in all markets, it is of paramount importance to companies operating in fragile and conflict situations. Clear-minded and energetic leaders can boldly steer the ship and instill confidence. An active, professional, engaged and plugged-in board will keep the company abreast of news and developments, allowing for rapid responses and quick adjustments in fluid situations. Having the right teams in place at the board- and senior management-levels will also enable the articulation of a clear, well-defined and flexible strategy. This strategy could mean the difference between weathering the turbulence and being destroyed by it. In countries, such as Yemen, where civil war has escalated the severity of the political and economic stress, IFC is working with senior executives and board directors to help them better navigate through the difficulties. A recent seminar jointly hosted with the Yemeni Institute of Directors drew senior representatives from 23 Yemeni companies, who are taking what they learned about managing through crisis to make better decisions on operating during the war. In extreme circumstances of political instability, as in Yemen, company survival may depend on the ability to act quickly and temporarily relocate operations elsewhere. Guided by strong and decisive leadership teams, several Yemeni companies have moved to more stable markets, such as Jordan and the United Arab Emirates. Once the situation in Yemen normalises, they plan to return. These decisions are not easy. Identifying the optimal timeframe, location and resources and, above all, implementing the plan hinges on having a properly functioning, professional leadership team. This includes a well-networked board of directors, whose foreign business connections can prove quite helpful in guiding such a move.

Develop a succession plan and update it frequently

The sudden loss of senior leadership is a

common reality for companies operating in fragile and conflict-affected markets, as executives may relocate to more stable environments. Without a pipeline of talent that has been groomed, trained and prepared to take over, this loss could prove catastrophic. To mitigate the risks, succession planning is critical. Plans should include a clearly defined chain of command if the CEO and other executives depart, along with detailed job descriptions, roles and responsibilities at all management levels. Plans are to be updated frequently as the situation evolves, so that successors are ready to perform from day one. In this way, essential business functions are sure to continue, even if key people leave. Companies operating in unstable markets may have difficulty attracting top talent from the usual outside sources. To enhance the management pipeline in support of their succession plans, companies should look inward instead, where high performing members of their current staff can be groomed for increasing levels of managerial responsibility. In addition, they can turn to a vast source of untapped potential: women. In a region where women’s participation rates in the workforce fall well below the 50 per cent global average, bridging the gender gap by hiring

The sudden loss of senior leadership is a common reality for companies operating in conflict-affected markets. Without a pipeline of talent this loss could prove catastrophic more women and training more female executives for higher level leadership roles represents a major opportunity for companies to replenish their talent pool. For this reason, IFC’s MENA corporate governance team works in countries, such as Iraq, to strengthen the pipeline of qualified women who can assume leadership positions, such as board directorships. Recently, IFC partnered with Iraq’s Women Empowerment Organisation to provide corporate governance training for more than 20 current and prospective female directors, to better prepare them for these roles.

Create a robust control environment

A tested and well-documented set of policies and procedures, featuring strengthened risk management, internal controls and audit functions, can equip companies with the tools they need to preserve assets and protect against fraud or other criminal activity in the midst of broader uncertainties. If the company loses key people or relocates to a more stable market, written documents that detail policies, approaches and procedures

will help steer through the new operating environment and enable a more rapid return to normal activity. Firms, such as IFC client Bank Audi, have seen positive results from strengthening their control environments. Based in Lebanon, Bank Audi has survived multiple periods of instability, in part by improving corporate governance fundamentals, such as risk management and internal audit. Bank officials have said that stronger corporate governance helped shore up Bank Audi’s position, contributing to a 14 per cent compounded average annual growth in profit since 2008, achieved despite the challenges facing the country.

Good governance can give nervous investors confidence

Among the biggest obstacles for companies operating in stabilising but still fragile markets is limited access to finance. Local banks may have liquidity issues, so companies often turn to foreign investors to raise funds. However, foreign investors – even those with a strong risk appetite – could balk at the prospect of wading into uncertainty. Governments and regulators in markets that have achieved a certain degree of stability have an important role to play here. They can help ensure a predictable and well-monitored legal and regulatory framework to protect investors and minority shareholders. They can implement corporate governance standards that strengthen transparency and disclosure requirements. They can be proactive in developing new regulations that further enhance stakeholders’ protections so that when the market stabilises and investors return, there is increased confidence in the safety of investments. In the West Bank and Gaza, the Palestine Capital Market Authority (PCMA) is taking such steps. After establishing a framework of regulatory requirements, PCMA collaborated with IFC to develop and implement a corporate governance scorecard. The scorecard provides investors with data on the corporate governance practices of local companies. It also gives companies a tool to determine the status of their own governance and measure how well they comply with the requirements. Attention to corporate governance fundamentals can strengthen the private sector’s resilience in fragile and conflictaffected situations. They give companies the flexibility they need to respond rapidly if conditions deteriorate. When the situation improves, these same fundamentals will help markets and companies rebound quickly, so they can return to normalcy and resume their role as powerful engines of economic growth in countries desperately in need of such activity. Sometimes crises may breed the best opportunities. http://pubdocs.worldbank.org/pubdocs/publicdoc/2015/ 7/700521437416355449/FCSlist-FY16-Final-712015.pdf

Spring 2016 | Ethical Boardroom 79

Corporate Governance Awards | Introduction

Ethical Boardroom Middle East award winners 2016 It’s a given that good corporate governance practices need to be fully integrated into the culture, strategy and operations of an organisation.

And in the Middle East region significant progress has been achieved over the past decade in establishing governance frameworks, particularly at listed companies in markets where corporate governance codes apply on a comply or explain basis. But numerous challenges lie ahead, such as the ability of listed companies to attract more institutional capital to the region’s markets, especially amid an increased focus on the effectiveness of boards following the opening of Gulf markets to foreign investment. The quality of disclosure practices is believed to be a key concern for foreign investors, as outlined in the recent Corporate Governance for Competitiveness in the Middle East and Africa report by UAE-based conglomerate Crescent Enterprises and the Pearl Initiative, the not-for-profit institution working across the Gulf region of the Middle East to influence and improve corporate accountability and transparency. According to the report, improving the governance of businesses, particularly family-owned firms that comprise the majority of non-oil economy in the Middle East, is a top concern for the region with assets estimated to be worth trillions of

80 Ethical Boardroom | Spring 2016

dollars expected to be passed on from one generation to the next in the region within the next five to 10 years. The report also provides a number of recommendations concerning the state-owned (SOEs) sector, noting that SOEs are generally not subject to competition law and other relevant legislation, or the corporate governance guidelines that apply to private firms. Strengthening the pipeline of female talent through to senior levels is an area that has seen significant strides made over recent years in the region but there is still much work to be done, with the number of women advancing to senior executive and board levels within organisations in the GCC remaining low. According to research by the Pearl Initiative on Women’s Careers in the GCC: The CEO Agenda, fewer women enter the workforce in the GCC and fewer make it to senior positions than in almost any developed region, because too many women opt out of their career before they get that far. Improving gender diversity

Strengthening the pipeline of female talent through to senior levels is another area that has seen significant strides made over recent years but there is still much work to be done

will lead to more competitive and wellgoverned organisations across the Gulf region. Current initiatives to increase the number of women in the GCC are outlined on page 10. The Ethical Boardroom Corporate Governance Awards recognises and rewards outstanding companies who have exhibited exceptional leadership in the area of governance. The awards highlight the important role that corporate governance plays in dictating a company’s success and a board’s contribution to the creation of long-term value. We’re proud to announce the Ethical Boardroom Corporate Governance Awards 2016 Winners in the Middle East.

The Winners | Corporate Governance Awards

AWARDS

WINNERS 2016

MIDDLE EAST

OUR WINNERS FINANCIAL SERVICES: ABU DHABI COMMERCIAL BANK TRANSPORTATION: DP WORLD MINING: SAUDI ARABIAN MINING COMPANY (MA’ADEN) TELECOMS: OMANTEL INSURANCE: RAK INSURANCE CONGLOMERATE: SAVOLA GROUP LEISURE & ENTERTAINMENT: DUBAI PARKS AND RESORTS PJSC INDUSTRIAL SERVICES: SAUDI ARABIA BASIC INDUSTRIES CORPORATION (SABIC)

UNITED ARAB EMIRATES ■ Abu Dhabi Commercial Bank ■ DP World ■ Dubai Parks and Resorts PJSC ■ RAK Insurance

SAUDI ARABIA ■ Ma’aden ■ SABIC ■ Savola Group

OMAN ■ Omantel

Spring 2016 | Ethical Boardroom 81

Corporate Governance Awards | RAK Insurance

AwARds

WinnEr 2016 middlE EAST INsURANCE Andrew smith

Chief Executive Officer, RAK Insurance

RAK Insurance Stepping up to the challenge The UAE-based insurance provider is committed to developing effective mechanisms to communicate with all stakeholders 2015 was a challenging year for the insurance market in the United Arab Emirates. While total insurance premiums significantly rose, premium rates continued to drop. RAK Insurance’s strategy is to grow its market share by maintaining its commitment to becoming a leader in providing bespoke and differentiated products to its target market segment. Innovation in product offering, value for money, improved benefits, wider customer delivery options and holistic customer service are just a few of the areas that set RAK Insurance apart from its competitors.

Corporate governance highlights in 2015

RAK Insurance has continued to place significant importance on implementing a robust corporate governance culture. The actions initiated in 2013 for introducing corporate governance procedures were implemented in 2014 while further improvements and enhancements in 2015 ensured an agile and sustainable culture. The board of directors, fully committed to its accountability to all shareholders and regulators for the performance of the company, ensured that the organisation prospered with 82 Ethical Boardroom | Spring 2016

its continued support of the management team. 2015 was also notable for being the year in which RAK Insurance’s first female board member was elected, providing diversity and broader representation of the market. RAK Insurance strongly believes that to have the best corporate governance practice is commensurate with having the best management practice within the company. The executive management, together with the board of directors, strictly adheres to the highest ethical standards, sets appropriate business goals aligned with management, taking into account the stakeholders’ value, and has a reporting system structured to provide transparency and accountability. The organisation of the company is structured to ensure good corporate governance, with delegation of authority at the centre of its philosophy of empowerment and transparency. The UAE Insurance Authority has started a programme of improved regulation of today’s dynamic and competitive market. For its part, RAK Insurance board of directors, along with the chief executive officer, decided to appoint additional staff to strengthen the existing internal controls and compliance monitoring. In this way, the company ensures compliance with all applicable laws, rules and regulations, including but not limited to the corporate governance discipline and standards.

Risk management and compliance systems in place

In order to address the need for continuous, up-to-date governance in the company, a head of risk management was appointed at the beginning of 2015. Through the collaborative efforts of the internal audit, compliance and risk management departments, an implementation programme was designed that includes reporting systems ensuring transparency and provisions of regular feedback on matters affecting the various stakeholders. A compliance self-assessment questionnaire, based on insurance authority laws, federal laws, board of directors’ directives and any other regulatory laws encompassing the insurance market, was prepared to ascertain the adherence of RAK Insurance. A department-based, company-wide report is prepared by the compliance department on a regular basis to ensure that respective departments are aware of any compliance issues so that necessary actions to mitigate discrepancies can be taken immediately. Regulatory reporting timetables are prepared, circulated to all the departments and is monitored closely so that submissions to regulators are completed on time. FATCA analysis for the company was undertaken in 2015 and the inputs shared within the company, which in turn has implemented the recommendations in the

RAK Insurance | Corporate Governance Awards first ever unit-linked insurance policy launched by the company.

Anti-money laundering Money laundering is becoming an increasing area of focus for governments and sanctions in the UAE. In adherence to Money Laundering Law 13/2015, Article 6, all employees in the company have been trained to identify money laundering and are assessed as part of the company’s approach of continued anti-money laundering assessment. Effort has been exerted to ensure that agreements are in place with all parties who have dealings with RAK Insurance including broker agreements, reinsurance agreements, vendor agreements and third-party agreements.

Managing risk Risk management in RAK Insurance has continually evolved in 2015 and some of the highlights include: ■ A concrete risk management and risk governance framework was approved by the board of directors ■ Policies, procedures and process flow documentations were created and implemented within the company ■ Company-wide risk register as per ISO 31000 standards was created and quarterly risk reports are generated and shared with the executive management

In accordance with the goals and objectives, and to complement the growth of the company within a sound ERM framework, the risk management department has embarked on a journey to create a sophisticated risk appetite statement that will help the company ensure adequate capital is maintained to provide coverage for expected and unexpected losses. It will also provide clarity on risk aggregation and risk diversification and act as a tool in selecting corporate level risks and returns and identify what risks and how much risk can be taken by each department or line of business and corresponding returns. The risk appetite assessment framework and implementation programme ensures that it reflects the board of director’s vision for the business, is consistent with RAK Insurance’s control framework and is capable of providing strong leadership and support for the process to proceed. An advantage that the company has is the is the ability to determine the appropriate level of capital to absorb extreme losses associated with risks that do not lend themselves to controls.

How RAK Insurance remained competitive in an overcrowded market

RAK Insurance has been in the UAE for more than 40 years and has seen various changes CULTURE OF during this time. Online GOVERNANCE RAK Insurance commerce is set to grow in

CORPORATE HQ The RAK Insurance head office in Ras Al Khaimah

RAK Insurance strongly believes that to have the best corporate governance practice is commensurate with having the best management practice within the company. The executive management together with the board of directors strictly adheres to the highest ethical standards

the UAE, although brokers remain the ‘preferred channel for larger clients’. RAK Insurance makes sure that it offers a range of products through its online channels and now has motor, health, personal accident, critical illness and life products available. Innovation has become key to the recent success of the company and will continue to be a driving force because the company does not rely on selling traditional insurance products. Rather it is leaning towards more innovative offers. The company continually develops bespoke products that will cater to the needs of corporate clients who require a more one-off or tailor-made solution. RAK Insurance also realises the importance of offering products to the individual client. Selling a greater number increases the company’s customer base while at the same time spreads the risk and provides greater diversity to the market. National Bank of Ras Al Khaimah’s acquisition of a 79.23 per cent stake in RAK Insurance in April 2015 created an opportunity to expand the distribution of insurance products to the bank clients. Bancassurance offers a great potential for the expansion of RAK Insurance’s market.

Future plans

RAK Insurance’s board of directors and executive management are united in their vision to have a strong, corporate governance culture within promotes a strong, the organisation, while viable corporation healthy and transparent internal functions radiate to the external perspectives. The company makes an ongoing commitment to monitor and address challenges, implement and develop effective mechanisms to communicate with all stakeholders and to continually develop a culture of ethics and honesty. The company is continuously improving on the strategies set forth in order to achieve the goals of the company.

PERsONAL sKILLs Employees’ development is a key focus for RAK Insurance

Spring 2016 | Ethical Boardroom 83

Corporate Governance Awards | Omantel

Omantel dials into corporate governance the primary telecoms provider in Oman is committed to ethical governance and sustainable business practices

AwArds

Winner 2016 middle east TELECOMs saud Mazrooei

Company Secretary, Omantel Group and Company Secretary of the international Subsidiary

Omantel is the Sultanate of Oman’s first and leading integrated telecommunications services provider, enabling its digital society to flourish by delivering a world of information, news and entertainment. At Omantel, we work to boldly innovate, delivering the broadest and most reliable nationwide network, while investing for future development.

Omantel has been offering the full spectrum of telecommunications solutions to the people and businesses of Oman since the dawn of the renaissance in 1970 and, as a pillar of the Omani economy, the company has been a leading player in Oman’s progress and national development. Omantel, which has a very strong brand presence in Oman, has been named the most valuable brand in the Sultanate by Brand Finance, as well as the best brand in Oman in general and among the telecom sector in particular. Omantel is also the largest listed company in Muscat Securities Market in terms of market value. We are committed to adding outstanding value to our customers and stakeholders. To do that in the most agile and effective way, we developed Omantel 3.0, our new corporate strategy for 2015 to 2020. Omantel 3.0 will 84 Ethical Boardroom | Spring 2016

drive performance and focus the company’s efforts. In addition, our sustainability strategy framework outlines our priorities to contribute to sustainable development. The changes that will be implemented strategically over six years will transform Omantel and the way that we do business, improving service to our customers and building on the strengths and opportunities of the telecommunications market in Oman and regionally. Omantel was originally established in 1980 pursuant to Law No. 43 of 1980 as the General Telecommunications Organisation (GTO) to provide domestic and international telecommunication services within Oman. In 1999, Omantel was incorporated as a closed joint stock company under the First Omantel Decree following the transformation of the GTO, which involved the creation of Omantel to replace the GTO, paving the way for the privatisation of the telecommunications industry in line with the government’s policy of liberalisation and deregulation. In July 2005, the government sold 30 per cent of its stake in Omantel, representing 225,000,000 ordinary shares (the IPO). In April 2014, the government sold an additional 19 per cent of its stake in Omantel, representing 142,000,000 ordinary shares, in a public offering to Omani institutions and individuals. Today, the government of Oman owns a 51 per cent share in Omantel. Omantel is registered with the Ministry of Commerce & Industry and its shares have been listed on the Muscat Securities Market since 2005. The board and management of Omantel are committed to ensuring that the company adheres to a high standard of ethical corporate governance. The board regularly reviews and assesses the prevailing governance structures and processes to ensure that they are consistent with international best practices in both form and substance. Omantel continues to stand out among the Sultanate’s corporate sector through its high investor grade ratings. We maintained our ‘BBB’ and ‘A3’ ratings assigned by

Standard & Poor’s and Moody’s respectively. These ratings are reflective of our strong and sustainable financial position in the Sultanate’s fixed line and mobile telephony markets, solid competitiveness, operating performance and above average profitability. As the nation’s pioneering telecommunications service provider, we are working to connect even the most remote communities in Oman to each other and to the rest of the world. Omantel’s integrated telecommunication solutions service the needs of individuals, public and private organisations in addition to local and international telecom companies. We offer the broadest choice, widest coverage and state-of-the-art mobile and fixed broadband services and we are constantly expanding our networks to ensure even better customer experience. Omantel has laid out a ‘carrier of carriers’ strategy as part of the wholesale business to achieve a sustainable revenue growth, which is increasingly evident for its successful execution of this strategy and the fact that more and more global content players and international carriers select Omantel as their partner to serve the region and beyond. In the international wholesale arena, Omantel is considered one of the most prominent, attractive and competitive wholesale telecommunication providers in the Middle East region. Currently, we have 11 international submarine cable landings and expect to touch 14 cable landings in Year 2017. We are one of the leading companies in the field of submarine cable networks that link Asia, Europe and America passing through Oman to meet the international capacity requirements of customers locally and internationally, thereby sustaining the company’s leading position among its competitors.

Guiding principles and foundations

Omantel works closely with community groups and organisations to make a meaningful difference to the future development of the nation. We spend on average $4million per

Omantel | Corporate Governance Awards annum in a number of community support initiatives, sporting events and corporate social responsibility programmes. Omantel is committed to the highest standards of the code of corporate governance. In pursuit of this goal, it has embarked upon various principles of the code with regard to the appointment of members of the board of directors, ensuring the adequacy and efficiency of internal controls in all aspects of the company’s operations and transparency in business dealings. The company is committed to Capital Market Authority’s (CMA) standards and guidelines on disclosure of material information. Further, it is committed to the rules and regulations issued by the Telecommunications Regulatory Authority. The financial statements are prepared in accordance with International Financial Reporting Standards and the disclosure requirements set out in the rules for disclosure and proformas issued by the CMA and comply with the requirements of the Commercial Companies Law of 1974, as amended. Since 2005, Omantel has been publishing yearly audited financial statements and quarterly reviewed financial statements without any audit qualifications. Omantel follows the industry’s best practices in maintaining confidentiality of material operational and financial information. Stringent confidentiality measures are in place to limit the audience of strategic information prior to its mandatory disclosure to avoid foul practices, such as insider trading and/or other abuses. The system of corporate governance adopted by Omantel, which is defined according to international standards, is focussed on the leadership role in strategic decision-making by the board of directors, on the transparency of management choices, both within the company as well as in respect to the market, on the efficiency and effectiveness of the internal control system, on the strict discipline of potential conflicts of interest and on firm guiding principles of conduct for transactions with related parties. All related party transactions in particular, are undertaken in line with principles of the code of corporate governance and are validated by Omantel’s Board/AGM on a case basis. Any member of

Omantel’s board/audit committee, who may be party to such a transaction, does not participate in the decision-making process. Internal audit reports directly to the audit committee are fully independent of management, and their appointment, remunerations and other HR-related aspects are approved by the board’s HR committee.

Composition of the board of directors

The board of directors of the company is composed of nine members with five members representing the government share, including the board chairman. The other four members are elected by the AGM every three years. The appointment of the members of the company’s board of directors representing the government share is subject to the same procedures followed in the appointment of board members representing the government share in other companies. As for members of the board representing the private sector, they are elected at the general meeting by following the procedures laid down in the commercial companies law and rules and regulations issued by the CMA. The board has established four principal committees to review and decide on specific matters. The committees are given responsibility for specific areas of significance to Omantel’s corporate governance and assist the board in discharging its responsibilities by advising and making recommendations to the board. Each committee comprises a chairman and is composed of at least three members of the board. The committees are: n Executive committee, comprising of five members from the board, is considered as mini board and is mandated to oversee various strategic aspects, such as annual business plan, budget and corporate strategies, etc n Audit committee, comprising of five members from the board, is responsible for all audit and review of financials, procedures, policies and risks assessment procedures n Human resource committee, comprising of four members, is responsible for all HR policy and procedures, head count, remuneration, training and development etc

n Tender committee, comprising of five members, is responsible for setting up tendering process & procedures, awarding tenders, etc Members of the board are entitled to remuneration for the services rendered by them, which is determined by a meeting of the general assembly.

Awards and accolades

Over the years, the company has accumulated a growing collection of awards and accolades. Omantel was voted Leading Corporate for Investor Relations and Best Investor Relations Professional in Oman for 2015 at the seventh Annual Middle East Investor Relations Society (ME-IRS) award ceremony held in Dubai. It was voted as the Most Trusted Brand in the Telecom Sector in the Sultanate by Oman Economic Review. The company has also, maintained its position as Oman’s Most Valuable Brand, according to a study published by Brand Finance, one of the world’s leading intangible assets and brand valuation independent consultancies. Omantel was named the Best Performing Company in Muscat Securities Market by Oman Economic Review for the 10th consecutive year.

Methods of communication with shareholders and investors Our quarterly financial reports are published in the local newspapers and are also uploaded to the website of Muscat Securities Market and on our website. In addition, the shareholders are notified of the details of the financial results individually at their request. We have a dynamic website detailing our company profile and services. We conduct quarterly conference calls, carry out roadshows and participate in local, regional and international one-on-one investor conferences. We also publish an annual report including all of the financial results and details of our management and governance. Since 2013, we also publish comprehensive sustainability reports. This award from Ethical Boardroom is a welcome recognition of Omantel’s efforts in regard to ethical governance and sustainable business practices.

YOUTH PrOGrAMME Omantel has embarked on a series of innovative CSR initiatives

OUTwArd BOUNd One of Omantel’s CSR initiatives to empower school students

Spring 2016 | Ethical Boardroom 85

Corporate Governance Awards | Dubai Parks and Resorts PJSC

AwArds

BollYwood PArKstm duBAi The first theme park dedicated to Mumbai’s legendary film industry

WinneR 2016 miDDle eaSt leisure And entertAinment muhammad shoaib suleman

Director, Governance, Risk & Compliance Dubai Parks and Resorts PJSC

Setting new heights for corporate governance Dubai Parks and Resorts PJSC on a mission to deliver long-term value to shareholders and stakeholders

86 Ethical Boardroom | Spring 2016

Commitment to corporate governance Inspired by global examples, we are committed to corporate governance policies and procedures that go beyond the mandatory requirements and which are in line with international best practices,

Shareholder & stakeholder rights

Transparency & disclosure

Control environment

the five PillArs of CorPorAte GovernAnCe

Board of directors

Dubai Parks and Resorts PJSC’s motiongate™ Dubai brings Hollywood to the city, while Bollywood Parks™ Dubai is a first-of-its-kind entertainment destination that will showcase the authentic Bollywood movie experience. LEGOLAND® Dubai will open together with a LEGOLAND® Water Park, while the LapitaTM Hotel and RiverlandTM will offer a retail, dining and entertainment walkway. Being at the forefront of the region’s leisure and entertainment industry, we believe in setting the standard for corporate governance in this sector. Good corporate governance is an essential component of a successful and sustainable entity with long-term benefits to shareholders, stakeholders and the wider community. As recognition of the highest corporate governance standards we hold ourselves to, Dubai Parks and Resorts PJSC has been awarded

the Ethical Boardroom 2016 Award for Best Corporate Governance in the Leisure and Entertainment Sector in the Middle East. This award, in addition to being recognition, also provides indicators that the company is clearly on the right track with implementing its governance goals. As a publicly listed entity, we are cognisant of our responsibilities to our shareholders and our efforts are focussed towards delivering value to our shareholders, as well as stakeholders, in a transparent manner as set out in our internal policies and practices, while complying with the wide range of regulations and

Commitment to corporate governance

The Middle East’s largest developer of integrated theme park resort Dubai Parks and Resorts PJSC, is opening in October this year with the first LEGOLAND® park in the region among its six experiences.

adopting international best practice with respect to corporate governance. Receiving this award is an encouragement, providing us with an assurance that we are on track to creating a sustainable corporate governance model that will raise the bar for the region. Dubai Parks and Resorts PJSC follows a tailor-made corporate governance philosophy that has been integrated into every aspect of the company’s day-to-day business practices. The philosophy is steered through guiding principles that fall under the following five pillars:

Dubai Parks and Resorts PJSC | Corporate Governance Awards tailored to the specific aspects of the entertainment and leisure destination’s diverse divisions. We don’t consider corporate governance to be just a box-checking exercise and believe that we have adopted and implemented corporate governance frameworks that add value to our business in a manner that is practicable and sustainable. The various facets of this implementation starts with the ‘tone at the top’. The board of directors recognises its responsibility towards establishing a corporate governance framework and cascading its vision to all its employees and stakeholders. The board has put in place a corporate governance manual where the company’s governance priorities have been defined specifically with guidance on how to implement the best practices within the company. The company also has a code of conduct in place for board members and employees to abide by, as well as policies on subjects, such as shares dealing, conflict of interests and dealing with related parties.

Board of directors

The board of directors takes the lead in guiding the company towards greater transparency by being committed to applying standards of corporate governance that are in line with global examples, including within the composition of the board itself. Currently, the board comprises one-third independent directors with majority non-executive directors. Members are chosen for their experience, including that relevant to Dubai Parks and Resorts PJSC’s core entertainment and leisure offering.

Control environment

Dubai Parks and Resorts PJSC has developed and implemented a precise internal control system that aims to develop an assessment of its risk management means and measures, sound application of governance rules, verification of compliance by the company and its employees with applicable laws, regulations and resolutions that govern its operations, as well as internal procedures and policies and review of financial information. Our internal control department adheres to the relevant professional standards, including that of the Institute of

ComPosition of the BoArd Non-executive directors Executive director Non-executive independent directors

BoArd Committees Audit committee Nomination and remuneration committee

motiongatetm Hollywood comes to Dubai

Internal Auditors. Dubai Parks and Resorts PJSC also has a dedicated governance risk and compliance department that is responsible for implementing corporate governance initiatives, application of risk management activities and oversees compliance with applicable laws and regulations.

Transparency, disclosures and investor relations

Since becoming a listed company on the Dubai Financial Market (DFM) in December 2014, Dubai Parks and Resorts PJSC follows the directives of Dubai Financial Market and the Emirates Securities and Commodities Authority, as well as adhering to international best practices. The company website is regularly updated and provides timely information on all company press releases, regulatory announcements as well as a calendar of shareholder events in order to ensure investors and the market remain informed about activities and developments that have a potential impact on share price. We also publish a comprehensive corporate governance report, that covers all pertinent disclosures, including the company’s internal control systems, board and board committee composition among others, with a plan to perform board and board committee evaluations in future. Corporate governance paves the way to a sustainable corporate future and transparency is one of the approaches to ensure we build and retain the trust of our guests, investors, partners and colleagues.

Shareholder and stakeholder rights

The company has adopted a stakeholder inclusive governance approach, whereby interests of the stakeholders are given priority when suggesting enhancements to our existing governance framework. Dubai Parks and Resorts PJSC has issued only one class of shares having equal rights assigned to all shareholders. We have a vision for Dubai Parks and Resorts PJSC as a premier global entertainment destination. In line with this vision and an ongoing commitment to protecting the environment, health and safety of the company’s employees, visitors and vendors, Dubai Parks and Resorts has earned three certifications: ISO 14001 – Environmental Management; OHSAS 18001 – Occupational Health and Safety Management;

and ISO 9001 – Quality Management for certain areas of our operations. Our strategy is to expand these as the parks and the associated facilities open in the near future. We also aim to provide job opportunities to the local community and our intention is to attract up to 1,000 Emirati nationals to Dubai Parks and Resorts. The company is an equal opportunity employer and shall ensure that diversity in the workplace is embraced. Turning our vision into reality requires integrating sound practices with regards to environmental, health and safety management. This is significant in order for us to become a leading provider of world-class leisure and entertainment destinations, while conserving the environment and safeguarding our business for future generations. The milestones reached so far mark only the beginning of Dubai Parks and Resorts PJSC’s achievements in the field of corporate governance. While the company has benchmarked its existing frameworks and practices with international standards, it recognises that corporate governance is a constantly evolving practice and will therefore continue to develop and enhance its practices and policies. We also believe in having regular governance-related training and development programmes for our board of directors, as an example of good governance. Our commitment is to maintain and enhance our company’s transparency and disclosures, brand image and investor confidence. Through a thoroughly committed approach, Dubai Parks and Resorts PJSC intends to enhance its corporate governance policies to ensure that all the stakeholders, including our guests whom we plan to welcome later this year, and our investors, benefit from being associated with us in the long term. Winning the prestigious Ethical Boardroom 2016 Award for Best Corporate Governance – Leisure and Entertainment Middle East marks an important milestone in Dubai Parks and Resorts PJSC’s corporate and governance achievements. It is especially gratifying to know that a thorough analysis of our governance frameworks and practices, which was carried out by an independent panel of leading governance expert jurists, led to Dubai Parks and Resorts PJSC being recognised as the leader in our sector in the Middle East region. We will continue to refine our governance strategy as our company grows. Spring 2016 | Ethical Boardroom 87

Activism & Engagement | Shareholder Defence

2:20

The formula for dealing with activist hedge funds Activists are investors who have their own investor clients, some of whom are high-net-worth individuals, family offices, pension funds, endowments and, even, sovereign wealth funds. The activist charges more for this asset class and often requires longer holding periods. The typical fee structure they charge their clients is two and 20 which relates to two per cent of assets under management and 20 per cent of the profits on any specific trade or the fundâ&#x20AC;&#x2122;s performance. Understanding how an activist makes money helps frame their specific demands and provides a hint as to what their ultimate aims are and, ultimately, how to get them to go away.

88 Ethical Boardroom | Spring 2016

The best defence against an activist is a robust and improving stock price Cas Sydorowitz

Chief Executive Officer at Georgeson Corporate Advisory Consider for a moment when an activist nominates a candidate to the board, their election will often not, by itself, unlock the full value they see in the target company. It is what they achieve once that person is on the board that will create the value release, which may include â&#x20AC;&#x201C; but is not limited to â&#x20AC;&#x201C; cash returns, asset disposals or sale of the company. It may take one to two years, if not

longer, to achieve their goals, which challenges the common argument that activists are short-term investors. An activist building their position may take time, allowing them to acquire stakes at their target in-price without spooking the market or causing the stock price to move against them. To achieve their target returns, the activist needs to control their purchase price, which may mean that they take a long period to acquire the shares. Unless they achieve their objective quickly through direct communication with the board, they will likely try to appoint one or more board candidates who will consider alternative views that may challenge the status quo within the board. The game clock continues to run until they can get enough support within

Shareholder Defence | Activism & Engagement the board and from other shareholders to achieve the actions that will generate significant returns – allowing them to charge the 20 per cent performance fee.

Level of commitment

According to David Trenchard, an advisor on shareholder engagement and corporate governance, as well as chairman of the advisory board of Highgate Capital and former vice chairman of Knight Vinke: “The board needs to recognise the level of commitment that most activist investors make towards really understanding the companies they are targeting. Frequently, I have found that the level of forensic analysis we do when we take such a concentrated position has meant that we often believe we understand the company better than many insiders and advisers. It is rarely the case that the board does not at least benefit from hearing the perspective that an engaged investor can bring.” The detailed analysis is more like private equity style analysis, given their focussed portfolio. To be taken seriously by management, the board and other shareholders, the activist needs to demonstrate they are intimately familiar with the company, the market place and the key drivers of cost and revenues. From the company perspective, the analysis is probably more comprehensive than any sell side research the

company has ever seen. The analysis, however accurate or inaccurate, is designed to create or unlock value in the stock price, which is a goal for all shareholders. The debate then becomes about who has the most compelling argument and who will win the hearts and minds of the other shareholders.

Proxy solicitation firms can assess which shareholders regularly vote and who influences their voting decisions. Any dissent from the shareholders in the past can spark additional points that the activists pick up in their arguments, knowing that there is existing dissent Whether the company agrees with some or none of the arguments, it is critical to start assessing the threat and their public and private response. Ignoring the activist is probably the worst thing that the company can do. Failure to recognise or engage with the activist will often get them to shout louder than before and take their fight to the media. Only through direct engagement with the activist can the company start to understand what they ultimately want to achieve. The company should:

■ Understand how the activist did their research and what their source material was ■ Listen to the activist and review their presentation or demands ■ Do further due diligence on their plan with your bankers ■ If there are board candidates, ask how they selected them, what made up the search criteria and if they used an external party to find those candidates ■ Ask for their full CVs and availability for the nomination committee to speak or meet the candidates ■ Set a timetable for the company to come back to the activist The list above refers to the company’s response to the activist, but behind the scenes the company must be vigilant in preparing for what can be a very public, time intensive and invasive process. To best handle the different stakeholders the company needs to have the relevant experts around them to provide counsel around the public relations and the media sensitivity and public perception of the company and the key individuals. Proxy solicitation firms can assess which shareholders regularly vote and who influences their voting decisions. Any dissent from the shareholders in the past can spark additional points that the activists pick up in their arguments, knowing that there is existing dissent.

2 and 20 The standard fee in the hedge fund industry

Spring 2016 | Ethical Boardroom 89

Activism & Engagement | Shareholder Defence The financial press plays a vital role in a number of activist situations. There is little doubt that the press can significantly influence public opinion and even affect opinions around the boardroom table. No director wants to have his wife or family read their name smeared in the press or challenged on their integrity. The tolerance for pain when the fight becomes public is very limited. This could address the reason why so many US proxy fights are being settled before going to a fight in 2015. According to Activist Insight, last year there were 112 settled proxy fights in the US compared to 102 from 2014. This number should go up even more in 2016.

view based on their past engagement with the company, whether there have been any issues left unaddressed in the past and how progressive the company is towards the governance sensitivities of their shareholders. What the activist is asking of other shareholders will frame the questions around whether change is warranted and whether the changes put forward by the activists are credible and have a reasonable chance of success. Economic change in isolation is not enough for many governance analysts to support the demands of an activist, they need to see the governance failures, the absence of the appropriate checks and balances on the governance side. Stakeholder Running the numbers for a proxy fight engagement strategies requires looking at the voting turnout the While many people may think of the very previous year, who has voted in the past, obvious media tactics of some of the more and whether any of them voted against aggressive US funds, such as Pershing Square, management. Any shareholders who are index that may use a highly public campaign, managers or ETF managers will not have a including advertising and prime-time TV fund manager or analyst for the company to appearances, there is also a meet with, but they will have more subtle approach, which a governance analyst to Activists need is embraced by many more engage with. Even though activists. The impact of a their positions are passive, to demonstrate well-timed article can be they do take an active role that they can significant – and the activist when it comes to voting and will be well-versed in how that audience becomes a very be trusted with to work with the media on important community of third-party an ongoing basis to ensure investors to include in your funds, allowing they are able to influence the discussion. This includes them to continue identifying other market to make the commentators the journalists can approach to get a quote. two per cent of The wider audience of assets under stakeholders and opinion leaders is growing and the management activist tactics include identifying those individuals and connecting them with the relevant journalists, including former directors, politicians, shareholders and employees. Companies need to audit not only their press relations but also their shareholder relations to ensure the corporate strategy is well understood by the various stakeholders. It is not just the outreach. Looking at any activist holdings strategy but the timeline and key milestones to requires further examination to determine measure the success of achieving that strategy if they are working with anyone else on that are important – taking a detailed inventory the campaign. Co-invest vehicles allow of who the company has met with recently and other investors to benefit from the activist the nature of those engagements, whether it campaign without having to do any of was only about the financial results or more the heavy lifting of engaging with other broadly about strategy; and identifying which shareholders or the media. They only need to of the investors the company has not met agree to vote a specific way to directly benefit with recently to highlight the priorities of from the campaign. These co-invest vehicles whom the company needs to speak to. mask further support an activist may have Key decision makers in a proxy fight are when they initiate their campaign. Unless they the governance analysts at the institutional are disclosed as co-signers to the letter sent investors, who may not be sector or company to the board, the company may never know of experts. They don’t look at the financial their involvement. performance or the relative performance Activists will look widely to determine against peers. Their focus is on board structure, stakeholder groups who may be supportive independence, shareholder rights, remuneration – whether or not they are obviously influential and audit integrity. Their focus is on corporate in proxy voting. Examples include working governance-related matters and will take a with customers, employees, trade unions,

90 Ethical Boardroom | Spring 2016

trade bodies and any other parties who may be willing to come out in support of the changes being proposed. That an influential body such as the UK’s Institute of Directors is willing to publicly support criticism of poor corporate governance and excessive executive remuneration in multiple cases, demonstrates that the activist may get public support from the most unlikely sources. These other stakeholders provide momentum and support to an activist’s claims as an independent third party. Their endorsements help the activist get a step closer to their objectives.

Selective campaigns

Activists need to demonstrate that they can be trusted with third-party funds, allowing them to continue to make the two per cent of assets under management. With that in mind, activists will be very selective in the fights they choose and will often not initiate a campaign unless they know they can win. The activist will spend a significant amount of time engaging with other shareholders to understand their concerns and their expectations for the future share price, given the market conditions and what is possible if certain changes are made. Their trade and activist campaign needs to unlock significant enough value for them to make the 20 per cent upside. Will a campaign to get a

PRESS RELATIONS Activists can be well-versed in how to work with the media

board member elected satisfy that criteria? Probably not. What do they ultimately want to accomplish? Looking at who they are nominating and the skills those individuals have will intimate their true objectives. Companies need to determine if there is a position that will allow the activist to claim success to their clients without caving in and giving the activist everything they ask for. Proxy fights are very cumbersome and distract management from the day-to-day running of the business. Expert advisors can take a large part of the burden away from the company, allowing them to focus on the business, while providing experience in how activists run their fights and who they bring in for support. The best defence against an activist is a robust and improving stock price. “Those who are victorious plan effectively and change decisively” – Sun Tzu

Activism & Engagement | Shareholder Engagement

Preparing for activists Seven sure ways to keep all your investors happy – and onside Corporate governance is becoming more and more complex. Amid an increase in rules and regulations, the broader availability of information about company activities has enabled stakeholders to become more active in expressing opinions and suggesting changes they feel appropriate. This environment has also created a wider platform for opportunistic activist shareholders. Estimates put the number of activist campaigns launched in the US last year at approximately one per day and, according to Davis Polk, aggregate assets under management for activist investors range from $120billion to more than $200billion.1 In other words, these campaigns can’t be considered small special interests looking to make big noise. Though the intent of many of the rules and regulations has been to increase corporate transparency and shareholder rights – undoubtedly a positive thing for all constituents – some are concerned that this has upset the balance of power. The changes over the past few years have put high demands on boards and management 92 Ethical Boardroom | Spring 2016

not only to perform well in the face of added scrutiny, but also to appropriately predict and communicate proactively how company performance will play out in both the short- and the long-term. Activist investors who are interested in short-term gains and disrupt long-term strategic plans at issuing companies get most of the media coverage and it is tempting for companies to give in to their demands. But this creates tension with institutional investors who hold funds aimed at long-term returns. While traditionally passive with their portfolio management, these shareholders own massive stakes in the corporate world and are increasingly active in their engagement. For example, according to a Conference Board report, institutional investors owned 73 per cent of the 1,000 largest US public companies in 2013.2

The rise of engagement

In the US, where Equilar collects a majority of its data on public company executives and boards, the rise in shareholder engagement is highly correlated to the Securities and Exchange Commission’s (SEC) say-on-pay ruling in 2011. 3 Following the creation of this mandatory shareholder vote for approval on executive compensation, the number of companies explicitly detailing shareholder outreach efforts in their annual proxy

Dan Marcec

Director of Content, Equilar Inc. statements has grown significantly. In 2011, just two per cent of the S&P 100 – which comprises the largest and most established US companies – disclosed shareholder engagement, which increased to 55 per cent in 2015, according to Equilar research. In the S&P 500, the number of companies disclosing shareholder outreach has doubled, reaching about one-third of that larger index. The trend line is striking and it clearly illustrates that we are in an age of growing shareholder engagement (see Shareholder Engagement graph opposite). On paper, the solution to the tension among companies and their various constituents seems simple: carefully assess and address all potential shareholder concerns. The application, obviously, is not so straightforward and outreach means very little if it doesn’t produce better results and investor relations. Companies must address issues and make changes in order to show shareholders a true return on their investment. That process starts by engaging with shareholders proactively to understand the hot-button issues and potential trouble spots. Here are seven ways that companies should be prepared for shareholder outreach in today’s environment.

Shareholder Engagement | Activism & Engagement

Be prepared to show how pay and performance align

As more regulations and requirements about pay disclosures become mandatory, companies will have to be prepared to answer more questions about any nuances in their compensation practices. In 2015, the SEC introduced a proposal that would require companies to detail information about how executive pay aligns to company performance in their annual proxy statements.4 The proposal says that companies must include information on what executives actually earned in a given fiscal year versus total shareholder return (TSR) in comparison to peer groups. While ideally this would make pay for performance universally understandable and easily digestible, it creates further challenges for companies who want to show other definitions of pay and performance, of which there many, in relation to their specific strategies and goals. According to Equilar research, 252 companies failed their say-on-pay votes at least once within the last five years and among those, nearly 25 per cent (63 companies) saw their CEOs resign – the average time frame being within a year of the shareholder meeting.

and it’s difficult to say what an appropriate ratio should be. Down the road, CEO pay ratios could be valuable to investors who want to examine why or how the ratio changes within a company from year to year, rather than looking across companies in a comparative analysis. The intended consequences would bring more equitable and transparent pay practices at the executive level and from board compensation committees. However, there will also be a ripple effect to corporate communications strategies both internally and externally, which could distract them from shareholder engagement.

prepared for 3 Be board elections

With board elections becoming more hotly contested on a regular basis, companies must be prepared to respond to shareholder concerns well in advance of their annual meetings.

As more regulations and requirements about pay disclosures become mandatory, companies will have to be prepared to answer more questions about any nuances in their compensation practices

prepared to 2 Be discuss pay equality

Because CEO to employee pay ratios shine a spotlight on income inequality, companies must be prepared to contend with the media and the general public. In August 2015, the SEC passed a rule that will require companies to disclose CEO pay in comparison to a median employee.5 Aside from the logistical and cost challenges that this will incur – some estimates have the put the cost to corporate America at $1.3billion in the first year and an estimated $526million each year thereafter – the concept of a uniform figure applying to all companies complicates this issue when it comes to communicating the reasoning. The degree to which the CEO pay ratio will influence investors remains to be seen, however. There’s a lack of comparability across companies in terms of what’s being calculated,

Say-on-pay brought executive compensation to the forefront as a shareholder concern, but as time passes, effective board governance is coming more strongly into view. As activists continue to seek a stronger influence in the boardroom, the movement among shareholders to push for the ability to nominate directors for annual elections – also known as proxy access – is on the rise. In 2011, there were zero proxy access proposals for S&P 500 companies and that number increased to 66 in 2015, according to an Equilar study from November of last year. More telling than the number of proxy access proposals is the rate of acceptance.

shareholDer engageMent DiscloseD in coMPany filings 60%

■ S&P 500 ■ S&P 100

55% 50.5%

50% 42.4% 40% 32.7%

32.3% 27.5%

30% 20%

16.2%

15.2%

19%

10% 2.1% 0

2011

2012

2013

2014

2015

In 2014, less than half of the proposals that came up passed, while two-thirds of the 2015 proposals were accepted. The decline of classified boards could also foreshadow increasing turnover in the boardroom. Just 11 per cent of the S&P 500 had such a board for their most recent fiscal year, down from nearly one-third in 2010. A classified board creates different classes of directors, who are each elected for a term of more than one year. Each year one class of directors faces re-election, allowing a majority of the board to remain in place. Proponents of classified boards say that this system creates continuity on the board and allows directors to focus on long-term goals absent the risk of not being re-elected as well as deterring hostile takeovers, since a majority of a classified board cannot be overturned in one year. On the other hand, supporters of non-classified boards claim there is increased accountability to shareholders as incumbent directors face an annual evaluation of their performance in the form of a shareholder vote.

prepared for 4 Be diversity initiatives

Boards need to be prepared to effectively communicate how they are assessing, recruiting and refreshing their boards on an annual basis, down to the specific candidates they are bringing to the ballot. As the potential for board turnover increases, companies are under pressure not only to replace directors, but also to replace directors with the right people. The SEC has weighed in on gender and racial diversity, calling it “a priority for 2016”.6 Boards can expect to see more and more calls from their stakeholders and the public at large to add diversity to their ranks as a signal of better corporate governance. Diversity in the boardroom is not limited to gender and ethnicity, and it’s not about increasing numbers for the sake of doing so. The concept of ‘cognitive diversity’ is gaining traction, as companies require new skillsets and professional trade skills in order to meet the changing demands of today’s corporate environment. In 2015, six per cent of S&P 500 companies included board skills matrices in their annual filings, or a visual representation of their directors’ experience.7 These visuals help shareholders easily understand the diversity of backgrounds and experience on boards as they go to vote and may become the expectation rather than just nice to have.

prepared for executive 5 Be and board succession

If boards aren’t prepared with the right executive and director candidates when a succession situation arises – whether due to an emergency, directors forced out through a proxy fight or for a strategic reason – they will be facing significant challenges as the pool of qualified director candidates comes in for higher demand over time.

Spring 2016 | Ethical Boardroom 93

Activism & Engagement | Shareholder Engagement There’s no way around the fact that many individuals in the current generation of executives and board members are on the cusp of retirement. The case of Sumner Redstone at Viacom was unique, but it shined a light on the emphasis activist investors place on active board management and also on the age and tenure of some members at high-profile companies. 8 Among S&P 500 companies that have a mandatory board retirement age, the most common is 72. A recent Equilar study found that 45 per cent of all S&P 500 directors are over the age of 61 and another 15 per cent are older than 70. Preparedness for succession extends to the CEO’s office as well and data shows that many companies are either unprepared, or at least are unclear about how they anticipate executive succession. Just one in five S&P 500 companies specifically included some sort of shareholder communication around CEO

environmental issues, more typically brought forth by investors with longer term interests. At S&P 500 companies in 2015, there were 175 such proposals on the table, up from 133 in 2011.

prepared to fight for 7 Be shareholders’ attention

Companies need to be prepared for a competitive shareholder outreach environment, adding fuel to an already expanding fire. The uptick in shareholder engagement amid the increase in shareholder activism is a fine balance for companies, who may want to avoid extended exposure to calls for quick decisions on short-term strategic planning. The irony is that in order to avoid this, they have to go out proactively and make sure that their strategic vision is clearly communicated to all their shareholders, especially those that have long-term interests. Even though activism is on the rise, many if not

In coordination with a defined process, companies need the appropriate information and use the same tools that proxy advisors and investors use in evaluating these issues. Whether that’s modeling pay versus performance to ensure understanding of shareholder needs and proxy advisor recommendations; consistently and regularly assessing board and executive talent for succession planning; or analysing peer groups on a regular basis to ensure they accurately represent the company’s current strategy in alignment with shareholder expectations, shareholder engagement platforms bring together these constituents in a central place where all parties can communicate on a level playing field. Before proposals get heated and go to a proxy fight or even the courtroom, governance stakeholders have the opportunity meet in the middle and actively address issues on an ongoing basis through technology platforms.

Straightforward, clear and consistent communication with respect to company goals and expectations among all stakeholders is more critical than ever

succession in their most recent proxy statements, according to Equilar research. Meanwhile, 10 per cent to 15 per cent of companies change their CEO every year, but more than one-third of directors told PwC’s annual corporate directors survey that they don’t identify potential successors as soon as a CEO is hired.9 Just 45 per cent of directors in PwC’s survey said that their company is very prepared to deal with an unplanned CEO succession emergency.

prepared for more 6 Be shareholder proposals

Boards need to be prepared not only for immediate risks and threats, but also to address ongoing issues impacting their companies that continue to gain steady momentum. Activists get a lot of the ink for being instrumental in driving changes to executive compensation and board composition. And though we’ve seen more proposals come to the forefront as a result of activist campaigns, the most common issues remain social and 94 Ethical Boardroom | Spring 2016

most investors are aligned with companies in seeking long-term gains, not just quick returns, and partnering with allied shareholders can help mitigate disruptive forces. The challenge is finding time with those allied shareholders, many of whom are busy being engaged by other portfolio companies. The upshot of shareholder engagement is more communication with the individuals that care about the well-being of the company, but the downside is that most other companies are seeking the same thing at the same time. Companies face a perpetual challenge in reaching out to investors that all have different needs and interests, and they need tools to prepare for outreach and response to these multi-faceted issues outlined above. There’s risk in waiting for a problem to occur to talk to shareholders, but as engagement increases from all companies, these constituents have limited bandwidth and availability. As a result, identifying a defined process that involves strategically addressing a planning, outreach and a feedback loop is crucial.

Corporations consistently prepare to deal with unpredictable elements in the economy and boards are attuned to managing risk for a host of issues. The case of shareholder outreach is no different. The era of activism may represent a shift in process, but it doesn’t have to mean a change of strategy. Straightforward, clear and consistent communication with respect to company goals and expectations among all stakeholders – directors, executives, investors and employees – is more critical than ever. https://alerts.davispolk.com/62/1860/uploads/201603-03-shareholder-activism-engagement-trendsdevelopments.pdf?sid=99abe96f-cc0a-492d-a5d3fd0641f61f5f 2https://www.sec.gov/News/Speech/ Detail/Speech/1365171515808 3https://www.sec.gov/ news/press/2011/2011-25.htm 4https://www.sec.gov/ news/pressrelease/2015-78.html 5https://www.sec. gov/news/statement/statement-at-open-meeting-onsbs-and-pay-ratio-disclosure.html 6http://www.wsj. com/articles/sec-chief-board-diversity-is-a-priorityfor-agency-in-2016-1453853477 7http://d-scholarship. pitt.edu/22422/ 8https://assets.documentcloud.org/ documents/2693288/Activist-Investor-s-Report-onViacom.pdf 9Ken Favaro, Per-Ola Karlsson and Gary Nielson, CEO Succession Report, Booz & Co. (2012) 1

Activism & Engagement | Shareholders

Shareholders make their voices heard

Institutional shareholders’ voices in the boardroom are more than just a whisper Just as board members take the stewardship of shareholder interests seriously, so investors have a stewardship duty and obligation to scrutinise investments under a governance lens.

Some investors take this duty to the level of operational engagement, publicly seeking to change governance practices at a company or filing shareholder proposals. However, a larger and growing contingent of the investment community only seeks to speak its mind once per year through the proxy voting process. The rapid growth of index investing, which is naturally scalable and concentrated, has led to a larger percentage of all shares held by shareholders who are unable to ‘vote with their feet’ by selling shares of companies with unacceptable governance risks. These are the investors who may speak softly 364 days a year, but carry a big stick on the date of the AGM. Investors’ most direct voice in the boardroom is effected through the vote on director elections, and it’s incumbent on every management team and board to listen to these whispers, particularly before they become shouts. Knowing the composition of the shareholder base and the voting decision makers from each major institutional investor is a first step in the process, but listening to what investors are expressing through their votes is even more important. The statement at the annual meeting may be “director X received only 70 per cent support from investors” but the message may be more specific: “investor Y and Z own 13 per cent of our stock and believe our compensation practices aren’t aligned with shareholder value”.

Investors’ approach to director elections

This thought process occurs globally, but the

Brian C. Matt, CFA

Director and Global Head of Strategy and Innovation with Ipreo US market offers us the ability to read investors’ minds through voting data that is released annually, albeit on a delayed basis. US mutual funds are required to disclose their votes cast during the period from 1 July through 30 June via Securities and Exchange Commssion (SEC) Form N-PX, which is made available by 31 August. Additionally, most large investors publicly disclose their voting guidelines and the guidelines from proxy advisory firms may also serve as a way to view the broad ‘standard’ for making director election voting decisions. Figures two and three (right) give a view of major US investors’ voting with respect to directors; votes from the top 50 US investors by equities under management (EAUM) average 92.7 per cent support for directors on the whole, with some investors even more likely to support the company.

Director voting practices

Rarely do investors vote against a full (non-classified) board – but the fact that these occasions aren’t common is what makes them strong statements when used. Putnam Investments is among the most aggressive in the US, following ISS guidelines closely in voting against the entire board of more than a dozen S&P 500 companies in 2015 for insufficient independence, board size, ignoring shareholder proposals with majority support, or others. Most investors withhold a vote for a director for a specific reason. Typically, three categories of objection arise: 1) board member conduct; 2) the member’s specific qualifications; or 3) the member’s standing on a particular board committee. ISS and Glass Lewis’ standards have pushed companies toward stronger disclosure on the first category – while not necessarily

eradicated, situations of board members missing high percentages of board meetings during a given year have decreased and companies are disclosing greater information on directors’ qualifications to make sure they meet independence standards. Overboarding – directors sitting on too many boards concurrently – is a common concern in the second category. In a January 2016 study, Ipreo noted that investors Blackrock, J.P. Morgan Investment Management and AllianceBernstein had supported less than 35 per cent of directors that were in the ‘overboarded’ range (six+ boards) in 2015, while TIAA-CREF, Security Investors and Fidelity Management, gave above-average support. The third category, committee membership, may be a bit easier to isolate. Any board committee structure will have committees performing at least three basic functions: 1) overseeing management compensation packages; 2) providing an independent voice in the audit function; and 3) nominating board candidates that will produce a knowledgeable and effective board. Investors will often express their displeasure on any of these functions through a ‘withhold’ vote on either all members of the appropriate board committee, or against the chairperson of that board committee specifically.

Compensation committee

Mandatory say-on-pay voting in some markets has already given shareholders the ability to publicly oppose the company’s pay practices. However, say-on-pay voting is not a requirement for every company, and for some companies the vote may not take place annually. Investors in these cases show their opposition through withhold votes on the compensation committee; Federated Investments, Loomis Sayles, Columbia Management, TD Asset Management and Charles Schwab are a few of the large

Black Rock Advisors Proposal Category Audit Capitalisation Compensation Director election Environmental/social Governance Routine/other Strategic

With 99.9% 93.4% 92.9% 95.5% 99.6% 72.4% 89.9% 81.0%

96 Ethical Boardroom | Spring 2016

Against 0.0% 6.6% 7.1% 4.5% 0.4% 27.6% 10.1% 18.7%

The Vanguard Group Abstain 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0% 0.0%

With 99.4% 77.3% 92.1% 95.1% 56.3% 87.7% 89.3% 75.8%

Against 0.6% 22.3% 7.8% 4.9% 0.1% 11.7% 9.3% 18.2%

State Street Global (SSGA) Abstain 0.0% 0.3% 0.1% 0.0% 43.7% 0.6% 1.4% 6.1%

With 99.3% 84.3% 90.3% 91.9% 83.1% 78.0% 69.6% 70.9%

Against 0.7% 15.7% 9.6% 8.0% 11.2% 21.8% 29.9% 25.8%

Abstain 0.0% 0.0% 0.1% 0.1% 5.7% 0.2% 0.6% 2.4%

Source: Ipreo BD Corporate Governance

Figure 1 – MAjor uS PASSive inveStorS voting By ProPoSAl CAtegory, 2015

Figure 2 – FirMS in toP-50 uS eAuM with higheSt % SuPPort on DireCtor eleCtionS, 2014-15 2015 Voting

US EAUM Rank 46 44 25 19 8 5 24 4 43 37

Investor Name Fisher Investments Grantham Mayo Van Otterloo Harris Associates Dodge & Cox Capital Research Global Investors Capital World Investors Jennison Associates Fidelity Management & Research Franklin Mutual Advisers First Eagle Investment Management

2014 Voting

With Against Abstain With Against Abstain Y-o-Y Change % Support 100.0% 0.0% 0.0% 99.2% 0.8% 0.0% 0.8% 99.8% 0.2% 0.0% 99.9% 0.1% 0.0% -0.1% 99.7% 0.3% 0.0% 99.6% 0.4% 0.0% 0.2% 99.6% 0.4% 0.0% 99.6% 0.4% 0.0% -0.1% 99.2% 0.8% 0.1% 98.8% 1.1% 0.1% 0.4% 99.1% 0.8% 0.0% 99.6% 0.4% 0.0% -0.5% 99.0% 0.9% 0.0% 99.6% 0.4% 0.0% -0.6% 98.0% 2.0% 0.0% 97.8% 2.2% 0.0% 0.2% 97.9% 2.1% 0.0% 96.4% 3.6% 0.0% 1.5% 97.8% 2.2% 0.0% 97.6% 2.4% 0.0% 0.2%

Figure 3 – FirMS in toP-50 uS eAuM with loweSt % SuPPort on DireCtor eleCtionS, 2014-15 2015 Voting

US EAUM Rank 29 10 15 48 39 3 17 28 33 30

Investor Name TD Asset Management Dimensional Fund Advisors Geode Capital Management Putnam Investment Management AQR Capital Management State Street Global Advisors Mellon Capital Management Charles Schwab Investment Mgt Principal Global Investors Janus Capital Management

investors with 10 or more withhold votes on S&P 500 compensation committee chairs in 2015.

Audit committee

Given the public standing of the company’s relationship with an auditor, a withhold vote sends an obvious message. The Enron-era conflicted practices of paying high consulting fees to companies associated with their auditors are generally a thing of the past, but this practice still exists occasionally and attracts withhold votes for those directors associated with the audit. European investors have taken further steps toward reviewing the independence of the auditor relationship, suggesting that auditors that have conducted the audit for a particular company over a long period of time may have lost their independence; investors could present similar demands to US companies in the near future.

Nominating/governance committee structure

# Securities 252 2349 2923 1082 2408 2391 2387 2487 2250 386

withhold vote for the governance committee member is often more difficult to isolate causation. Investors may have a range of reasons to oppose a change to the structure of the board (for example, insufficiently independent, diverse, or qualified boards) and can vote their displeasure in a manner that’s tough to isolate. This is when the relationship between the company and the investor can be leveraged. Investors are often willing to engage with the company both inside and outside of proxy season and are usually very open in telling companies the issues they have with governance practices. As of 2015, more than half of the S&P 500 disclosed conducting shareholder engagement in their proxy statements – knowing in advance what practices investors want the company to follow in structuring governance may help the company connect the dots from a withhold vote to a reason why. Shareholders more frequently exercising their rights in the boardroom may have implications

Figure 4 – S&P 500 AuDit CoMMittee ChAirS reCeiving loweSt % SuPPort, 2015 Proxy SeASon Issuer Bank of America Corporation Ball Corporation First Solar, Inc. Lowe’s Companies, Inc L-3 Communications Holdings, Inc

% Support Major Investors Opposing 71.6% Invesco, Cap World, Manulife 73.1% 79.0% 79.5% 81.1%

T. Rowe, Mellon, Nicholas Co. DFA, Geode, Northern Trust BlackRock, J.P. Morgan, Invesco Mellon, Charles Schwab, LSV

2014 Voting

With Against Abstain With Against Abstain Y-o-Y Change % Support 88.8% 11.2% 0.0% 90.8% 9.2% 0.0% -2.0% 89.9% 10.1% 0.0% 90.3% 9.7% 0.0% -0.4% 90.6% 9.4% 0.0% 90.8% 9.1% 0.0% -0.3% 91.4% 7.9% 0.7% 91.4% 8.3% 0.3% 0.0% 91.6% 8.2% 0.3% 93.5% 6.5% 0.0% -1.9% 91.9% 8.0% 0.1% 91.4% 8.6% 0.0% 0.5% 92.0% 7.9% 0.1% 95.2% 4.7% 0.1% -3.2% 92.7% 6.8% 0.5% 92.2% 7.5% 0.3% 0.5% 92.7% 7.2% 0.1% 95.1% 4.8% 0.1% -2.4% 92.7% 7.2% 0.1% 93.7% 6.3% 0.0% -1.0%

Whispers to shouts

In contrast with the audit committee, the Source: Ipreo BD Corporate Governance

# Securities 28 258 84 43 466 359 642 1555 448 436

Source: Ipreo BD Corporate Governance

Source: Ipreo BD Corporate Governance. These figures may not add up to 100% due to rounding.

Shareholders | Activism & Engagement

far beyond just a few percentage points in an election of an already majority-winning director. As one example, T. Rowe Price Associates recently stated it would withhold votes for governance committee members of US companies with multiple share classes. T. Rowe is also a significant participant in the IPO market, and owns 2.65 per cent of well-known dual-class issuer Facebook’s common shares today, not to mention a greater-than-10 per cent stake in more than 135 companies. While T. Rowe’s move may not single-handedly raise the cost of capital for companies seeking to sell equity, it’s not hard to extrapolate how wider adoption of opposition to poor governance may have a direct and quantifiable impact on the bottom lines of companies in the capital-raising process. All voting data in this piece was sourced from Ipreo’s BD Corporate Governance tool, which provides a robust set of institutional voting data on corporate governance decision makers, to support corporate secretaries’ and IROs’ interactions with their voting shareholders.

Figure 5 – S&P 500 gov / noMinAting CoMMittee ChAirS reCeiving loweSt % SuPPort, 2015 Proxy SeASon Issuer % Support Major Investors Opposing Costco Wholesale Corp. 52.8% BlackRock, Northern Trust, America Century First Solar Inc 73.1% Wellington, DFA, Geode Urban Outfitters, Inc 79.3% Vanguard, BlackRock, TIAA-CREF Motorola Solutions, Inc 80.8% Charles Schwab, River Road, Loomis Sayles Regions Financial 81.8% LSV, Ceredex, Brown Advisory Spring 2016 | Ethical Boardroom 97

Activism & Engagement | Gender Diversity

Silicon Valley’s gender problem Closing the pay gap: why a proactive approach is simply good business It’s no secret that Silicon Valley has a problem with women. For starters, there aren’t many. Women are almost absent from the boardroom, ocuppy a mere 11 per cent of executive positions and make up only a quarter of the workforce.

Natasha Lamb

Director of Equity Research and Shareholder Engagement and a portfolio manager, Arjuna Capital Management Policy & Practice found that gender-diverse teams “foster novel solutions leading to radical innovation”.3 Of course, closing the gender pay gap is not a panacea for an industry and culture struggling with discrimination. But it is a step in the right direction toward addressing deep structural biases that keep women and businesses from reaching their full potential.

So what is causing this gap in talent? Is it simply a boy’s club culture or are there deeper structural biases at work? Companies and investors are turning to the gender pay gap for answers. It’s a simple idea. A growing movement If you want to attract and retain top female to close the gap talent – pay them more. That is, pay them Some companies are starting to take the fairly. Equal pay for equal work is the top lead. This February, Intel stepped out as the priority of working women, according to first major technology company to not only a recent AFL-CIO survey.1 Yet at the current rate of change, women commit to gender pay equity, but to report won’t achieve pay equity for another 40 years. 100 per cent fair pay. In March, Apple followed On a national level, women, suit, committing to close who are paid an average the gender pay gap and eBay’s board of 78 cents for every dollar reporting 99.6 per cent made an ill-timed men earn will not catch up equal base pay among with their male colleagues its employees. Intel and commitment to until 2058. And, in the Apple joined the ranks of publicly oppose a technology industry, very few US companies which struggles to recruit – including The Gap, pay gap proposal and retain a gender Salesforce.com and only 48 hours diverse workforce, women GoDaddy – that have earn on average nearly been accountable and prior to Patricia $10,000 less than men.2 in their Arquette’s rallying transparent If companies choose to commitment to pay equity. cry at the Oscars, address the gap head on, These moves came in the the business repercussions wake of investor pressure where she called are strikingly positive, to close the gender pay gap. for “wage equality Sustainable investment particularly in the technology industry, manager Arjuna Capital, a for once and for which diversity is a division of Baldwin Brothers for all” key competitive factor. Inc, has been pressing Big Leading consultants, Tech to address the pay gap including McKinsey Global and EY, advocate since 2014. After filing a first-of-its-kind gender pay parity as a critical means to shareholder proposal asking eBay to close promote diversity, which leads to improved the gender pay gap, the ballot measure went financial outcomes, working dynamics and to a vote of shareholders last spring. And, productivity. But, most importantly for the coincidentally, Salesforce’s CEO came out tech sector, gender diversity is critical to one week ahead of the vote to commit to innovation. The Journal of Innovation pay women fairly at the tech giant. Since 98 Ethical Boardroom | Spring 2016

Gender Diversity | Activism & Engagement that time, the company has handed out $3million in raises to female employees. This year, Arjuna expanded its campaign throughout Silicon Valley, asking Apple, Intel, Google, Amazon, Facebook, Microsoft, Expedia and Adobe to commit to equal pay. Arjuna withdrew its proposals with Apple, Intel and Expedia in light of their proactive leadership and successive public commitments. So in lieu of a shareholder vote on whether Apple should close the gender pay gap at the company’s annual meeting this March, CEO Tim Cook took the opportunity to assure shareholders it was a top priority.

Does it pay to be defensive?

But some companies have gone on the defensive. In January, Amazon attempted to block Arjuna’s pay gap ballot measure from going to a vote of shareholders at the Securities and Exchange Commission (SEC), arguing the gender pay gap was too “inherently vague” a subject for investors to weigh in on. In March, the SEC ruled against the online retailer, upholding investors’ right to vote on a significant social policy issue with a clear nexus to the company. In fact, The Seattle Times, which reports the city’s pay gap has ballooned, went so far as to ask, “Did Amazon’s growth widen the gender pay gap in Seattle?”, while Glassdoor’s 2014 Tech Company Base Salary Comparison By Gender reports women software development engineers at Amazon earn $10,150 less than their male colleagues. Only after Amazon’s public stumble at the SEC did the company change its tune and commit to pay women fairly. Amazon is not the first to take a defensive approach to gender pay equity. Last February, eBay’s board made an ill-timed commitment to publicly oppose a pay gap proposal only 48 hours prior to Patricia Arquette’s rallying cry at the Oscars, where she called for “wage equality for once and for all”. eBay’s defensive posture cast the company in a poor light, while social media ramped up its drumbeat for fair pay. When the first-of-its-kind measure went to a vote of shareholders last May, it did so without management’s endorsement – a poor reflection on the company’s culture.

A closer look at the numbers

So why is Silicon Valley under the microscope? Let’s look at the numbers:

BOY’S CLUB CULTURE Women occupy just 11 per cent of executive positions in Silicon Valley

■ Silicon Valley has half the number of women on boards – only 10 per cent of board directors are women, compared to 20 per cent of S&P 100 companies 4 ■ Women occupy only 11 per cent of executive positions ■ 45 per cent of tech companies don’t have a single female executive ■ 41 per cent of qualified entry level technologists are women, yet 56 per cent of women leave the field mid-career Spring 2016 | Ethical Boardroom 99

Activism & Engagement | Gender Diversity

These numbers create cause for concern on many levels, but what is increasingly clear is that tech’s failure to create diverse teams is bad for business. Silicon Valley lives and dies on innovation and diversity is a key contributing factor. If companies cannot attract and retain top talent, including women, how can they compete? A substantial body of research shows that gender-diverse teams are more productive and innovative than homogenous ones. The National Center for Women and Information Technology reports key benefits include better financial performance, team dynamics and employee performance. McKinsey & Company states that “the business case for the advancement and promotion of women is compelling”, finding companies with highly diverse executive teams boasted higher returns on equity (10.7 per cent higher), earnings performance (91.4 per cent higher) and stock price growth (36 per cent higher). McKinsey advocates best practices to attract and retain women, including “tracking and eliminating gender pay gaps”. Big four consultant EY took an internal temperature, finding a measurable financial return associated with gender balance within EY teams, after analysing 22,000 audit engagements. Yet EY notes “that many organisations still suffer from a lack of alignment between their diversity ambitions and their business strategy”. 5 It is clear that if companies are to benefit from more women in leadership roles, they need to incent them the same as their male counterparts.

And then there’s the question of liability

Despite all the evidence exposing the benefits of gender diverse teams, if companies choose 100 Ethical Boardroom | Spring 2016

It is clear that if companies are to benefit from more women in leadership roles, they need to incent them the same as their male counterparts to ignore the opportunity to act in their own enlightened self interest by closing the gender pay gap, they still can’t ignore the issue. Regulation risk is ramping up across the US. Equal pay for equal work has been a rallying cry in the current presidential election. And while federal legislation in the form of the Paycheck Fairness Act sits before a divided Congress, states are pressing forward with their own initiatives. The strictest fair pay law to date was put into effect in California on 1 January of this year, requiring employers to legitimately justify gender pay differentials. Arjuna Capital testified before the Massachusetts legislature last June in support of a similar bill to strengthen equal pay laws in the Commonwealth. And other measures are underway in New Jersey and New York. What is strikingly clear is that existing equal pay laws have not addressed the problem. Women are still paid less than men and it’s bad for business. Across the pond, transparency in pay is now an official priority. The United Kingdom has a gap similar to that in the US, where women earn a mere 80p to the pound compared to men. But by 2018, all UK companies with more than 250 employees will be required to publish their gender pay numbers.6 Smart companies will step out ahead of the legislation and commit to closing the gender pay gap today.

Don’t forget about equity — and by that we mean stock While the focus on cash compensation is all well and good, companies also need to take a closer look at ownership, which can comprise an overwhelming chunk of the

total compensation package. Following its engagement with Arjuna, Expedia is the first company to commit to assessing pay disparities across all forms of compensation, including equity. Apple has reported the gap according to base pay and Intel has gone a step further, reporting out on all cash compensation, including bonus. But Expedia is taking it further still, analysing how women show up in terms of their stock ownership. This is by far the most comprehensive commitment to pay equity to date, setting a new standard for full gender pay accounting.

As you work your way up the ladder, mind the gap

One thing is clear, the higher they climb, the less women are paid. According to the United Nations, the gender pay gap tends to widen with seniority, experience, and age.7 So for companies hoping to realise the full benefits of gender diversity, they need to take a close look at this skewed fissure. GoDaddy, the first tech company to release pay gap data, found women in executive positions earned less than men. Closing that gap will incent more women into leadership positions. But it won’t happen without bold leadership. Added benefit? More women at the top will also change the culture. 1 http://blogs.wsj.com/economics/2016/03/17/top-economicissue-for-working-women-equal-pay-union-survey-says/ 2 Dice. (2015). The position gap. Retrieved from http:// media.dice.com/report/february-2015-the-positiongap/ 3Diaz-Garcia, C., Gonzalez-Moreno, A., & Saez-Martinez, F. (2013). Gender diversity within R&D teams: Its impact on radicalness of innovation. Innovation: Management Policy and Practice, 15(2), 149–160. 4http://fortune.com/ 2014/12/11/silicon-valley-boardrooms-are-still-boys-clubs 5 http://www.ey.com/Publication/vwLUAssets/EY-closing-thegender-pay-gap/$FILE/EY-closing-the-gender-pay-gap.pdf 6 http://www.theguardian.com/society/2016/feb/12/genderpay-gap-reporting-big-firms-start-2018 7UN, The World’s Women 2010: Trends and Statistics, October 2010

Activism & Engagement | Governance Reporting

Tracey Rembert

Ceres’ Investor Initiative for Sustainable Exchanges

The ‘M’ word: No, not materiality Mandatory reporting of sustainability information is on the rise

102 Ethical Boardroom | Spring 2016

Governance Reporting | Activism & Engagement

Readers of Ethical Boardroom have seen plenty of references to the growing demand from investors for environmental, social and governance (ESG) information from companies. While debate has often swirled around ‘stakeholder versus shareholder’ or ‘materiality versus decision-useful’ terminology, few have been brave enough to use the M word – mandatory. But, for good reason, that is clearly where we are headed and 2016 will likely be an interesting if bumpy ride for companies, investors, regulators, stock exchanges and sustainability experts as the dust settles around core questions for such disclosure requirements, namely: ■ How would mandatory ESG information meet the needs of a diverse set of investors? ■ Will 2016 be the year when climate change reporting and the drive to make it mandatory reaches a tipping point? ■ Will efforts to press global stock exchanges to produce ESG guidance and listing rules yield success, especially among the largest exchanges? ■ Will board directors and company executives continue to sit on the sidelines as these issues move forward? ■ If the European Union’s directive on non-financial reporting, going into effect in 2017, lets each country implement it in the way it sees fit, how do we get consistent, comparable reporting from that effort? Let me start by saying that my non-profit sustainability group Ceres knows well the value of voluntary reporting initiatives. Ceres was formed in the wake of the Exxon Valdez oil spill, with a coalition of investors and environmentalists asking companies to report against a 10-point code of environmental conduct. In the late 1990s, we co-launched the Global Reporting Initiative with the Tellus Institute. During the last 15 years, we have released a number of frameworks for disclosure of climate and water risks – all voluntary exercises by companies. But we have also noticed that as the number of voluntary sustainability reporting frameworks has proliferated, the number of companies reporting on sustainability information seems to have flat-lined overall. Yet, when regulations or stock exchange listing rules are introduced, the number of corporate reporters climbs dramatically in a relatively quick period of time (as you would expect it to). KMPG found in its Currents of Change 2015 sustainability reporting trends survey that the eight countries with sustainability reporting rates above 90 per cent also had mandatory reporting requirements to get them there. It concluded

that it is very unlikely that countries will see rates of reporting that high unless it is mandated by legislation. Corporate Knights, the Canadian-based sustainability research firm, reached similar conclusions in its 2015 benchmarking report of global stock exchanges, which assessed how the exchanges’ listed companies were reporting on seven ‘first generation’ ESG indicators. It found that every one of the 10 top-ranked exchanges in its report were in countries with mandatory sustainability disclosure policies – either by stock exchange listing rules or government regulation. We would surely have not gotten to this point – the possibility that there could be widespread mandatory regimes for sustainability disclosure – without three key factors. First is the increasing global demand by investors for inclusion of sustainability data in company reports. There are now nearly 1,500 signatories to the United Nations-supported Principles for Responsible Investment, representing more than $59trillion assets under management. There are also 822 investors, with an impressive $95trillion in assets, advocating for corporate climate reporting on CDP surveys. And this strong investor demand shows no signs of abating.

Debate has often swirled around ‘stakeholder versus shareholder’ or ‘materiality versus decision-useful’ terminology, few have been brave enough to use the M word – mandatory Second, there has been a relentless increase in environmental and social risks and overall uncertainties facing companies – from escalating climate and severe weather impacts to water risks to food system disruption to human trafficking. The level of shareholder engagement with companies on these issues has skyrocketed – especially by major investors with more than $100billion in assets, through shareholder resolutions, dialogues and joint initiatives. Third, the very proliferation and success of voluntary initiatives has played a significant role in getting companies to report where they already are on sustainability matters and these frameworks, through their competition with each other, continue to drive continuous improvements in the reporting process that companies benefit from (even as they rightly complain about reporting fatigue).

Investors increasingly using the ‘M’ word

Since 2014, a number of investors have stepped up their calls for mandatory reporting

of sustainability information, including BlackRock, Aviva and the New York State Common Retirement Fund, largely because of concerns around a long-time lack of consistent, comparable and high quality information coming from the companies that they own. In a column last June, Corporate Knights’ CEO Tony A. A. Heaps summed up the argument this way: “Whether carbon emissions or earnings numbers, timely, comparable and reliable data does not grow on trees; it is the result of precise regulatory requirements.” He went on to add that voluntary reporting initiatives have served their purpose, but it was now time for regulators to step in and finish the job, especially when it comes to climate risk disclosure. BlackRock, the world’s largest asset manager, echoes that sentiment. A recent op-ed by its global head of governance and responsible investment, Michelle Edkins, was entitled Exchanges Worldwide Should Require Companies to Report Uniformly on Sustainability. It noted the increasing demand from clients to assess and integrate ESG information into the investment process and the dearth of comparable ESG information in the marketplace to do so. Stock exchanges, by driving consistent listing rules on ESG reporting, might solve that problem, BlackRock concluded. KPMG’s 2015 survey on sustainability reporting trends is indeed sobering and supports the view that voluntary schemes have their limits. Its survey of major companies found that: ■ Just months ahead of the global climate talks last December in Paris, one in five large companies in high carbon sectors were still not reporting on their carbon emissions ■ There is a great lack of consistency on ESG reporting around the world ■ The quality of sustainability reporting slightly improved in Asia Pacific, but declined elsewhere ■ And the main driver for ESG reporting continues to be legislative

Risk, risk everywhere

So what is the best path to higher rates of reporting? Is it government regulation? Stock exchange rules? Increasing investor demand for more consistent data? It seems it has to be all of the above, working in tandem to drive that needed level of consistency. Ceres has been a long-time advocate for playing the regulatory card when needed, including its successful push with investors for mandatory climate risk reporting from the US Securities and Exchange Commission (SEC). The SEC issued formal guidance in 2010 on what companies should report.

Spring 2016 | Ethical Boardroom 103

Activism & Engagement | Governance Reporting We have been leading a coalition of investors advocating for mandatory listing rules from stock exchanges since 2011 and worked with many exchanges to drive cooperation in that community to bring investors greater consistency of rules and guidance. And we work with reporting framework organisations to continue to raise the bar on voluntary reporting guidelines. So, yes, in our experience, all paths are clearly needed to get the reporting job done and all parties need to be sharing insights with each other, which is currently not the case. But we are in a critical window this year where ESG risks are becoming looming financial concerns and clearly something needs to happen to break open the floodgates of reporting. It is not uncommon now for investors and some central bankers to use the term ‘systemic risk’ when referring to issues like climate change. The World Economic Forum, in its 2016 global risk assessment, noted that the top five risks over the next 10 years were all ESG-related, including: ■ Water crises ■ Failure of climate change mitigation and adaptation ■ Extreme weather events ■ Food crises ■ Social instability It is not simply a matter of whether ESG information coming from companies is useful in understanding risk and opportunity. It is the broader fact that the information investors get is not consistent, varies in quality and is oftentimes sporadic, not verified and not comparable from company to company in the same industry or otherwise. Quite simply, we need regulators and exchanges to solve some of these challenges and create a ‘floor’ for reporting and mandatory disclosure is the tool most likely to accomplish this. Investors took note of this when the Financial Stability Board unveiled the first phase in its plans for a Task

Force on Climate-related Financial Disclosures (TCFD) at the start of April 2016 – developing guidance on voluntary, climate-related financial risk disclosures for companies to provide information to investors, lenders, insurers and other stakeholders. Disclosures would show how a company is exposed to climate risk, such as from potential physical threats like floods, or liability risks, such as if an asset manager has large holdings in fossil fuel companies that would be hit by curbs on greenhouse gas emissions. When the initiative was announced last year, investors were fearful that another voluntary regime, without the backing of securities regulators, governments or stock exchanges, will fall short in bringing us to a tipping point of needed climate disclosure by all companies. The planned regime will be voluntary, but it is hoped the task force will encourage more companies to improve through a rigorous framework for disclosing risks and opportunities in financial filings.

Is 2016 the year of mandatory climate reporting?

Recent investor and regulatory activity shows that this year could be the one that puts us clearly on the path of mandated climate disclosures. Shareholder resolutions on climate reporting and strategy are growing bolder, as are company responses to them. The G20 is paying attention. Recent ESG-related listing rules from stock exchanges clearly address climate and emissions reporting. And 6,000 European companies can expect after December to have to report on a slate of environmental impacts, performance indicators and risks, once the directive on Disclosure of Non-Financial and Diversity Information (Directive 2014/95/EU) is rolled out across EU Member States. Investors expect the directive to have significant short-term influence on other companies on these issues. You also have the World Federation of Exchanges issuing ESG Guidance for its 68 member exchanges

CLIMATE CHANGE Data should be reported through mainstream filings

104 Ethical Boardroom | Spring 2016

last November. That guidance included a half dozen climate-related indicators for companies to report on, including Scope 1 and 2 emissions and 33 indicators in total on environmental and social matters. A 2016 report by the Climate Disclosure Standards Board (CDSB), done in partnership with the OECD, noted that the recent Paris climate accord (forged by 196 countries), added to escalating climate risks, has led to the increasing introduction of mandatory corporate reporting schemes across the world. Their findings indicate that, while there is “no universally agreed definition of corporate climate change-related information” and, therefore, a great need for harmonisation of climate reporting, 15 of the G20 countries now have mandatory reporting schemes for climate change disclosures and nine schemes encourage reporting of information other than emissions data, such as risks and strategies. Hopefully, the industry-led FSB Task Force will figure the harmonisation piece out. Stock exchanges and regulators will then be critical to making all of this data comparable and accessible in (mandatory) corporate reports. As CDSB’s founding director Lois Guthrie puts it: “If climate change is a mainstream risk to financial stability, then it should be reported through mainstream filings just like equivalent risks.” Well said.

Companies need to step up and help shape reporting standards As someone that has assisted investors to engage with stock exchanges for the past five years and with companies for more than a decade, a question I often ask here is, “Where are companies in this debate and what are their views?” Behind the scenes, we hear from large institutional investors that companies would welcome having mandatory reporting regimes, but they don’t want to stick their necks out and ask for it. This has to change. Many are schooled to oppose all regulations outright. Many are even nervous pushing back on investors, ESG raters and data providers with their own views of what is important to report, or where ESG reporting should be headed. In the absence of corporate leadership, the train has left the station without them. It is critical that regulators and stock exchanges spend more time bringing investors and companies together to solicit their views so that mandatory reporting can work for all of us. Companies can be a mighty source of support to get things done on ESG disclosure when they want to be. But they need to speak up to do so. In the meantime, the train is heading to Mandatory-ville – with or without certain passengers. No doubt, sustainability disclosure will be a key foundation of the 21st century economy. If green finance, climate solutions and a more stable, sustainable economy are to be achieved, robust, comprehensive, mandatory ESG disclosure will be critical.

Definitive Expertise in M&A Communications. Ranked number 1 by deal count in Mergermarket’s league table for communications advice on M&A transactions in Europe and the UK.

Our role in mergers and acquisitions (M&A) is clear: provide the very best planning, execution and advice in order to optimise our clients’ M&A strategies. Our offering is unique, bringing together best in class, global financial communication, corporate communication and government affairs capabilities. Where other consultancies may “walk away” following completion, we use the expertise of our consultants to drive value generation through change communications and employee engagement.

John Waples john.waples@fticonsulting.com +44 (0)20 3727 1515

Our M&A track record dates back to 1988 and includes iconic deals such as Vodafone’s historic hostile bid for Mannesmann. In the past two years FTI advised on 6 of the 10 largest contested deals, including Perrigo Company plc in its successful defence against the hostile $36.5bn offer from Mylan N.V., the largest hostile bid in history to reach a shareholder vote. www.fticonsulting.co.uk

Africa | Corporate Governance

Joanne Henstock

Executive Director (Governance and Integrated Reporting), EY South Africa

In Africa, the country governance environment is a significant factor influencing implementation of corporate governance at the company-level

Effective corporate governance in Africa The African Corporate Governance Network (ACGN) is a collaborative network of director membership organisations that promotes effective corporate governance in Africa. 106 Ethical Boardroom | Spring 2016

It has 16 members and seven affiliate members from 16 African countries, representing more than 16,000 senior executives and directors across the continent. The ACGN was formed to develop institutional member capacity for enhancing effective corporate governance practices,

building better organisations and corporate citizens in Africa. It serves as a unique platform for Africaâ&#x20AC;&#x2122;s many Institutes of Directors and Institutes of Corporate Governance to share and compare information and research on the benefits and successes, challenges and impediments,

Corporate Governance | Africa strategies and approaches deployed by country-level institutes in addressing ongoing corporate governance challenges in Africa. The joint ACGN report State of Corporate Governance in Africa: An Overview of 13 Countries developed from research supported by EY contains a baseline study of the corporate governance environment in the following countries:1 Middle east & NortH africa Egypt, Tunisia east africa Kenya, Uganda, Tanzania West africa Ghana, Nigeria soutHerN africa Malawi, Mauritius, Mozambique, South Africa, Zambia, Zimbabwe The countries covered in the research underpinning this report are the current ACGN member body countries as at the date of publication of the report. All are developing economies in the African emerging markets, including Africa’s three largest economies – Nigeria, South Africa and Egypt. The report provides a ready-reference set of case studies for countries seeking to develop their corporate governance systems. Each country chapter contains a high-level summary of the current state of the corporate governance framework, against the background of the country environment and development history. In most instances, corporate governance is a relatively new development and the countries vary significantly as to the stage of development of their corporate governance infrastructure. Evident from the literature surveyed is the growing awareness that sound corporate governance is a prerequisite condition for growing the development of capital markets and access to finance in Africa. In light of the generally favourable economic growth expectations in many African countries, the stage of development of corporate governance is acknowledged as a significant factor in assessing the relative level of development of Africa’s financial markets.

Overview of the research

The 13 countries have markedly different political and economic profiles – a significant factor influencing the corporate governance environment. Both the political environment and the stage of economic development are evidently conditioning factors. In general, countries with more developmentally advanced economies, such as Mauritius and South Africa, show more advanced corporate governance frameworks. Countries with a political environment that emphasises the importance of private sector development and are demonstrating successful implementation of national plans to advance the level of economic development – notably Egypt, Kenya, Mauritius – also show

strong levels of investment in further developing their respective corporate governance frameworks. Philip Armstrong, director of governance at GAVI Alliance, notes in the report’s foreword that: “Africa for the most part continues to be challenged by various structural impediments that constrain its capacity to attract private investment and thereby hinder the necessary incentives to improve corporate governance. One of the profound questions is whether good corporate governance can prevail in an environment of poor public governance. That we have seen the emergence of a number of director institutes across the continent over the past decade or so and the accompanying standards of good practices for businesses in both the private and public sectors often initiated by these institutes, is encouraging notwithstanding such challenges.” The development pathway of each country is quite different, both as to the historical and the present-day context of the country’s corporate governance. The historical background typically reveals the development origins of the country’s corporate governance infrastructure. For example, countries that experienced strong Anglo-Saxon/English law influences show evidence of earlier development of corporate governance infrastructure through earlier adoption of key features of English law, such as English company law (Ghana, Kenya, Zambia, Zimbabwe).

In general, countries with more developmentally advanced economies, such as Mauritius and South Africa, show more advanced corporate governance frameworks Countries with a post-independence history of state-control of the national economy typically display underdeveloped corporate governance systems (Mozambique, Uganda, Tanzania, Tunisia) and need a significant level of investment to fast-track development and implementation of basic levels of corporate governance infrastructure. This is often an area of focus in devoting effort to stimulate economic activity in a typically under developed private sector environment. A number of the countries surveyed have evidently more developed corporate governance frameworks (Egypt, Mauritius, Nigeria, South Africa). Others are developing key corporate governance infrastructure elements off the back of significant international input and support, including from development aid or development finance bodies (Ghana, Kenya, Tunisia, Zambia). A few have a less developed corporate governance infrastructure perhaps in line with perceived lesser priority of corporate

governance in the country’s wider development agenda (Malawi, Tanzania).

Implementation of corporate governance systems and implementation monitoring Evident from this report is that the development of such systems is very much a journey that involves a variety of role players across the spectrum of the political and business environment. In line with international research literature on development of corporate governance systems, the level of political and economic development in each country is a key influencer of the state of corporate governance. A number of key themes emerge from this report.

■ Lack of common understanding of what the concept of corporate governance means, both in the different country settings (where in some cases an emerging Afrocentric concept of corporate governance appears to resonate) and in different sector environments (e.g. public sector v. private sector) ■ The critical and unique roles of both the private-sector and the public-sector institutions and actors in successful development of effective corporate governance frameworks and systems ■ Corporate governance typically demands advanced-order skills and competencies. Quality tertiary and professional education systems and director professionalisation and accreditation programmes administered by Institutes of Directors/ Institutes of Corporate Governance, are important capacity-building institutions. The education and training roles of these bodies are of key importance ■ The pervasive influence of the level of economic development and economic independence at individual country level on the level of sophistication of corporate governance frameworks and systems developed and implemented in country settings ■ The need to ensure availability of capacity and resources to support sustained implementation of policy agendas and work programmes of the key institutions typically needed to co-exist with well-functioning systems of corporate governance. This includes human capital resources and specialised professional associations to support professional skills development (in particular directors, accountants, lawyers and jurists) creating capacity and capability to support robust educational systems to sustain the supply of such resources and capabilities from within the country over time and availability of technological capability to support effective and efficient operations of those institutions and associations Spring 2016 | Ethical Boardroom 107

Africa | Corporate Governance A review of literature on corporate governance implementation pointed to this being among the root causes of weak corporate governance within a country. A frequent observation is that even when soundly designed systems of corporate governance laws and regulations, standards and codes are present, there is oftentimes an observable lack of capability to properly apply and implement them. This is typically a significant impediment across all types of institutions – in both the public and private sectors, in both the regulated communities and the relevant regulators. Further, regulatory institutions may not be sufficiently independent, either of political or government institutions or of their regulated communities, to discharge their regulatory responsibility in a manner that engenders public confidence in those institutions to execute their regulatory mandates effectively and efficiently.

What factors are influential in advancing development of corporate governance in Africa?

There is a range of influences at work shaping the development of corporate governance across these 13 countries. At the level of the political economy all the countries covered have experienced or are experiencing, to a greater or lesser extent, a focus on the need to give attention to their country governance systems and practices as part of advancing their economic growth potential. Coupled with this is a focus on the need to invest in sound corporate governance infrastructure as part of developing or promoting sound financial systems to attract foreign investment and/or infrastructure to support the development of capital markets in the region and promoting investor confidence. Egypt, Kenya and Tunisia feature prominently among the countries that show leading initiatives in this space. The role and contribution of development finance and development aid bodies cannot be under-estimated. These role-players actively foster improvements in the country level governance environment. Countries with high levels of public debt (Ghana, Malawi, Uganda) are significantly influenced by incentives set out in development targets and plans contained in international funders’ country strategies established to assist their progress in economic development. These typically include measures aimed at delivering improvements in both the country governance environment and, in some cases, to corporate governance systems in order to strengthen the role of the private sector in stimulating economic activity supporting economic growth. Key considerations are often in the sphere of addressing the challenges inherent in the typically large informal economies present in many under developed economies, where the overwhelming perception is that there is no 108 Ethical Boardroom | Spring 2016

role for corporate governance in promoting effective implementation of anti-corruption strategies to reduce the impact of economic distortions which perpetuate conditions of economic under development and discourage the participation of foreign investment. Especially relevant are the various international indices and the voluntary country-level assessment programmes that shine a light on areas of both country-level governance and corporate governance systems. The African Union’s Africa Peer Review Mechanism (APRM) is a significant initiative that has given impetus to development of corporate governance systems in the African environment. A key contribution of application of the open and transparent APRM assessment process is that it specifically addresses corporate governance as one of the key pillars needed to foster sound economic development. Ten of the 13 countries covered in this research have undergone the APRM review. Similarly, the World Bank’s assessments of adherence of key standards and codes through publication of its country-level Reports on

promote economic development, including fostering sound corporate governance systems to promote investment activity. Finally, collaborative effort between regulatory institutions and private sector bodies is a key ingredient for success. Implementation of corporate governance systems requires significant buy-in from the private sector. Corporate governance systems work best therefore when, rather than being imposed through regulation, they are the product of constructive dialogue and use of an approach that maximises the participation of the private sector. In this context Institutes of Directors and other commercial advocacy bodies play a critical role, both in advocating this approach and also supporting implementation of corporate governance laws and regulations, standards and codes.

Conclusions

The account of how corporate governance has developed to date and continues to develop in these countries shows a great deal of encouraging activity in their unique journeys. strateGY deVeloPMeNt There is an encouraging progress in developing governance frameworks

Standards and Codes (ROSC) encourage development of corporate governance systems to achieve alignment with the OECD Corporate Governance Principles and development of financial, accounting and auditing infrastructure to support sound financial systems. All the countries covered in this research have undergone ROSC reviews, with six having undergone ROSC reviews for corporate governance. An important role is also played by international rankings that shine a light on factors that influence economic development, including the Transparency International’s Corruption Perceptions Index, the World Economic Forum’s Global Competitiveness Index and the World Bank’s Doing Business Surveys are increasingly important. These indices track a country’s level of responsiveness and efforts applied to influence factors that

Key learnings are that while development is taking place at different paces between them, an accelerated level of development can be achieved by leveraging knowledge gained from implementation experiences of those countries with more advanced or well-established systems. Further, with significant levels of international support and resources available to assist the process, every country should endeavour to leverage those resources in tandem with further advancing their economic development objectives. Encouraging private sector leadership and involvement in development of corporate governance systems is a further critical success factor. Available on the African Corporate Governance Website: http://www.afcgn.org/acgn-corporategovernance-report-2016/

Good governance is our anchor for sustainable business growth Vodacom is honoured to be the recipient of the Best Corporate Governance Award for the Telecoms sector in Africa.

Vodacom Power to you

Risk Management | Compliance

Dennis Haist

General Counsel and Compliance Advisor for Steele CIS

What constitutes a risk-based approach? Lessons in third-party compliance to meet bribery and corruption clampdowns Does your current or proposed third-party compliance programme meet regulatory expectations? Would US and overseas regulators agree? How can you be sure?

The rise of new anti-bribery and anticorruption (ABAC) laws and the enforcement of those laws around the world have increased the scope of corporate compliance department responsibilities. A major element of any corporate ABAC programme involves the performance of due diligence on third-party intermediaries. And, for good reason. Regulators routinely uncover evidence that a corrupt act was committed by an intermediary acting on the company’s behalf, both with and without the company’s knowledge. Performing risk-based due diligence on intermediaries has become a critical practice for companies to confidently mitigate third-party risks. Assigning the appropriate level of due diligence for the company’s third parties requires assessing risks objectively and systematically. In order to build a credible and practical risk model, company executives must understand how the company operates across its business units, regions and subsidiaries. While debate remains around how much due diligence to conduct and how often, there is no debate as to the necessity of conducting risk-based third-party due diligence. That leaves compliance professionals in a precarious position. Despite the fact that there is consensus in the market that a risk-based approach represents a best practice, there is clearly confusion as to what constitutes a risk-based approach. A company and its officers cannot choose to abstain from performing third-party diligence, either. The era of turning a blind eye is behind us. In fact, there have been several

110 Ethical Boardroom | Spring 2016

instances in which individuals and companies have been prosecuted and convicted where actual knowledge of payments was not present but would have been, had sufficient due diligence been performed. Building a credible ABAC programme is paramount in protecting corporate reputation and assets, shielding executives and management from personal liability and providing significant competitive advantage in a challenging global business environment.

Companies face many hurdles in their race to implement risk-based due diligence

Despite the significant risks posed to companies by intermediary relationships and the need for risk-based due diligence, business and compliance leaders often struggle to adopt even the most basic controls to effectively on-board third parties and manage and monitor risk.

A well-structured risk model will improve the quality of data, reduce due diligence costs and strengthen the credibility There is a simple reason for their inaction: the complexity of creating or redesigning a compliance programme so that it can effectively vet third-party relationships can be overwhelming. Adding to the complexity and causing confusion is the widespread misinformation and misuse of terminology regarding regulatory expectations. One extreme argues that a cursory approach, such as a database check applied to all third parties, is all that is necessary, while the other extreme argues the need to invest in robust, proactive countermeasures.

One clearly accepted standard is that risk-based third-party due diligence and ongoing monitoring are critical elements of any ABAC compliance programme. This in itself is overwhelming because of the sheer volume of third parties that most large US companies engage.

How companies benefit from risk-based due diligence Corporate compliance professionals often believe that their companies have well-designed compliance structures for monitoring risk and enforcing ethical behaviour within their organisations. But the truth is that most are struggling with the best way to expand and design programmes that truly identify and manage risk with business partners and intermediaries. A risk-based approach is a methodical and systematic process of knowing the company’s business, identifying its risks and implementing best-practice measures that mitigate those risks. Recognising and being able to articulate the value and purpose of a risk-based approach to managing third-party due diligence is an important step in building credibility in the compliance programme.

Building the foundation: ensuring stakeholder support and alignment

The process of creating a sustainable risk-based ABAC programme involves several steps. The first is to identify the right stakeholders to participate in the development and rollout of the programme. This must include key business leaders,

Compliance | Risk Management

the general counsel, compliance officer and likely member(s) of internal audit, procurement and IT. Importantly, without involvement from the sales and business development teams, the process will be flawed from the start. After all, the business development team knows the business process with which the compliance process will need to integrate. Forgo input from the business about how they onboard third parties and there is significant risk of implementing a compliance programme that is overly complicated and impractical, which could adversely impact the health of the business. The compliance manager and those responsible for implementing the programme must know the business before they can understand the company’s risks. Before any assessment of third parties can be conducted, it is critical to understand exactly how the business functions in all of the markets and jurisdictions in which it operates. This requires one or more senior managers to visit various operating locations to understand their sales processes and how they conduct business in each region. How are people conducting themselves in the regional offices? Do practices vary by business line or business unit? What cultural or social norms are influencing the conduct of business? These questions are best answered by in-person interaction and observation.

The variances in these business practices inherently create legal exposure if not properly controlled. By understanding the business process, compliance managers will better understand the complexity and severity of the company’s risks. Moreover, by understanding those risks, they can then make more informed decisions about the resources and framework that need to be deployed in order to mitigate exposure. With this information in hand, companies can form the framework of their third-party risk model. A well-structured risk model will improve the quality of data, reduce due diligence costs and strengthen the credibility of an organisation’s programme in the eyes of regulators.

A step-by-step approach to implementing risk-based compliance

With more than 26 years of experience, STEELE CIS specialises in helping multinationals deploy credible and defencible compliance programmes designed to withstand

regulatory scrutiny. Our practical expertise in developing risk-based due diligence programmes for Fortune 1000 companies in more than 190 countries allows our clients to breathe easier knowing that we’ve helped guide their third-party compliance efforts. From our experience, implementing a risk-based approach to third-party due diligence generally involves the following steps:

Develop a risk inventory Aggregate third-party data that the company has relationships with across all IT systems. Normalise the data and cleanse it for duplicates and errors, then determine the type and purpose of the relationship. There will likely be many more third parties than originally estimated. Examine ERP and CRM systems, accounts payable records, point-of-sale data, business reviews and any other source that may reveal use of an intermediary. This process must be as robust as possible, automated and run continuously to capture and include newly added third-party relationships. COMPLIANCE A risk-based approach loads the dice in your favour

Spring 2016 | Ethical Boardroom 111

Risk Management | Compliance

an initial risk assessment 2 Perform and create third-party risk profiles

Determine the general risks that may be posed by the intermediary. Is it in a country known to be a high risk for corruption? How much business does it do with the company? What percentage of the intermediary’s business depends on your business? What is the compensation structure? Does it interact with government officials? How much control do you have over the third party? There are approximately two dozen common risk factors that most companies will consider for inclusion in their risk calculation, but the key is to select only those risk factors that are consistently captured or carried out in the company’s business process, since including a risk factor that is only relevant some of the time can skew the risk score calculation. Based on the risk calculation, third parties should be associated with a risk profile and tier that has a prescribed scope of due diligence. Also during this process, applicable contract documents can be checked to ensure that they contain ABAC representations and warranties and audit rights. If the on-boarding process for third parties includes completion of a due diligence questionnaire, answers to certain questions can factor into the risk associated with the third party.

Conduct investigative due diligence Address those third parties in the high-risk category first. This is where most resources should be spent. Those in the low-risk category can be assessed later in the process. Allocating resources in this manner will ensure the most efficient use of time and money and, based on our

112 Ethical Boardroom | Spring 2016

knowledge and experience, will be viewed favourably by the US Department of Justice and the Securities and Exchange Commission. When conducting due diligence on a third-party intermediary, there are several considerations that should be addressed: the nature of the services being delivered; shareholder and management identification; relationships with government officials; the intermediary’s use of third parties; historical compliance issues; conflicts of interest; and

A robust compliance programme can protect corporate reputation and assets, shield board members and management from personal liability and provide competitive advantage the third party’s internal control structures. There are many issues that are specific to each company; therefore, it is not possible to follow a prescribed formula, but these considerations can be used as a basis. red flags 4 Resolve Address red flags or deficiencies identified

during the due diligence phase. In some extreme cases, it will be more efficient to sever ties and walk away, but often it is possible to remedy issues with the third party by providing training, contract revisions and other steps. A robust and auditable investigation conducted in line with the company’s anti-corruption policy is required to ensure a credible and defensible programme.

to ongoing monitoring 5 Commit Depending on the nature of the

relationship and the level of risk, it will be necessary to monitor and re-evaluate existing third parties on a regular basis. Expect that risk profiles will change as some lower-risk third parties may become higher risk in the future, while high-risk third parties must be reviewed frequently to ensure compliance with established terms and conditions.

Risk-based due diligence: no longer optional, but there’s help at hand

Corporations that implement effective risk-based third-party due diligence programmes are demonstrating to regulators that they are serious about tackling corruption. With energetic enforcement by regulatory agencies around the globe expected to continue to increase, the risk to companies, executives and boards of directors continues to rise. Possessing a robust compliance programme can protect corporate reputation and assets, shield executives, board members and other management from personal liability and provide significant competitive advantage in a challenging global business environment. While it is important to follow the structure of a programme as outlined here, each company has a different appetite for risk based on its industry, size and the countries in which it operates. Therefore, no two compliance and risk models will be identical. STEELE’s compliance professionals understand that there must be a degree of customisation and flexibility to ensure that a risk-based compliance programme fits a company’s culture, risk appetite and budget.

One Sansome Street,Suite 3500 San Francisco, California 94104, USA

Board surveys around the world indicate growing dissatisfaction with traditional internal audit and ERM methods and tools. Find out why boards arenâ&#x20AC;&#x2122;t getting what they need and what to do about it. www.riskoversightsolutions.com

A better response to risk

Risk Management | Third-party Risk

Creating a culture of

alexandra Wrage

Founder and President at TRACE International Inc

compliance When it comes to anti-bribery compliance in international trade, third-party risk is a given – specifically, that is, the risk that arises when a company retains intermediaries to assist it with business development and operations abroad.

Implementing a cohesive third-party risk strategy is essential for avoiding financial and reputational damage

Intermediaries can perform crucial functions for companies seeking to expand their presence worldwide: opening local markets to a company’s products, providing easy access to decision-makers and identifying new opportunities and market trends. At the same time, third-party intermediaries are by definition not under the company’s absolute control. While a company may try to ensure that its intermediaries perform their work honestly and in line with the company’s values, circumstances can easily push in the other direction. Intermediaries often find themselves under

extraordinary pressure to ‘do what it takes’ to close a deal or expedite a project, compliance and corporate ethics notwithstanding. That’s the ever-present danger. What makes it a true corporate risk is the fact that under most anti-bribery laws, including the US Foreign Corrupt Practices Act (FCPA) and the UK Bribery Act (UKBA), a company on whose behalf an intermediary pays or offers to pay a bribe can itself be held liable for the infraction – whether or not the company authorised the bribe, or even if the company wasn’t aware of it. The fines for such infractions can be enormous,

114 Ethical Boardroom | Spring 2016

reaching into hundreds of millions of dollars. On top of that prospect, one can add the cost of internal inquiries, cooperation with government investigations and potential harm to the company’s reputation. Not to mention the ethical and societal costs of participating in and tolerating a culture of bribery. To an extent these risks are unavoidable. No company can completely dictate the behaviour of its own employees, let alone third-party intermediaries. And although precautions can be taken, there are practical limits to the amount of diligence a company can undertake, particularly when dealing with multiple intermediaries in various markets worldwide. But even in the face of such limits, there are steps companies can take to reduce their exposure to financial and reputational damage and to maintain and promote ethical standards. By so doing, companies can have a very real impact on international business norms. Doing so effectively requires attention to three

Third-party Risk | Risk Management interrelated considerations – strategy, implementation and cohesiveness.

Addressing third-party risk strategically

Strategy, in this case, is the art of making the most out of limited resources. As every businessperson knows, your company can’t be everywhere at once and it can’t take on every opportunity with the same degree of attention. Risk management is no different. You need to focus your resources and you need to have a reasoned basis for doing so. Without a strategy, you may find yourself dealing with problems reactively and haphazardly. And if improper actions by one of your intermediaries comes to the attention of the authorities, you make have difficulty defending yourself against liability. At TRACE, we recommend a multi-tiered approach, under which intermediaries and potential intermediaries are divided into three to five separate risk-level groups. Each group is subject to a minimum level of scrutiny, but more costly and intrusive forms of due diligence are brought to bear where circumstances indicate a higher likelihood of non-compliant behaviour. A number of factors should be considered in determining the compliance risk posed by a given intermediary. For example, what is the intermediary being retained to do? How challenging is the market in which they’ll operate? How much contact will the intermediary have with government officials? How much will the intermediary be paid, and how? Will it be a flat hourly or monthly fee,

or will the intermediary be compensated on a purely contingent basis? Is the intermediary an individual, a closely-held company, or a publicly-traded corporation? If a publiclytraded company, does it trade on a recognised stock exchange? Has the intermediary represented your company in other countries? How much compensation has the intermediary received from you for its work in those countries? If promoting a highly technical product, does the intermediary have the

Even where the risk is determined to be relatively low, there is a significant amount of information that should be obtained and verified relevant technical training? How much business does the company do in the territory in which the intermediary operates? Does the intermediary have exclusive rights to market the company’s products in that territory? If the company is pursuing a government contract or concession in the intermediary’s territory, what is the value of that contract or concession? These and other factors can help your company determine the level of risk presented by an intermediary. Depending on that determination, differing degrees of background scrutiny will be appropriate. Even where the risk is determined to be relatively low, there is a significant amount of information that should be obtained and verified, including contact

information, the organisational structure and ownership of a corporate intermediary, information about the intermediary’s employees, relevant reputational references, disclosures regarding past or pending investigations and convictions and certifications regarding the intermediary’s financial stability and accounting practices. Where the risk is more pronounced, the level of detail should be more searching as well, with additional information concerning corporate structure and registration, individuals’ biographies, the potential involvement of other third parties and possible conflicts of interest. At the highest levels of risk, the inquiry may extend to in-person interviews, an interview with the relevant embassy, a review of the intermediary’s financial statements and records, and a more comprehensive account of how the intermediary will interact with government officials.

Implementing your risk strategy effectively

A strategy is only as good as its implementation. Regardless of how your company plans to allocate its resources to select and scrutinise third-party intermediaries, it needs to carry out that plan thoroughly, methodically and consistently across your third-party community, with appropriate documentation at every stage. This will allow you not only to be certain you are doing everything you reasonably can to ensure compliance, but also to defend your approach before the enforcement authorities if something goes wrong.

pRoTecT YoUR BUSineSS Third-party relationships can present unexpected risks and expose weaknesses

Spring 2016 | Ethical Boardroom 115

Risk Management | Third-party Risk The process begins with the initial selection. You need to make sure that there is an adequate business justification for the choice of a particular intermediary and that the reasoning behind that decision is documented. Were alternative candidates considered? Are there employees in-country who could fulfil the same role? Does the proposed intermediary possess the requisite expertise and resources to carry out the task? Considering and memorialising these factors at the outset will go a long way towards ensuring not only that you’re making the right decision from a business perspective, but that your expectations are clear that the intermediary’s role is a legitimate one. When a potential intermediary has been identified, it is time to implement your risk-based strategy for vetting that intermediary. The level of apparent risk needs to be determined and the relevant information needs to be gathered. Depending on the risk level, that information can be verified and other information reviewed at various levels of intensity. References should be consulted about the intermediary’s effectiveness, reputation, government relations and business ethics. A media search should be undertaken to determine whether the proposed intermediary has been involved in any high-profile investigations or charges. Government databases should be reviewed to ensure that neither the intermediary nor any of its owners, partners or key employees has been flagged for violation of any relevant laws or

A clearly defined and consistently implemented strategy, functioning in and arising out of a culture of compliance, not only reduces the likelihood of non-compliant activity, but also serves as a clear signal of what your company will and will not accept regulations. These types of investigation can be conducted at varying depths, and it is appropriate to tailor your investigation to the determined level of risk for a given intermediary in a given situation. Where your initial investigation uncovers something of concern, the level of risk increases, and additional inquiry will be required. Your implementation efforts won’t end once the intermediary has been selected and vetted. To the extent you have retained the intermediary to assist your company in a new territory or market, you will probably not be in a position to provide day-to-day oversight of the intermediary’s activities. Nevertheless, you will want to make sure that adequate structures are in place within 116 Ethical Boardroom | Spring 2016

KeepinG SaFe A clear strategy limits the risk of non-compliance

your organisation to ensure a proper measure of accountability. To whom does the intermediary report? Is that person aware of the bribery risks that may exist in territory in which the intermediary is operating and the particular pressures the intermediary might face in connection with a given project? Does that person have the incentive and the ability within the organisation to sound the alert when it appears that the intermediary may be acting improperly? Does your company’s compliance team have sufficient independence and authority to follow up on reports of possibly improper activity? Do your intermediaries and those who oversee their work receive regular training concerning applicable anti-bribery laws and your company’s anti-bribery policies and expectations? Your initial risk assessment can help you determine the appropriate level of ongoing instruction and oversight, but it is critical that you and your company be attuned to the risks inherent in third-party activity, and that your internal compliance mechanisms are calibrated accordingly.

The cohesiveness of your strategy

In one sense, the idea of cohesiveness represents an internal aspect of your risk-management strategy. You want that strategy and its implementation to have a principled basis – one that you can articulate and that you have documented. If compliance issues do arise with a third-party intermediary, you want to know, and to be able to demonstrate, that you have acted proactively and reasonably to guard against such an occurrence, and you want to be able to defend your course of action before governmental authorities. In another sense, though, to say that your strategy is cohesive is to say that it coheres

with and is an expression of your company’s values and ethics. Although we discussed the idea of risk in terms of potential corporate liability, a truly cohesive third-party risk strategy isn’t designed merely to guard against financial exposure. All of the vetting and training your company can provide will be of limited use if there isn’t a clear message from the top of the organisation, through middle management and out to the field that corruption is unacceptable and will not be tolerated. Your company must make it clear that you will walk away from business rather than engage in bribery directly or through third parties. Both your company and its intermediaries need to understand that those who are retained to further the company’s work abroad are not just opening up business opportunities, but are also representing to the world what the company stands for. Cohesiveness also requires consistency. A clearly defined and consistently implemented strategy, functioning in and arising out of a culture of compliance, not only reduces the likelihood of non-compliant activity, but also serves as a clear signal of what your company will and will not accept. This includes not only government regulators at home and abroad, but also the intermediaries themselves, who are more likely to understand your expectations and to accept the inconveniences inherent in the vetting process. In addition, the consistency of that signal can make it easier for your intermediaries to stand firm in the face of foreign officials’ solicitations, knowing that they will have the company’s full support, both in spirit and in practice. Ultimately, through its implementation of a cohesive third-party risk strategy, your company’s expansion efforts can contribute to the long-term goal of fostering a global culture of compliance.

Under pressure to get more visibility on third parties? Need to prioritise protecting you reputation? Struggling with AML, bribery and related regulations?

Our extensive company data, corporate ownership structures and adverse data deliver fast insight on

Risk Management | Cyber Resilience

Emilian Papadopoulos & Evan Sills

Emilian is President and Evan is an Associate, Good Harbor Security Risk Management

Building a cyber resilient organisation The best preparation for a cyberattack is to identify and mitigate worst-case scenarios Every organisation faces distinct cyber risks. While many of these risks are mere nuisances, some can cause existential consequences. These are the risks leaders must worry about as they strive to build a cyber resilient organisation.

To do these things, a cyber resilient organisation must develop a whole-ofenterprise strategy that combines technology, policies and business priorities and uses the skills of everyone in the organisation. In cyber resilient organisations, boards of directors are part of the risk tolerance discussion, helping leadership think about which risks should be avoided, mitigated and accepted. Resilience is a concept that is increasingly These risks are unique to each organisation, acknowledged as a trait of the most depending on its core business, governance, sophisticated organisations. To be resilient technologies, relationships, geography and any over time, an organisation must accept that number of other factors. Posed as a question, in the current cyberthreat environment, bad executive teams and boards of directors things will happen and consequences must be must ask: “What makes my company tick?” mitigated; to do this, particularly in the face and “What is the worst thing that could of changing threats and attack techniques, happen to disrupt my organisations must adapt. organisation in a material, The NIST Cybersecurity To be resilient existential way?” Framework, which has been To survive potentially adopted by many companies over time, an existential attacks, leaders of and state governments organisation governments, corporations alike to manage cyber risk, must accept that calls the most advanced and non-profits alike must overcome significant organisations ‘adaptive’. This in the current challenges. As threats evolve, means not that they are able cyberthreat they must appreciate how the to prevent every cyberattack, threat landscape relates to but that they can take their environment, their organisations and their existing knowledge and bad things will critical assets and processes. readiness and apply it to a They must implement policies new situation quickly, before happen and and technologies that can significant harm is caused. consequences keep up with these evolving To build such an must be threats. And they must organisation, C-suites can assemble a team for rapid undertake a series of actions mitigated response to a cyber crisis, that will demonstrate the which is challenging because importance of cybersecurity it requires collaboration among C-suite leaders within their organisation and prepare and with forensic teams, law firms, public themselves for cyber incidents. This article will relations firms and security advisors that are discuss key actions that leaders can take (and retained individually but must work together. boards can oversee) that will help identify and 118 Ethical Boardroom | Spring 2016

mitigate worst-case scenarios and build resilient organisations.

Know thyself

Most leadership teams spend their cyber risk discussions asking good questions about programme implementation, compliance and best practices, but they often do not start with the solid foundation of a discussion about their company’s distinct risks and risk tolerance. As a result, they wrestle with a lack of clarity regarding the crown jewels that require prioritised protection within the organisation and resources do not get directed towards mitigating the greatest risks. Beginning a risk discovery process that starts at the C-suite and involves the board is crucial to understanding the worst-case scenarios that should be the focus of attention and resources. The process of discovering a company’s worst -case scenarios should involve participation from across the organisation. Every department should contribute to understanding the risks present in its activities. The company’s crown jewels may be its people (human resources) or intellectual property (research & development) and its worst-case scenarios may come from its supply chain (procurement) or lawsuits (legal) or reputational damage (communications). Further, involving every department in risk discovery will prime departments to help prepare and respond to incidents. Human resources must help build a cybersecurity culture. The general counsel must analyse insurance policies to ensure coverage of cyber incidents in GCL or cyber policies. These are just a few examples. Part of ‘knowing thyself’ is ensuring that the right resources are available to support the

Cyber Resilience | Risk Management

DEFENCE AND PREVENTION The emphasis should be on prepared resilience

organisation in the event of a cyber incident. In some cases, such as public relations firms and outside counsel, an existing provider may be sufficient if they also possess expert knowledge on crisis management and cybersecurity. In other cases, such as a forensics firm and expert advisors for the CEO and board, these groups may need to be retained specifically for the purpose of responding to cybersecurity incidents. Having these groups signed up with contract details sorted out in advance costs little and is essential to responding quickly to an incident and mitigating damage quickly. Planning ahead in this manner builds resilience by preparing an organisation for the day when a cyber incident occurs.

Put it on paper — carefully

Often the harm from a cyber incident comes not because of the hack itself but because the organisation cannot demonstrate that it had taken cybersecurity and its responsibility to protect data and systems seriously, calling into question the C-suite’s and board’s risk

management and oversight. Appropriate documentation can reduce these risks. Organisations dread lengthy, detailed policies that sit on the shelf, collecting dust – and rightly so. However, careful documentation of risk management processes and decisions and of IT security policies, training and technologies helps mitigate the legal and reputational consequences of an incident. Documentation should be iterative and updated frequently and should cover a range of topics: the risk discovery and identification process, including information gathered and decisions made; documentation owned by IT, such as processes for change management (i.e. documenting and approving changes to hardware and software), inventory lists and defensive technology plans; and, documentation owned or shared by other departments, whether IT security policies for employees decisions about cyber insurance policies, IT security requirements for vendors and more. A dynamic understanding and documentation of these topics fosters a sophisticated understanding of the

organisation’s risk profile and risk management and it also involves many executives and employees, helping to create a cybersecurity culture that makes the organisation more resilient. Further, compiling this information will make it easier to respond to information requests from auditors, regulators, customers and clients. As third-party risk management, supply chain risk management and regulatory oversight become more invasive, organisations spend increasing amounts of time answering document and data requests regarding the security of their systems and networks. This creates the risk of ‘death by audit’ and having this information readily available can speed up the process of response. Responding to external requests also risks distracting an organisation, leading it to focus on compliance with regulators or customers rather than managing its own risks and this makes it less resilient in the face of its distinct worst-case scenarios. Getting third-party responses under control allows organisations to focus on their own risks and resilience. Of course, documentation also creates risks, so it should be done carefully and in coordination with counsel. Spring 2016 | Ethical Boardroom 119

Risk Management | Cyber Resilience

Practise, practise, practise

No leadership team wants their first cyber crisis to be a real one, with real consequences on the line. Instead, they should conduct exercises and simulations, just like militaries, and the most sophisticated companies do, to strengthen the organisation’s response muscles, identify areas of tension and familiarise individuals with their roles and responsibilities. Before actually running exercises, careful preparation is required. Ideally, the organisation will first develop incident response plans that are tailored to its identified worst-case scenarios, including details on resources, who to notify about certain incidents and how to escalate different situations. The plan may not address every possible scenario, but resilient organisations are able to adapt existing plans to new situations. Exercises should closely resemble an actual crisis, particularly in terms of who is participating. If the CEO is going to be involved in a real crisis, which is likely if it is a worst-case scenario, she should be involved in the simulation. If the organisation retained a forensics firm to respond to a real incident, a representative from the forensics firm should participate. Similarly for an executive table-top exercise, if members of the C-suite are going to have external advisors, they should be available to give advice. Exercises are also an opportunity to identify and clarify the role the board of directors may play during a cyber incident. During incidents, directors are understandably concerned and desirous of updates, but they should not interfere or distract leaders from executing their response. Identifying a single director to liaise with the executive team, particularly if the person has some technology experience, can smooth communication lines and reduce unnecessary stress during a crisis. Exercises should conclude with a ‘hotwash’ debrief right after the exercise and after-action reports that draw out lessons learned and help track improvements, fostering the continuous improvement that makes an organisation resilient long-term.

BE PREPARED Businesses need a united approach from cyber threats 120 Ethical Boardroom | Spring 2016

Organisations can also learn from real incidents, not just simulations. Many cyber incidents are minor and cause no damage but can still be valuable learning tools, as large incidents can be. Organisations should debrief and harness lessons learned from minor as well as significant incidents.

Don’t do it alone

Resilient organisations constantly learn and benefit from the experiences and resources of other organisations and incorporating that knowledge into their cyber incident response capabilities. From small, internal incidents to big, public data breaches in unrelated industries, there are many lessons to be learned. Executive teams and boards can educate themselves in two primary ways.

Many cyber incidents are minor and cause no damage but can still be valuable learning tools, as large incidents can be Organisations can learn about their own risks and possible incidents from their ecosystem, peers and even incidents in unrelated industries. Many board directors first become involved in cybersecurity because they see a large breach reported on the cover of the Wall Street Journal and ask “Could this happen to us?” The experiences of other organisations, both in terms of their responses as well as the tactics being used by attackers, are valuable information that organisational leaders should be using. Organisations can also benefit from their ecosystem, including third parties, suppliers, customers and peers, as well as cybersecurity experts who benefit from constant learning across industries. Industries as a whole are considering how cyberattacks could affect individual members and how shared suppliers can introduce threats to everyone. One way to manage these risks more efficiently and

cohesively is to take them on at an industry level. Through Information Sharing and Analysis Centers (ISACs), trade associations, or other industry groups, it is possible to develop action plans, distribute best practices and build resilience throughout the industry in dealing with the potentially catastrophic effects of cyberattacks.

Conclusion

Resilient organisations are not invincible and they do not necessarily spend more on cybersecurity than other organisations. They can withstand cyber incidents because they apply risk management principles and continuous improvement to understanding their most significant risks and mitigating them. They understand themselves, including the threat environment around them and their worst-case scenario risks, as well as what resources they have to mitigate risk. They engage leaders to think about technology and how it is transforming their organisation. They treat cyber risk like other risks and incorporate it into risk management practices at the board, C-suite and employee levels. They document appropriately to tell a good story about their approach to securing themselves and making their organisation resilient. They constantly learn from themselves and from peers, partners and even unrelated organisations in other industries. Most consult with and retain external experts who deal with cyber incidents at other organisations frequently, so that when the incident happens to their organisation, or preferably before it happens, they benefit from perspective and insights on ever-changing threats and situations. Finally, they prepare for the worst, planning to recover from cyber crises and practicing how to do so. They have drafted and tested incident response plans at the department, enterprise-wide and industry levels to best understand and mitigate consequences that may stem from a cyber incident. Resilient organisations don’t avoid incidents 100 per cent of the time; they learn to live through them.

Risk Management | Internet of Things

Stephanie Snyder Tomlinson National Cyber Sales Leader at Aon Risk Solutions

IoT and the boardroom

In an Internet of Things world, it is critical to implement effective enterprise cyber risk management Analyst group Gartner predicts that 6.4 billion Internet of Things (IoT) devices – computer devices that are sensor-equipped and designed to collect and transmit data via the Internet – will be in use in 2016, while Cisco predicts that the total number of IoT devices will rise to more than 50 billion by 2020.

As the Internet of Things advances, offering new ways for businesses to create value, we are simultaneously seeing businesses become more vulnerable to an internet-based, organisational attack. The internal silos within businesses are being broken down to allow for greater connectivity and data aggregation and this evolution should not go unnoticed by boards, as it means the exposure to cyber risk now flows through the organisation. As such, it is recommended that boards consider cyber risk from an enterprise perspective, given the potential for a breach to have physical loss implications as well as financial statement impact.

That was then and this is now

Historically, we have seen cyber risk limited to the liability and expenses related to a breach of private information, such as personal information, healthcare information or credit card information. Many view 2014 as the year of the retail breach and 2015 as the year of the healthcare breach. Privacy breaches have proved that there can be significant implications to an organisation’s balance sheet and a potential impact on the board of directors. Several recent breaches have resulted in shareholder derivative actions against the board of directors, alleging a breach of fiduciary duty to the organisation. Even robust network security practices may not offer sufficient protection in these cases. Given the evolving nature of technology, we have started to see network security breaches 122 Ethical Boardroom | Spring 2016

result in business interruption losses. When organisations suffer a network outage, there can be significant expenses in terms of computer forensics and additional costs to keep the organisation operating, as well as the loss of net income. Many of these attacks have also resulted in losses to intangible (data) assets, in which hard drives have been wiped clean of data or employees have been unable to access servers. It was recently reported that an IT specialist is facing sentencing after illegally accessing his former employer’s network and transmitting remote commands to the system that resulted in a disruption to manufacturing operations. It is possible that in 2016 we will see organisations experience physical losses arising from a network security breach, as cyber losses migrate from the intangible world to the physical world. In late 2014, a hack on a German steel mill resulted in massive physical damage, as the malware placed on the network prevented the blast furnace from a normal shut down. In late 2015, a network security breach resulted in a significant power grid disruption in the Ukraine. Taking it one step further, there is

the potential for tangible property damage or bodily injury arising out of the hack of an autonomous or semi-autonomous vehicle, or an implanted healthcare device. From a liability standpoint, there is potential exposure for organisations involved in the design, production, delivery and servicing of the IoT device that allegedly causes economic loss, bodily injury or tangible property damage. And from an organisational expense standpoint, smart offices, factories and computer-based logistics systems face new business interruption risks.

rISky parTnerS: per cenT of neTwork parTnerS by InduSTry Travel

16%

Financial Services

16%

Manufacturing

17%

Transportation & Storage

17%

Hi Tech Healthcare Energy & Utilities Construction & Real Estate Agriculture & Mining Telecommunications

Source: Skyhigh Networks

18% 20% 21% 21% 28% 30%

Internet of Things | Risk Management

It is possible that in 2016 we will see organisations experience physical losses as cyber losses migrate from the intangible to the physical world

Risky partners: storm clouds on the horizon?

Enterprise cyber risk management extends beyond the physical walls of an organisation. Increasing corporate data aggregation will continue to drive engagement with cloud providers as organisations are forced to find more efficient ways to manage their data assets. Some may argue that replacing data centres with cloud providers reduces the overall network security risk while others remain concerned about vendor engagements and the additional potential for breaches via an outsourced network (See Risky Partners graph opposite). According to a report from Skyhigh Networks, the average company connects with 1,555 business partners via the cloud, including suppliers, distributors, vendors and customers. As more organisations engage third party vendors to help them store data – or provide additional data security monitoring protections or breach remediation – consideration should be given not only to contractual protections but also to those vendors’ cybersecurity and level of professional expertise. In December 2015, a lawsuit was filed against a Chicago-based IT security firm, alleging that it mismanaged breach mitigation, potentially resulting in a second breach against the filing organisation.

NetDiligence has reported that in the technology industry, vendor-related breaches doubled from 2014 to 2015.

Cyber risk transfer solutions

With all the cyber risk facing today’s organisations, how should a board address cyber exposures? Cyber insurance is one consideration for boards as they contemplate balance sheet protection against cyber risks. Cyber insurance contemplates the following coverages: Breach event expenses This reimburses the insured’s costs to respond to a data privacy or security incident. Covered expenses can include computer forensics expenses, legal expenses, costs for a public relations firm, consumer notification and consumer credit monitoring services. First party loss n Business interruption: reimburses the insured for actual lost net income caused by a network security failure, as well as associated extra expense n Digital asset protection: reimburses the insured for costs incurred to restore, recollect or recreate intangible, non-physical assets (software or data) that are corrupted, destroyed or deleted due to a network security failure

Cyberextortion Reimburses the insured for expenses incurred in the investigation of a threat and any extortion payments made to prevent or resolve the threat. Liability coverage n Security liability: coverage for defence costs and damages suffered by others resulting from a failure of computer security, including liability caused by theft or disclosure of confidential information, unauthorised access, unauthorised use, denial of service attack or transmission of a computer virus n Privacy liability: coverage for defence costs and damages suffered by others for any failure to protect personally identifiable or confidential third-party corporate information, whether or not due to a failure of network security. Coverage may include unintentional violations of the insured’s privacy policy and actions of rogue employees n Regulatory proceedings: coverage for defence costs for proceedings brought by a governmental agency in connection with a failure to protect private information and/or a failure of network security Spring 2016 | Ethical Boardroom 123

Risk Management | Internet of Things While the above represents the ‘off the shelf’ coverages available in a cyber insurance policy, it is important to note that no cyber insurance policy should be purchased off the shelf. There are more than 60 different cyber insurance carriers, all with different policy terms and conditions. As this insurance has only been available for the last 15 years, it has not yet developed into a mature product. There is a great deal of variation in coverage triggers, definitions and exclusions. As such, it is critical for organisations to engage a knowledgeable insurance broker with specific expertise in cyber insurance, in order to ensure that the policy form is manuscripted to perform as intended. Given the evolving nature of cyber risk exposure, it is important to review all of the organisation’s insurance policies to determine what, if any, coverage is in place to address cyber exposures, including those related to vendor and IoT exposures. While generally cyber insurance policies do not address property damage or bodily injury perils, these coverages may be addressed by an organisation’s property or general/excess liability policies. However, there is a great deal of inconsistency in how property and general/excess liability insurance carriers address (or do not address) losses arising from a network security breach. The insurance industry has yet to provide a comprehensive ‘all-risk’ cyber insurance solution.

Enterprise cyber risk management

Recognising that there is no ‘one size fits all’ solution to cyber risk, it is important to take a holistic look at the cyber risk that flows through an organisation and coordinate among the various stakeholders in senior management, information technology, legal

daTa TranSMISSIon IoT devices could rise to more than 50 billion by 2020

124 Ethical Boardroom | Spring 2016

and human resources. The risk manager effectively serves as a quarterback, aligning the various departments within the organisation to effectively manage cyber risk. Engagement and coordination with cyber risk stakeholders is recommended as follows:

Senior Management

Legal Department

Risk Management

Information Technology

Human Resources Source: AON Plc

n Senior management has a critical understanding of the top risks to the organisation. Coordination with the risk manager is important to help identify which risks are and are not insurable. If such risks are not insurable, then alternative risk solution options may be identified n Information technology has the literal ‘eyes on glass’ to provide insight into incidents or ‘near misses’ and the evolving nature of cyber risk relative to the organisation n The legal department has the perspective to understand and craft appropriate protections in contracts with customers and vendors. Key questions to be asked are: What risk is your company assuming? What insurance are you required to maintain?

What insurance are you requiring vendors to maintain? n Human resources is an often forgotten stakeholder in the enterprise cyber risk equation. According to a 2015 study by NetDiligence, about 30 per cent of the total respondents attributed cyberloss events to employees. The human resources department has the ability to implement appropriate employee training to mitigate potential breaches via stolen credentials or social engineering Effective cyber risk management is the result of having the appropriate people, tools and processes in place. It consists of knowing who is doing what and when and practicing and communicating that process. If history has taught us nothing else, it is that even robust network security may contain vulnerabilities and that when thinking about a network security breach, it is not to consider ‘if’, but rather ‘when’. If one assumes that the abstract “widget” of 2016 is an IoT device, consider the following cyber risk exposures: n The widget company uses a cloud provider to store all of its data and outsources portions of its IT security to a third-party vendor n The widget company handles all of its own manufacturing in-house, in a state-of-the-art system with connectivity between information technology and operational technology. There are public internet ingress and egress points to the network and vendors have an interface to connect to the IT system n The widget company has an ecommerce site on which customers may purchase widgets with a credit card. It also has a widget loyalty programme with more than two million members n The widget company has more than 100,000 current employees and keeps records on past employees for several years, as per its record retention policy n As the widget company is publicly-traded in the US, it must disclose to shareholders how it handles cyber risk in its SEC 10-K filing, including whether or not it transfers cyber risk via insurance This likely describes a situation in which a large number of corporations find themselves. It is critical to identify and address cyber risk exposure through an enterprise risk lens, by leveraging risk solutions, engaging the appropriate stakeholders within the organisation and enacting a process to prepare for the inevitable. While cyber risk continues to morph and change, it is incumbent upon corporate boards to try to protect the organisation’s balance sheet from exposure to loss through effective and strategic enterprise cyber risk management.

“Essential reading for boards who want to stay ahead of the governance curve”

KEEping iT ABovE BoArd

Coming soon: The Ethical Boardroom App will be available to download in 2016

Risk Management | Corporate Defence

Bulletproof your defence The role of the board in delivering a robust corporate defence programme 21st century stakeholders have an expectation that their organisations will be capable of delivering long-term stakeholder value.

However, less than two decades into this century many stakeholder groups have already borne witness to a litany of corporate failures, incidents and scandals (Lehman Brothers, BP Deepwater Horizon and Volkswagen, etc), resulting in the reduction or destruction of their stakeholder value. Post-mortem investigations into the causes of corporate failures typically identify deficiencies and weaknesses in the corporate defence programme of the organisation(s) concerned. As a result, many stakeholder groups are now questioning the adequacy of their organisations’ efforts to adequately preserve, safeguard and defend their stakeholder value. Consequently, 21st century stakeholders are now increasingly placing pressure on the boards of their organisations to focus on such obligations.

Scrutiny of corporate strategy and boardroom performance

Corporate strategy is generally regarded as the roadmap to be followed by an organisation and can impact on its corporate culture and behaviour. In formulating strategy, due consideration should be given to matching the organisation’s strategic activities to the organisation’s environment, its available resources (e.g. people, processes and technology) and the extent of its capabilities. Board members are expected to bring considerable professional experience and diversified business insight in this regard. Their sound judgement, specialist knowledge and leadership qualities are expected to be of particular benefit when deciding on the organisation’s strategic roadmap and on delivering value to their stakeholders over the short, medium and long term. The promise of delivering sustainable value is expected to be an integral part of any corporate strategy. Stakeholder groups are now increasingly making their board members aware of their value expectations and are subjecting their boardrooms to a higher level of scrutiny in terms of their performance in meeting these expectations. This scrutiny includes a focus on their board’s obligations in relation to matters, such as corporate governance, risk management and compliance. Such scrutiny also coincides with increased demands for higher standards of boardroom behaviour, in terms of integrity, ethics and accountability. 126 Ethical Boardroom | Spring 2016

Sean Lyons

Principal at R.I.S.C. International, Ireland Increasing pressure on boardrooms in the form of proxy advisor demands and pressure from stakeholder activist groups has also prompted a rigorous search for an improved approach to corporate strategy, one which is intent on helping organisations to foster an era of sustainability.

Value creation and corporate strategy

Traditionally, the concept of value creation has been at the very heart of strategy formulation and, as such, an organisation’s strategy generally includes how the organisation intends to create value for its stakeholders. Typically, organisations face the dual challenge of creating value on an ongoing basis while simultaneously ensuring that they can also preserve the value that is being created. Therefore, a focus on value creation alone is not considered to be sufficient, it must also be accompanied by an appropriate focus on value preservation. While corporate strategy tends to formally address the issue of how the organisation intends to create its value, the equally important issue of how the organisation intends to preserve its value generally does not

While strategy tends to address the issue of how to create value... there’s a ‘value preservation’ deficit form part of corporate strategy. Unfortunately, in far too many organisations there is what can be referred to as a ‘value preservation deficit’, whereby value preservation is more likely to be implied rather than being considered a core element of corporate strategy. Addressing this deficit is increasingly considered to be the responsibility of the board, as a growing number of stakeholders believe that once value has been created, this value then needs to be protected and defended. Such a view demands that a balanced corporate strategy should incorporate a healthy focus on both value creation and value preservation.

The focus on value preservation The value preservation imperative represents an organisation’s responsibility to its stakeholders to take adequate steps to help preserve value and defend against value

reduction or destruction. This responsibility should involve considering how value preservation fits into the organisation’s current strategy and the extent to which the organisation’s stated objectives incorporate its value preservation obligations. Logically, organisations that exhibit an ability to preserve the value they have created over an extended period of time tend to be successful, while organisations that are unable to preserve their value tend to fall by the wayside. Rationally, an inability to successfully preserve value will inevitably result in a decline in value or the destruction of value. Generally speaking, unsuccessful organisations will show little evidence of having given value preservation due consideration and, unfortunately, it would appear that the requirement to preserve value is often neglected during the strategy formulation process. Successful organisations, however, depend on their ability to both create and preserve value over the short, medium and long term and board members must learn to continuously monitor the dynamic between value creation and value preservation. Safeguarding, protecting and defending against the loss of stakeholder value is the essence of the value preservation. While in the past an organisation’s obligation to fulfil this responsibility may have been perceived as somewhat implied, this is certainly no longer the case as stakeholders not only expect but increasingly demand higher levels of due diligence in this area. In practice, this due diligence represents the measures (formal or otherwise) taken by an organisation to defend itself and the interests of its stakeholders from a multitude of potential hazards (i.e. risks, threats and vulnerabilities), the occurrence of which could be detrimental to the achievement of the organisation’s objectives. This includes an obligation to take adequate steps to anticipate, prevent, detect and react to hazard events in order to avoid, mitigate and manage any potential exposure in a timely manner. Addressing value preservation, therefore, involves ensuring that the organisation has adequate and robust corporate defence measures in place at strategic, tactical and operational levels.

PROTECTION The role of the board is to keep the defences up Spring 2016 | Ethical Boardroom 127

Regulatory & Compliance | Corporate Defence

The corporate defence programme

Corporate defence is synonymous with practices, such as corporate governance, risk management, compliance, organisational intelligence, corporate security, organisational resilience, internal controls and corporate assurance. These practices are regarded as constituting the critical components of a corporate defence programme. A corporate defence programme therefore represents an 128 Ethical Boardroom | Spring 2016

As su ra nc e

Compliance

address this obligation. The board should therefore have responsibility for reviewing and approving the corporate defence programme on an ongoing basis, taking into consideration the organisation’s changing circumstances and the constantly mutating challenges it is faced with. Such a programme can obviously vary from one organisation to another, however the existence of a formal programme helps to demonstrate that the board has at least given due consideration to the organisation’s precise requirements in relation to corporate defence.

sk Ri

Deficiencies and weaknesses in an organisation’s corporate defence programme tend to result in corporate losses or failures

In te lli ge nc e

e nc lie si Re

As guardians of the organisation, board members have a duty of care to accept responsibility for addressing this corporate defence challenge. This means that the board has ultimate responsibility for setting the corporate defence agenda, for influencing the corporate defence culture and for providing direction and support in relation to the organisation’s corporate defence activities. The board should remain accountable to the stakeholders for the quality of the organisation’s corporate defence structure and capabilities. The effectiveness of the board in its role as the last internal line of defence will be dependent on the board’s size, composition and qualifications. It will be dependent on the board having the appropriate balance of skills, experience, independence and knowledge. Board members need to be aware of their corporate defence responsibilities and accountabilities in relation to issues, such as board governance, board risk, board compliance, board intelligence, board security, board resilience, board controls and board assurance, etc. From a stakeholder perspective, it is reasonable to expect that the board will be held accountable for the strategic oversight of corporate defence and for ensuring that there is a formal corporate defence programme in place, including an oversight framework to

their corporate defence duties and organisation’s ongoing efforts to address whether or not they can these corporate defence-related Governance demonstrate that they have matters and every taken adequate steps in organisation will have this regard. In recent years some form of corporate there have been ongoing defence programme in calls from regulators operation, whether and other stakeholder these efforts are groups for improved formal or informal. Corporate board oversight Board members Defence of corporate need to understand defence-related matters that each of these including calls for components better board risk are inherently oversight, board inter-connected and compliance oversight, board inter-dependent and Security cybersecurity oversight and therefore their effectiveness board oversight of internal controls, is contingent on one another, as each etc. Addressing each of these individual contributes to and receives from each of board oversight requirements in an ad-hoc the other components. Effective corporate fashion can prove problematic and can result defence requires the alignment, integration in boards being overburdened and forced to and coordination of all of these specialist simply react to these matters as they appear on components. A comprehensive corporate the board radar rather than proactively directing defence programme therefore involves and controlling the corporate defence agenda. managing and coordinating each of the critical On the other hand, the introduction corporate defence components under the same of a formal structured corporate defence umbrella (see graphic, above). These critical programme can help ensure that all corporate components address corporate defence from defence-related activities are appropriately different perspectives and form part of the managed in an integrated and systematic necessary system of checks and balances manner. Such an approach can help ensure required to help ensure that the organisation that stakeholder interests are better has taken appropriate measures to help safeguarded while also facilitating more preserve stakeholder value and safeguard efficient use of valuable boardroom time. The stakeholder interests. adoption of such a formal approach also means Typically, corporate defence deficiencies that the board can more easily demonstrate and weaknesses can include failures in that due care was taken in the performance corporate governance, poor risk management, of their value preservation obligations. compliance failures, unreliable intelligence, inadequate security, insufficient resilience, Sean Lyons is author of new book Corporate ineffective controls and the failures of Defense and the Value Preservation Imperative: assurance providers. As these critical Bulletproof Your Corporate Defense Program components are inherently interconnected, the existence of more than one of these weaknesses or deficiencies in any given organisation tends STAKEHOLDER quESTIONS to exacerbate the initial problems experienced The following are examples of basic corporate and can eventually result in exponential defence questions that stakeholders can be collateral damage to stakeholder value. expected to ask of their board members: Board members need to appreciate that, Does our organisation have an integrated logically, if deficiencies and weaknesses in an corporate defence programme in place? organisation’s corporate defence programme Does our organisation have a corporate tend to result in corporate losses or failures, defence vision and/or mission statement? then more robust corporate defence Does our organisation already have a formal programmes can help to better safeguard corporate defence strategy in place? against the occurrence of such scenarios. Does our organisation have a structured In many organisations such deficiencies corporate defence framework in place? and weaknesses very often begin with the Does our organisation have a clear lack of a formal structured corporate defence corporate defence plan in place? programme. What is needed is more effective Where does overall responsibility for corporate defence rather than what has corporate defence lie in our organisation? been described as ‘corporate defence theatre’, Who is the most senior corporate which is simply the appearance of corporate defence official in our organisation? Does this official report directly to the defence efforts. board or to a board sub-committee? Board oversight of the What is the annual budget for corporate defence activities? corporate defence programme How much is this budget expressed as a It is the duty of the board to determine for itself percentage of the overall annual budget? if their organisation is adequately addressing Controls

The board’s corporate defence responsibilities

Regulatory & Compliance | Due Diligence AUTOMATED DILIGENCE Technology can now think and act like an investigator

Automating due diligence

Enhance due diligence by analysing unstructured online customer data Many global financial institutions are looking to harness the power of social media to help them meet increasingly demanding know your customer (KYC) requirements – in other words, to identify potentially risky customers before the regulators do it for them.

But will banks and even their corporate clients be able to extract relevant information from social media channels to enhance due diligence? Or will it further complicate KYC and customer onboarding? Through this article, let’s explore possible answers to these and a few more related questions and thereby evaluate the effectiveness of automated due diligence backed by innovations, such as artificial intelligence (AI) and natural language processing (NLP).

Are regulations a drain on resources?

According to a recent report on banking regulations, bank spending on due diligence has been rising at an alarming rate. A leading global bank has added more than 5000 people to its compliance team in the last three years, 130 Ethical Boardroom | Spring 2016

Tapan Agarwal

SVP and Head of the Commercial Risk Product Pillar, iGTB, Intellect Design Arena following the $§ fine it had to incur in 2012 for not following AML monitoring and prevention regulations. According to a recent Morgan Stanley report, the cost of breaking sanctions by banks across the globe is $12billion. But do these statistics mean that regulations are an undesirable bottleneck for the banking industry? Let us try and answer this by drawing parallels with other industries.

Is banking the only business subjected to stringent regulations? Compliance to regulations is not a practice restricted to the banking industry. Regulatory bodies prescribe stringent norms for most businesses. The healthcare and pharmaceutical industry, for instance, has regulations not only pertaining to the product, but also distribution, advertising, packaging etc. and these regulations vary not just across countries, but even within countries across states and regions. And complexity of regulations, again, is not a phenomenon unique to banks. It is common knowledge how an FMCG suffered huge losses in India

because of misinterpretation of regulatory guidelines on the permissible percentage of lead in a food product. Not too long ago, the public in the UK was up in arms against the proposed review of the Bribery Act, which was treated as a hindrance by most businesses. So, clearly, regulations are not just limited to financial transactions and banks are not the only institutions responsible for due diligence. The aim of regulators behind enforcing strict adherence to compliance is not just the protection of the banks’ clients. Adherence to regulations ensures banks adopt best practices and protect themselves as well as their clients from fraudulent practices, such as money laundering.

The virtual marketplace – where/who is the bank?

The emergence of the virtual marketplace, unfettered by geographical boundaries, fast-growing influence of block chain technology and the ubiquity of information are gradually blurring the lines between business verticals, with mobile network operators functioning as banks and banks offering integrated trading platforms. The online marketplace, however, also brings with it the threat of fraud, money laundering and other illicit practices. The blurring lines between businesses and the

Due Diligence | Regulatory & Compliance

transformation of the market from a multistoreyed warehouse to a desk at your fingertips has also raised a pertinent question – who owns the most valuable asset in the knowledge-driven economy-customer data.

Who owns customer data?

If a customer were to buy a physical product through a social networking site using a banking app on my mobile device, which of the stakeholders in the transaction owns the customer data? How can this data be used? Can this data be shared or sold? From a different perspective, if the customer has used false information to buy a product, who bears the cost of the fraud? The industry is still grappling with these questions and there is still considerable ambiguity on this issue. Though this scenario refers to a retail transaction, B2B transactions also face a similar conundrum, just at a larger scale. The only definitive conclusion that can be drawn is that KYC is no longer just the bank’s responsibility.

Impact of social media: is it a bane or a boon for due diligence?

The vast amount of information being created and shared across social media is truly staggering: over 3.5 billion searches per day on Google;1 an average of 4.75 billion items shared by Facebook users each day;2 500 million tweets per day on Twitter3. Then there’s YouTube, Tumblr, Flickr, Instagram, Snapchat... What makes it more cumbersome is the high probability of factually incorrect information. And herein lies the dilemma: is the sheer scale of the (largely unstructured) information available through social media going to add to

your onboarding and KYC headaches – or will it help you to ‘tick all the boxes’ with regulators as events happen that may have risk implications for your customers and your bank? Regulators will surely look favourably on the addition of another tool to help with KYC. But use of social media will only be effective if the resource and technology issues that complicate onboarding currently can be avoided. That means automated, proactive processes wherever possible, with the resulting information easily accessible centrally and available in real-time, rather than buried in siloed systems or dispersed across business and geographical entities. News is breaking ever faster – and often, breaking news is shared across social media first (just think of the coverage of the recent Paris attacks on Facebook and YouTube). Even tapping into social media, no bank can ever hope to be 100 per cent up to date with everything that is happening to their customers – or their customers’ clients. But it is no longer an excuse to say: ”We didn’t know”. In the words of Dan Adamson, the CEO of OutsideIQ, an organisation that

Regulators will surely look favourably on the addition of another tool to help with KYC. But use of social media will only be effective if the resource and technology issues that complicate onboarding currently can be avoided

develops innovative artificial intelligence solutions that use big data to address complex risk-based questions and problems: “The problem, having computers understand this context, isn’t an easy one, but after years of R&D, I’m confident that there is a solution.”

So what is the solution?

The long and complex answer to this question would be an automated solution that searches regulatory databases and watchlists, sanctions lists, PEP lists, open web and premium structured content, as well as the humongous unstructured data generated through social media channels to prepare a red-flag report. One of the leading solutions in this space is OutsideIQ’s DDIQ, a solution that enables a faster, more cost-effective and automated due diligence research process that delivers consistent, accurate and auditable results. In the words of Dan Adamson, CEO of OutsideIQ: “By automating the due diligence process, we are able to analyse a lot of content without bogging down the people we are employing to keep our companies safe. The key to being successful is to use a technology that starts thinking and acting like an investigator. It needs to be capable of finding the risks, but only surfacing what really need to be escalated.” Simply put, the automated solution will function as a human researcher, possessing the capability to understand the searcher’s intent and the meaning of the query, but devoid of the inherent human limitations of language, efficiency, costs and individual perceptions. Internetlivestats.com 241 up to date Facebook facts and Stats, Wishpond 3Expandedramblings.com, Jan 2015

Spring 2016 | Ethical Boardroom 131

Regulatory & Compliance | Collective Action

William Nero

Programme Officer, Basel Institute on Governance, International Centre for Collective Action

Collective action to tackle corruption An important factor for success in anti-corruption collective action is that it should be a business-driven endeavour.

That being said, the essential role of civil society must be recognised for its contributions towards successful multi-stakeholder approaches to fight corruption. This support can manifest itself in a number of different ways: assisting a company in initial steps towards finding opportunities for collective action; maintaining an established initiative’s momentum; or fostering positive interactions between business, the public sector and wider society. This article looks at these and other ways in which civil society can play an integral part in helping businesses meet their anti-corruption goals.

Collective action

Anti-corruption collective action involves a coordinated and sustained effort from business and other stakeholders to jointly tackle shared corruption challenges, particularly systemic corruption where it is difficult for one company to engender long-term change on its own. The concept is centred on the notion that, by working together, companies can achieve greater results in anti-corruption and more effectively promote positive change in the business environment than could be otherwise accomplished when acting alone. In recent years, collective action has increasingly been recognised and practiced by companies seeking to move beyond their internal systems and towards a broader approach through aligning with competitors and other private sector actors. It provides an effective method for companies to highlight best practices in anti-corruption compliance, promoting a form of ‘race-to-the-top’ and removing the notion of compliance being a

132 Ethical Boardroom | Spring 2016

Building a strong coalition with civil society puts business on the front foot brake to business activity or reduced to a tick-the-box exercise. Engaging with civil society in this process can be decisive from the very beginning.

Civil society inspiration and facilitation

Civil society can provide a practical safeguard against allegations of anti-trust when industry competitors gather together, as well as being the inspiration and support for companies considering anti-corruption collective action. One of the earliest examples of this – and of collective action in general – is the Wolfsberg Group.1 The Wolfsberg Group originally focussed on the risks of laundering the proceeds of corruption and brought together the largest private banks in the world at that time. Today, the group comprises 13 banks and the subjects have

TEAMWORK A strong coalition can coordinate efforts against corruption

expanded to many aspects of financial crime. The banks that came to form the group were accompanied from the outset by Transparency International and Mark Pieth, professor at the University of Basel and president of the board of the Basel Institute on Governance; the latter organisation is still a regular attendee at Wolfsberg meetings. The Wolfsberg Group initially focussed on bringing US and European banks towards common anti-money laundering (AML) standards. With the help of the facilitators’ networks, their advocacy work and knowledge of the topic, the group established meetings between US and European banks, thus taking these efforts in an international direction. The novelty of such an initiative and sensitive nature of the topic under discussion elicited hesitancy from the participants. The skills of the facilitators from civil society however were essential in promoting mutual trust

Collective Action | Regulatory & Compliance

among the private bankers involved, allowing the conversation to continue and eventually leading to a broadened geographical footprint of the group, the drafting in 2000 of a common document on due diligence and know-yourcustomer (KYC) rules for private clients and the permanent establishment of the Wolfsberg Group. Civil society participation as a neutral facilitator was a key partner in this endeavour by bringing together the group, providing expertise and guidance and keeping the topic of anti-corruption alive whilst the group also focussed on other pressing matters that arose in the wake of 9/11. Since its inception the Wolfsberg Group has produced best practice papers on a number of topics, with the facilitators from civil society continuing to provide input and advice, in particular in relation to anti-corruption. A more recent example of civil society and the private sector working together is the Maritime Anti-Corruption Network (MACN) collective action, which aims to promote a shipping industry free of corruption.2 This business-driven initiative was led by Maersk in 2011, with advice and inspiration provided by civil society Transparency International, as well as inter-governmental organisations, such as the United Nations Development Programme (UNDP). From an official launch in 2012 with eight companies, the MACN rapidly formalised its operations and currently comprises more than 70 members of the shipping industry, supporting its members to improve their compliance

programmes, sharing best practices and developing tools, reporting systems and studies to further improve the business environment. From its launch through to the present, MACN has been supported by civil society representative BSR, a global non-profit business network that has acted as the secretariat and thus contributing to the formalisation process of the initiative. The benefits of active civil society participation in collective action are not limited to the initiation stage. Civil society can also support existing initiatives. This is illustrated by the International Centre for Collective Action (ICCA) at the Basel Institute on Governance teaming up with the International Forum on Business Ethical Conduct for the Aerospace and Defence Industry, or IFBEC, to address offset arrangements.3 IFBEC is an initiative composed of more than 30 US and European companies from the aerospace and defence industry, which, through its global principles, has sought to promote industry-wide ethical standards. In 2014, IFBEC sought to explore further topics in which the organisation could offer guidance and advocacy to its membership and external stakeholders, inviting the ICCA to lead and take part in a brainstorming session with members of one of IFBECâ&#x20AC;&#x2122;s governance committees. From this meeting IFBEC decided it would explore the mitigation of bribery risks in defencerelated offset arrangements, a practice many within and Anti-corruption outside of the industry collective action consider as having heightened bribery risks. involves a coordinated

and sustained effort from business and other stakeholders to jointly tackle shared corruption challenges, particularly systemic corruption where it is difficult for one company to engender long-term change on its own

The ICCA chaired and facilitated discussions among a small group of experts from IFBEC member companies, whereby offset activities and related bribery risks and best practices in compliance were examined. The group also looked at opportunities for promoting transparency and reducing corruption risks and the perception thereof in offset transactions, using a survey of its membership in offset-related compliance practices to adduce the basis for the discussions. The ICCA worked with the IFBEC experts to produce a report in 2015, setting out recommendations on areas where IFBEC as a whole and its members individually can raise standards across their industry. This form of cooperation between an industry initiative and civil society demonstrates how even a temporary partnership can assist an existing initiative in achieving positive outcomes in its anti-corruption efforts. This echoes civil society contributions in the establishment of collective action initiatives, by contributing to internal trust-building processes among initiative members. Civil society support, however, is also relevant in the context of building trust with external stakeholders, specifically the wider public and government.

Widening the circle of stakeholders

By involving civil society in a collective action initiative, businesses offer greater assurance to the general public as to the credibility of their unilateral declarations, helping to reduce public scepticism. This can often be an issue in self-regulatory activities, whereby doubts arise as to the authenticity of practitionersâ&#x20AC;&#x2122; motives. Voluntary commitments that are dependent completely on self-enforcement mechanisms and devoid of civil society participation are particularly susceptible to such concerns. The inclusion of civil society thus helps to assuage these concerns. More robust forms of civil society participation however can go even further, providing certification of participantsâ&#x20AC;&#x2122; anti-corruption compliance programmes, monitoring to ensure that commitments are upheld and even sanctioning mechanisms for instances of a breach of the agreement. One form of collective action initiative that incorporates these elements to a significant degree is the integrity pact (IP). IPs were pioneered by Transparency International in the 1990s and consist of agreements between a government or government agencies and a company, or group of companies, frequently in the context of public procurement processes. Under the agreement, parties commit to refrain from bribing in any form and from colluding with competitors, with procurement contracting authorities from the public sector similarly required to sign on to such commitments.

Spring 2016 | Ethical Boardroom 133

Regulatory & Compliance | Collective Action One role of civil society in these arrangements, be it a local Transparency International chapter, another NGO or a consortium of civil society experts, is to serve as an external monitor to oversee the procurement process. The monitor seeks to ensure that commitments made by the signatory parties are upheld, and when necessary, advising for or levying sanctions in instances of a breach of the agreement. This level of civil society involvement, particularly when undertaken in an engaged and proactive manner, is a critical component to ensure that incompliant behaviour among competitors is minimised, reducing the chance of an incidence of corruption and thus engendering greater confidence from external stakeholders. An added benefit of civil society involvement that is evidenced by the IP is the ability of civil society to foster cooperative linkages between business and government, promoting broader multi-stakeholder coalitions against corruption. Government and public sector involvement is often essential to successful joint anti-corruption approaches yet this can also prove challenging. Mistrust between the private and the public sector is one element that can stymie effective cooperation. In addition, a purely private sector-driven entreaty to engage with government may be dismissed as a lobbying exercise. Effective civil society participation can help to bridge this gap between the public and private sector, working to build trust and elicit effective solutions. One example developed by the Basel Institute, together with the OECD, is the High Level Reporting Mechanism (HLRM), an initiative which aims to tackle the ‘demand’ side of bribery. 4

PROBLEM SOLVING The missing piece in anti-corruption initiatives is often a civil society partner 134 Ethical Boardroom | Spring 2016

Government and public sector involvement is often essential to successful joint anti-corruption approaches yet this can also prove challenging. Mistrust between the private and the public sector is one element that can stymie effective cooperation The HLRM is a tool that acts an in-country process for the receiving, assessment and resolution of complaints from the private sector when faced with situations of bribery or extortion. Complementing but not replacing official legal procedures, the HLRM provides a quick and non-bureaucratic approach towards resolving disputes or concerns, with a flexibility that allows it to be shaped within different country contexts. Current versions of the HLRM are in operation in Colombia, focussing on infrastructure procurement, and Ukraine, focussing on unfair treatment of business overall. Panama will launch a pilot HLRM in mid-2016. While the institutional frameworks and areas of focus for both HLRMs vary, they share in part their initiation as the result of frequent, sustained discussions between the public, private and civil society sectors, ensuring that business concerns were met in the final versions of the mechanism developed in the respective countries.

Conclusions

Civil society participation in business-driven anti-corruption collective action is essential to allay internal and external trust issues in a collective action initiative, enabling a neutral third party to convene the meetings, act as secretariat and expert to guide the discussions and to keep the members focussed on a positive outcome.

The neutral facilitator can also play an essential part in eliminating anti-trust and anti-competition concerns; whilst anti-trust laws do not prohibit competitors’ discussion of compliance best practice, some are nervous about meeting their peers unless the environment is carefully controlled. Civil society facilitators can reinforce this by ensuring that discussions among members party to a collective remain focussed on anti-corruption and compliance. If there is any doubt that companies in the same sector should take positive steps to address corruption risks through collective action they need look no further than the UK’s Ministry of Justice Guidance on what a company can do to show under the UK Bribery Act that it has ‘adequate procedures’ against bribery: ‘Principle 2: Top Level Commitment,’ lists involvement by companies in the same sector in a collective action against bribery as evidence of this commitment. As collective action gains further momentum, more and more organisations, including the Basel Institute on Governance’s ICCA, remain prepared to support business in crafting practical multi-stakeholder solutions. Finding credible partners in civil society should thus be a top agenda item for companies considering collective action strategies against corruption. http://wolfsberg-principles.com 2http://www.maritime -acn.org/#home 3http://ifbec.info 4http://collective-action. com/initiatives/hlrm 1

Datamaran™

HUMAN EXPERTISE, AUTOMATED.

Turn information into insight with Datamaran™, our emerging issues management platform. Through the use of data analytics and natural language processing it enables companies to identify, understand, and monitor what peers are saying, regulators are demanding and what society is expecting from today’s decision-makers.

Regulatory & Compliance | Incentives

Bruce Horowitz

Partner, Paz Horowitz, Abogados and President, The Center for the Study of Bribery and Extortion Situations

The power of positive deviance in compliance

Incentives when compliance rules seem to eliminate our purpose in working for the company

This article is about positive incentives to NOT pay bribes and to NOT submit to extortion; it is about finding a purpose; and it is about finding answers hidden in plain sight.1 This article is for people at all corporate levels and throughout all the links in the supply chain, who either believe in the correctness of anti-corruption compliance, or who are risk-averse to the corporate and legal punishments that they could face if they violate these rules of compliance.

Setting the scene

A friend, who used to train and handle search and rescue (SAR) dogs, once told me a story about the Mexico City earthquake of 1985, in which 412 buildings collapsed and more than 5,000 people died. A group of SAR dogs and their handlers had been finding and rescuing victims from the rubble of buildings for two days and nights. On the third day, they were finding fewer and fewer survivors. By the end of fourth day, some of the SAR dogs were finding only dead victims, but no 136 Ethical Boardroom | Spring 2016

survivors. On that fourth night, these dogs crawled under the beds of their handlers and refused to come out the next morning. Knowing that there could potentially be people still alive and suffering under the rubble, the SAR handlers discussed what they could do to get their dogs back on task. Someone suggested that they plant live volunteer ‘victims’ under the rubble. They did this before carrying their dogs back out to the streets. The dogs began to hear other dogs finding the live ‘victims’ and soon began to search with renewed energy. Although most of the new victims that they found on the fifth day were dead the dogs continued to search for and saved the last of the real live victims under the rubble.2 What was it that led these SAR dogs to crawl under those beds and refuse to come out and why did they finally renew the search for and rescue of victims in spite of mainly finding dead victims? If they were simple exhausted after four days of physical labour, then there was no reason for them to revive from one minute to the next. On the other hand, if dogs were like people, like their handlers, then we might surmise that they had a purpose in life and it was to find and rescue victims who

would otherwise die. If they only found dead victims then they could no longer serve their purpose in life. For humans, we might say that they were in a ‘state of depression’ yet, if they beheld the possibility of finding one live victim after finding 20 dead victims, then their own lives continued to have a purpose. We call the human motivating factor ‘hope’. Without being too anthropocentric, we might say that, through the surreptitious hiding of live victims under the rubble in Mexico City, the SAR handlers brought enough hope back to their dogs to revive their sense of purpose.

Where is the carrot for refusing to bribe and refusing to submit to extortion?

Commentators on compliance often mention that traditional and contemporary monetary incentives drive employees and agents to offer bribes and to submit to extortion; the same commentators suggest

Incentives | Regulatory & Compliance

There is almost always a small minority who refuse to submit to extortion but nevertheless get what is rightfully theirs

that companies must lower or eliminate rewards based on company profits and find monetary incentives for evidence of compliance with anti-bribery rules. Legislators and law enforcement officials seem to recognise that the sweetened ‘carrot’ of monetary rewards for whistleblowers and for public prosecution offices leads indirectly to improved corporate anti-corruption compliance efforts, if only because corporations, corporate officers and owners are on the hard pointy end of the skewer.

Looking for Mr Good Rewards On 30 March 2015, a well-regarded anti-corruption compliance commentator, Thomas R. Fox, published an article on the history and recent findings on positive incentives to comply with anti-corruption laws. He mentions that as far back as back as 2004, the then US Securities and Exchange Commission (SEC) Director of Enforcement,

Stephen M. Cutler, said organisations should make “integrity, ethics and compliance part of the promotion, compensation and evaluation processes as well. For at the end of the day, the most effective way to communicate that ‘doing the right thing’ is a priority, is to reward it”. The FCPA Guidance states that the “DOJ and SEC recognise that positive incentives can also drive compliant behaviour. These incentives can take many forms, such as personnel evaluations and promotions, rewards for improving and developing a company’s compliance programme and rewards for ethics and compliance leadership”.3 In simplified terms, the problem is that, on the ‘skewer’ side, a company must threaten their employees and agents with job and income loss, social ostracism and civil and criminal penalties for disobeying the anti-bribery rules while on the carrot side, the company has to offer everyone else some monetary or status benefits for not paying

a bribe, or for helping others not to pay a bribe. Meanwhile, the ability to increase the monetary benefits and the status and the personal satisfaction benefits depend on improving profits in places where companies continue to lose profitable work to less scrupulous competitors.4 I recently spoke with representatives of two consulting firms in a major North American city. Both of them focus on the use of novel positive incentives to improve employee satisfaction and business results. I asked them to suggest monetary incentives that a company could offer their employees for not paying bribes or for not submitting to extortion. Both replied that they did not know about any workable positive incentives being used for this purpose at the present time and one added that any positive monetary incentive for not paying a bribe would quickly lead to claims for payment for unproven and unprovable bribery situations. Spring 2016 | Ethical Boardroom 137

Regulatory & Compliance | Incentives

The positive deviance approach to bribery and extortion situations

In 2001 to 2002, based on the peculiar circumstances of the Montesinos/Fujimori corruption scandal in Peru, the Peruvian Congress included in the national census some questions about householder participation in public bribery situations. In 2005, two professors at McGill University, Jennifer Hunt and Sonia Laszlo, analysed the results of the Peruvian census and presented a paper, entitled Bribery: Who Pays, Who Refuses, What Are the Payoffs. 5 The hypothesis underlying this study was that the number of bribes increased correlated positively with increased personal wealth and that the value of the average bribe correlated positively with increased personal wealth. The census results confirmed this hypothesis. Before the 2001-2002 Peruvian census, some large-scale surveys had asked individuals whether they had been asked to pay bribes, or had paid bribes, or who knew of others who had paid bribes, or if they had refused to pay a bribe demanded by a government functionary. But, in this Peruvian census, both bribe payers and bribe refusers were asked (seemingly for the first time) whether they received what they needed from the government. Out of the more than 18,000 householders who responded that they had been involved in a government functionary bribe situation in the preceding 12 months, 72 per cent said that they had been directly or indirectly asked to pay the bribe, and did pay the bribe. Another seven per cent admitted they paid a bribe without even being asked.

For the corporate community, the probable existence of positive deviants within their own organisations means that while the tone must come from the suites, the specific solutions will come from the streets Finally, 21 per cent responded that a government functionary had asked for a bribe but that they had refused to pay the bribe. In countries where government functionary extortion is generalised, the common wisdom holds that ‘if you don’t pay, you don’t play’. In other words, if you do not submit to a bribe demand from a government functionary, then you will not receive the state-supplied goods, services, permits or access that is rightfully yours. Of the 79 per cent of householders who had paid the bribe, one out of four of them did not receive what they paid for; while two 138 Ethical Boardroom | Spring 2016

is that they have repetitive face-to-face out of three of the 21 per cent of householders exposure in extortion situations. They have who refused to submit to extortion, the ethical and safe solutions to extortion did not receive what they refused to pay for. situations that appear to the rest of the Professors Hunt and Lazslo understood community to be unsolvable. that a majority of the people in the census who For the corporate community, the probable paid the bribe got what they wanted, while existence of positive deviants within their most of the householders who refused to own organisations means that while the tone pay the bribe demanded by a government must come from the functionary did not suites, the specific receive what they solutions will come rightfully deserved. from the streets. However, let us Getting back to ignore for the moment how to motivate a the large majority of corporation’s people on individuals who paid the ground to comply the bribe and instead with anti-corruption look at the small rules, we must return minority (seven per to the incentive cent) of the people provided by hope. Hope who refused to is the expectation of a submit to extortion minimally-acceptable and still got what probability of success was rightfully theirs. in serving one’s We see that there purpose. For employees is a ‘deviant’ 21 per and agents of a for cent minority of the profit company, the population that not uncovering of already only refuses to pay existing positive the bribe, but from deviance solutions which an even smaller provides that deviant minority minimally-acceptable somehow secures probability of a ‘positive’ result success which of getting what is rightfully theirs, IN THE MINORITY tends to be missing But these ‘deviants’ hold from compliance which violates the the key to anti-corruption programmes. If other common wisdom that people in one’s own if you do not submit to circumstances, who have no more or nor a bribe demand from a government better resources than I have and who face functionary, then you will not receive the the same extortionists that I face – if those state-supplied goods, services, permits or people have found the way to succeed in access that is rightfully yours. these situations – then so can I. Uncovering Positive deviants and spreading these already existing What we have found repeatedly over the years positive deviant solutions to bribery and since 1989 is that there is almost always a extortion situations will allow me to fulfil small minority of individuals who refuse to my purpose and my company’s purpose. submit to government functionary extortion, 1 Finding answers that are hidden in plain sight is part of an who have no greater resources than anyone approach to problem-solving that goes by the technical else in the community, but who nevertheless name of ‘positive deviance’. It is an approach that the author has been using since before 2005 and a growing number get what is rightfully theirs. These ‘positive of books, articles and blog posts exist about the subject. deviants’ include lawyers, paralegals, people Information can be found at www.positivedeviance.org in operations, sales people, NGO workers 2 Although I have not been able to confirm this SAR dogs story from other sources, you can read more generally about in emergency disaster situations and in the 1985 Mexico City Earthquake Search and Rescue story at environmental protection situations, http://somersetsunset.net/QuakeDogs.pdf. 3Compensation individuals who face bribe demands while Incentives in a Best Practices Compliance Programme, 30 moving through customs, individuals March 2015, FCPA Compliance & Ethics, Thomas R. Fox ©. http://fcpacompliancereport.com/2015/03/compensationconfronting traffic officers, extortionist public incentives-in-a-best-practices-compliance-program/ 4In the school teachers and administrators. These Miller & Chevalier/Mattison Ellis “Latin America Corruption ‘positive deviants’ include women and men. Survey” of 2012 , 51.19% of all corporate respondents believed that they had lost business to competitors who They range in age from 17 years old to more had made illicit payments, while only 12.62 per cent of these than 70 years old. They range in formal companies had reported their concerns to the authorities. education from those who did not finish https://mail.google.com/mail/u/0/?tab=Cm#search/ matt%40mattesonellislaw.com/137f058d7f9595ed?project grade school to those who have doctorates; or=1 5http://economie.esg.uqam.ca/upload/files/seminaires/ and in income from less than $50 per month huntlaszlo.pdf See also The Power of Positive Deviance to more than $20,000 per month. by Richard Pascale, Jerry Sternin and Monique Sternin, published by Harvard Business Press (2010). What they all tend to have in common

Resident in our offices in both Rio de Janeiro and SĂŁo Paulo, Hogan Lovells lawyers work together as one team, along with our global Brazil practice, to provide our clients sophisticated international legal advice with a highly refined local perspective. Our team has the experience, connections, and knowledge to advise domestic and foreign companies doing business in Brazil on the increasingly pervasive issues surrounding investigations, compliance, and corporate governance. 2,500+ lawyers. 45+ offices. 26 countries. www.hoganlovells.com Hogan Lovells is an international legal practice that includes Hogan Lovells US LLP and Hogan Lovells International LLP. ÂŠ Hogan Lovells 2015. All rights reserved.

If the board is thinking about it, we’re talking about it. Since 1999, KPMG’s Audit Committee Institute has been helping boards and audit committees focus their agendas on what matters most. For timely insights and informed, board-level perspectives on top-of-mind issues, visit kpmg.com/globalaci Audit Committee Institute

© 2015 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. The KPMG name and logo are registered trademarks or trademarks of KPMG International.